中国欧盟商会关于《中华人民共和国网络安全法(草案)》反馈意见

2015-08-05 | All chapters

中国欧盟商会(以下简称欧盟商会)很高兴有机会就《中华人民共和国网络安全法(草案)》提交建议。

The European Union Chamber of Commerce in China (European Chamber) appreciates the opportunity to comment on the first draft of the PRC Cyber Security Law (CSL (draft)).

欧盟商会向全体会员征求意见之后,收到了会员的积极反馈。根据会员广泛的协商和讨论,现提出下述建议供全国人民代表大会常委会参考。

Upon the circulation of this call for comments within its entire membership base, the European Chamber was able to receive active feedbacks from its members. Based on wide consultation and discussion among its members, we would like to propose the following comments for consideration of the National People’s Congress.

欧盟商会理解《中华人民共和国网络安全法(草案)》的目的在于打击网络犯罪和其它与互联网相关的犯罪活动,这些犯罪活动是影响所有国家的全球性问题。

The European Chamber understands the purpose of the CSL (draft) is to contribute to the fight against cybercrime and other Internet-based criminal activities – a global problem that negatively affects all countries.

国家安全

欧盟商会完全同意中国政府为保障国家安全和公众安全有权制定和执行一部与网络安全相关的法律。然而,该草案远远超过了与互联网和网络空间相关的必要的安全问题,并可能阻断中国获得很多基础技术和国际市场带来的其他利好。该草案以及其他类似法律不应该干预公平开放的商业行为,如制定过度严格的标准或通过本地化的政策限制数据的跨境自由流动。这会增加所有企业的交易成本,而且最坏的情况下,会损害中国和全球设备间的互操作性,从而造成全球网络空间基础设施的分裂。中国政府需要注意到这会首先损害中国企业的国际化进程。

National Security

The European Chamber fully acknowledges that the Chinese Government has the sovereignty to promulgate and enact a cyber-security-related law with the purpose of protecting its national security as well as the general public from harm. However, the present CSL (draft) goes far beyond essential national security concerns related to the Internet and cyberspace and, as such, risks shutting China out from many of the fundamental technologies and other benefits afforded to it by the international marketplace. The CSL (draft) and any other such law ought not interfere with the fair and open conduct of business, by, among other things, stipulating excessively stringent standards or by restricting the free cross-border flow of data through localisation policies. This would serve to increase transactions cost for all business and, in the worst case, jeopardizes the interoperability of Chinese and global equipment, thereby causing a rift in the global cyberspace infrastructure. The Chinese Government needs to note that this would first and foremost be detrimental to the internationalisation of China’s own companies.

欧盟商会建议明确阐述构成“国家安全”的范围,这可以通过“负面清单”的方法有效完成,明确列举出该草案适用的产品和服务。

The European Chamber recommends to explicitly provide for the scope of what constitutes “national security” – something that could best be done through the ‘negative list’ approach, clearly enumerating a list of products and services that would fall under the scope of the CSL (draft).

模糊定义

该草案包括许多模糊的定义,因此目前还不清楚其具体的适用范围和对象。

这对国际商业社会可能造成深远的影响。该草案中三个关于运营商的概念定义不清晰:

    • 网络运营者

    • 运营者

    • 关键信息基础设施的运营者

Imprecise Definitions

The CSL (draft) includes many imprecise definitions and thus is unclear what kinds of organisations exactly are covered by the law.

This can have a potentially far-reaching impact on the international business community. The definitions of 3 types of operators mentioned in the CSL (draft) are not clear:

    • 网络运营者/Network operator

    • 运营者/Operator

    • 关键信息基础设施的运营者/Operator of critical information infrastructure.

欧盟商会希望全国人大代表大会常委会能够通过此次意见征集,对这些概念以及下文列出的其他问题作出明确的说明。过于宽泛模糊的定义会对合法运营造成不利影响,也可能造成对本法的曲解以保护国内企业.

The European Chamber hopes that these terms—as well as all the other points listed herein below—will be clarified by the National People’s Congress as part of this consultation phase. Overly broad and vague definitions can have an adverse impact on legitimate business as well as open up avenues for abuse of this regulation to promote domestic industry. 

标准

欧盟商会注意到该草案在一些条款中多次提到“行业标准”和“更严格”的标准。建议制定标准的过程应保证安全解决方案与全球方案能够相互操作。同样,欧盟商会建议“行业标准”应参考国际认可的行业标准,如通用标准CC。

Standards

The European Chamber notes that the CSL (draft) makes reference to “industry standards” as well as “More stringent” standards in several articles. We recommend that any standard-setting process should be conducted in such a way that the resulting standards do not lead to the situation that security solutions are no longer interoperable with global ones. As such, the European Chamber recommends that “industry standards” should refer to internationally recognised industry standards, such as the Common Criteria.

欧盟商会强调中国政府应保证在标准制定以及推进过程中对所有的市场参与者公开透明,包括外资企业。

The European Chamber would like to highlight that the Chinese Government should ensure that standards, standardization processes and technical requirements are accessible, transparent and open to all market players, including foreign invested enterprises. 

国际合作制定标准

欧盟商会欢迎该草案提议在“网络空间治理、网络技术研发和标准制定、打击网络违法犯罪”(第五条) 等方面促进国际交流与合作。建议中国积极参与如通用标准CC等的国际标准的制定,与国际标准接轨。

International Cooperation on Standards

The European Chamber welcomes that the CSL (draft) makes reference to international cooperation on “cyberspace administration, cyber technology research and development and standards development” (Article 5). We suggest that China should actively participate in the development and alignment of international standards and schemes such as the Common Criteria.

网络安全多层级保护制度

欧盟商会希望了解该草案设想的“网络安全多层级保护制度”如何与现有的结构有机结合,尤其是“多层保护计划”。目前不确定“网络安全多层级保护制度”是否是“多层保护计划”的延展,或者会与“多层保护计划”并行还是会将其取代。

而且欧盟商会认为现行的“多层保护计划”已经对外国信息安全技术设置了贸易壁垒,将外国技术限制在大部分中国市场以外。

Cybersecurity multi-level protection system

The European Chamber would like to understand how the envisaged “cybersecurity multi-level protection system” (Article 17) is meant to fit into the current structure, specifically the already well-established “Multi-Level Protection Scheme” (‘MLPS’). There is uncertainty whether the suggested system will be an extension of the MLPS, built in parallel to the MLPS or rather, whether this system is intended to replace it.

The European Chamber believes that China’s MLPS as it presently stands, acts as a trade barrier to restrict foreign information security technology gaining access to large sections of the Chinese marketplace.

欧盟商会希望目前设想的“网络安全多层等级保护制度”与现行的“多层保护计划” 基于国际最佳做法,并符合世界贸易组织的相关指南和规定。欧盟商会请全国人民代表大会常委会慎重考虑颁布该草案。一旦颁布目前的草案版本,可能会对中国的商业环境造成冲击。欧盟商会鼓励全国人民代表大会常委会就该草案积极听取多方意见,将该草案与其他国家治理网络空间的最佳做法进行比对,并作出一个全面的影响分析。

We hope that the now envisaged “cybersecurity multi-level protection system”—as well as the present MLPS—will be oriented at international best practices, as per the guidelines and regulations of the World Trade Organisation. The European Chamber would like to ask NPC to carefully consider the releasing of the CSL (draft). A promulgation of the CSL in its current form, will likely cause many disruptions to the conduct of business in China. The European Chamber highly encourages to widen the NPC’s consultation about the CSL (draft) and to benchmark the piece of legislation—including a thorough impact analysis—against other countries’ best practices of governing cyberspace.

另外,欧盟商会希望有机会与全国人民代表大会常委会的代表就该草案提出的意见进行探讨。

Furthermore, the European Chamber would like to hereby kindly request a meeting with the honourable delegates of the NPC to discuss the specific concerns of the European Chamber members regarding CSL (draft).