Skip to content Skip to navigation

XUAR Government Notice on Strengthening the Management of Internet Information Security


On Christmas Eve in 2014, the government of the Xinjiang Uyghur Autonomous Region (‘XUAR’) released this Notice on Strengthening the Management of Internet Information Security.  The Notice requires Internet information service providers who serve users in the XUAR to give the government their encryption technology, to require information regarding real identity as a condition of providing services to their users, and to maintain their servers within the territory of the XUAR.  The notice also requires service providers to manage, stop, and record the flow of a very broad variety of content and information including that which ”undermines national religious policies,” “disturbs social order,” or “harms national honor and interests,” amongst other things.  These requirements needed to have been complied with by March 24, 2015.

The Notice is an important step in China’s continued approach of combining broad-based definitions of “terrorism” and what it styles as “religious extremism” with highly restrictive internet regulation under the banner of “internet sovereignty.”  This approach to counterterrorism is evident in both the framework of the Shanghai Cooperation Organization, and in China’s draft Counter-Terrorism Law (Chinese) released on November 3, 2014, and as amended in February 2015.  The draft Counter-Terrorism Law continues to be deliberated upon by the Standing Committee of the National People’s Congress.

See bilingual version or Chinese original.

Xinjiang Uyghur Autonomous Region People’s Government
Notice on Strengthening the Management of
Internet Information Security

December 24, 2014

[Translation by Human Rights in China]

 (1) In order to safeguard national security and social stability, and in accordance with the NPC Standing Committee "Decision Concerning the Strengthening of Network Information Protection," the State Council's "Measures for the Management of Internet Information Services" relevant national, and autonomous region regulations, as well as in accordance with the realities of the autonomous region, this notice is hereby issued in order to crack down hard on, and prevent use of the Internet to copy, distribute, disseminate and store violent and terrorist related information and other criminal activities.

  (2) Internet information service providers who provide users with instant messaging, cloud storage, online storage, audio and video sharing and other social networking service platforms, must implement permit or filing procedures, as well as comply with this Notice.

  (3) For those [Internet information service providers] registered within the administrative area of the autonomous region, and engaged in Internet service provision activities set out in article (2) of this Notice, or for those registered outside of the administrative area of the autonomous region, but who provide Internet service provision activities set out in article (2) of this Notice to new Xinjiang users, all must maintain servers within the administrative area of the autonomous region; and those who use encryption technology must inform the relevant authorities of their facilities and digital information.

  (4) For Internet information service providers who provide services for the distribution of information, their users must provide information regarding their true identity. For users who are individuals, they must provide their resident's identification card or other valid proof of personal identity upon registration. For users who are units, they must register by using the code allocated to their organization [aka their Organization Code Certification][1] or their business permit.

  (5) Internet information service providers have the responsibility to keep registered users' identity information secret. Unless as stipulated by legal process, it cannot be given to others, nor can registration information be applied to other uses; information content cannot be leaked, tampered with or damaged, and the information regarding real identity must not be used for the purpose of making profit.

  (6) It is forbidden for Internet information service providers and users to make, copy, disseminate, and store any information which:

   (i) opposes the basic principles fixed in the Constitution, or slanders [any of] the Constitution, the laws or regulations;

   (ii) harms national honor and interests, endangers state security, divulges state secrets, subverts state power or harms national unity;

   (iii) promotes 'jihad' and ethnic splittism, incites ethnic hatred or ethnic discrimination, or harms ethnic solidarity;

   (iv) spreads religious extremist thought, undermines national religious policies, or promotes cults and feudal superstitions;

   (v) creates or disseminates rumors, disturbs social order, or harms social stability;

   (vi) disseminates violent terrorist ideology, or violent terrorist audio-visual materials; or spreads, makes, or uses explosives, explosive devices, firearms, control equipment, hazardous materials and other violent terrorist criminal methods and skills;

   (vii) incites violence to endanger the lives of others as well as public and private property;

   (viii) spreads [information] that is obscene, pornographic, or related to gambling or instigates the commission of a crime;

   (ix) insults or slanders others, or harms the legitimate rights or interests of others;

   (x) [involves] other content that is prohibited by [any] laws or regulations.

  (7) With regard to actions violating article 6 of this Notice, Internet information service providers must immediately stop their release and dissemination or take other measures for addressing, such as by deleting [such information] and temporarily stopping updates up until the account is closed, as well as to preserve relevant records and report them in a timely manner to the relevant authorities.

  Any unit or individual has the right and the obligation to report actions in violation of Article (6) of this Notice to the relevant authority.

  Relevant authorities must carry out their duties within the scope of their authority and adopt technological measures or other compulsory measures to stop or investigate activities that violate the provisions of Article (6) of this notice.

(8) Concerning violations of Article (3) of this Notice, relevant authorities must, within the scope of their authority, and according to law, put forward Decisions that prohibit or terminate Internet information service providers' providing services within the administrative area of the autonomous region.

  As for other actions that violate the terms of this Notice, they should be handled according to relevant laws and regulations.

  (9) Those already engaged in Internet information service activities prior to the promulgation of this Notice, shall, within 90 days of the date of promulgation of this Notice, set up servers in accordance with Article (3) of this Notice, and inform relevant authorities of their facilities and digital information.

  (10) This notice shall come into force from the date of publication.

  December 24, 2014


[1] Codes are allocated to organizations in China by the National Administration for Code Allocation to Organizations:


709事件 公众知情权 司法公正 行政拘留 法律天地 任意羁押
公示财产 双边对话 黑监狱 书评 商业与人权 审查
零八宪章 儿童 中国法 翻墙技术 公民行动 公民记者
公民参与 民间社会 评论 中国共产党 宪法 消费者安全
思想争鸣 腐败 反恐 向强权说“不!” 文革 文化之角
时政述评 网络安全 社会民生 民主和政治改革 拆迁 异议人士
教育 选举 被迫失踪 环境 少数民族 欧盟-中国
计划生育 农民 结社自由 言论自由 新闻自由 信仰自由
政府问责 政策法规 施政透明 香港 软禁 中国人权翻译
户口 人权理事会 人权动态 非法搜查和拘留 煽动颠覆国家政权 信息控制
信息技术 信息、通信、技术 公民权利和政治权利国际公约 国际人权 国际窗口 国际关系
互联网 互联网治理 建三江律师维权 司法改革 六四 绑架
劳改场 劳工权利 土地、财产、房屋 律师权责 律师 法律制度
国内来信 重大事件(环境污染、食品安全、事故等) 毛泽东 微博 全国人大 新公民运动
非政府组织 奥运 一国两制 网上行动 政府信息公开 人物
警察暴行 司法评述 政治犯 政治 良心犯 历史钩沉
宣传 抗议和请愿 公开呼吁 公共安全 种族歧视 劳动教养
维权人士 维权 法治 上海合作组织 特别专题 国际赔偿
国家秘密 国家安全 颠覆国家政权 监控 科技 思想理论
天安门母亲 西藏 酷刑 典型案例 联合国 美中
维吾尔族人 弱势群体 妇女 青年 青年视野