Skip to content Skip to navigation

XUAR Government Notice on Strengthening the Management of Internet Information Security


On Christmas Eve in 2014, the government of the Xinjiang Uyghur Autonomous Region (‘XUAR’) released this Notice on Strengthening the Management of Internet Information Security.  The Notice requires Internet information service providers who serve users in the XUAR to give the government their encryption technology, to require information regarding real identity as a condition of providing services to their users, and to maintain their servers within the territory of the XUAR.  The notice also requires service providers to manage, stop, and record the flow of a very broad variety of content and information including that which ”undermines national religious policies,” “disturbs social order,” or “harms national honor and interests,” amongst other things.  These requirements needed to have been complied with by March 24, 2015.

The Notice is an important step in China’s continued approach of combining broad-based definitions of “terrorism” and what it styles as “religious extremism” with highly restrictive internet regulation under the banner of “internet sovereignty.”  This approach to counterterrorism is evident in both the framework of the Shanghai Cooperation Organization, and in China’s draft Counter-Terrorism Law (Chinese) released on November 3, 2014, and as amended in February 2015.  The draft Counter-Terrorism Law continues to be deliberated upon by the Standing Committee of the National People’s Congress.

See bilingual version or Chinese original.

Xinjiang Uyghur Autonomous Region People’s Government
Notice on Strengthening the Management of
Internet Information Security

December 24, 2014

[Translation by Human Rights in China]

 (1) In order to safeguard national security and social stability, and in accordance with the NPC Standing Committee "Decision Concerning the Strengthening of Network Information Protection," the State Council's "Measures for the Management of Internet Information Services" relevant national, and autonomous region regulations, as well as in accordance with the realities of the autonomous region, this notice is hereby issued in order to crack down hard on, and prevent use of the Internet to copy, distribute, disseminate and store violent and terrorist related information and other criminal activities.

  (2) Internet information service providers who provide users with instant messaging, cloud storage, online storage, audio and video sharing and other social networking service platforms, must implement permit or filing procedures, as well as comply with this Notice.

  (3) For those [Internet information service providers] registered within the administrative area of the autonomous region, and engaged in Internet service provision activities set out in article (2) of this Notice, or for those registered outside of the administrative area of the autonomous region, but who provide Internet service provision activities set out in article (2) of this Notice to new Xinjiang users, all must maintain servers within the administrative area of the autonomous region; and those who use encryption technology must inform the relevant authorities of their facilities and digital information.

  (4) For Internet information service providers who provide services for the distribution of information, their users must provide information regarding their true identity. For users who are individuals, they must provide their resident's identification card or other valid proof of personal identity upon registration. For users who are units, they must register by using the code allocated to their organization [aka their Organization Code Certification][1] or their business permit.

  (5) Internet information service providers have the responsibility to keep registered users' identity information secret. Unless as stipulated by legal process, it cannot be given to others, nor can registration information be applied to other uses; information content cannot be leaked, tampered with or damaged, and the information regarding real identity must not be used for the purpose of making profit.

  (6) It is forbidden for Internet information service providers and users to make, copy, disseminate, and store any information which:

   (i) opposes the basic principles fixed in the Constitution, or slanders [any of] the Constitution, the laws or regulations;

   (ii) harms national honor and interests, endangers state security, divulges state secrets, subverts state power or harms national unity;

   (iii) promotes 'jihad' and ethnic splittism, incites ethnic hatred or ethnic discrimination, or harms ethnic solidarity;

   (iv) spreads religious extremist thought, undermines national religious policies, or promotes cults and feudal superstitions;

   (v) creates or disseminates rumors, disturbs social order, or harms social stability;

   (vi) disseminates violent terrorist ideology, or violent terrorist audio-visual materials; or spreads, makes, or uses explosives, explosive devices, firearms, control equipment, hazardous materials and other violent terrorist criminal methods and skills;

   (vii) incites violence to endanger the lives of others as well as public and private property;

   (viii) spreads [information] that is obscene, pornographic, or related to gambling or instigates the commission of a crime;

   (ix) insults or slanders others, or harms the legitimate rights or interests of others;

   (x) [involves] other content that is prohibited by [any] laws or regulations.

  (7) With regard to actions violating article 6 of this Notice, Internet information service providers must immediately stop their release and dissemination or take other measures for addressing, such as by deleting [such information] and temporarily stopping updates up until the account is closed, as well as to preserve relevant records and report them in a timely manner to the relevant authorities.

  Any unit or individual has the right and the obligation to report actions in violation of Article (6) of this Notice to the relevant authority.

  Relevant authorities must carry out their duties within the scope of their authority and adopt technological measures or other compulsory measures to stop or investigate activities that violate the provisions of Article (6) of this notice.

(8) Concerning violations of Article (3) of this Notice, relevant authorities must, within the scope of their authority, and according to law, put forward Decisions that prohibit or terminate Internet information service providers' providing services within the administrative area of the autonomous region.

  As for other actions that violate the terms of this Notice, they should be handled according to relevant laws and regulations.

  (9) Those already engaged in Internet information service activities prior to the promulgation of this Notice, shall, within 90 days of the date of promulgation of this Notice, set up servers in accordance with Article (3) of this Notice, and inform relevant authorities of their facilities and digital information.

  (10) This notice shall come into force from the date of publication.

  December 24, 2014


[1] Codes are allocated to organizations in China by the National Administration for Code Allocation to Organizations:


709事件 公眾知​​情權 司法公正 行政拘留 法律天地 任意羈押
公示財產 雙邊對話 黑監獄 書評 商業與人權 審查
零八憲章 兒童 中國法 翻牆技術 公民行動 公民記者
公民參與 民間社會 評論 中國共產黨 憲法 消費者安全
思想爭鳴 腐敗 反恐 向強權說“不!” 文革 文化之角
時政述評 網絡安全 社會民生 民主和政治改革 拆遷 異議人士
教育 選舉 被迫失踪 環境 少數民族 歐盟-中國
計劃生育 農民 結社自由 言論自由 新聞自由 信仰自由
政府問責 政策法規 施政透明 香港 軟禁 中國人權翻譯
戶口 人權理事會 人權動態 非法搜查和拘留 煽動顛覆國家政權 信息控制
信息技術 信息、通信、技術 公民權利和政治權利國際公約 國際人權 國際窗口 國際關係
互聯網 互聯網治理 建三江律師維權 司法改革 六四 綁架
勞改場 勞工權利 土地、財產、房屋 律師權責 律師 法律制度
國內來信 重大事件(環境污染、食品安全、事故等) 毛澤東 微博 全國人大 新公民運動
非政府組織 奧運 一國兩制 網上行動 政府信息公開 人物
警察暴行 司法評述 政治犯 政治 良心犯 歷史鉤沉
宣傳 抗議和請願 公開呼籲 公共安全 種族歧視 勞動教養
維權人士 維權 法治 上海合作組織 特別專題 國家賠償
國家秘密 國家安全 顛覆國家政權 監控 科技 思想理論
天安門母親 西藏 酷刑 典型案例 聯合國 美中
維吾爾族人 弱勢群體 婦女 青年 青年視野