Document of the State-owned Assets Supervision and Administration Commission of the State Council
Guozifa Document No. 41 (2010)
To All Central State-Owned Enterprises:
The Provisional Regulations on the Protection of Commercial Secrets of Central State-Owned Enterprises have been reviewed and passed in the 87th director’s executive meeting of the State-owned Assets Supervision and Administration Commission of the State Council. The regulations are hereby issued to you; please implement them accordingly.
Central state-owned enterprises should attach great importance to the work of protecting commercial secrets, speed up the study and formulation of related implementation measures, ensure that the interests of the enterprises are not infringed upon, and promote the efficient and effective development of enterprises.
State-owned Assets Supervision and Administration Commission of the State Council
March 25, 2010
Chapter 1 General Provisions
Article 1: These Regulations are formulated for the purpose of strengthening the work of protecting the commercial secrets of central state-owned enterprises and guaranteeing that their interests are not infringed upon, pursuant to the Law of the People’s Republic of China on Guarding State Secrets and the Anti-Unfair Competition Law of the People’s Republic of China, and other [relevant] laws and regulations.
Article 2: “Commercial secrets” as mentioned in these Regulations refer to operational information and technical information that are not known to the public, can produce economic benefits for the central state-owned enterprises, have practical value, and have been protected by secrets protection measures carried out by central state-owned enterprises.
Article 3: Operational information and technical information of central state-owned enterprises that fall within the scope of state secrets must be protected as state secrets in accordance with law.
Article 4: Commercial secrets of central state-owned enterprises involving intellectual property rights shall be managed in accordance with state laws and regulations related to intellectual property rights.
Article 5: The work of protecting the commercial secrets of central state-owned enterprises shall follow the guidelines of regulating in accordance with law and each enterprise taking responsibility, making prevention a priority, emphasizing key issues, facilitating work, and ensuring security.
Chapter 2: Structure and Responsibilities
Article 6: Central State-owned enterprises, in the work of protecting commercial secrets, shall implement the legal representative responsibility system of the enterprise in accordance with the principles of unified leadership and hierarchical management.
Article 7: The Committee for Secrets Protection of each central state-owned enterprise is the operating mechanism for protecting commercial secrets, and is responsible for implementing relevant state laws, regulations, and rules, fulfilling work requests from the higher-level organs and departments for protecting secrets, and considering and deciding matters related to the work of protecting the commercial secrets of enterprises.
As the office for handling the routine matters of the Committee for Secrets Protection, the Office of Secrets Protection of each state-owned enterprise is responsible for tasks including organizing and launching education and training on the protection of commercial secrets, inspecting secrets protection, safeguarding secrets protection technologies, and investigating incidents of leaks, in accordance with law.
Article 8: Offices of Secrets Protection of central state-owned enterprises should be equipped with full-time secrets protection staff, responsible for managing the work of protecting commercial secrets.
Article 9: Departments such as technology, law, and intellectual property departments of central state-owned enterprises shall share the work based on the duties of the departments, and be responsible for protecting and managing commercial secrets in accordance with the scope of duties of the departments.
Chapter 3: Determination of Commercial Secrets
Article 10: Each central state-owned enterprise, according to law, determines the scope of protection of its commercial secrets, which mainly include: business information such as that of strategy planning, methods of management, business models, restructuring and listing, mergers and acquisitions, property transactions, financial information, investment and financing decision-making, production purchases and sales strategy, resource reserves, customer information, bidding and tendering; and technical information such as that of design, procedure, product formula, production technology, production methods, and technical know-how.
Article 11: Because of adjustments to the scope of state secrets, the commercial secrets of central state-owned enterprises that need to be reclassified as state secrets must be classified as state secrets, in accordance with legal procedures.
Article 12: Central state-owned enterprises’ commercial secrets and their level of classification, the length of time of secrets protection, and the range of those with knowledge1 of the commercial secrets, shall be determined by the department where the matter arises, approved by the leadership in charge, and put on record in the Office of Secrets Protection.
Article 13: The classification of central state-owned enterprises’ commercial secrets, based on the degree of possible harm to the economic interests of the enterprise resulting from a leak, is fixed at two levels: core commercial secrets and general commercial secrets; the classification level should be uniformly labeled as “core commercial secrets” or “general commercial secrets.”
Article 14: Central state-owned enterprises can determine on their own the length of protection period for the commercial secrets. Calculate a predictable time limit by “year, month, and day,” and designate an unpredictable time limit as “long term” or “before announcement.”
Article 15: Once the classification level and the period of classification of the central state-owned enterprises’ commercial secrets are determined, items bearing secrets should be clearly labeled. The label is composed of three parts: ownership (such as the unit’s abbreviation or logo), classification level, and period of classification.
Article 16: Central state-owned enterprises need to rigorously determine the range of those with knowledge of commercial secrets based on work requirements. The range of those with knowledge of commercial secrets should be limited to specific positions and personnel and should be managed according to the extent of the secrets involved.
Article 17: The alteration of levels of classifications of commercial secrets, the length of time of secrets protection, and the range of those with knowledge2 of the commercial secrets, or declassification within the protection period, shall be determined by the work departments, approved by the leadership in charge, and put on record in the Office of Secrets Protection. If the protection period expires or if the secret has been publicized already, then the secret shall be automatically declassified.
Article 18: After the alteration of commercial secrets’ classification levels or the protection period, a new label should be put close to the location of the original label, and the original label should be voided in a clear way. If declassification occurs within the protection period, the wording of “declassified” should be marked in a clear and discernible manner.
Chapter 4: Protective Measures
Article 19: The employment contracts between the central state-owned enterprise and employees should include secrets protection clauses.
The secrets protection agreement between central state-owned enterprises and personnel involved with secrets protection should clearly identify the contents and scope of secrets protection, both parties’ rights and obligations, the time period of the agreement, and liabilities in the event of a breach of contract.
Central state-owned enterprises should sign non-competition agreements with core personnel involved with secrets based on considerations such as the extent of their involvement with secrets. Those agreements should include monetary compensation clauses.
Article 20: The central state-owned enterprises which, because of work requirements, need to provide commercial secrets materials to state organs at various levels, institutions that have administrative and management functions, or civil society organizations and the like, should use appropriate ways to explicitly state the obligations to protect the secrets. The provided materials involving secrets shall be determined by the work departments, approved by the leadership in charge, and put on record at the Office of Secrets Protection.
Article 21: Central state-owned enterprises should sign secrets protection agreements with related parties with regard to consultations, negotiations, technology assessments, results evaluations, cooperation developments, technology transfers, joint venture investments, external audits, due diligence investigations, audits of assets, and other activities related to commercial secrets.
Article 22: Central state-owned enterprises, in the process of issuance of securities, listing and disclosing information of listed companies inside or outside the country, should establish and perfect the examination and reviewing procedures for the protection of commercial secrets, and specify the secrets protection obligations of the relevant departments, agencies, and personnel.
Article 23: Strengthen the commercial secrets protection of key projects, important negotiations, and major undertakings of central state-owned enterprises, and set up, in advance, mechanisms for secrets protection. Projects involving national security and interests should be reported to related state departments.
Article 24: Departments (places) and regions with a relatively large number of individual positions involving secrets, or those involving highly classified secrets, should be identified as key departments (places) for commercial secrets protection or as regions involved with secrets, and which should strengthen their prevention and management efforts.
Article 25: Central state-owned enterprises should implement control over the production, receipt and sending, transmission, use, storage, and destruction of items bearing commercial secrets, and ensure the security of items bearing secrets.
Article 26: Central state-owned enterprises should strengthen the secrets protection management of computer information systems, communications [systems], automated office [systems], and other information facilities and equipment that involve commercial secrets, and guarantee the security of commercial secrets information.
Article 27: Central state-owned enterprises should include commercial secrets protection as a part of risk management, formulate emergency response plans for secret leaking and strengthen the capacity for risk prevention. When it is discovered that items bearing commercial secrets have been stolen or lost, control of such items has been lost, or in other such situations, measures to remedy the situation should be taken immediately. Incidents of leaking secrets should be immediately investigated and prosecuted, as well as reported to the State-Owned Assets Supervision and Administration Commission of the State Council.
Article 28: Against infringement of the respective unit’s commercial secrets, central state-owned enterprises should, in accordance with law, assert their rights, demand a stop to the infringement, eliminate its impact, and [demand] compensation for losses.
Article 29: Central state-owned enterprises should guarantee funding for education, training, inspection, rewards, secrets protection facility and equipment purchases, and other work related to commercial secrets protection.
Chapter 5: Awards and Penalties
Article 30: Central state-owned enterprises should commend and reward departments and individuals who deliver outstanding performance or make prominent contributions in the course of their work in protecting commercial secrets.
Article 31: When an incident of leaking commercial secrets occurs in a central state-owned enterprise, that enterprise’s Committee for Secrets Protection is responsible for organizing the relevant departments to determine responsibility, and the relevant departments shall handle the incident in accordance with relevant laws and regulations.
Article 32: Employees of central state-owned enterprises who leak commercial secrets or use commercial secrets illegally, if the circumstances are serious and the losses for the enterprise are great, should be investigated and held legally responsible in accordance with law. When a crime is suspected, the case shall be transferred to judicial organs to be dealt with.
Chapter 6: Supplementary Provisions
Article 33: Central state-owned enterprises should incorporate [these Regulations] into their actual business practices, and formulate implementing measures or detailed work rules and regulations for the protection of their commercial secrets in accordance with these Regulations.
Article 34: These Regulations shall take effect on the day of promulgation.
1. The source text - 知悉范围- can mean three things: 1) the range (number) of people or groups who have knowledge of a specific secret; 2) the extent of a specific person’s or group’s knowledge of a specific secret; 3) which rank of people are entitled to have knowledge of which classification of secrets. ^
2. See note 1. ^
第二条 本规定所称的商业秘密，是指不为公众所知悉、能为中央企业带来经济利益、具有实用性 并经中央企业采取保密 措施 的经营信息和技术信息。
第五条 中央企业商业秘密保护工作，实行 依法规范、企业负责、预防为主、突出重点、便利工作、保障安全的方针。
第七条 各中央企业保密委员会是商业秘密保护工作的工作机构，负责贯彻国家有关法律、法规和规章，落实上级保密机 构、部门的工作要求，研究决定企业商业秘密保护工作的相关事项。
第十条 中央企业依法确定本企业商业秘密的保护范围，主要包括：战略规划、管理方法、商业模式、改制上市、 并购重组、产权交易、财务信息、投融资决策、产购销策略、资源储备、客户信息、招投标事项等经营信息；设计、程序、产品配方、制作工艺、制作方法、技术诀窍等技术信息。
第十二条 中央企业商业秘密及其密级、保密期限和知悉范围，由产生该事项的业务部门拟定，主管领导审批，保密办公 室备案。
第十三条 中央企业商业秘密的密级，根据泄露会使企业的经济利益遭受损害的程度，确定为核心商业秘密、普通商业秘 密两级，密级标注统一为“核心商密”、“普通商密”。
第十四条 中央企业自行设定商业秘密的保密期限。可以预见时限的以年、月、日计，不可以预见时限的应当定为“长 期”或者“公布前”。
第十五条 中央企业商业秘密的密级和保密期限一经确定，应当在秘密载体上作出明显标志。标志由权属（单位规范简称 或者标识等）、密级、保密期限三部分组成。
第十六条 中央企业根据工作需要严格确定商业秘密知悉范围。知悉范围应当限定到具体岗位和人员，并按照涉密程度实 行分类管理。
第十七条 商业秘密需变更密级、保密期限、知悉范围或者在保密期限内解密的，由业务部门拟定，主管领导审批，保密 办公室备案。保密期限已满或者已公开的，自行解密。
第十八条 商业秘密的密级、保密期限变更后，应当在原标明位置的附近作出新标志，原标志以明显方式废除。保密期限 内解密的，应当以能够明显识别的方式标明“解密”的字样。
第二十条 中央企业因工作需要向各级国家机关，具有行政管理职能的事业单位、社会团体等提供商业秘密资料，应当以 适当方式向其明示保密义务。所提供涉密资料，由业务部门拟定，主管领导审批，保密办公室备案。
第二十一条 中央企业涉及商业秘密的咨询、谈判、技术评审、成果鉴定、合作开发、技术转让、合资入股、外部审计、 尽职调查、清产核资等活动，应当与相关方签订保密协议。
第二十二条 中央企业在涉及境内外发行证券、上市及上市公司信息披露过程中，要建立和完善商业秘密保密审查程序， 规定相关部门、机构、人员的保密义务。
第二十三条 加强中央企业重点工程、重要谈判、重大项目的商业秘密保护，建立保密工作先期进入机制，关系国家安全 和利益的应当向国家有关部门报告。
第二十四条 对涉密岗位较多、涉密等级较高的部门（部位）及区域，应当确定为商业秘密保护要害部门（部位）或者涉 密区域，加强防范与管理。
第二十六条 中央企业应当加强 涉及商业秘密的计算机信息系统、通讯及办公自动化等信息设施、设备的保密管理，保障商业秘密信息安全。
第二十七条 中央企业应当将 商业秘密保护工作纳入风险管理，制定泄密事件应急处置预案，增强风险防范能力。发现商业秘密载体被盗、遗失、失控等事件，要及时采取补救措施，发生泄密事件要及时查处并报告国务院国资委保密委员会。