Cyber security. Photo: IC

 
China will punish those who use loopholes on the internet and threaten cyber security, according to a new regulation rolled out on Tuesday.

The new regulation, jointly published by the Ministry of Industry and Information Technology (MIIT), the Cyberspace Administration of China and the Ministry of Public Security, forbids institutions and individuals from engaging in the discovery, collection and release of internet loopholes and from providing unpublished loopholes to foreign entities. 

The new regulation, which will be effective from September 1, also stipulates that no information on security loopholes should be published unless approved by the Ministry of Public Security at times of major national events.  

Internet service providers are required to file documentation with the MIIT within two days after discovering the loopholes, as information about the loopholes can be quickly circulated via internet platforms and media organizations, putting the interests of large numbers of users at risk. Efforts to fix the loopholes need to be timely and users must be informed about protection methods.

Logs storing messages about loopholes have to be stored for no less than six months and selling information about loopholes for profit, or to engage in blackmail or fraud are all prohibited under the new regulation. 

Those who violate the regulation will be punished by competent authorities according to the law. 

In May, a group of university students from East China's Jiangsu Province were given prison sentences of up to two-and-a-half years for fraud after they took advantage of loopholes in fast-food chain KFC's mobile applications to obtain free meals and make profits, causing over 200,000 yuan ($311,740) in losses for the company.