On March 30, 2019, the Cyberspace Administration of China (CAC) released the first list of 197 blockchain information service providers that successfully registered pursuant to the Administrative Regulations on Blockchain Information Services.  The list includes well-known Chinese internet companies such as Baidu, Alibaba, Tencent and JD.com, financial institutions like Ping An, China Zheshang Bank and Webank, as well as other blockchain information service providers such as Wanxiang and Beijing Internet Court. There are no true foreign companies that are allowed to register, at least not at this time.

Such record filing is only for the registration of blockchain information services and is not interpreted to mean that any entity, product or service has been recognized or approved by the CAC. As a result, a registered entity or individual is prohibited from using the record filing for commercial purposes. 

Administrative Regulations on Blockchain Information Services (Regulations)

Released by the CAC on January 10, 2019, the Regulations came into effect on February 15, 2019.  The Regulations are aimed at regulating the activities of blockchain information services, safeguarding the national security and social public interests, protecting the legitimate rights and interests of citizens, legal persons and other organizations, and promoting the healthy development of blockchain technology and related services (art. 1).

Clarification of the Definitions of Blockchain Information Services

The Regulations apply to the blockchain information services engaged in the People’s Republic of China. 

The term “blockchain information services” refers to the information services provided to the public through internet sites, applications, etc. based on blockchain technology or systems. 

In addition, the term “blockchain information services provider” refers to the subjects or nodes that provide blockchain information services to the public and the organizations or institutions that provide subjects of blockchain information services with technical support (art. 2).

Specification of the Liabilities on Security

According to the Regulations, blockchain information services providers are required to be responsible for the security of blockchain information services in various respects, including but not limited to the following:

1. Blockchain information services providers should implement the responsibility for content security management, and establish management systems such as user registration, information review, emergency response and security protection (art. 5);
2. Blockchain information services providers should have the technical conditions suitable for their services and have the ability of immediate and emergent disposal of information or content prohibited by laws or administrative regulations (art. 6);
3. Blockchain information services providers should report to the CAC and local Internet Information Office any newly developed product, application or function for a safety assessment (art. 9); and
4. Blockchain information services providers should make corrections if it is determined that their services have information security risks and can continue to provide their services only after they comply with relevant laws, administrative regulations and national standards (art. 15).

Implementation of Record-Filing Management

To complete the record-filing formalities with the CAC, a blockchain information services provider should fill in its name, services, application domain, server address and other information through the record-filing management system for blockchain information services (Management System) within 10 working days from the date of providing services.  After receiving the materials submitted by an applicant for record filing, the CAC and local Internet Information Office should grant the record filing or inform the applicant of any incomplete materials within 20 working days (arts. 11-12).

The Management System was launched on January 28, 2019 (see https://bcbeian.ifcert.cn/index), further classifying the blockchain information services providers into the following three types:

1. Infrastructure providers, to provide services of mining pool, cloud mining and/or node;
2. Application operators, to provide services of wallet, web browser to check blockchain transactions, and/or other type of application; and
3. Technology providers to provide Blockchain-as-a-Service (BaaS) and/or other services.

When there is any change of services, platform URL or other information, the blockchain information services provider should go through the change formalities within five working days from the date of such change.  If the relevant services are intended to be terminated, the blockchain information services provider is required to proceed with the de-registration formalities 30 days before the termination (art. 11).

Legal Liabilities

For the blockchain information services provider violating the provisions of the Regulations (including the requirement of record filing with the Management System), the CAC and local Internet Information Office will issue warnings, order such services provider to make corrections within a time limit, or impose a fine of no more than RMB 30,000 (approx. USD 4,477).  Additionally, some violations will be handled according to the Cybersecurity Law of the People’s Republic of China.  If a crime is constituted, criminal liability will be investigated according to law (arts. 19-22).   

Impact of the Regulations 

Although some information in the Regulations has been indicated in the Cybersecurity Law and other regulations, these Regulations are the first ones specifically focusing on the blockchain information services.  This is a landmark of the establishment of the supervision and management system for blockchain in China.  Reasonable supervision and management may be beneficial to the development of blockchain information services and provide legitimacy to the market.

However, the Regulations are vague on how they apply to foreign companies operating blockchain information services in China.  While a company is required to register with the Management System in order to conduct the blockchain-based business activities listed above, currently a foreign company itself is not permitted to do the record filing in such system.  The Chinese presence of the foreign company, if any, can do the registration instead.  As we recently confirmed with a representative of the CAC, it is still uncertain if the Management System will be applicable to foreign companies without Chinese presence in the future.       

With the technology development, we can anticipate more detailed laws and regulations coming into place over the next years to further regulate blockchain information services in China. 

[View source.]