区块链规定对区块链服务采用备案为主,审核为辅的监管模式。
The Block-chain Rule regulates the block-chain information services mainly based on filing requirement and supplemented by approval requirement.
2.1 备案要求
Filing Requirement
区块链规定第四条规定,“区块链信息服务提供者应当在提供服务之日起十个工作日内通过国家互联网信息办公室区块链信息服务备案管理系统填报《区块链信息服务备案登记表》”。根据本款的要求,区块链信息服务提供者应当向网信办提交服务提供者、服务者类别、服务类别、服务形式、应用领域、服务器地址等信息以履行备案手续。同时根据第五条的规定,区块链信息服务者还应当每年履行备案更新的手续。
Article 4 of Block-chain Rule requires that all the block-chain information service providers file a registration form via an online management system developed by CAC within 10 days as of their provision of service. For the purpose of filing, block-chain information service provides must submit the information relating its shareholders, its operation of business and the address of servers etc. Moreover, the block-chain information service providers must renew its filing information annually in accordance with article 5 of Block-chain Rule.
但第四条没有明确:如何判断区块链信息服务者的“提供服务之日”。区块链信息服务提供者采取的“封测”、“内测”、“不公开测试”和“公开测试”等不同阶段的服务测试,是否可以认为是“服务提供之日”还有待进一步澄清。此外,对于区块链的技术提供者而言,“提供服务之日”系指该技术服务提供之日,还是接受技术服务一方向公众提供区块链服务之日,亦不明确。
However, it remains uncertain under Article 4 as to the date of the provision of service. Especially, block-chain information service providers usually adopt different testing phases such as “closed testing,” “internal testing” and “public testing” to review their services and it requires further clarification as to whether such testing is considered commencement of services. In addition, it is also not clear whether the date of provision of service refers to the date on which the technical service is provided to the SPVs, or refers to the date on which the recipient (e.g. the SPVs) of such technical services provides the block-chain information service to the public.
2.2 审批要求
Approval Requirement
虽然传统上区块链的主要运用场景是金融,即发行和交易代币,但是不能否认,区块链也可以应用在其他场景,比如最近热议的电子证据保全。根据区块链规定第七条的规定,提供需要准入审批行业的区块链服务提供者,仍然先需要获得有关主管部门的审核同意后,方可进行提供相应的区块链服务。也就是说,如果区块链应用的场景是需要审批的行业,那么该区块链服务的提供也需要得到审批。
Though, ‘traditionally’, the block-chain technology is mainly used in the financial sector, especially in the context of issuing and trading ‘coins.. However, such technology can also be used in other scenarios, such as preservation of electronic evidence. According to Article 7 of Block-chain Rule, the block-chain information service provider must apply for an approval from the relevant government departments if the service to be provided falls within the scope of restricted industry. In other words, the pre-approval requirement in restricted industries still applies to the block-chain related services in such areas.
2.3 网络安全要求
Cyber Security Requirement
网络安全是中国政府自2015年以来长期强调的国家战略。不出意外的,区块链规定在第八条至第十条,第十四条和第十六条对于网络安全提出了相应的要求,其中包括用户实名制(对应网络安全法第二十四条)、信息审核(对应网络安全法第四十七条)、应急处置(对应网络安全法第二十五条)、投诉渠道设立(对应网络安全法第四十九条)、安全防护和网络日志留存要求(对应网络安全法第二十一条)以及禁止危害信息传播(对应网络安全法第十二条)等法律义务。
The ‘network security’ has been considered a national strategy formulated by PRC government since 2015. Unsurprisingly, the Block-chain Rule provides for a number of cyber security requirements, which including real name registration (corresponding to Article 24 of PRC Cyber Security Law), content censorship (corresponding to Article 47 of Cyber Security Law), formulating a emergence plan (corresponding to Article 25 of Cyber Security Law), establishing a channel for reporting (corresponding to Article 49 of Cyber Security Law), security protection and cyber logs retention requirement (corresponding to Article 21of Cyber Security Law), as well as prohibition of illegal information requirement (corresponding to Article 12 of Cyber Security Law).
值得注意的是,区块链规定特别强调了对于“用户实名制”的要求。“匿名化”是区块链技术重要的技术特征之一。在目前推出的各项区块链服务中,有一些区块链技术的应用场景就是基于“匿名化”特征而产生的,例如 “快递区块链”服务和匿名金融服务交易。而一旦法律要求区块链服务提供者开展“实名”审核,可能会导致区块链使用者的顾虑。
It is worth noting that the Block-chain Rule amphsizes the requirement of ‘real name registration.’ However, ‘anonymization’ has long been viewed as one of the most important technical characters of block-chain technology. A number of block-chain information services are developed based on the ‘anonymized function’ derived from such technology, for example ‘express delivery service’ (for protection of privacy) and anonymized financial trading service. The “real name” requirement may trigger customers’ a concerns about their privacy.
2.4 违法信息处置要求
Eliminating Illegal Information Requirement
区块链规定第十一条要求区块链服务提供者删除非法信息,这无疑对区块链信息服务提供者提出很大的挑战。区块链技术本质上具有“不可篡改”的属性,即一旦某些信息经过使用区块链技术上链之后,除非提供足够的计算能力进行攻击(实际上实施这样的攻击需要的计算能力是不可能以商业途径购买到的),违法信息将无法以任何形式被删除。因此,对于区块链服务提供者而言,如何在区块链上履行本款的义务将会是个一个直观的难题。
Block-chain information service providers are required to eliminate all the illegal information on their ‘block-chain’ according to Article 11 of Block-chain Rule, which will be a tremendous challenge for the block-chain information service providers in China. The block-chain technology enables a community of users to record information or transactions in a ‘ledger’ that is public to such community. Mo information or transaction can be changed once published. In other words, illegal information will be immutable once it is recorded into block-chain unless hacking the block-chain with enough computing power, which power is almost impossible to be generated by any commercial entities currently. Therefore, it would be a difficult mission for block chain information service provider to perform the obligation under Article 11.
目前,在业界已经产生了解决类似困境的区块链技术,有学者将其称之为主权区块链技术。在2018年10月7日,阿里巴巴对外宣布了一项有关“区块链系统干预技术”的专利:根据阿里巴巴的描述,这项专利将使得第三方管理员能够执行“特殊处理”,通过调动节点上的“智能合约”对特定账户执行相应的操作。如果该项技术能够实施,那么对于区块链服务提供者而言,区块链的“不可篡改性”特点将被打破,履行删除非法信息的义务成为可能。
Recently, a new technology has been created in order to solve with the above difficulties in the block-chain industry, which technology is called ‘sovereign block-chain’ by some scholars. According to a documents released on Oct 4 2018 by the U.S Patent and Trademark Office (the “USPTO”), Chinese tech giant Alibaba has applied for a patent for block-chain system that allows a third-party administrators to perform special transactions or instructions, e.g. stopping smart contracts or freeze accounts which suspicious of illegal activities. According to Alibaba's proposed block-chain system, dedicated administrators will be able to send special processing instructions to each nodes, making smart contracts perform corresponding operations on specific accounts. If such technology can be implemented as Alibaba’s description, it will enable the block-chain information service providers to perform the obligation under Article 11 of Block-chain Rule.
2.5 安全评估要求
Security Assessment Requirement
出于审慎监管的考虑,区块链规定的第十六条还要求区块链服务提供者在开发上线新产品、新应用、新功能之前,应该向网信部门报请进行安全评估。这实际上是网络产品和服务的安全评估要求在区块链应用场景的具体化。在2017年5月2日,网信办就发布了《网络产品和服务安全审查办法(试行)》,要求关系到国家安全的网络和信息系统采购的重要网络产品和服务,应当经过网络安全审查。在2017年6月,工信部还曾就《互联网新业务安全评估管理办法》公开征求意见,希望对于互联网新业务的应用进行事前审批,以降低对于其可能的网络安全风险对于社会造成的不良影响。但考虑到目前区块链技术的复杂性与多样性,如何实施第十六条的评估,仍然需要等待实践观察。
For the purpose of prudential regulation, Article 16 of Block-chain requires that all block-chain information service provides apply to CAC or its local offices at provincial level for a security assessment prior to any development or operation of new product, new application and new function of its services, which requirement is quite similar to the security assessment review requirement applicable to network products and services. On May 2 2017, CAC issued the Measures on Security Examination for Network Products and Service (Provisional), under which the procurement of network products or services for important networks that may have influence on national security is subject to a cyber security review. Additionally, the Ministry of Industry and Information Technology (the “MIIT”) issued Measures on Security Assessment for New Internet Service for public consultation in June 2017, by which the MIIT would be able to establish a pre-approval system for any new internet service in order to mitigate the potential network security risks associated with such service. However, given the complexity and diversity of block-chain technology, it requires further clarification as to how the security assessment requirement will be performed.