Towards a Greater Chinese Firewall? - China issues new draft domain name rules
Overview of main changes under the Draft
The Draft regulates most aspects of the domain name system in China, and contains various provisions ranging from minimum requirements applicable to domain name registrars, to detailed rules regulating domain name registration services.
While the scope of application of the Draft is somewhat vaguely limited to domain name services "rendered within China", the Draft applies to all top-level domains, e.g. ".cn" and ".中国", but also ".com" and new generic top-level domain names.
The main changes under the Draft are:
a) Root-server operators, domain name registries and registrars must be legal entities established in China, and their servers and databases must be located in China (this echoes the recently issued Online Publishing Regulations, which we discuss here);
b) Root-server operators, domain name registries and registrars must comply with extensive requirements relating to personal data protection, network security, verification of registrant details, data keeping and other matters;
c) The enforcement authorities are granted increased investigation and enforcement powers; and
d) Any domain name (whether .com, .cn, etc.) whose website is hosted in China must be registered with a Chinese domain name registrar, otherwise Chinese ISPs must refuse Internet access. This is by far the most widely discussed provision. We analyse it in more detail below.
All foreign websites blocked?
As discussed under d) above, by far the most controversial provision in the Draft is article 37. Article 37 provides -unofficial translation-: "Domain names whose network connection takes place in China, shall have services provided by domain name registrars in China, and domain name registries in China shall carry out the operational management [of the domain name]. For domain names whose network connection takes place in China, but which are not managed by domain name registrars in China, Internet access service providers shall not provide network connection services."
This provision has been interpreted and criticized by various sources in the international media as an explicit attempt to fence the Chinese internet off from foreign websites. However, to come to a better understanding of this provision, one should look at the technical side of browsing websites (as explained below) and at how the Draft would impact on the current version of the Domain Name Rules.
The steps involved in browsing the Internet can be roughly summarized as follows: websites can be visited by selecting a certain protocol identifier (e.g. http) followed by a resource name, which includes a domain name such as hoganlovells.com. The protocol identifier and resource name together make up a uniform resource locator (or "URL"). The URL is linked to a specific IP address through the Domain Name System. Each IP address in turn points to a server that hosts the website files or other data being sought by the user. The server is connected to the Internet through an ISP, which in turn enables routing of the data through the Internet to the user. Websites hosted on a server located in China generally use Chinese ISPs, and overseas hosted websites normally use overseas ISPs.
The current rules (which came into operation in 2004) do not contain any prohibition against ISPs in China providing Internet access services to domain names registered with an overseas registrar.
The Draft would change this. All domain names hosted in China would be required to be registered with a Chinese domain name registrar- a new requirement that appears to be in line with the Chinese Government's aim to render the Internet and IT industry in general "secure and controllable" (for more information see here, here or here).
However, we believe that the conclusion that all foreign websites (or even all websites with foreign top level domain names) would be blocked in China is –for now- incorrect.
Foreign websites, hosted on foreign servers would in principle not be affected by the Draft, but could still be blocked or disrupted by the Internet censorship controls often referred to as the "Great Chinese Firewall", a circumstance that they find themselves in already. This was recently –yet unofficially- confirmed by MIIT, and seems to find support in article 2 of the Draft, which limits the territorial scope of application to China. What remains clear, of course, is whether or not the restrictions of the Great Chinese Firewall would increase in the wake of the issuance of rules based on the Draft.
Companies forced to switch to a Chinese Domain Names registrar?
A significant number of Chinese e-businesses (including some of China's largest e-commerce companies) have registered their domain names overseas, with servers located abroad and in China.
Should the Draft be enacted as proposed, then these companies would need to choose to either transfer their domain names to a registrar located in China, or forego their Chinese server and operate as an overseas website. In principle then, the Draft does not force a localization of foreign web sites in China, but it does mean that web site operators choosing to hold foreign-registered domain names must now face the risk that they may more frequently be blocked or disrupted by the Great Chinese Firewall.
For companies with domain names registered overseas but having the bulk of their business (and website servers) in China, it may in practical terms make sense to move the registration of their domain names to China, but the Draft would not require them to do so.
The Draft does appear to be aimed at increasing the Chinese Government's control over the Internet through the registration of domain names, consistent with the Chinese Government's aim to render the 'Chinese Internet' and IT industry in general more "secure and controllable", an aim that is underpinned by other recent legislation such as the recent National Security Law, the draft Cyber Security Law, the Counter-Terrorism Law and the Online Publishing Regulations (which we discuss here and here).
However, on the basis of the somewhat vague provisions that are now available, the specific requirements of the Draft appear to be more focused than a complete block on foreign Internet traffic, as some media reports have suggested.
In any event, it is clear that heated debate is currently ongoing in the sector, and that the dust has not yet settled on this topic.
Comments on the Draft can be submitted until April 25th (here). We expect commentary to be significant given the importance of the Chinese Internet, both to multi-national businesses and Chinese businesses that register their domain names abroad.