Chapter 2. Mechanism of Fraud Prevention at Source
Section 1 Financial fraud prevention measures
Article 7
Financial institutions and businesses or personnel providing virtual asset services shall adopt reasonable measures to prevent deposit accounts, electronic payment accounts, credit cards, and virtual asset accounts from being used in fraud crimes and shall promote information on fraud prevention to customers.
Article 8
Financial institutions and businesses or personnel providing virtual asset services shall exercise the obligation of due care of a good administrator for deposit accounts, electronic payment accounts, and credit cards, and virtual asset accounts. Regarding abnormal deposit accounts, electronic payment accounts, credit cards, or virtual asset accounts that are suspected of being involved in fraud crimes, they shall enhance the authentication of customers and may adopt continual review of customers, suspension of deposits , withdrawals, or outward remittance of funds or virtual assets, suspension of the entire or partial transaction functions, credit card control and suspension of credit card account transaction functions, refusal of establishing business relationships, service provision, and other control measures.
When implementing operations stated in the latter part of the preceding paragraph, financial institutions and businesses or personnel providing virtual asset services may notify peers, who are required to provide relevant information.
The central competent financial authority shall establish regulations regarding the criteria for identifying abnormal deposit accounts, electronic payment accounts, credit cards, or virtual asset accounts suspected of fraud, as well as the procedures and items for notification, operational protocols, and other compliance matters..
Article 9
When making arrangements according to the latter part of paragraph 1 of the preceding Article, financial institutions and businesses or personnel providing virtual asset services shall keep the data obtained from the customer authentication procedures and transaction records and may report to the judiciary police department. After the judiciary police department receives the report, it shall notify financial institutions and businesses or personnel providing virtual asset services to carry out the subsequent control or cancel the control over the abnormal accounts, credit cards, or virtual asset accounts within a reasonable timeframe.
The data and transaction records retained in accordance with the preceding paragraph shall be kept for at least five years or a longer period as otherwise required by law, from the termination of business relationships.
The central competent financial authority shall coordinate with the central competent authorities and competent legal affairs authority to discuss and establish the regulations for the scope of the preserved data and transaction records in the first paragraph, the methods to report to the judiciary police department, the subsequent control, control cancelation and other compliance matters of abnormal accounts, credit cards, or virtual asset accounts.
Article 10
Financial institutions and businesses or personnel providing virtual asset services shall cooperate with the judiciary police department to form a joint defense reporting system. When receiving the reports from the judiciary police department, the receiving banks and businesses or personnel providing virtual asset services shall earmark and continue to monitor the reported funds or virtual assets and make arrangements according to paragraph 1, Article 8.
After carrying out the report in the preceding paragraph, the judiciary police department shall investigate within a reasonable timeframe and notify financial institutions and businesses or personnel providing virtual asset services to carry out subsequent alerting operations or control cancelation.
The central competent financial authority shall coordinate the central competent authorities and competent legal affairs authority to establish the regulations for the reporting system, earmarking of funds or virtual assets, operational procedures, subsequent aler operations, control cancelation, and other compliance matters.
Article 11
When there are funds or virtual assets remitted (transferred) by victims in the accounts or account numbers suspended of all transaction functions that are not withdrawn as notified by the judiciary police department, financial institutions and businesses or personnel providing virtual asset services may return the remaining funds or virtual assets based on the notice of the initial notifying institution according to the latter part of paragraph 1 of Article 9.
The central competent financial authority shall coordinate the central competent authorities and competent legal affairs authority to establish the regulations for the conditions, methods, procedures, and other compliance matters regarding the return of the remaining funds or virtual assets in the accounts or account numbers.
Article 12
Financial institutions and businesses or personnel providing virtual asset services are exempted from their confidentiality obligations when implementing fraud prevention measures stated in this Act. This exemption also applies to the responsible persons, directors, managers, and employees of the institutions or businesses.
Financial institutions and businesses or personnel providing virtual asset services are exempted from the compensation responsibility when causing damages to customers or third parties due to the implementation of fraud prevention measures stated in this Act or arrangements made in cooperation with the judiciary police department and the target business competent authorities.
Article 13
If any of the following circumstances occur to financial institutions and businesses or personnel providing virtual asset services, the central competent authority may impose a fine of more than NT$0.2 million but less than NT$2 million and order them to make correction within a prescribed period; those who fail to make correction within the prescribed period, penalties shall be imposed per violation:
1. Failing to provide relevant information to the notifying party in violation of paragraph 2 of Article 8.
2. Failing to preserve data or transaction records in violation of paragraph 1 of Article 9.
3. Failing to preserve data or transaction records as required in violation of paragraph 2 of Article 9.
4. Failing to cooperate in forming a joint defense reporting system or fail to earmark and continuously monitor reported funds or virtual assets in violation of paragraph 1 of Article 10.
If any of the circumstances in the subparagraphs of the preceding paragraph that occur to financial institutions and businesses or personnel providing virtual asset services are severe, the central competent authority may impose a fine of more than NT$1 million but less than NT$10 million and order them to make correction within a prescribed period; those who fail to make correction within the prescribed period, penalties shall be imposed per violation.
Section 2 Telecom fraud prevention measures
Article 14
Telecom businesses shall adopt reasonable measures to prevent their telecom services from being used in fraud crimes and shall promote information on fraud prevention to their users.
Upon notification from the competent telecom authority or judicial police regarding suspected fraudulent use of telecom services , telecom businesses shall, if technically feasible, adopt appropriate preventive, restrictive, reporting, or other reasonable measures to prevent users from encountering fraud information.
Telecom businesses and their practitioners are exempted from their confidentiality obligations when implementing fraud prevention measures stated in this Act.
Telecom businesses are exempted from the compensation responsibility when causing damages to customers or third parties due to the implementation of fraud prevention measures stated in this Act or arrangements made in cooperation with the judiciary police department and the target business competent authorities.
Article 15
Applicants for telecom services must present their ID documents.
When- an agent is authorized to apply for telecom services, the agent must present both their ID documents and an authorization certificate other than the ID documents mentioned in the preceding paragraph.
Before entering into telecom service contracts with users, telecom businesses must verify and register the documents provided by the applicant or the agent in accordance with the preceding two paragraphs.
Article 16
Users shall reapply for verification and registration with telecom businesses when transferring telecom services to others according to the preceding article. However, this shall not be limited to users providing telecom services for personal household use or internal activities of corporate customers.
For users who fail to complete the re-verification and registration with telecom businesses according to the preceding paragraph, telecom businesses shall restrict or suspend the provision of relevant telecom services.
Article 17
Upon notification from the competent telecom authority or judicial police regarding users suspected of engaging in fraudulent activities, telecom businesses shall re-verify and register the users' information within a prescribed period.
For users who fail to cooperate with the re-verification and registration by telecom businesses or inconsistency found upon verification, telecom businesses shall restrict or suspend the provision of such telecom services.
Article 18
Upon notification from the competent telecom authority or judicial police regarding users engaging in fraudulent activities, telecom businesses shall restrict or suspend the provision of such telecom services.
For restricted or suspended telecom services according to the preceding paragraph, telecom businesses shall re-verify and register user data regarding other telecom services applied by such users within a prescribed period. For users who fail to cooperate with telecom businesses in the re-verification and registration by telecom businesses or those who do not match with him/herself upon verification, telecom businesses shall restrict or suspend the provision of other telecom services to such users.
After the competent telecom authority or judiciary police department notifies of the elimination of the reasons for the restricted or suspended provision of telecom services mentioned in paragraph 1, telecom businesses may resume the services for users.
Article 19
Telecom businesses shall verify users’ identity with the assistance of the database designated by the competent telecom authority when accepting the application of telecom services. This requirement also applies when the competent telecom authority or judiciary police department notifies of the requirement for re-verification due to the suspected fraud when telecom businesses provide telecom services.
The database mentioned in the preceding paragraph shall be designated by the competent telecom authority following consultations with the competent central authority.
Regulations and operating procedures for the inquiries related to the verification of user identity with the assistance of the database mentioned in paragraph 1 by telecom businesses, the regular inquiry frequency mentioned in paragraph 2 of Article 20 and paragraph 1 of Article 22, and other relevant matters shall be established by the competent telecom authority.
When collecting, processing, and using data in the database specified in paragraph 1, telecom businesses shall comply with the Personal Data Protection Act, shall not exceed the necessary scope for verification purposes, and shall ensure the confidentiality obligations of practitioners.
Article 20
Before providing the entire or partial international roaming services to offshore high-risk telecom businesses, telecom businesses, if technically feasible, shall verify the passport numbers and names of personnel using telecom based on the database specified in paragraph 1 of the preceding Article. No international roaming services may be provided if users are verified as lacking entry data. However, services may be offered if users present identification documents at the telecom counter for verification and registration..
After providing telecom services mentioned in the preceding paragraph, telecom businesses shall regularly check whether such personnel using telecom leave the country or overstay by connecting to the database specified in paragraph 1.
After providing telecom services mentioned in paragraph 1, if telecom businesses discover that personnel using telecom have untrue data, abnormal using behaviors, or leave the country or overstay based on the inquiries in the preceding paragraph, telecom businesses shall restrict or suspend the provision of such telecom services.
The scope of offshore high-risk telecom businesses and the entire or partial international roaming services mentioned in paragraph 1 shall be announced following consultations between the competent telecom authority and the central competent authority.
The competent telecom authority shall regularly examine the scope of offshore high-risk telecom businesses and the entire or partial international roaming services as announced in the preceding paragraph and make timely adjustments.
Article 21
When entering into international roaming service agreements with offshore telecom businesses, telecom businesses shall comply with the principles of equality and mutual benefits and relevant requirements of laws and regulations in Taiwan.
After the competent telecom authority or judiciary police department notifies of the suspected violation of laws and regulations in Taiwan of particular telecom services provided by particular offshore telecom businesses, telecom businesses may not provide international roaming services of particular numbers or number sections for the particular user numbers of particular telecom services or the International Mobile Subscriber Identity (IMSI).
Article 22
During the period providing prepaid card services to non-Taiwanese users, telecom businesses shall check whether such users leave the country or overstay by connecting to the database specified in paragraph 1 of Article 19.
If it is discover that users have left the country or overstayed based on the inquiries in accordance with the preceding paragraph, telecom businesses shall restrict or suspend their prepaid card services.
If non-Taiwanese users mentioned in the preceding paragraph re-enter during the valid period of prepaid card services, after applying for the verification and registration of users’ identity with telecom businesses, telecom businesses may continue to provide the initial telecom services.
Article 23
Users whose telecom services have been restricted or suspended by telecom businesses according to paragraph 2 of Article 17 or paragraph 1 of Article 18, when re-applying with telecom services with the same telecom businesses, shall be limited to applying for only one user number or one telecom service with the same enterprise within three years from the date of the restriction or suspension notification. However, if users have other user numbers or telecom services provided by such telecom businesses, telecom businesses may not accept their applications within three years from the date of the restriction or suspension notification.
For corporations, non-corporation groups, and trade names notified of the restriction or suspension of telecom services by judiciary police department that used to use or provide telecom services for fraud, if their representatives apply for telecom services with the same telecom businesses in the name of different corporations, non-corporation groups, or trade names, such telecom businesses shall impose the restrictions of applying for up to one user number or one telecom service within three years from the date of the restriction or suspension notification. However, if the corporations, non-corporation groups, or trade names have other user numbers or telecom services provided by such telecom businesses, telecom businesses may not accept their applications within three years from the date of the restriction or suspension notification.
After being notified by the judiciary police department of users with records of restricted or suspended provision of telecom services by other telecom businesses for certain times, telecom businesses shall list them as high-risk users and impose the restrictions of applying for up to one user number or one telecom service within three years from the date of notification. However, if such users have other user numbers or telecom services provided by such telecom businesses, telecom businesses may not accept their applications within three years from the date of notification .
The certain times in the preceding paragraph shall be announced by the competent telecom authority after consultation with the central competent authority.
Article 24
If any of the circumstances occur to telecom businesses, the competent telecom authority may impose a fine of more than NT$0.2 million but less than NT$5 million and order them to make corrections within a prescribed period; those who fail to make corrections within the prescribed period, penalties shall be imposed per violation:
1. Failure to verify users’ identity with the assistance of the designated database in violation of paragraph 1 of Article 19.
2. Violation the requirements related to database inquiry operating procedures in the regulations stated in paragraph 3 of Article 19.
3. Failure to verify whether the personnel using telecom have any entrance data by using the database specified in paragraph 1 of Article 19 before providing international roaming services or provide international roaming services after verifying that personnel using telecom have no entrance data in violation of the requirements stated in paragraph 1 of Article 20.
4. Failure to regularly check whether personnel using telecom leave the country or overstay in violation of paragraph 2 of Article 20 or fail to restrict or suspend the provision of international roaming services to personnel using telecom in violation of paragraph 3 of the same article.
5. Failure to regularly check whether non-Taiwanese users leave the country or overstay or over-reside in violation of paragraph 1 of Article 22 or fail to restrict or suspend the provision of prepaid card services to non-Taiwanese users who left the country or overstayed in violation of paragraph 2 of the same article.
If any of the circumstances in the subparagraphs of the preceding paragraph that occur to telecom businesses are severe, the competent telecom authority may impose a fine of more than NT$1 million but less than NT$20 million and order them to make correction within a prescribed period; those who fail to make correction within the prescribed period, penalties shall be imposed per violation. When necessary, the approved distribution of user number volume within a certain period may be restricted.
Article 25
If any of the following circumstances occur to telecom businesses, the competent telecom authority may impose a fine of more than NT$0.1 million but less than NT$2 million and order them to make corrections within a prescribed period; those who fail to make corrections within the prescribed period, penalties shall be imposed per violation:
1. Failure to verify the consistency between documents and applicants or agents mentioned in paragraphs 1 or 2 of Article 15 in violation of paragraph 3 of the same article.
2. Intentional Failure to restrict or suspend the provision of relevant telecom services to users in violation of paragraph 2 of Article 16.
3.Failure to re-verify or register-user data within the prescribed period in violation of paragraph 1 of Article 17.
4. Failure to restrict or suspend the provision of such telecom services to users in violation of paragraph 2 of Article 17.
5. Failure to restrict or suspend the provision of such telecom services to users in violation of paragraph 1 of Article 18.
6. Failure to re-verify or register user data within the prescribed period in violation of the former part of paragraph 2 of Article 18.
7. Failure to restrict or suspend the provision of other telecom services to users in violation of the latter part of paragraph 2 of Article 18.
8. Providing users, such different corporations, non-corporation groups, trade names, or high-risk users with over one user number or one telecom service within three years from the date of the restriction or suspension notification in violation of the requirements stated in paragraphs 1, 2, or 3 of Article 23.
9. Providing users, such different corporations, non-corporation groups, trade names, or high-risk users with other user numbers or telecom services within three years from the date of the restriction or suspension notification in violation of the requirements under the qualifying clauses stated in paragraphs 1, 2, or 3 of Article 23.
If any of the circumstances in the subparagraphs of the preceding paragraph that occur to telecom businesses are severe, the competent telecom authority may impose a fine of more than NT$0.5 million but less than NT$10 million and order them to make corrections within a prescribed period; those who fail to make correction within the prescribed period, penalties shall be imposed per violation. When necessary, the approved distribution of user number volume within a certain period may be restricted.
Article 26
For those who disagree with the administrative penalties made by the competent telecom authority based on this Act, the administrative litigation procedures are directly applicable.
Section 3 Digital economy fraud prevention measures
Article 27
Requirements of this Act apply to online advertisement companies that use the Internet to provide online advertisement services within the Republic of China (R.O.C.) and have a certain scale.
The calculation standards for a certain scale in the preceding paragraph shall be established by the competent authority for industries related to the digital economy.
The competent authority for industries related to the digital economy shall announce the list of companies that comply with a certain scale based on the calculation standards stated in the preceding paragraph and regularly examine it and make timely adjustments.
Article 28
Online advertisement platform operators shall publicly disclose the following information through appropriate methods:
1. Name or title of the company, representative, and legal representative mentioned in paragraph 1 of Article 29.
2. Address, telephone, e-mail, and other fast and direct communication and contact methods of the office or business venue.
3.Other information that shall be publicly disclosed by law.
Article 29
If online advertisement platform operators and their representatives do not have a business venue or residence in the R.O.C. and have not established branches, the online advertisement platform operators shall designate a Taiwanese national, legally registered corporation, or a non-corporation group with a representative or manager in the R.O.C. as their legal representative in writing and report the name, title, domicile, office or business venue, telephone, and e-mail of the legal representative to the competent authority for industries related to the digital economy.
If licenses are required for business activities, operations, or investment of online advertisement platform operators in the preceding paragraph according to other laws, such licenses shall be obtained before reporting the legal representative.
Online advertisement platform operators shall grant necessary permission and resources to the legal representative mentioned in paragraph 1 to implement the following matters:
1. Act as the recipient designated by the online advertisement platform company.
2. Inform and assist the online advertisement platform company in complying with legal requirements for fraud prevention measures.
3.Other compliance tasks related to this Act and its relevant laws and regulations, as commissioned by the online advertisement platform company.
If any of the following circumstances occur to online advertisement platform operators, the competent authority for industries related to the digital economy may announce their names through appropriate methods:
1. Failure to designate and report the legal representative according to paragraph 1.
2. The legal representative neglects their duty to inform and assist as specified in subparagraph 2 of the preceding paragraph.
For online advertisement platform operators that fail to designate and report the legal representative according to paragraph 1, the competent authority for industries related to the digital economy shall notify them to rectify the situation within a prescribed period.
Article 30
Advertisements published or broadcast on online advertisement platforms may not include content involving fraud.
Online advertisement platform operators shall establish the following management measures:
1. For online advertising services, the identity of persons commissioning the publishing and broadcasting and the capital contributor shall be verified through digital signature, rapid authentication system, or other technologies or methods with equivalent safety.
2. Carry out analysis and assessment for the risk of online advertising services being used for fraud crimes to establish a legal, necessary, and effective fraud prevention plan for fraud prevention, detection, identification, and response and publish a fraud prevention transparency report annually.
The fraud prevention plan outlined in subparagraph 2 of the preceding paragraph should establish a risk management system for fraud prevention based on the patterns of suspected advertisements published by the competent authority for industries related to the digital economy, the target business competent authorities, or industry associations and adopt necessary reinforced management measures for high-risk business relationships.
The applicable technologies or methods in subparagraph 1 of paragraph 2 and the format and content of the fraud prevention plan and the transparency report in subparagraph 2 shall be announced by the competent authority for industries related to the digital economy.
Article 31
When publishing or broadcast ing advertisements on the platforms, online advertisement platform operators shall disclose the following information in the advertisements:
1. A label indicating it as an advertisement.
2. Information related to personnel commissioning the publishing and broadcasting and investors.
3.The license number of the advertisement that are legally required to have one.
4. Whether the advertisement uses deep fake technologies or AI-generated individual images.
If the online advertisement platform company has verified the identity of personnel commissioning the publishing and broadcasting and the investors according to subparagraph 1, paragraph 2 of the preceding article and if neither are categorized as high-risk business relationships stated in paragraph 3 of the preceding article, the information to be disclosed for the advertisement in the preceding paragraph may be simplified.
The personnel commissioning the publishing and broadcasting specified in subparagraph 2 of paragraph 1 refer to corporations, non-corporation groups, or individuals who engage in or commission others for the design, production, and publication of advertisements to promote products or provide services.
The deep fake technologies specified in subparagraph 4 of paragraph 1 referred to the technical exhibiting forms through computerized or other technological means, leading others to be misled into believing it is genuine..
The regulations for information disclosure standards, simplification methods, operating procedures, and other relevant matters stated in paragraphs 1 and 2 shall be established by the competent authority for industries related to the digital economy.
Article 32
Online advertisement platform operators who are aware that the advertisements they publish or broadcast are fraudulent or significantly involve fraud shall act according to the following provisions:
1. Actively remove, restrict browsing, stop broadcasting such advertisements or adopt other necessary actions within the period notified by the judiciary police department, the competent authority for industries related to the digital economy, or the target business competent authorities and provide the information of the personnel commissioning the publishing and broadcasting, the investors, the network communication software accounts and telecom number in the advertisements that are suspected of involving fraud, and other relevant information to the judiciary police department.
2. For users who publish and broadcast fraudulent advertisements or those significantly involving fraud or users notified by the judiciary police department as accounts significantly involving fraud, the platform operator shall suspend the service provision for a reasonable period.
Online advertisement platform operators who violate the requirements in the preceding paragraph shall bear joint responsibility for damage compensation together with personnel commissioning the publishing and broadcasting of the advertisements and the investors for any harm caused to individuals who were misled by the content of the advertisements.
Online advertisement platform operators shall adhere to the principles of objectiveness, dedication, and timeliness when determining suspensions of services according to subparagraph 2 of paragraph 1.
The notification period stated in subparagraph 1 of paragraph 1 shall be announced by the competent authority for industries related to the digital economy.
Article 33
When target business competent authorities or judiciary police department notify online advertisement platform operators that the content published or broadcast on their platforms is suspected of being related to fraud, the operators shall take the initiative to restrict access and browsing or remove the relevant content.
Article 34
Third-party payment service providers shall exercise the obligations of care as a good administrator. For customers suspected of involving in fraud crimes, the providers shall enhance identity verification processes and may implement measures such as ongoing identity reviews, postponed appropriation, refusal to establish business relationships, or providing services.
When third-party payment service providers implement the operations in the latter part of the preceding paragraph, they may use the joint defense system to notify industry peers.
The standards for identifying customers suspected of involvement in fraud, notification procedures, and items, operational processes, and other matters shall be established by the competent authority for industries related to the digital economy.
Article 35
When third-party payment service providers act according to the latter part of paragraph 1 of the preceding article, they shall keep the data obtained from identity verification procedures and transaction records and may report to the judiciary police department. After the judiciary police department receives the report, it shall notify the third-party payment service providers within a reasonable timeframe to carry out the subsequent control or cancel the control over the postponed appropriation mentioned in the latter part of paragraph 1 of the preceding article.
The data and transaction records in the preceding paragraph shall be kept for at least five years from the termination of business relationships. However, if other laws stipulate longer retention periods, those regulations shall prevail.
The competent authority for industries related to the digital economy shall coordinate the central competent authorities and competent legal affairs authority to establish the regulations regarding the scope of the preserved data and transaction records specified in paragraph 1, the methods for reporting to the judiciary police department, the subsequent control and control cancelation of postponed appropriation.
Article 36
E-commerce companies and online gaming companies shall exercise the obligation of care as a good administrator to prevent their services from being used in fraud crimes and may adopt information used to promote fraud prevention to users and other reasonable measures.
When e-commerce companies and online gaming companies implement the reasonable measures in the preceding paragraph, they may use the joint defense system to notify peers to adopt reasonable measures such as informing users about fraud prevention.
When the judiciary police department or the target business competent authorities notify e-commerce companies and online gaming companies of the suspected involvement of fraud crime of their services, they shall cooperate with the judiciary police department or the target business competent authorities and suspend the service provision for user accounts that involve in fraud crimes for a reasonable period.
Article 37
Online advertisement platform operators, e-commerce companies, and online gaming companies shall adopt feasible technologies to keep the digital evidence, documents, images, articles, user registration data and identity verification procedures, connection records, transaction records, or other relevant data that are sufficient for building users and individual transactions for a reasonable period. However, if other laws stipulate longer preservation periods, those provisions shall prevail.
Courts, prosecutor's offices, or the judiciary police department may request online advertisement platform operators, e-commerce companies, and online gaming companies to provide access to relevant data in the preceding paragraph. Such companies shall provide the data within three days from the day receiving the access notice and keep such data for six months to facilitate investigations by the judiciary police department. If litigation occurs, the data preservation period shall be extended to three months after the the final judgment.
Article 38
Online advertisement platform operators, third-party payment service providers, telecom companies, and online gaming companies are exempted from their confidentiality obligations when implementing fraud prevention measures stated in this Act. The same shall apply to the responsible persons, directors, managers, and employees of the institutions or businesses.
Online advertisement platform operators, third-party payment service providers, telecom companies, and online gaming companies are exempted from the compensation responsibility when causing damages to customers or third parties due to the implementation of fraud prevention measures stated in this Act or arrangements made in cooperation with the judiciary police department and the target business competent authorities.
Article 39
If any of the following circumstances occur to online advertisement platform operators, the competent authority for industries related to the digital economy may impose a fine of more than NT$0.5 million but less than NT$10 million and order them to make corrections within a prescribed period; those who fail to make corrections within the prescribed period, penalties shall be imposed per violation:
1. Failure to designate and report the legal representative in violation of paragraph 1 of Article 29 and failure to rectify after being notified of supplementation within a prescribed period according to paragraph 5 of the same article.
2. The legal representative neglecting their informing or assisting obligations in violation of subparagraph 2, paragraph 3 of Article 29.
3.Failure to remove, restrict browsing, stop broadcasting such advertisements, or take other necessary actions within the timeframe as notified by the judiciary police department, the competent authority for industries related to the digital economy, or the target business competent authorities in violation of subparagraph 1, paragraph 1 of Article 32.
4. Failure to suspend the service provision within a reasonable timeframe as notified by the judiciary police department in violation of subparagraph 2, paragraph 1 of Article 32.
For serious violations as described in subparagraph 1 of the preceding paragraph, the competent authority for industries related to the digital economy may impose a fine of more than NT$2.5 million but less than NT$100 million and order them to make corrections within a prescribed period; those who fail to make correction within the prescribed period, penalties shall be imposed per violation. The competent authority for industries related to the digital economy may also convene expert advisory meetings to order Internet access service providers to suspend analysis or restrict access.
For serious violations in subparagraphs 2 to 4 of paragraph 1, the competent authority for industries related to the digital economy may impose a fine of more than NT$2.5 million but less than NT$100 million and order them to make corrections within a prescribed period; those who fail to make corrections within the prescribed period, penalties shall be imposed per violation. The competent authority for industries related to the digital economy may also convene expert advisory meetings to order Internet access service providers or fast access service providers to adopt appropriate traffic management measures. Continued non-compliance may lead to suspension of resolution or other necessary actions.
Regulations for the recognition standards of severe in the two preceding paragraphs, the adoption of appropriate flow management measures, the determination standards for analysis suspension and access restriction, the composition of expert review meetings, missions, and other compliance matters shall be established by the competent authority for industries related to the digital economy.
Internet access service providers or fast access service providers are exempted from the compensation responsibility for damages to users or third parties when adopting traffic management measures, analysis suspension, or access restriction according to paragraphs 2 and 3.
Article 40
If any of the following circumstances occur, the competent authority for industries related to the digital economy may impose a fine of more than NT$0.2 million but less than NT$5 million and order them to make corrections within a prescribed period; those who fail to make corrections within the prescribed period, penalties shall be imposed per violation:
1. Failure to disclose information or disclosing insufficient information in violation of Article 28.
2. Failure to verify the identity of personnel commissioning the publishing and broadcasting or investors in violation of subparagraph 1, paragraph 2 of Article 30.
3.Failure to establish a prevention plan or failure to publish a fraud prevention transparency report in violation of subparagraph 2, paragraph 2 of Article 30.
4. Failure to disclose information during the publication or promotion of advertisements in violation of paragraph 1 of Article 31.
5. Failure to provide the information of personnel commissioning the publishing and broadcasting of such advertisements and investors, the network communication software accounts and telecom number in the advertisements that are suspected of involving fraud, and other relevant information to the judiciary police department in violation of subparagraph 1, paragraph 1 of Article 32
6. Failure to adopt appropriate traffic management measures, analysis suspension, or access restrictions, in violation of the order imposed by the competent authority for industries related to the digital economy according to paragraph 2 or paragraph 3 in the preceding article.
If any of the circumstances in subparagraphs in the preceding paragraph that occur are deemed serious, the competent authority for industries related to the digital economy may impose a fine of more than NT$1 million but less than NT$25 million and order them to make corrections within a prescribed period; those who fail to make corrections within the prescribed period, penalties shall be imposed per violation.
Article 41
If any of the following circumstances occur, the competent authority for industries related to the digital economy may impose a fine of more than NT$0.1 million but less than NT$2 million and order them to make corrections within a prescribed period; those who fail to make corrections within the prescribed period, penalties shall be imposed per violation:
1. Failure to preserve data or transaction records in violation of paragraph 1 of Article 35.
2. Failure to preserve data or transaction records for the required period in violation of paragraph 2 of Article 35.
3.Failure to suspend the service provision for user accounts involved in fraud crimes during the reasonable period in violation of paragraph 3 of Article 36.
4. Failure to comply with the access requests for data in violation of paragraph 2 of Article 37.
If any of the circumstances in subparagraphs in the preceding paragraph are deemed serious, the competent authority for industries related to the digital economy may impose a fine of more than NT$0.5 million but less than NT$10 million and order them to make corrections within a prescribed period; those who fail to make corrections within the prescribed period, penalties shall be imposed by times.
Article 42
To deal with fraud crime prevention emergencies and promptly prevent citizens from contacting fraudulent websites, the target business competent authorities and judiciary police department may order Internet access service providers to suspend analysis or restrict access when they consider it necessary.