网络服务提供者是网络传播的枢纽，是网络空间的守护者，也是信息交流、传递和人际交往的重要媒介。本文研究的是网络服务提供者的刑事责任。根据不法行为实施主体的不同，网络服务提供者刑事责任可以分为两种情形，一类是网络服务提供者因自己实施的不法行为需要承担的刑事责任，此刑事责任符合刑法基本原理且理论实践并无争议，故本文不再赘述；另一类是网络服务提供者因第三方滥用其网络服务从事不法行为时所应承担的刑事责任，这是本文研究的核心问题。

界定网络服务提供者的内涵及外延是认定网络服务提供者刑事责任的前提。本文研究的正犯责任、共犯责任均采中义，即仅指网络中介服务提供者；不作为责任则采广义，即包括网络中介服务提供者和网络内容提供者在内的所有网络服务提供者。日益严重的网络犯罪态势和网络黑产的全链条化构成了网络服务提供者承担刑事责任的事实依据；《刑法修正案（九）》新增的新型网络犯罪罪名与相关司法解释构成了网络服务提供者承担刑事责任的规范依据；将“看门人”理论引入作为网络服务提供者为第三方不法内容承担刑事责任的法理依据。上述三方面构成了认定网络服务提供者刑事责任正当性的基础。网络治理模式决定着网络服务提供者在社会治理体系中的定位，也影响着网络治理的策略和效果。在网络治理实践中，我国逐渐形成了先发展后治理、从加强管理到强化管制、从以民事和行政责任为主扩展到向刑事责任倾斜的治理体系。具体到网络服务提供者刑法规制，基于利益平衡及比例原则，需要重点处理好维护网络安全与保护言论自由之间的关系，引导互联网良性发展与鼓励互联网技术创新之间的关系，刑法介入的早期化、前置化与刑法谦抑之间关系。网络服务提供者承担的刑事责任仍然是过错责任，所谓的“间接责任”不过是“共犯责任”的同义语。根据网络服务提供者在网络空间中承担的不同角色，网络服务提供行为可分为两类：一类是提供网络服务；另一类是履行监管职能。与之相对应，网络服务提供者的刑事责任也可分为两类：一类是在提供网络服务过程中应当对第三方不法内容承担的正犯责任和共犯责任；另一类是在应履行网络安全管理职责而没有履行的情况下承担的不作为责任。

网络服务提供者对于提供网络服务承担的刑事责任区分正犯责任和共犯责任。本文从备受争议的深层链接服务提供者的刑事责任入手，论证了从著作权法角度证明深层链接属于实行行为或者帮助行为的路径是不恰当的，实务中对于深层链接应采用“服务器标准”还是“用户感知标准”并没有定论，核心还在于认定深层链接是属于提供服务还是提供内容，因此内容与服务的二分法对于认定网络服务提供者刑事责任意义重大。对网络服务提供行为还应当区分作为与不作为，网络服务提供者具有保证人地位时方可承担不作为责任。网络服务提供行为一般是具有社会相当性的正当行为，因而既不属于作为也不属于不作为。只有当网络服务提供者在正常的网络技术提供行为之外额外地实施了其他行为，才有可能评价为积极的作为。目前网络服务提供者对第三方不法内容承担的正犯责任主要是“传播型”犯罪，对于“传播”行为做实质解释以涵摄网络技术提供行为，迎合了现实需要，一定程度上具有实践理性，不过此种扩张解释应当保持必要的限度，以防止“传播型”犯罪成为打击网络服务提供者的“口袋罪”。

网络服务提供者对第三方不法内容承担的刑事责任主要是共犯责任。由于网络服务提供者在维系互联网空间的正常运行中，已逐渐脱离被动性、中立性、消极性的“管道地位”，因此适用中立帮助行为理论作为限制网络服务提供者刑事责任的理论依据时应当格外慎重。共犯正犯化理论无法为帮助信息网络犯罪活动罪的司法适用难题发挥理论支撑作用，故不适宜作为该罪的论理基础。主张此罪名是独立犯罪的观点，在论证时仍无法摆脱共犯正犯化的影子。各国在处理网络服务提供者刑事责任时面临的基础问题是一致的，故可借鉴美国刑法“犯罪促进罪”等的合理内核，在维持共同犯罪理论的基础上认可本罪是共犯责任的有益补充，才能为准确适用本罪奠定基础。“明知”作为成立要件说明帮助信息网络犯罪活动罪已经排除了中立帮助行为适用的可能。“明知”是一种认识要素，可以借鉴民事侵权法中“明知”的认定规则和推定规则，以解决“明知”认定难的困境。

网络服务提供者的不作为责任是在两种意义上使用的。网络服务提供者对于第三方不法内容应当删除而没有删除时承担的不纯正不作为责任，以及网络服务提供者不履行信息网络安全管理义务基础上承担的纯正不作为责任。拒不履行信息网络安全管理义务罪在司法实务中适用率很低，一方面与刑事立法试图通过设置双层义务来限缩网络服务提供者刑事责任有密切关系，另一方面也体现了网络执法主体多元化以及行刑衔接机制不顺畅。从刑罚目的来看，应当积极发挥刑事合规的价值，充分体现刑罚威慑的功能。认为我国刑法规定了一般性内容审查义务从而加重了网络服务提供者刑事风险的观点与刑罚目的和司法实践相左，无法发挥本罪名对网络服务提供者刑事责任的规范指引作用。适用本罪名时，应特别注意“信息违法性”的认定，这将影响到本罪的适用范围。对本罪的研究还应当将重心放在明晰和细化信息网络安全管理义务内容上。

网络服务提供者毕竟是推动互联网技术进步和发展的主力，从当下数字经济在国民经济中占有举足轻重的地位来看，不宜对网络服务提供者施加过重的刑事责任。世界主要国家均采用了通过特别立法以明确网络服务提供者责任限制的立法例。责任避风港作为网络服务提供者最有力的免责事由，为网络服务提供者法律责任创设了一个较为宽松的制度环境，而为我国侵权责任法所采纳。在坚持“出罪注重合理性”的理念指引下，积极发掘责任避风港的合理内涵，并将其作为网络服务提供者出罪事由引入刑事法领域，有助于维护法秩序统一原理。网络空间以技术为本，尊重网络服务提供者的技术发展水平和所能承担的经济成本，积极探索以技术可能性为核心内容的期待可能性在网络犯罪中的出罪功能，以实现刑法公正。

Internet service providers (ISPs) are the center of network communication, the guardian of  cyberspace, and the important medium of information exchange and transmission and interpersonal communication. This paper studies the criminal liability of ISPs. Under the doctrine of assumption of culpability, ISPs are not criminally liable for wrongdoing committed by third parties.However, under special circumstances, ISPs should bear criminal responsibility for the third party's illegal information when they meet certain conditions.

Defining the connotation and denotation of ISPs is the premise of determining the criminal responsibility of them. In this paper, perpetrator liability and accomplice liability are both defined in the middle meaning, that is, they only refer to internet intermediaries.Omission liability is generalized to include all ISPs, including internet intermediaries and internet content providers.The increasingly serious cybercrime and the full chain of network black production constitute the fact basis for ISPs to bear criminal liability. The new cybercrime charges and relevant judicial interpretations added to the Criminal Law Amendment(IX) constitute the normative basis for ISPs to bear criminal liability. The gatekeeper theory explains the legal basis to the criminal liability of ISPs from the perspective of function.The above three aspects constitute the basis of justifying the criminal liability of ISPs.The pattern of internet regulation determines the positioning of ISPs in the social governance system and also influences the strategies and effects of internet regulation. China has gradually formed a system from developing to regulates, from strengthening management to strengthening control and from civil and administrative liability to mainly criminal liability.Specific to the ISPs of the criminal regulation, based on the interests balance and proportion principle, it is important to deal with maintenance of internet security and protection of free speech and privacy protection, the relationship between the development of the Internet and network technology innovations, and the relationship between early intervention of the criminal law and austerity of criminal law.The criminal liability of ISPs is still the fault liability, and the so-called "indirect liability" is the synonym of "accomplice liability".The crime of refusing to fulfill the information and network security management obligation is the direct responsibility.According to the different identities of ISPs in cyberspace, internet service behavior can be divided into two categories: one is to provide internet service;the other is to perform internet supervision duties.Correspondingly, the criminal liability of ISPs can also be divided into two categories: one is the perpetrator liability and the accomplice liability for the illegal contents of the third party in the process of providing internet service;the other kind is the omission liability in the case of failure to fulfill the responsibility of internet supervision.

Criminal liability of ISPs distinguish between perpetrator liability and accomplice liability for providing internet services.This article from the controversial criminal liability of deeplink.It is inappropriate to prove that the deeplink belongs to the path of crime or help behavior from the perspective of copyright law.It is concluded that the deeplink belongs to provide service or content, so the dichotomy between content and service for criminal liability of ISPs is of great significance. In addition, the act of providing network services should be distinguished from the act of omission.The behavior of providing network services is generally a social equivalent of the legitimate behavior, so it does not belong to act or omission.It is only when the ISPs have additional behaviors, including services or technologies, to the normal internet service behavior that it is likely to evaluate as act. Criminal liability of ISPs to the illegal information of a third party is mainly "spreading" crime.Amplified interpretation should maintain the limits of necessity in order to prevent the "spread" crime from being a pocket crime.

The criminal liabiliity of ISPs to the illegal information of the third party is mainly accomplice liability. Due to the fact that ISPs have gradually got rid of the passive, neutral and negative "conduit liability" in maintaining the normal operation of cyberspace, it should be cautious to use neutral behavior theory to limit the wide range of liability of ISPs.The theory of treating accomplice as perpetration cannot play a theoretical role in the judicial application of crime of cybercrime, so it is not suitable as the theoretical basis of this crime.The viewpoint that this crime is an independent crime still cannot get rid of the shadow of treating accomplice as perpetration in the argumentation.The basic problems faced by all countries in dealing with the criminal liability of ISPs are consistent. Therefore, the reasonable meaning of "facilitation" in American criminal law can be used for reference, and only by maintaining the theory of joint crime can the crime be recognized as a beneficial supplement to accomplice liability .Offence of assisting a cybercrime has been excluded from the possibility of the application of neutral helping behavior.Knowledge is an element of cognition, which can be used for reference to the cognizance and presumption rules of knowledge in tort law to solve the difficulty of cognizance.

Omission liability of ISPs is used in two senses.On the one hand, omission liability refers to liability by ISPs when the illegal content of a third party should be deleted but not deleted.On the other hand, omission liability is a pure omission committed on the basis of the failure of ISPs to perform the obligations of information network security management. Refusing to perform the obligation of information network security management crime in the judicial practice is very rare. The criminal legislation set up double duties to narrow the criminal liability of ISPs. From the perspective of the purpose of punishment, this crime should actively play the role of criminal compliance.Therefore, it is believed that the criminal law of China stipulates the obligation of general content review and thus aggravates the criminal burden of ISPs.When applying this charge, special attention should be paid to the determination of "information illegality", which will affect the application scope of this charge.The research on this crime should be based on clarifying and detailing the content of information network security management obligations.

After all, ISPs are the main force to promote the progress and development of network technology. Considering that digital economy plays an important role in the national economy, it is inappropriate to impose excessive criminal liability on ISPs. Major countries around the world have adopted special legislation to clarify the limitation of ISPs' liability.As the most powerful excuse of exemption for ISPs, safe harbor creates a relatively loose institutional environment for ISPs, which is adopted by the tort law of China.On the thought of "paying attention to a cause of justification", this paper studies on the application of safe harbor in criminal law as the cause of justification on the criminal liability of ISPs.In order to realize the justice of criminal law, the cyberspace should take technology as the foundation, respect the technology development level , and bear the technology cost of the ISPs. Technology possibility as a form of anticipated possibility is introduced into criminal liablity of ISPs.