China's Internet Rulebook Gets Its Biggest Rewrite in 25 Years
A draft revision of the Administrative Measures for Internet Information Services marks China's shift from regulating websites to governing platforms and AI.
On July 3, 2026, the Cyberspace Administration of China (CAC) released a new draft of the Measures for the Administration of Internet Information Services for public consultation.
If you scroll to the bottom of almost any Chinese website, you will find a small line of text that reads something like: “Beijing ICP Filing No. XXXXX.”(京ICP备XXXXX号)
That filing number traces its origins to a 25-year-old administrative regulation: the Measures for the Administration of Internet Information Services.
On September 25, 2000, then-Premier Zhu Rongji signed State Council Order No. 292, promulgating the Measures alongside China’s Telecommunications Regulations. At the time, China had only around 20 million internet users. The commercial internet was still in its infancy, and NetEase, Sohu, and Sina had only just listed on U.S. stock exchanges.
The regulation consisted of just 27 articles, but it established the basic regulatory architecture that would govern China’s internet for the next two decades. Commercial internet information services were subject to licensing, while non-commercial websites only needed to complete an ICP filing. A limited number of sectors—including news, publishing, education, healthcare, and pharmaceuticals—required prior administrative approval before they could operate online.
That framework has remained remarkably durable. Twenty-five years later, however, the regulation is undergoing what amounts to a complete rewrite, judging by the 3 July draft.
The new draft has expanded from 27 articles in 2000 to 94 articles, almost doubling in size compared with the 54-article draft published for consultation in 2021.
The graphic below provides a quick overview of the key revisions.
In fact, the CAC had already attempted a major overhaul in 2021, working jointly with the Ministry of Industry and Information Technology (MIIT) and the Ministry of Public Security. That draft introduced a wide range of new concepts—including real-name registration, platform responsibilities, log retention requirements, and enhanced content governance—but it was never formally adopted.
The latest revision reflects just how dramatically China’s internet landscape has changed over the past five years. Generative AI, recommendation algorithms, livestreaming, short-video platforms, and the platform economy have all expanded at a pace that the existing regulatory framework can no longer adequately address.
If the 2000 regulation was primarily about regulating Internet Service Providers (ICPs), the 2026 draft is fundamentally about regulating digital platforms and artificial intelligence.
One of the most visible changes concerns the allocation of regulatory authority.
When the regulation was first issued, the lead regulator was the then-Ministry of Information Industry—the predecessor of today’s MIIT—which oversaw market entry for internet services, while the Ministry of Public Security and state security authorities handled security-related matters.
The new draft reverses that hierarchy. The Cyberspace Administration of China is now explicitly identified as the primary authority, responsible for coordinating national cybersecurity policy and supervising online content nationwide. MIIT retains responsibility mainly for industrial matters such as market access, telecommunications resources, and market order. In other words, the institutional arrangement that has gradually emerged over the past decade—“the CAC leads, MIIT manages industry”—is now formally embedded in administrative law.
The traditional ICP licensing system is also being significantly restructured.
For more than twenty years, China’s internet has operated under a dual-track system: commercial services required an ICP license, while non-commercial services only needed an ICP filing. Whether a website charged users largely determined which regime applied.
The new draft largely removes this distinction by introducing a unified approval framework. It also provides that ICP approvals should be revoked if services fail to commence operations within two years or no longer satisfy the statutory requirements. Meanwhile, the list of sectors requiring prior approval has expanded well beyond the original nine categories, now covering areas such as audiovisual services, religion, and financial services.
The draft also significantly tightens the rules governing foreign-invested and cross-border internet services. Articles 91, 92, and 38 point in the same direction. Whether a service is foreign-funded, operated from overseas, or capable of shaping public opinion inside China, regulators are making it clear that substance matters more than corporate form.
Article 91 does not create a new foreign investment regime. Instead, it reaffirms that internet services remain subject to China’s foreign investment restrictions, including the Negative List. For companies using Variable Interest Entity (VIE) structures, this could be significant. For years, many internet companies have relied on contractual arrangements rather than direct foreign ownership to comply with investment rules. The new draft suggests regulators may increasingly look beyond legal structures to examine who actually controls the business, who receives the economic benefits, and what the platform actually does. That is especially relevant for businesses such as search, content distribution, online communities, recommendation algorithms, and generative AI, where the regulatory sensitivity is much higher.
Article 92 addresses another longstanding question: what happens if the company is overseas but the service is clearly aimed at users in China? The answer is increasingly straightforward. Being incorporated abroad or hosting servers overseas will no longer, by itself, shield a platform from Chinese regulation. If a service targets Chinese users or has a substantial impact inside China, it may still fall within China’s internet governance framework. For foreign social media platforms, search engines, and AI services, the issue is no longer just market access—it is whether they can comply with China’s rules on content moderation, algorithms, data governance, and platform responsibility.
Article 38 pushes the logic even further. It focuses on who ultimately controls services with significant public communication capabilities. If a platform can distribute news, aggregate information, or shape public opinion at scale, regulators are unlikely to treat it as just another commercial platform. For VIE companies, separating news-related businesses on paper may no longer be enough. For foreign platforms, businesses involving news or public discourse are likely to face much closer scrutiny over ownership and control.
Taken together, these provisions do more than tighten foreign investment rules. They redefine how China regulates cross-border internet services. Who provides the service, where it operates, and what it actually does all matter. For VIE companies, the regulatory flexibility created by complex ownership structures is likely to shrink. For foreign social media platforms, search engines, and AI providers, the biggest challenge may not be technology, but fitting into China’s increasingly unified internet governance framework. The draft is not targeting one particular business model—it is narrowing the regulatory grey zone that many companies have relied on for years.
In the new draft, there are also two entirely new chapters.
The first introduces a dedicated regulatory framework for platform information services.
For the first time, an administrative regulation defines what constitutes a “large internet platform.” The threshold is set at either more than 50 million registered users or more than 10 million monthly active users. By that definition, virtually every major Chinese internet platform—including WeChat, Douyin, Weibo, Bilibili, Kuaishou, Xiaohongshu, Pinduoduo, JD.com, Meituan, Didi, and Doubao—falls within its scope.
These platforms would face a series of additional obligations, including establishing comprehensive compliance systems, dedicated compliance departments, independent external oversight bodies, 24-hour complaint-handling mechanisms, annual social responsibility reports, reporting major operational changes, and complying with algorithm-related competition rules. Platform governance, previously governed largely through ministerial rules, is now being elevated to the level of an administrative regulation.
The second new chapter focuses on intelligent information services, marking the first time that generative AI has been comprehensively regulated through an administrative regulation rather than lower-level rules.
The draft introduces requirements covering training data provenance, mandatory labeling of AI-generated content, prohibitions on tampering with those labels, algorithm registration, and the option for users to disable personalized recommendation systems. It also marks the first appearance of the term “AI agents” in an administrative regulation.
Another notable provision addresses algorithmic management of gig workers. The draft requires algorithms affecting delivery riders, ride-hailing drivers, and other platform workers to be transparent, fair, and reasonable. Significant changes to algorithms governing recruitment, dispatching, or performance evaluation should involve consultation with affected workers.
Enforcement is also becoming substantially tougher. Historically, internet-related violations primarily resulted in penalties against companies.
Notably, the new draft introduces a dual-liability regime, under which both companies and responsible individuals may be sanctioned. Individuals directly responsible for violations face fines of up to RMB 1 million and, in serious cases, may be barred from serving as directors, supervisors, senior executives, or information security officers of internet companies. Corporate fines also increase significantly, with the maximum penalty rising from RMB 1 million to RMB 10 million.
This approach closely resembles developments in China’s financial and securities regulation, where accountability has increasingly shifted from institutions alone to the executives responsible for their conduct.
Taken together, the draft reveals several broader trends. To make the changes easier to digest, I've summarized the key implications in the chart below.
First, it consolidates obligations that were previously scattered across the Cybersecurity Law, Data Security Law, Personal Information Protection Law, Anti-Telecom and Online Fraud Law, and numerous ministerial regulations into a single administrative framework.
Second, it formally codifies the CAC’s central coordinating role in internet governance.
Third, it brings fast-growing technologies—including generative AI, deepfakes, recommendation algorithms, AI agents, livestreaming, and the platform economy—under a unified administrative regulatory framework.
Fourth, it is increasingly willing to look through corporate structures and regulate any foreign-linked internet service involved in information dissemination or public opinion inside China based on how it actually operates, not how it is legally structured.
Finally, it continues China’s broader shift toward institutionalizing platform governance while extending personal accountability through dual-liability provisions and executive disqualification mechanisms.
Below are the Chinese translations of the new draft and the CAC’s explanatory note:
Measures for the Administration of Internet Information Services
Draft Revision for Public Comment
Chapter I General Provisions
Article 1 These Measures are formulated in accordance with the Cybersecurity Law of the People’s Republic of China and other laws, for the purposes of promoting the healthy and orderly development of internet information services, protecting the lawful rights and interests of citizens, legal persons, and other organizations, and safeguarding national security and the public interest.
Article 2 These Measures shall apply to the provision of internet information services within the territory of the People’s Republic of China, as well as to the supervision and administration of internet information services.
Article 3 The provision of internet information services, as well as the supervision and administration of internet information services, shall uphold the leadership of the Communist Party of China, take the core socialist values as guidance, and follow the principles of being people-centered, classified management, coordinated advancement, and innovation-driven development, so as to promote the formation of a positive, healthy, uplifting and good-oriented online ecosystem and create a clean and upright cyberspace.
Article 4 The national cyberspace administration department shall be responsible for coordinating national cybersecurity work and related supervision and administration, and shall conduct supervision, administration, and law enforcement over internet information content nationwide.
The telecommunications department under the State Council shall, in accordance with its duties, be responsible for the administration of the national internet industry, and shall supervise and administer market access, market order, network resources, cybersecurity, and other matters relating to internet information services.
The public security department under the State Council shall, in accordance with its duties, be responsible for cybersecurity protection, supervision, and administration, maintaining public order and information security on the internet, and preventing and punishing illegal and criminal online activities.
State security organs shall, in accordance with their duties, be responsible for combating illegal and criminal activities that use the internet to endanger national security.
Other relevant departments under the State Council shall supervise and administer internet information services within the scope of their respective duties.
Local responsibilities for the supervision and administration of internet information services shall be determined in accordance with relevant national provisions.
Article 5 The State protects the rights of citizens, legal persons, and other organizations to use internet information services in accordance with the law, promotes the popularization of internet applications, and improves the level of internet information services.
The State encourages basic research and technological innovation related to internet information services, promotes the deep integration of the internet with economic and social development, encourages the building of an open, shared, mutually beneficial, and win-win industry development ecosystem, and enhances the innovative vitality of internet information services.
Those providing internet information services shall comply with laws and administrative regulations, perform cybersecurity obligations, assume social responsibilities, respect social morality and ethics, observe business ethics, act in good faith, and accept supervision by the government and society.
Article 6 The State encourages industry organizations in the internet information services sector to strengthen industry self-discipline, establish and improve industry self-discipline systems and industry standards, guide internet information service providers in formulating and improving service rules, urge internet information service providers to provide services in accordance with the law and accept social supervision, and promote the healthy and orderly development of the industry.
Article 7 The State shall take measures to monitor, prevent, and handle illegal and criminal activities conducted through internet information services inside or outside the territory of the People’s Republic of China that harm national security, the public interest, or the lawful rights and interests of citizens and organizations of the People’s Republic of China.
Chapter II Establishment
Article 8 Anyone providing internet information services within the territory of the People’s Republic of China shall obtain approval from the telecommunications department in accordance with the law. Without approval, no entity or individual may provide internet information services.
Article 9 Where the provision of internet information services constitutes the operation of telecommunications business, an application shall be made to the telecommunications department to obtain the relevant telecommunications business operating license.
The telecommunications department shall, in accordance with the requirements prescribed by relevant laws and administrative regulations, make a decision to approve or not approve the application.
Where an internet information service provider that has obtained the relevant telecommunications business operating license has not carried out the relevant telecommunications business for two consecutive years, or no longer meets the conditions for the telecommunications business operating license, the telecommunications department that made the licensing decision shall cancel its relevant telecommunications business operating license.
The telecommunications department shall establish systems for classified administration of telecommunications business and market monitoring. Relevant internet information service providers shall submit information on network resources, telecommunications business operations, and other matters as required.
Article 10 Anyone providing internet information services shall use network resources that meet the requirements of the telecommunications department, and shall have cybersecurity and information security management systems and technical safeguard measures that comply with laws, administrative regulations, and national provisions. The provision of internet information services shall comply with the requirements of mandatory national standards for network products, services, and related matters.
Internet websites and applications are encouraged to support and give priority to connections and access using Internet Protocol Version 6.
Article 11 Where the provision of internet information services in areas such as news, culture, publishing, audiovisual programs, education, religion, and finance requires approval from relevant competent authorities in accordance with laws, administrative regulations, and relevant national decisions, such approval shall be obtained before completing approval procedures or applying for a telecommunications business operating license.
Article 12 Personnel engaged in internet information services shall adhere to the correct political orientation, public opinion guidance, and value orientation, comply with laws and administrative regulations, and possess corresponding professional ethics and professional competence. Personnel engaged in internet news information services shall obtain the corresponding qualifications and receive the corresponding training and assessment. Specific measures for such qualifications shall be formulated by the national press and publication authority and the national cyberspace administration department in accordance with their respective duties.
Internet information service providers shall, in accordance with relevant national provisions, strengthen the management and training of personnel engaged in internet information services, especially personnel responsible for information security review.
Article 13 Where an internet information service provider no longer provides internet information services, it shall promptly complete the cancellation procedures for the relevant license or approval.
Where an internet information service provider undergoes a change in the sponsor-related licensing or approval matters due to merger, acquisition, or other reasons, it shall complete change procedures with the original licensing or approval authority.
Chapter III Operations
Section 1 General Provisions
Article 14
Where an internet information service provider applies for internet access services, it shall provide the internet access service provider with its approval number and the corresponding license or approval documents. The internet access service provider shall promptly verify such information and shall not provide services to any internet information service provider that has not obtained the required approval number and supporting documentation.
The establishment of root domain name servers, root domain name server operating institutions, domain name registration management institutions, domain name registration service institutions, or the provision of recursive domain name resolution services shall obtain the approval of the telecommunications department in accordance with the law.
Internet domain names shall not contain any content prohibited by laws or administrative regulations. Domain names used by internet information service providers shall be lawfully registered in their own names. Where a domain name is changed, transferred, or expires, the provider shall promptly complete the corresponding amendment or cancellation procedures for its internet information service approval. Internet information service providers shall not use domain names to carry out unlawful activities.
Article 15
The State implements a filing system for the allocation and use of Internet Protocol (IP) addresses. IP address allocation institutions shall promptly file relevant IP address information with the telecommunications department.
Before providing internet access services, internet access service providers shall verify the relevant IP address filing information and shall not provide services for IP addresses that have not been registered under a real identity or that contain false registration information.
Article 16
Any person providing internet information services within the territory of the People’s Republic of China shall, within 30 days from the date on which the network is officially connected, complete the required filing procedures with the public security authority designated by the people’s government at the provincial level where the provider is located. Internet access service providers shall provide the necessary assistance.
Internet information service providers shall prominently display their public security filing number in an easily accessible location.
Article 17
When providing internet information services, providers shall prominently display, in an easily accessible location, the license number or approval number obtained pursuant to Articles 8, 9, and 11 of these Measures.
Internet information service providers shall provide services only within the scope of the relevant license or approval and shall not provide services beyond the approved scope.
Article 18
Internet information service providers shall establish and improve systems governing user registration, account management, information publication, public information inspection, emergency response, and content governance. They shall enter into service agreements with users in accordance with the law and possess professional personnel and technical capabilities commensurate with the scale and nature of their services.
Internet information service providers shall strengthen the management of user account information and promptly conduct dynamic verification of account information. Where account information is found to contain information that violates laws, administrative regulations, or relevant national provisions, the provider shall refuse account registration or suspend the provision of the relevant services.
Where users engage in activities through internet information services that require specific qualifications under laws, administrative regulations, or relevant national provisions, the users shall provide proof of such qualifications to the internet information service provider. The provider shall verify such documentation and shall not provide the corresponding services to users lacking the required qualifications.
Article 19
Providers of internet access services, internet information services, domain name registration services, domain name resolution services, and similar services shall, when entering into service agreements or confirming the provision of services, require users to provide their true identity information in accordance with the law. Where users fail to provide true identity information, the relevant services shall not be provided.
Such service providers shall authenticate users’ true identity information through the National Online Identity Authentication Public Service, identity document numbers, Unified Social Credit Codes, or other legally prescribed means, and shall retain the relevant information. Verified identity information shall be retained throughout the period during which the service is provided and shall continue to be retained after termination of the service in accordance with the law.
Internet information service providers shall verify the true identity information of minor users through necessary means in accordance with the law.
Article 20
No organization or individual may evade real identity authentication by engaging in any of the following conduct:
using false identity information or impersonating another person’s identity to provide or use internet information services;
illegally obtaining or using internet accounts or internet resources registered by others; or
providing technical support, assistance, or other help to others for the purpose of evading real identity authentication.
Article 21
Internet information service providers shall establish a system for dynamic verification of internet account information and shall periodically verify existing account information. For abnormal internet accounts, providers may conduct dynamic verification through identity document numbers, the National Online Identity Authentication Public Service, or other lawful means.
Where an account is found to be inconsistent with the user’s verified identity information, or has remained inactive for more than six months, the provider shall, in accordance with the law and the service agreement, issue appropriate reminders and may suspend, restrict, or prohibit information publication or related functions, and, where necessary, freeze, cancel, or permanently close the account or prohibit re-registration.
Where the user of a mobile telephone number changes, the internet information service provider shall support the removal of the binding relationship between the mobile telephone number and the former user’s internet account.
Article 22
Providers of internet access services, internet information services, domain name registration services, domain name resolution services, and similar services shall adopt technical and other necessary measures to prevent, detect, and stop the use of their services for unlawful or criminal activities.
Where such providers discover cybercrime or other unlawful online activities, they shall preserve the relevant records and report them to the public security authorities and other competent authorities.
Article 23
The State encourages internet information service providers and users to produce, reproduce, publish, disseminate, and transmit information that promotes the core socialist values, advanced socialist culture, revolutionary culture, fine traditional Chinese culture, and socialist rule-of-law culture; reflects the great efforts of the Chinese people and the positive spirit of the Chinese nation; showcases achievements in economic and social development and the development of the rule of law in China; and promotes national reunification and ethnic unity.
Article 24
Internet information service providers and users shall not produce, reproduce, publish, disseminate, or transmit information containing any of the following:
information opposing the fundamental principles established by the Constitution; endangering national security, national honor, or national interests; divulging State secrets; inciting the subversion of State power; overthrowing the socialist system; inciting the splitting of the country; or undermining national unity;
information advocating terrorism or extremism, or inciting terrorist or extremist activities;
information promoting ethnic hatred or ethnic discrimination, undermining ethnic unity, harming public morality or China’s fine traditional culture, undermining the State’s religious policies, using religion to obstruct the implementation of the State’s judicial, educational, or social administration systems, deceiving or inciting others to engage in unlawful religious activities, or promoting cults or superstition;
information inciting unlawful assemblies, associations, marches, demonstrations, or other activities that undermine social stability;
information that distorts, vilifies, desecrates, or denies the deeds and spirit of heroes and martyrs; infringes upon the names, portraits, reputations, or honors of heroes and martyrs through insult, defamation, or other means; disparages or damages the honor of military personnel or veterans; insults or defames their reputation; intentionally destroys or desecrates honorary symbols of military personnel or veterans; or otherwise harms national defense or military development;
information disseminating obscenity, pornography, violence, gambling, homicide, terrorism, or content that incites crime, teaches criminal methods, or involves the manufacture or trading of prohibited or controlled items;
false or misleading information that disrupts economic or social order;
information insulting or defaming others or infringing upon another person’s reputation, honor, privacy, personal information rights and interests, intellectual property rights, or other lawful rights and interests; or
other information prohibited by laws or administrative regulations.
Article 25
Internet information service providers shall adopt measures to prevent and resist the production, reproduction, publication, dissemination, or transmission of undesirable information involving major national policies, emergencies, major criminal cases, or content that may adversely affect the physical or mental health of minors.
Internet information service providers shall not prominently display such undesirable information in products or services, or at locations or stages that are likely to attract users’ attention.
The State encourages cooperation between internet information service providers and news and publishing institutions to improve content governance.
Article 26
No organization or individual shall engage in any of the following conduct that disrupts the order of internet information services:
publishing, deleting, blocking, disconnecting links to, replacing, suppressing, or algorithmically recommending information, or providing such services for others;
fraudulently or in bulk registering internet accounts, or illegally stockpiling or trading internet accounts;
manipulating or using multiple internet accounts to mass-publish information prohibited by laws or administrative regulations, or undesirable information; engaging in fraudulent clicks, voting, rankings, comments, transactions, or reviews; fabricating or hijacking internet traffic; creating false public opinion hotspots; or manipulating rankings, trending lists, or other key online mechanisms;
unlawfully bypassing or circumventing technical measures adopted by relevant State authorities; or
other conduct prohibited by laws or administrative regulations.
Internet information service providers shall adopt measures such as abnormal data monitoring and manual review to prevent and detect the foregoing conduct.
Article 27
Where an internet information service provider discovers information prohibited under Article 24, undesirable information referred to in Article 25, or conduct prohibited under Article 26, it shall immediately stop transmission, take measures including deletion, blocking, disconnection of links, restriction of account functions or monetization rights, or account closure to prevent further dissemination, preserve relevant records, and report the matter to the cyberspace administration and other competent authorities.
Providers of electronic information transmission services and application download services that become aware that their users have produced, reproduced, published, disseminated, or transmitted prohibited or undesirable information, or engaged in conduct prohibited under Article 26, shall likewise immediately stop transmission, adopt deletion, blocking, link disconnection, or other necessary measures, preserve relevant records, and report to the cyberspace administration and other competent authorities.
Article 28
Where an internet access service provider discovers circumstances involving information prohibited under Article 24 or undesirable information referred to in Article 25, it shall immediately stop transmission, adopt appropriate measures including removal of the relevant information to prevent further dissemination, preserve relevant records, and report the matter to the cyberspace administration, telecommunications authority, public security authority, and other competent authorities.
Article 29
Where the competent authorities, in performing their statutory responsibilities for online information security supervision, discover information prohibited under Article 24, undesirable information referred to in Article 25, or conduct prohibited under Article 26, they shall, within the scope of their respective duties, require internet information service providers and internet access service providers to take the measures specified in Articles 27 and 28. Internet information service providers and internet access service providers shall cooperate accordingly.
Where organizations or individuals outside the territory of the People’s Republic of China produce, reproduce, publish, disseminate, or transmit information prohibited under Article 24 that harms China’s national security or public interests, the relevant State authorities may take necessary measures against such organizations or individuals in accordance with applicable laws and regulations.
Article 30
Where a person knows that another person is engaging in any of the following acts in violation of these Measures, no organization or individual shall provide data, technology, software, tools, programs, advertising, services, payment settlement, or any other support or assistance:
producing, reproducing, publishing, disseminating, or transmitting information prohibited under Article 24 or undesirable information referred to in Article 25;
engaging in conduct prohibited under Article 26 that disrupts the order of internet information services; or
assisting others in obtaining or disseminating information that has been lawfully blocked.
Article 31
Internet information service providers shall establish and improve rumor-refutation mechanisms. Where false information is produced, reproduced, published, disseminated, or transmitted, providers shall promptly adopt rumor-refuting measures, preserve relevant records, and report to the cyberspace administration and other competent authorities.
Where the conduct is suspected of constituting a criminal offense, the provider shall promptly report the matter to the public security authorities.
Article 32
Internet information service providers shall not engage in any of the following acts that infringe upon the lawful rights and interests of other internet information service providers:
without justifiable reason, interfering with the downloading, installation, operation, upgrading, or uninstallation of services or products lawfully provided by other internet information service providers on users’ terminal devices;
without justifiable reason, intercepting, blocking, or rendering incompatible services or products lawfully provided by other internet information service providers, or blocking hyperlinks, application redirects, or similar functions;
without the consent of another internet information service provider, inducing users to access the provider’s own services or those of a designated third party by inserting links, embedding content, creating redirects, or using misleading information, drop-down menus, search suggestions, interface designs, or operation buttons within services or products lawfully provided by another provider;
without justifiable reason, modifying, disabling, or uninstalling services or products lawfully provided by another internet information service provider, or deceiving, misleading, or compelling users to do so; or
other acts that violate laws, administrative regulations, or relevant national provisions and infringe upon the lawful rights and interests of other internet information service providers.
Article 33
Internet information service providers shall truthfully and comprehensively inform users of service information and applicable charges, respect users’ right to choose services independently, and shall not add, subscribe users to, or modify services without authorization, nor provide services through misleading practices, deception, or bundled offerings.
Internet information service providers shall strengthen service quality management and conduct service quality monitoring and evaluation. Relevant authorities, including the telecommunications, cyberspace administration, and market regulation authorities, may supervise and encourage providers to improve service quality through public service quality evaluations and other means.
Article 34
Internet information service providers and internet access service providers shall establish systems for public complaints, reporting, and user appeals, publicly disclose the channels for complaints, reporting, and appeals, provide human customer service resources commensurate with the scale of their business, promptly handle complaints, reports, and appeals, and communicate the handling results to users.
Article 35
The State encourages and supports internet information service providers in developing and providing services such as youth modes and dedicated youth sections that are suitable for the physical and mental development of minors and facilitate their access to beneficial internet information services.
Internet information service providers shall fulfill their statutory obligations for the online protection of minors, adopt necessary technical and management measures to prevent cyberbullying targeting minors, and prevent minors from becoming excessively dependent on or addicted to internet information services.
Article 36
Internet information service providers shall protect the lawful rights and interests of elderly persons and persons with disabilities in accordance with the law, fully consider their needs, and provide age-friendly services, technical accessibility support, and barrier-free services in accordance with relevant national provisions and standards.
Article 37
Internet information service providers that offer services possessing the attributes of public opinion or the capacity for social mobilization shall conduct security assessments in accordance with relevant national provisions.
The competent authorities shall, in accordance with relevant national provisions, conduct security assessments of internet information services possessing the attributes of public opinion or the capacity for social mobilization.
Article 38
Eligible internet information service providers operating in the news, publishing, and media sectors shall implement the Special Management Share (Special Management Stock) system in accordance with relevant national provisions.
Article 39
Internet information service providers shall record and retain information published through their services, user registration information, records of user-generated content, and other network log information for no less than six months.
Where internet access service resources are shared with others through network proxy services, network address translation (NAT), or similar technologies, providers shall also record and retain address translation logs and other log information sufficient to identify users.
Article 40
The State encourages internet information service providers to give priority to the use of open-source operating systems when developing applications.
Interconnection and interoperability among internet information service providers shall comply with the requirements of the cyberspace administration, telecommunications authorities, and other competent authorities. Such interconnection shall not infringe upon the lawful rights and interests of third parties, nor may it be used to publish or disseminate information prohibited by laws or administrative regulations.
Chapter III Operations
Section 2 Platform Information Services
Article 41
Internet information service providers that offer internet information dissemination platform services (hereinafter “Platform Information Service Providers”) shall continuously publish their platform rules, or a clearly identifiable link to such rules, in a prominent location on the homepage of their websites or applications, ensuring that relevant parties can conveniently access, review, and download them.
The platform rules shall prominently require users of internet information services to comply with laws, administrative regulations, and relevant national provisions.
Where platform rules are newly introduced or amended, Platform Information Service Providers shall publicly disclose the proposed changes and adequately solicit opinions from relevant stakeholders.
Where platform rules violate laws, administrative regulations, or relevant national provisions, the competent authorities shall, within the scope of their respective responsibilities, order the provider to make appropriate corrections.
Article 42
Platform Information Service Providers shall establish a credit record system for internet accounts, reasonably determine account credit ratings based on account usage, provide differentiated services accordingly, and periodically report relevant information to the cyberspace administration and other competent authorities.
Article 43
Where an internet public account applies to provide internet news information services, online publishing services, or other internet information services that require administrative approval by law, or applies to produce and disseminate information in areas such as finance, education, healthcare, legal affairs, military affairs, religion, human resources, or funeral services, the Platform Information Service Provider shall require the operator of the public account to provide information regarding relevant professional qualifications, professional background, and licenses or permits required by laws and administrative regulations.
The provider shall verify such information and apply a special identifier to the account.
Article 44
Platform Information Service Providers shall display, on the profile page of each internet public account, information including:
the operating entity;
the Unified Social Credit Code;
valid contact information;
the geographic location associated with the account’s IP address; and
the affiliated multi-channel internet content distribution service organization, where applicable.
Article 45
Operators of internet public accounts with significant influence shall not produce, reproduce, publish, disseminate, or transmit information prohibited under Article 24 or undesirable information referred to in Article 25.
Where such operators violate the preceding paragraph, Platform Information Service Providers shall, in accordance with law and contractual agreements, adopt measures including warnings, rectification orders, suspension of updates, restrictions on account functions, suspension of monetization privileges, account closure, and prohibition of re-registration, promptly remove the unlawful or undesirable content, preserve relevant records, and report the matter to the cyberspace administration and other competent authorities.
Specific measures for determining which internet public accounts possess significant influence shall be formulated by the national cyberspace administration department in conjunction with the national press and publication authority and the competent departments of culture and tourism, radio and television, public security, and other relevant authorities under the State Council.
Article 46
Platform Information Service Providers shall, in accordance with relevant national provisions, file with the competent authorities information relating to internet public accounts with significant influence, including the account name, operator, and affiliated multi-channel internet content distribution service organization.
Providers of internet livestreaming platform services shall complete the required filing with the provincial-level cyberspace administration department within 30 days after commencing operations. The cyberspace administration department shall promptly share the filing information with relevant authorities.
Article 47
Platform Information Service Providers shall establish and improve databases of characteristics of cyberbullying information and databases of representative cyberbullying cases, and strengthen the identification and monitoring of cyberbullying information through a combination of technical measures and manual review.
They shall also establish and improve early warning models for cyberbullying information in order to identify and warn of cyberbullying risks in a timely manner.
Platform Information Service Providers shall guide users toward civil and rational online interaction. Where cyberbullying risks are identified, providers shall promptly adopt measures including dynamic verification of users’ real identities, pop-up reminders, legal warnings, and traffic restrictions for abnormal accounts.
Where the volume of views, comments, reports, or similar indicators relating to the relevant information increases significantly, providers shall promptly report the matter to the competent authorities.
Platform Information Service Providers shall also provide users with tools to protect themselves against cyberbullying, including options to block designated users, disable reposting or commenting, refuse all private messages, and rapidly preserve evidence relating to cyberbullying content.
Article 48
Platform Information Service Providers shall perform their obligations in accordance with these Measures and other applicable laws and administrative regulations, and shall not engage in conduct prohibited under Article 26 that disrupts the order of internet information services or circumvents regulatory oversight.
Platform Information Service Providers shall also periodically conduct self-assessments regarding their fulfillment of internet information service management obligations and compliance with laws and administrative regulations.
Article 49
Platform Information Service Providers shall not abuse their market influence, platform rules, user agreements, or rely on the pretext of fulfilling statutory obligations to disrupt the order of internet information services or evade regulatory oversight.
Article 50
The State shall improve the market access regime for the internet livestreaming industry and strengthen full lifecycle management of livestreaming accounts.
Providers of internet livestreaming platform services shall establish dynamic real-identity verification mechanisms for livestreaming accounts, implement classified and tiered management based on factors such as livestreaming content and audience size, and strengthen real-time management of interactive features including comments and bullet chats (danmu).
Article 51
Providers of application distribution platform services shall complete the required filing in accordance with laws, administrative regulations, and relevant national provisions before providing application distribution services.
Application distribution platform providers shall strengthen the management of applications available on their platforms. They shall give greater visibility and promotional support to applications that actively disseminate the content encouraged under Article 23 of these Measures and voluntarily maintain a healthy online environment.
Application distribution platform providers shall register and verify the qualifications, principal functions, and basic information of application developers, strengthen ongoing inspections of applications, and cease providing distribution services to applications that commit serious violations of laws or regulations.
Neither application distribution platform providers nor application service providers shall induce users to download applications through false advertising, bundled downloads, manipulation of rankings, fabricated traffic, fake transactions or reviews, or by publishing or disseminating information prohibited by laws or administrative regulations or other undesirable information.
Article 52
Providers of multi-channel internet content distribution services shall register as business entities in accordance with the law, appoint a person responsible for content management, establish a content review team commensurate with the scope and scale of their business, and formulate and publicly disclose rules governing content management.
Platform Information Service Providers shall strengthen the management of such organizations operating on their platforms, verify them in accordance with laws, administrative regulations, and relevant national provisions, and complete the required filing procedures in accordance with national requirements.
Article 53
Where a multi-channel internet content distribution service organization provides planning, production, publishing, dissemination, marketing, promotion, agency, or other services relating to internet content for operators of internet public accounts, it shall clearly specify content management responsibilities in the service agreement and perform its information security management obligations in accordance with the law and the agreement.
Where such an organization fails to fulfill its management obligations with respect to contracted public accounts that violate laws, administrative regulations, or these Measures, it shall bear the corresponding legal responsibilities in accordance with the law.
A multi-channel internet content distribution service organization shall not directly engage in, organize, incite, encourage, commission, or assist contracted public accounts in violating these Measures or other applicable laws and administrative regulations. It shall, in accordance with the law and contractual arrangements, adopt measures such as warnings, rectification orders, suspension of monetization privileges, termination of agreements, and notification to the relevant platform.
Where either the organization or its contracted public accounts violate these Measures or other applicable laws and administrative regulations, the Platform Information Service Provider shall, in accordance with the law and contractual arrangements, adopt measures including warnings, rectification orders, suspension of monetization privileges, restriction of services, removal from the platform, blacklisting, and other appropriate actions, and shall report the matter to the competent authorities in accordance with relevant national provisions.
Article 54
Large Platform Information Service Providers shall fulfill the following obligations:
establish a comprehensive compliance management system and risk prevention mechanisms for internet information services; establish a dedicated compliance department and appoint a compliance officer; conduct regular security assessments; and publicly disclose the operation of the relevant mechanisms and measures;
formulate and publish dedicated platform rules specifying the protection of the lawful rights and interests of providers of products or services on the platform, as well as workers directly involved in platform information services, together with the available remedies;
establish efficient mechanisms for handling public complaints, reports, and user appeals relating to internet information content, and process complaints, reports, and appeals concerning unlawful or undesirable information within 24 hours;
publish periodic social responsibility reports disclosing matters including internet information security, personal information protection, and the protection of minors online, and accept public supervision; and
promptly report to the competent local cyberspace administration department any changes to their principal business, major shareholders, actual controllers, or any major emergency incidents.
Large Platform Information Service Providers shall not use data, algorithms, technology, platform rules, technical measures, or user agreements to infringe upon the lawful rights and interests of other business operators, consumers, or other market participants.
Chapter III Operations
Section 3 Intelligent Information Services
Article 55
The State adheres to the principle of giving equal importance to development and security, and combining the promotion of innovation with law-based governance. It encourages the innovative application of artificial intelligence technologies in internet information services, advances the development of standards for algorithms, supports the establishment of high-quality datasets for internet information services, promotes the development, training, and application of AI models related to internet information services, and encourages intelligent information services to develop in a positive and beneficial direction.
Article 56
Providers of internet information services using artificial intelligence technologies (hereinafter “Intelligent Information Service Providers”) shall follow the principles of fairness, openness, transparency, and good faith. In accordance with relevant national provisions, they shall publicly disclose information concerning the basic principles, purposes, operating mechanisms, and sources of training data for the relevant technologies.
Article 57
Intelligent Information Service Providers offering services that possess the attributes of public opinion or the capacity for social mobilization shall conduct security assessments in accordance with relevant national provisions and complete the required algorithm filing, amendment, and deregistration procedures.
Article 58
Where an application service provider invokes system permissions of intelligent terminal devices to provide intelligent information services, the telecommunications and cyberspace administration authorities shall, within the scope of their respective responsibilities, organize compatibility testing between the application and the intelligent terminal.
Article 59
Where Intelligent Information Service Providers conduct data processing activities such as pre-training or post-training optimization, they shall use data and foundation models obtained from lawful sources, adopt effective measures to improve the quality of training data, and shall not infringe upon the intellectual property rights lawfully enjoyed by others.
Where corpus data is used for model training, such training shall comply with laws, administrative regulations, relevant national provisions, and the requirements of the core socialist values. Providers of internet news information services shall use as training corpora only news information published by entities approved under relevant national provisions.
Article 60
Intelligent Information Service Providers shall adopt both technical and manual measures to strengthen the management of AI-generated and synthetic content.
Providers offering AI-generated content services shall label AI-generated and synthetic content in accordance with laws, administrative regulations, relevant national provisions, and mandatory national standards.
No organization or individual shall maliciously remove, alter, forge, or conceal such labels.
Article 61
Intelligent Information Service Providers offering algorithm recommendation services shall, in accordance with relevant national provisions, establish mechanisms for human intervention and user choice, provide users with options that are not based on personal characteristics or offer convenient means to refuse personalized recommendations, and shall not compel users to use intelligent information services.
Providers offering algorithm recommendation services shall formulate traffic allocation rules and algorithm standards that promote positive values, file such rules with the relevant authorities in accordance with national requirements, and publicly disclose the relevant information.
Providers offering algorithm recommendation services shall regulate traffic allocation and promotional mechanisms, strengthen governance of recommendation interfaces, and actively present content consistent with mainstream values in prominent areas such as homepages, trending lists, featured content, rankings, and pop-up windows. They shall not use information prohibited by laws or administrative regulations, or undesirable information, as keywords in user interest profiles or user tags for recommendation purposes. Nor shall they use algorithms to suppress information, engage in excessive recommendation, manipulate rankings or search results, control trending topics or featured content, interfere with information presentation, disrupt online public opinion, or circumvent regulatory oversight.
Providers offering algorithm recommendation services shall configure recommendation models that comply with the information content requirements of these Measures and shall not use recommendation technologies to produce, reproduce, publish, disseminate, or transmit information prohibited under Article 24 or undesirable information referred to in Article 25.
Article 62
Where Intelligent Information Service Providers provide work scheduling or similar services to workers, they shall collect workers’ data in recruitment, dispatching, performance evaluation, and other employment-related processes in accordance with the principles of legality, legitimacy, and necessity. They shall ensure that algorithms governing order allocation, remuneration, working hours, and similar matters are transparent, fair, and reasonable, and shall protect workers’ lawful rights and interests, including equal employment opportunities, remuneration, and rest periods.
Where major algorithmic rules are introduced or modified, providers shall publicly solicit opinions from workers, fully consider the views of relevant stakeholders, assess the impact on workers’ lawful rights and interests, publicly disclose the changes in a prominent manner before implementation, and shall not infringe upon workers’ lawful rights and interests.
Article 63
Providers offering AI Agent services shall use AI Agents that comply with relevant national requirements and establish corresponding security management systems and technical control capabilities.
Providers engaged in AI Agent distribution services shall strengthen the security management of AI Agents in accordance with relevant national provisions and establish sound AI Agent security management systems.
Providers offering AI Agent services or AI Agent distribution services shall not use AI Agents to engage in activities that endanger national security, harm the public interest, or otherwise violate laws or administrative regulations.
Article 64
Where an Intelligent Information Service Provider discovers that its intelligent information services present significant security risks, generate or synthesize information prohibited under Article 24 or undesirable information referred to in Article 25, or involve conduct prohibited under Article 26, it shall immediately adopt measures including suspending content generation, stopping transmission, removing relevant content, suspending services, or disabling relevant functions. It shall also take corrective measures such as further model optimization and training, and report the matter to the cyberspace administration and other competent authorities.
Chapter IV Supervision and Inspection
Article 65
The cyberspace administration, telecommunications, public security, and other competent authorities shall, within the scope of their respective responsibilities, supervise and inspect internet information services and promptly investigate and deal with violations of these Measures.
When the cyberspace administration, telecommunications, public security, or other competent authorities perform supervisory and inspection duties in accordance with the law, internet information service providers and internet access service providers shall cooperate and shall not refuse or obstruct such supervision or inspection.
Article 66
The cyberspace administration, telecommunications, public security, and other competent authorities shall strengthen coordination and information sharing, establish mechanisms for sharing supervisory information, exchanging information, transferring cases, and conducting joint enforcement, and avoid unnecessary or duplicative inspections.
The national cyberspace administration, the telecommunications department under the State Council, and the public security authorities shall share, through information systems, information relating to internet information service approvals, internet connection filings, filings of multi-channel internet content distribution service organizations, filings of application distribution platforms, and the identities of registrants.
Where a violation is suspected to constitute a criminal offense, the relevant competent authority shall promptly transfer the case to the judicial authorities for criminal investigation in accordance with the law. Where criminal liability is not pursued or criminal punishment is exempted but administrative penalties remain appropriate, the judicial authorities shall promptly transfer the case to the relevant competent authority.
Article 67
Where, in accordance with these Measures, the telecommunications authority revokes, cancels, or withdraws a telecommunications business license, or cancels an approval number, it shall notify the relevant internet access service providers and domain name resolution service providers to cease providing services to the relevant entity.
Article 68
Any organization or individual that discovers conduct by an internet information service provider or internet access service provider in violation of these Measures may report or file a complaint with the relevant competent authority.
Upon receiving such reports or complaints, the cyberspace administration, telecommunications, public security, and other competent authorities shall promptly handle them in accordance with the law. Where the matter falls outside their jurisdiction, they shall promptly inform the complainant or transfer the matter to the competent authority.
Article 69
When conducting supervision and inspection of Platform Information Service Providers, the competent authorities shall focus on the following matters:
the handling and response to public complaints, reports, and user appeals;
the handling of unlawful internet accounts and information, the legal basis for such actions, and whether the platform itself has participated in any unlawful activities;
whether measures have been taken, in accordance with Article 25, paragraphs 1 and 2, to prevent and resist the production, reproduction, publication, dissemination, or transmission of undesirable information;
whether the provider has adopted measures required by the competent authorities to cooperate in the handling of unlawful or undesirable information;
the management of internet account credit records;
the formulation and amendment of platform rules and user agreements, including consultation procedures; and
any other matters requiring重点 supervision and inspection.
Where provincial-level or higher competent authorities, in the course of performing their supervisory duties, identify significant security risks or security incidents relating to internet information services, they may, in accordance with prescribed authority and procedures, summon the legal representative or principal person in charge of the relevant internet information service provider for an interview and require the provider to adopt measures to prevent the expansion of risks.
The internet information service provider shall take the required corrective measures and eliminate the identified risks.
Article 70
When conducting supervision and inspection in accordance with these Measures, the cyberspace administration, telecommunications, public security, and other competent authorities may, in accordance with the law, take the following measures:
question relevant parties and investigate matters relating to internet information services;
inspect and copy network logs and other materials relating to internet information services;
conduct on-site inspections and investigate suspected unlawful conduct; and
where electronic equipment, storage media, articles, facilities, or premises are connected with suspected unlawful conduct, adopt compulsory measures such as sealing or seizure in accordance with the law.
Article 71
State secrets, official secrets, trade secrets, personal privacy, and personal information obtained by competent authorities and their personnel in the course of supervising and administering internet information services shall be kept confidential. Such information may be used only for the purposes of supervision, administration, and law enforcement, and shall not be disclosed, altered, unlawfully destroyed, sold, or unlawfully provided to others.
Article 72
Providers of internet access services, internet information services, domain name registration services, domain name resolution services, and similar services shall provide the necessary support and assistance to the cyberspace administration and telecommunications authorities in the lawful performance of their supervisory responsibilities over internet information services.
Such providers shall also provide technical support and assistance to public security authorities and state security authorities in accordance with the law for activities relating to safeguarding national security and investigating criminal offenses.
Article 73
Where necessary to safeguard cybersecurity and social order or to respond to major cybersecurity incidents, and with the approval of the State Council, the national cyberspace administration, together with the telecommunications and public security departments under the State Council, may impose temporary control measures, including restrictions, on online applications or specific functions that possess the attributes of public opinion or the capacity for social mobilization within a specified period or geographic area.
Chapter V Legal Liability
Article 74
Where any person, in violation of Article 9 of these Measures, engages in telecommunications business without obtaining the required telecommunications business operating license, or provides services beyond the scope of the license, the telecommunications authority shall order correction, confiscate any unlawful gains, and impose a fine of three to five times the amount of the unlawful gains. Where there are no unlawful gains or the unlawful gains are less than RMB 50,000, a fine of RMB 100,000 to RMB 1,000,000 shall be imposed. In serious cases, suspension of business for rectification shall be ordered.
Where any person, in violation of Articles 8 or 17(2), provides internet information services without obtaining the required approval, or provides services beyond the approved scope, the telecommunications authority shall order correction. Where the provider refuses to make corrections, suspension of business for rectification shall be ordered.
Where any person fails to complete the required public security filing within the prescribed period in violation of Article 16(1), the public security authority shall issue a warning and order correction. Where the provider refuses to comply, suspension of network operations for rectification shall be ordered.
Where an internet information service provider violates Articles 13 or 14, the telecommunications authority shall order correction. Where the provider refuses to comply or the circumstances are serious, the authority may issue a warning, impose a fine of RMB 100,000 to RMB 1,000,000, suspend the relevant business, order suspension of operations for rectification, revoke the telecommunications business operating license, or cancel the approval number. The directly responsible persons and other directly liable personnel may be fined RMB 10,000 to RMB 100,000.
Where an internet information service provider engages in internet information services requiring prior approval under Article 11 without obtaining such approval, the cyberspace administration or other competent authorities shall, within the scope of their respective responsibilities, order the cessation of the relevant services, confiscate unlawful gains, and impose a fine of five to ten times the unlawful gains where such gains exceed RMB 10,000. Where unlawful gains are less than RMB 10,000 or there are no unlawful gains, a fine of RMB 10,000 to RMB 100,000 may be imposed. In serious cases, the telecommunications authority shall revoke the telecommunications business operating license or cancel the approval number.
Article 75
Where an internet information service provider obtains a license or approval through fraud, bribery, or other improper means in violation of Chapter II of these Measures, the original licensing or approving authority shall revoke the relevant license or cancel the approval number, confiscate unlawful gains, and may impose a fine of RMB 100,000 to RMB 1,000,000.
Article 76
Where an internet information service provider or internet livestreaming platform provider violates Articles 16(2), 17(1), 18, 34, 37(1), 41(1), 42, 43, 44, 57, 59, 62, or 72 of these Measures, the cyberspace administration, telecommunications authority, public security authority, or other competent authorities shall, within the scope of their respective responsibilities, issue a warning, order correction within a specified period, and confiscate unlawful gains.
Where the provider refuses to comply or the circumstances are serious, the competent authorities may impose a fine of RMB 50,000 to RMB 500,000, suspend the relevant business, order suspension of operations for rectification, close the website or application, revoke the relevant business license or business permit, and impose a fine of RMB 10,000 to RMB 100,000 on the directly responsible persons and other directly liable personnel.
Article 77
Where an internet information service provider violates Article 24, Article 25(1) or (2), Article 39, Article 54(1), Article 60, or Article 61(3), penalties shall be imposed in accordance with applicable laws and administrative regulations. Where no such provisions exist, the competent authorities, including the cyberspace administration, shall order correction, issue a warning, confiscate unlawful gains, and may impose a fine of RMB 50,000 to RMB 500,000, together with measures including suspension of business, suspension of operations for rectification, closure of websites or applications, or revocation of relevant licenses. The directly responsible persons and other directly liable personnel may be fined RMB 10,000 to RMB 100,000.
Where the provider refuses to make corrections or the circumstances are serious, the competent authorities shall confiscate unlawful gains, impose a fine of RMB 500,000 to RMB 2,000,000, and may order suspension of business, suspension of operations for rectification, closure of websites or applications, or revocation of relevant licenses. The directly responsible persons and other directly liable personnel shall be fined RMB 10,000 to RMB 100,000, and may additionally be prohibited from engaging in internet information security management activities for six months to one year, or have their relevant qualifications revoked.
Where the circumstances are especially serious, the competent authorities shall confiscate unlawful gains, impose a fine of RMB 2,000,000 to RMB 10,000,000, order suspension of business, suspension of operations for rectification, closure of websites or applications, or revocation of relevant licenses. The directly responsible persons and other directly liable personnel shall be fined RMB 100,000 to RMB 1,000,000, and may be prohibited from serving as directors, supervisors, senior executives, or persons responsible for internet information security in relevant enterprises for a specified period, and their internet information security qualifications may be revoked.
Article 78
Where providers of internet access services, domain name registration services, domain name resolution services, or similar services violate Articles 15, 34, or 65(2), the competent authorities, including the cyberspace administration, telecommunications authority, and public security authority, shall issue a warning, order correction within a specified period, and confiscate unlawful gains. Where the provider refuses to comply or the circumstances are serious, a fine of RMB 100,000 to RMB 500,000 may be imposed, together with suspension of business, suspension of operations for rectification, revocation of the relevant license, or revocation of the business permit. The directly responsible persons and other directly liable personnel may be fined RMB 10,000 to RMB 100,000.
Article 79
Where any person violates Articles 19, 20, 21, or 22, penalties shall be imposed in accordance with applicable laws and administrative regulations. Where no such provisions exist, the cyberspace administration, telecommunications authority, or public security authority shall issue a warning, order correction within a specified period, confiscate unlawful gains, and, where the provider refuses to comply or the circumstances are serious, impose a fine of RMB 50,000 to RMB 500,000, together with suspension of business, suspension of operations for rectification, closure of websites or applications, or revocation of relevant licenses. The directly responsible persons and other directly liable personnel may be fined RMB 10,000 to RMB 100,000.
Article 80
Where any person violates Article 31, Article 46, Article 47, Article 50, Article 51, Article 52, Article 53, Article 56, or Article 61(1) or (2) of these Measures, the relevant competent authorities shall order correction, issue a warning, confiscate unlawful gains, and may impose a fine of RMB 100,000 to RMB 1,000,000.
Where the provider refuses to comply or the circumstances are serious, a fine of RMB 1,000,000 to RMB 2,000,000 may be imposed, together with suspension of business, suspension of operations for rectification, or revocation of the relevant business license or business permit.
Article 81
Where an internet information service provider or internet access service provider violates Article 27, Article 28, Article 29(1), Article 40(2), Article 63, or Article 64 of these Measures, the relevant competent authorities shall order correction, issue a warning or a public criticism, and may impose a fine of RMB 50,000 to RMB 500,000. They may also order suspension of business, suspension of operations for rectification, closure of websites or applications, or revocation of the relevant business license or permit.
Where the provider refuses to comply or the circumstances are serious, a fine of RMB 500,000 to RMB 2,000,000 may be imposed, together with suspension of business, suspension of operations for rectification, closure of websites or applications, or revocation of the relevant business license or permit. The directly responsible persons and other directly liable personnel may be fined RMB 50,000 to RMB 200,000.
Where the violations referred to in the preceding paragraph cause particularly serious impacts or consequences, the competent authorities may impose a fine of RMB 2,000,000 to RMB 10,000,000, order suspension of business, suspension of operations for rectification, closure of websites or applications, or revocation of the relevant business license or permit. The directly responsible persons and other directly liable personnel may be fined RMB 200,000 to RMB 1,000,000.
Article 82
Where the cyberspace administration, telecommunications, public security, or other competent authorities, or their personnel, use information obtained in the course of supervising internet information services for purposes other than those permitted under Article 71 of these Measures, the responsible leadership personnel and directly responsible personnel shall be subject to disciplinary sanctions in accordance with the law.
Where personnel of the cyberspace administration, telecommunications, or public security authorities neglect their duties, abuse their powers, engage in malpractice for personal gain, or solicit or accept property by taking advantage of their official positions, disciplinary sanctions shall be imposed in accordance with the law.
Article 83
Where an operator of an internet public account violates Article 24 of these Measures, penalties shall be imposed in accordance with applicable laws and administrative regulations. Where no such provisions exist, the cyberspace administration or other competent authorities shall, within the scope of their respective responsibilities, issue a warning, order correction within a specified period, require the removal of subscribers where appropriate, restrict account functions, suspend or restrict monetization privileges, suspend relevant services, close the account, or prohibit re-registration, and may impose a fine of RMB 10,000 to RMB 50,000.
Where an operator of an internet public account with significant influence violates Article 45 of these Measures, the competent authorities shall issue a warning, order correction within a specified period, require the removal of subscribers where appropriate, restrict account functions, suspend or restrict monetization privileges, suspend relevant services, close the account, or prohibit re-registration, and may impose a fine of RMB 50,000 to RMB 500,000.
Article 84
Where any person violates Article 26, Article 30, Article 32, Article 48, or Article 49 of these Measures, penalties shall be imposed in accordance with applicable laws and administrative regulations. Where no such provisions exist, the cyberspace administration, telecommunications, public security, or other competent authorities shall, within the scope of their respective responsibilities, order correction within a specified period and may impose a fine of RMB 100,000 to RMB 1,000,000.
Where the provider refuses to comply or the circumstances are serious, a fine of RMB 1,000,000 to RMB 5,000,000 may be imposed, together with suspension of business or suspension of operations for rectification.
Article 85
Where an internet information service provider violates Article 33(1) of these Measures, the telecommunications authority, cyberspace administration, or other competent authorities shall order correction within a specified period and may impose a fine of RMB 100,000 to RMB 1,000,000.
Where the provider refuses to comply or the circumstances are serious, a fine of RMB 1,000,000 to RMB 2,000,000 may be imposed, together with suspension of business or suspension of operations for rectification.
Article 86
Where any person violates other provisions of these Measures, legal liability shall be pursued in accordance with the Cybersecurity Law of the People’s Republic of China, the Data Security Law of the People’s Republic of China, the Personal Information Protection Law of the People’s Republic of China, the Anti-Unfair Competition Law of the People’s Republic of China, the Law of the People’s Republic of China on the Protection of Consumer Rights and Interests, the Regulations on the Online Protection of Minors, and other applicable laws and administrative regulations.
Article 87
Where a violation of these Measures causes damage to another person, civil liability shall be borne in accordance with the law. Where the conduct constitutes a violation of public security administration, public security administrative penalties shall be imposed in accordance with the law. Where the conduct constitutes a criminal offense, criminal liability shall be pursued in accordance with the law.
Article 88
Where conduct in violation of these Measures is included, in accordance with laws, administrative regulations, or relevant national provisions, in the List of Seriously Dishonest Entities in the Internet Sector, the relevant competent authorities may impose disciplinary measures for dishonesty, including restricting or prohibiting the registration of new user accounts, restricting account functions, or prohibiting the entity from engaging in internet information services for a specified period or within a specified scope.
Article 89
Where a violation of these Measures falls within the circumstances warranting mitigated punishment, reduced punishment, or exemption from administrative penalties under the Administrative Penalty Law of the People’s Republic of China, the relevant provisions of that Law shall apply.
Chapter VI Supplementary Provisions
Article 90
For the purposes of these Measures, the following terms shall have the meanings set out below:
Internet information services refer to activities that provide information to the public through internet websites, applications, AI agents, microblogs, instant messaging tools, search engines, internet livestreaming, online audiovisual services, image and text sharing, knowledge learning and reasoning, task assistance and execution, internet public accounts, and other forms.
Internet access services refer to services that provide network access for internet information service providers, including internet data center (IDC) services, content delivery network (CDN) services, internet access services, and other business forms, such as proxy services, server hosting, and space leasing.
Internet accounts refer to accounts registered and used by users of internet information services.
Internet public accounts refer to internet accounts used by internet information service users to produce and publish text, images, audio, video, or other information for the general public, excluding accounts that provide only communication functions.
Internet public accounts with significant influence refer to internet public accounts that meet one or more of the following criteria: the number of followers, views, reposts, or comments reaches a specified scale; revenue generated through the account during the previous year reaches a specified scale; or the account has significant influence within a particular sector or community.
Operators of internet public accounts refer to organizations or individuals that register and operate internet public accounts to produce and publish information.
Multi-channel internet content distribution services refer to services that provide planning, production, publication, distribution, marketing, promotion, agency, or similar services for information published through internet public accounts.
Internet livestreaming platform service providers refer to Platform Information Service Providers that provide internet livestreaming services.
Application distribution platform service providers refer to Platform Information Service Providers that provide application distribution services.
Large internet platforms refer to internet platforms with more than 50 million registered users or 10 million monthly active users, whose business operations are complex and whose internet information services have a significant impact on economic activities, online order, or users’ rights and interests.
Article 91
Where a foreign-invested enterprise engages in internet information services, it shall also comply with the requirements of laws, administrative regulations, and relevant national provisions governing foreign investment.
Where laws, administrative regulations, or relevant national provisions contain special rules governing foreign-invested enterprises engaged in e-commerce retail, e-commerce supply chain services, or other e-commerce activities, those provisions shall apply.
Article 92
Organizations or individuals outside the territory of the People’s Republic of China that provide internet information services to users within China, or make use of internet information services within China, shall comply with laws, administrative regulations, and relevant national provisions.
Where an international treaty concluded or acceded to by the People’s Republic of China contains provisions different from these Measures, the treaty shall prevail, except for provisions to which China has entered reservations.
Article 93
Where internet information services involve network operational security, data security, personal information protection, anti-unfair competition, consumer protection, news dissemination, or media administration, the relevant laws and administrative regulations shall also apply.
Where internet information services involve State secrets, the relevant laws and administrative regulations on the protection of State secrets shall also apply.
Article 94
These Measures shall enter into force on [date to be determined].
Explanatory Notes on the Draft Revision of the Measures for the Administration of Internet Information Services
The CPC Central Committee and the State Council attach great importance to the administration of internet information services and have made important arrangements for revising the Measures for the Administration of Internet Information Services (the “Measures”).
In accordance with the State Council’s legislative work plan, the Cyberspace Administration of China (”CAC”), together with the Ministry of Industry and Information Technology (”MIIT”), the Ministry of Public Security (”MPS”), and other relevant authorities, conducted extensive legislative research, carefully reviewed practical experience, and broadly solicited opinions from all stakeholders. On this basis, the authorities prepared the Draft Revision of the Measures for the Administration of Internet Information Services (the “Draft”) and hereby release it for public comment.
The relevant matters are explained as follows.
I. Necessity of the Revision
As a foundational regulation governing internet information services, the Measures have played an important role since their implementation in 2000 in regulating the online information environment and promoting the sustained and healthy development of China’s internet industry.
However, with the rapid development of information technology, profound changes have taken place in the governance structure, regulatory mechanisms, regulatory tools, and regulatory targets of internet information services. Accordingly, the existing Measures require further revision and improvement.
First, the revision implements the decisions and arrangements of the CPC Central Committee.
General Secretary Xi Jinping has emphasized the need to improve the comprehensive governance framework for cyberspace under the centralized and unified leadership of the Party, and to strengthen guidance over online platforms, self-media accounts, and multi-channel network (MCN) organizations so that they fulfill their social responsibilities.
The 15th Five-Year Plan for National Economic and Social Development also calls for strengthening online content governance and improving laws and regulations governing internet content management and platform governance.
Second, the revision responds to new challenges in internet information governance.
In recent years, a range of new issues have emerged in the internet information services sector. Some self-media accounts and online public relations firms have sought improper commercial gains by providing paid influence services or generating artificial traffic. Some online platforms have abused platform rules or engaged in algorithmic discrimination, thereby infringing users’ lawful rights and interests.
Meanwhile, the rapid adoption of technologies such as generative artificial intelligence and deep synthesis has significantly increased the complexity of internet governance.
There is therefore an urgent need to enrich the legal basis for internet governance, address prominent regulatory challenges, and establish a stronger institutional foundation for internet information services under the new technological environment.
Third, the revision aligns the Measures with recently enacted legislation.
In recent years, China has enacted or amended a number of important laws, including the Cybersecurity Law, the Law on the Protection of Heroes and Martyrs, the Personal Information Protection Law, and the Law on the Protection of Minors. In addition, the CAC and other authorities have issued numerous departmental rules and normative documents covering online ecosystem governance, internet account administration, cyberbullying, and the development and security of AI-enabled information services.
The revision therefore seeks to better align the Measures with this broader legislative framework while elevating mature regulatory practices into a higher-level administrative regulation.
II. Revision Process
The CAC, together with MIIT, MPS, and other relevant authorities, carried out extensive legislative research and systematically reviewed China’s experience in regulating internet information services.
Based on this work, the drafting team focused on key challenges in internet governance, proposed new regulatory mechanisms where necessary, aligned the Draft with relevant legislation, and organized consultations with experts and scholars.
The Draft was also circulated for comments among central government agencies, provincial cyberspace administrations, and the Cyberspace Administration of the Xinjiang Production and Construction Corps.
Following further revisions and the completion of the required legislative assessments, the current Draft was finalized for public consultation.
III. Overall Approach
The revision follows four guiding principles.
First, it upholds the leadership of the Communist Party of China.
The Draft is guided by Xi Jinping Thought on Socialism with Chinese Characteristics for a New Era—particularly Xi Jinping Thought on the Rule of Law and Xi Jinping Thought on Culture—and implements the decisions of the 20th CPC National Congress and subsequent plenary sessions, as well as General Secretary Xi Jinping’s important instructions on internet information service governance.
Second, it follows a problem-oriented approach.
The Draft is grounded in China’s practical experience in internet governance, responds to emerging regulatory challenges, improves institutional design, aligns with existing legislation, and strengthens the systematic, targeted, and practical nature of the regulatory framework.
Third, it emphasizes collaborative governance.
The Draft further clarifies the respective responsibilities of government authorities, industry associations, internet information service providers, operators of internet public accounts, industry practitioners, and other relevant participants.
Fourth, it balances continuity and innovation.
Regulatory mechanisms that have proven effective under the existing Measures are retained and improved, while provisions that no longer reflect technological or market realities have been revised, supplemented, or removed in light of developments in the information technology sector.
IV. Major Revisions
The Draft consists of six chapters and ninety-four articles, representing a comprehensive revision of the current Measures.
The principal revisions include the following.
First, the Draft clarifies the fundamental principles and regulatory framework governing internet information services.
It expressly provides that internet information services and their supervision shall uphold the leadership of the Communist Party of China and be guided by the core socialist values. It also clarifies the respective responsibilities of the CAC, the telecommunications authorities under the State Council, the Ministry of Public Security, and other competent authorities, while specifying that local supervisory responsibilities shall be determined in accordance with relevant national provisions.
Second, the Draft strengthens the regulation of internet information service providers.
It further improves market entry requirements, standardizes the use of network resources, and enhances requirements relating to industry personnel. It requires providers to obtain approval from the telecommunications authorities before providing internet information services, to use network resources that meet regulatory requirements, and requires personnel engaged in internet news information services to obtain relevant qualifications and complete prescribed training and assessments.
Third, the Draft strengthens regulation of internet information service activities.
It further enhances user account administration, improves rules governing online information content, and introduces new regulatory requirements for specific circumstances.
Among other things, it requires dynamic verification of registered accounts, prohibits the production, publication, or dissemination of unlawful information, requires providers to prevent and resist undesirable information, prohibits conduct that disrupts the order of internet information services, and prohibits providing support or assistance for unlawful online activities.
Fourth, the Draft strengthens the responsibilities of online platforms.
It introduces a dedicated chapter on Platform Information Services, requiring operators of internet public accounts with significant influence not to produce or disseminate unlawful or undesirable information.
It also requires platforms to strengthen the identification and monitoring of cyberbullying, adopt timely intervention measures where cyberbullying risks arise, provide users with evidence preservation tools, and regulate multi-channel internet content distribution organizations and the public accounts operating under them.
Fifth, the Draft promotes the secure development of intelligent information services.
A dedicated chapter on Intelligent Information Services establishes a comprehensive regulatory framework for AI-enabled internet services.
The Draft strengthens requirements relating to the labeling of AI-generated content, regulates the use of recommendation algorithms, prohibits forcing users to use AI services, prohibits the use of algorithms to manipulate online public opinion or evade regulatory oversight, strengthens protection of workers affected by algorithmic management, and enhances mechanisms for responding to significant AI-related security risks.
Finally, the Draft improves the legal liability regime and expands the regulatory toolbox available to enforcement authorities.
Drawing upon recent experience in internet governance, it establishes a List of Seriously Dishonest Entities in the Internet Sector, introduces additional enforcement measures such as restricting account functions and prohibiting the registration of new user accounts, aligns with the Cybersecurity Law, the Law on the Protection of Minors, the Administrative Penalty Law, and other relevant legislation, and further strengthens the legal liability framework.



