Database

Browse Database

CHINA

Reported in 2020, last reported in 2025

Pillar Technical standards applied to ICT goods and online services  |  Indicator Open and transparent standard-setting process
Lack of foreign participation in standard-setting
It is reported that the Chinese Government is working to improve its standards system by incorporating both government guidance and market input, moving away from a solely government-led approach. Despite this progress, foreign participation in standards setting remains limited, and China often pursues unique national standards for strategic reasons. The revised standardisation Law, effective since January 2018, includes measures recognising the value of international standards and the participation of foreign-invested enterprises. However, foreign stakeholders are concerned that these measures still prioritise Chinese standards over international ones and do not ensure equal participation for foreign companies. Reports indicate that foreign companies often face restrictions in participating in China's domestic standards-setting processes, and even when participation is allowed, it is usually under less favourable terms than for domestic competitors.
Coverage Horizontal

CHINA

Since January 1996
Since June 2001
Since August 2003

Pillar Technical standards applied to ICT goods and online services  |  Indicator Self-certification for product safety
State Radio Regulation of China (SRRC) (无线电设备型号核)

Network Access License (NAL) (进网许可证)

China Compulsory Certification (CCC) Requirement (中国强制认证(CCC)要求)
China’s current certification requirements for telecommunications equipment are reported to conflict with its WTO obligations of limiting imported products to no more than one conformity assessment scheme and requiring the same mark for all products (Article 13.4.a of China’s WTO Accession).
China has three different licensing regimes: the State Radio Regulation of China (SRRC), the Network Access License (NAL) and the China Compulsory Certification (CCC). The CCC is required for a list of products that includes many types of IT products, such as video and audio equipment. The NAL is required for all telecommunications equipment in China. The NAL license requires extensive testing and support and may include network trials and review of the product by a local panel of experts, in addition to labouratory testing against China's national standards. Radio communication equipment intended to be marketed in China requires radio-type approval granted by the Ministry of Industry and Information Technology of the People’s Republic of China (MIIT)’s ‘State Radio Regulation Committee (SRRC). Specified equipment samples are tested in designated labouratories according to local Chinese standards.
Therefore, for a given piece of equipment, it can cost between USD 30,000-35,000 to test for all three licenses (SRRC, NAL, and CCC). The CCC mark is used for both Chinese and foreign products. Moreover, all testing for the CCC mark must be conducted in China, and US exporters are often required to submit their products to Chinese labouratories for additional tests.
The CCC certificate and permission to print the CCC mark must be renewed annually as part of a follow-up certification. Part of the follow-up certification is also a one-day factory audit.
China is also reported as having limitations on foreign -invested conformity assessment bodies in the country.
Coverage Electrical and ICT goods
Sources

CHINA

Since June 2007
Since December 2019
Since December 2019
Since December 2019

Pillar Technical standards applied to ICT goods and online services  |  Indicator Self-certification for product safety
Administrative Measures for the Multi-level Protection of Information Security

Information Security Technology - Baseline for Cybersecurity Classification Protection (GB/T 22239-2019)

Information Security Technology - Technical Requirements of Security Design for Cybersecurity Classification Protection (GB/T 25070-2019)

Information Security Technology - Evaluation Requirements for Cybersecurity Classification Protection (GB/T 28448-2019).
The Administrative Measures for the Multi-level Protection of Information Security (MLPS) require all IT systems in China to be classified into different levels of security, from one to five (with the most sensitive systems designated as level 5). In 2019, the MLPS 2.0 (composed by GB/T 22239-2019, GB/T 25070-2019, and GB/T 28448-2019) has expanded the definition of 'information systems' to broader systems, including network infrastructure, cloud computing systems, mobile application platforms, connected devices and industrial control systems.
The MLPS 2.0 requires networks of level 3 and above to adopt network products and services appropriate to their security protection levels. Under the MLPS 2.0, companies must self-assess their security management and compliance, and such assessment results must be evaluated and endorsed by the MLPS regulatory body.
The MLPS 2.0 requires companies in China to set up their cloud infrastructure, including servers, virtualised networks, software, and information systems. Such cloud infrastructures are subject to testing and evaluation by the Chinese government. Overseas operation and maintenance of Chinese cloud computing platforms must also follow Chinese laws and regulations. The national standards also state that customers' data and users' personal information processed by cloud service providers should be stored inside China, which is an additional requirement. It is currently uncertain how these national standards would be enforced, and there have not yet been reports of enforcement.
Coverage Information systems including network infrastructure, cloud computing systems, mobile application platforms, connected devices and industrial control systems
Sources

CHINA

Since July 2015

Pillar Technical standards applied to ICT goods and online services  |  Indicator Product screening and additional testing requirements
National Security Law of the People's Republic of China (中华人民国国家安全法)
The National Security Law foresees the rollout of a “secure and controllable” internet infrastructure. Under the National Security Law, the State can establish national security review and oversight management systems and mechanisms, conduct a national security review of foreign commercial investment, special items and technologies, internet information technology produces and services, projects involving national security matters, as well as other major matters and activities, that impact or might impact national security.
Coverage Horizontal

CHINA

Since October 2019, entry into force in January 2020

Pillar Technical standards applied to ICT goods and online services  |  Indicator Restrictions on encryption standards
Cryptography Law of the People’s Republic of China (中华人民共和国密码法)
Art. 26 of the Cryptography Law stipulates that commercial cryptography products relating to national security, the national economy and the people’s livelihood, or the public interest, may be sold or otherwise made available for use only after passing testing and certification conducted by duly qualified bodies. Art. 27 further requires that, where operators of critical information infrastructure procure network products or services incorporating commercial cryptography that may affect national security, such products or services must undergo a national security review conducted jointly by the national cyberspace administration, the national cryptography administration, and other relevant authorities. Art. 28 provides that the department responsible for commerce under the State Council, together with the national cryptography administration, shall impose import licensing requirements, in accordance with the law, on commercial cryptography possessing encryption functions and bearing upon national security or the public interest; however, such licensing is not to apply to commercial cryptography used in mass‑consumption products. The legislation does not, however, clarify what constitutes commercial cryptography used in mass‑consumption products, thereby generating uncertainty as to how this significant exemption will operate in practice.
More generally, it is reported that there are onerous requirements on the use of encryption, including intrusive approval processes and, in many cases, mandatory use of indigenous encryption algorithms (e.g., for Wi-Fi and 4G cellular products).
Coverage Horizontal

CHINA

Since April 2009, entry into force in October 2009

Pillar Online sales and transactions  |  Indicator Licensing scheme for e-commerce providers
Postal Law of the People's Republic of China (中华人民共和国邮政法)
According to Art. 51 of the Postal Law of the People's Republic of China, a specific license is needed for express delivery business. It is reported that the administrative licensing for express delivery services is non-transparent and burdensome, preventing competition. It is reported that as companies are required to apply to each city where there is a postal administration department, they need to go through at least 350 review and approval processes if they want to operate at the national level.
Coverage Express delivery services

CHINA

Since September 2000, last amended in February 2016
Since 2000, last amended in 2015

Pillar Content access  |  Indicator Licensing schemes for digital services and applications
Telecommunications Regulations of the People’s Republic of China (中华人民共和国电信条例)

Classification Catalogue of Telecommunications Services (电信业务分类目录)
Under Art. 7 of the Telecommunications Regulations, the State is required to operate a licensing regime for telecommunications enterprises in accordance with the established classification of such businesses. Pursuant to the Classification Catalogue of Telecommunications Services, this framework encompasses Internet data centre services. The corresponding licence is necessary for the provision of various services, including, among others, cloud services.
It is reported that China imposes stringent restrictions on foreign enterprises seeking to participate in the development of cloud computing services, including computer data processing and storage services and software application services provided over the Internet, and that foreign‑invested companies established in China are not permitted to supply these services directly. As cross‑border provision is difficult due to restrictive Chinese regulatory policies, the only practical means for a foreign company to access the Chinese market is to enter into a contractual partnership with a domestic firm that holds the required Internet data centre licence, a model that typically requires the foreign company to transfer valuable technology, intellectual property, know‑how, and branding to its Chinese partner. Although the foreign service provider may receive a licensing fee from such an arrangement, it gains no direct relationship with customers in China and has no independent ability to develop its business, effectively ceding control of its operations to a Chinese firm. It is also reported that in October 2024, the Ministry of Industry and Information Technology launched a pilot programme in four free‑trade zones, including in Beijing and Shanghai, permitting foreign companies to wholly own and operate Internet data centres.
Coverage Internet data center services, including cloud services

CHINA

Since September 2000, last amended in February 2016
Since March 2016
Since September 2017

Pillar Content access  |  Indicator Licensing schemes for digital services and applications
Telecommunications Regulations of the People’s Republic of China (中华人民共和国电信条例)

Classified Catalogue of Telecommunications Services (电信服务分类目录)

Administrative Measures for the Licensing of Telecommunication Business (电信业务经营许可管理办法)
China requires a supplier to have a basic telecommunications service license to provide VoIP service.
Coverage VoIP services

CHINA

Since July 2016, entry into force in November 2016, last amended in November 2022

Pillar Content access  |  Indicator Licensing schemes for digital services and applications
Interim Measures for the Administration of Online Taxi Booking Business Operations and Services (网络预约出租汽车经营服务管理暂行办法)
China instituted a licensing system for online taxi companies, which requires that personal information and business data be stored and used in mainland China and not transferred outside of China. Such information should be retained for two years, except when otherwise required by other laws and regulations. The Measurement also requires that taxi companies' servers be set up in Mainland China, with a network security management system and technical measures for security protection in compliance with regulations.
Coverage Online taxi sector

CHINA

Since August 2017

Pillar Intermediary liability  |  Indicator User identity requirement
Administrative Measures on Internet Forum Community Service (互联网论坛社区服务管理规定)
According to the Administrative Measures on Internet Forum Community Service, providers of Internet forum community services are required to obtain and verify the identity information of users and enter into service agreements with them.
Coverage Internet forum community services

CHINA

Since December 2015, entry into force in January 2016, last amended in April 2018

Pillar Intermediary liability  |  Indicator Monitoring requirement
Counterterrorism Law of the People's Republic of China (中华人民共和国反恐怖主义法)
According to Art. 19 of the Counter-Terrorism Law issued in 2016, telecom operators and Internet service providers shall establish content monitoring and network security programs. Likewise, companies are required to adopt precautionary security measures to prevent the dissemination of information on extremism, report terrorism information to the authorities in a timely manner, keep original records, and promptly delete such messages to prevent further circulation. The law introduces both pecuniary fines and detentions up to 15 days for telecommunications operators and ISPs personnel who fail to “stop transmission” of terrorist or extremist content, “shut down related services,” or implement “network security” measures to prevent the transmission of such content.
Coverage Telecommunications sector and Internet Service Providers (ISPs)

CHINA

Since June 2016, entry into force in August 2016

Pillar Intermediary liability  |  Indicator Monitoring requirement
Administrative Provisions on Information Services of Mobile Internet Application Programs (移动互联网应用程序的信息服务管理规定)
According to Art. 7 of the Administrative Provisions on Information Services of Mobile Internet Application Programs, app providers are required to monitor online content and report violations to government authorities. App providers and app stores must not use apps to endanger national security, disrupt the public order, or produce, reproduce, publish, or disseminate content banned by laws and regulations, according to the Provisions. In addition, app providers must monitor banned content and take action against users that publish banned content by issuing warnings, restricting functions, stopping updates, or terminating accounts. They must also keep a record of the violations and report the matters to relevant government authorities. In addition, according to Art. 8, app stores are required to verify the legitimacy of app providers and ensure app providers protect user information and publish lawful content. App stores are required to take action against offending app providers by issuing warnings, suspending their publications, or removing the aberrant apps from the stores. App stores are also required to keep records of the violations and report them to the relevant government authorities.
Coverage Internet app providers and mobile Internet app stores

CHINA

Since December 2019, entry into force in March 2020

Pillar Intermediary liability  |  Indicator Monitoring requirement
Provisions on the Governance of the Online Information Content Ecosystem (网络信息内容生态治理规定)
Under Chapter III of the Provisions on the Governance of the Online Information Content Ecosystem, content service platforms are obligated to establish and implement a governance framework aimed at fostering a "network information content ecology" in accordance with the Provisions. The platforms are also encouraged to promote permissible information and prohibit forbidden content, while being required to prevent the dissemination of information deemed necessary to suppress. Art. 34 further mandates that platforms adopt appropriate measures against individuals or entities responsible for producing, copying, or disseminating prohibited information. These measures may include issuing warnings, requiring corrections or other forms of rectification, imposing functional restrictions, suspending updates, and closing accounts, in accordance with relevant laws and contractual obligations. Additionally, under Art. 10, platforms are required to promptly remove illegal content, maintain records of such activities, and report these matters to the relevant authorities. Furthermore, Arts. 13, 14 and 15 stipulate that platforms must, among other obligations, develop and provide online products and services suitable for minors, enhance the monitoring and regulation of displayed advertisements, and establish a credit management system for user accounts, along with providing corresponding services as necessary.
Art. 41 of the Provisions specifies that the content service platforms mentioned in these Provisions refer to network information service providers that offer services for the dissemination of network information content.
Coverage Network information content service platforms

CHINA

Since August 2017
Since August 2017

Pillar Intermediary liability  |  Indicator Monitoring requirement
Administrative Measures on Internet Forum Community Service (互联网论坛社区服务管理规定)

Administrative Measures on Internet Comment (关于互联网评论的行政措施)
According to the Administrative Measures on Internet Forum Community Service and the Administrative Measures on Internet Comment, providers of Internet forum community services and providers of comment functions (together known as 'Speech Function Providers') are required to monitor the posts and comments, take action and report to the Cyberspace Administration of China if prohibited information has been published or discovered. In such situations, Speech Function Providers are required to cease transmission of the content, delete content or comments, restrict the comment function, close user accounts or sub-forums and revoke administrator powers (in the case of a forum). For news-related comment functions, the comments must be censored before being published. Speech Function Providers are also required to set up a complaints procedure in relation to posts and comments.
Coverage Internet Forum Community Services and Providers of Comment Functions

Report issue     Report new measure