Imported and exported encryption products must be certified by the Office of State Commercial Cryptography Administration (OSCCA). The use of encryption products without OSCCA certification is prohibited, regardless of the public, commercial or individual nature of use. However, it is reported that, in practice, only Chinese or Chinese-owned companies are eligible for OSCCA certification to sell, produce and carry out R&D for encryption technology in China, as well as to gain product licensing. Foreign or foreign-owned companies, even if based in China, are excluded. In 2007, OSCCA started to consider products such as Trusted Platform Module (used in computers) or smartcards (used in banking, insurance, health, transport, etc.) as core encryption products. As a result, such products could no longer be produced or sold by foreign or foreign-invested companies.
Under the Cryptography Law, the import and export of commercial encryption products, technologies and services remain subject to government approval. Commercial encryption products that may affect national security and public interest and have encryption-based protective functions can only be imported under a permit. The Ministry of Commerce, together with the OSCCA and the General Administration of Customs, will issue catalogues of commercial encryption products that are subject to the above import permit and export controls. The requirements above will not apply to commercial encryption used in "products for consumption by the general population". However, the cryptography law does not define the term, leaving it unclear how this will be implemented in practice.
The Cryptography Law has removed the requirement for mandatory certification and has instead established a voluntary certification scheme, which encourages manufacturers to apply to qualified agencies for the testing and certification of their commercial encryption products. The products in the Product Catalogue will no longer be subject to mandatory approval requirements before they are launched. The product catalogue includes smart password keys, smart IC cards, ATM application systems, security authentication, and financial data encryption machines, among others.

It is reported that a locally developed encryption standard (WAPI) is required to be used in all wireless equipment despite the existing international standard IEEE 802.11i.

Without a sales certificate provided by China’s National Commission on Encryption Code Regulations (NCECR), it is illegal to sell products using Commercial Encryption Codes (CEC). It is also prohibited to use CEC products not certified by the NCECR. The public promotion and/or exhibition of CEC products must be reported to and approved by the NCECR in advance.
To obtain the certificate, the company must fulfil three requirements:
- They must be staffed with personnel who are knowledgeable in CEC product information and capable of providing post‑sales services;
- They must be able to provide full sales services and be equipped with safety regulations;
- They must also have the rights of an independent juridical unit.

China requires a supplier to have a basic telecommunications service license to provide VoIP service.

According to Art. 19 of the Counter-Terrorism Law issued in 2016, telecom operators and Internet service providers shall establish content monitoring and network security programs. Likewise, companies are required to adopt precautionary security measures to prevent the dissemination of information on extremism, report terrorism information to the authorities in a timely manner, keep original records, and promptly delete such messages to prevent further circulation. The law introduces both pecuniary fines and detentions up to 15 days for telecommunications operators and ISPs personnel who fail to “stop transmission” of terrorist or extremist content, “shut down related services,” or implement “network security” measures to prevent the transmission of such content.

According to Art. 7 of the Administrative Provisions on Information Services of Mobile Internet Application Programs, app providers are required to monitor online content and report violations to government authorities. App providers and app stores must not use apps to endanger national security, disrupt the public order, or produce, reproduce, publish, or disseminate content banned by laws and regulations, according to the Provisions. In addition, app providers must monitor banned content and take action against users that publish banned content by issuing warnings, restricting functions, stopping updates, or terminating accounts. They must also keep a record of the violations and report the matters to relevant government authorities. In addition, according to Art. 8, app stores are required to verify the legitimacy of app providers and ensure app providers protect user information and publish lawful content. App stores are required to take action against offending app providers by issuing warnings, suspending their publications, or removing the aberrant apps from the stores. App stores are also required to keep records of the violations and report them to the relevant government authorities.

Under Chapter III of the Provisions on the Governance of the Online Information Content Ecosystem, content service platforms are obligated to establish and implement a governance framework aimed at fostering a "network information content ecology" in accordance with the Provisions. The platforms are also encouraged to promote permissible information and prohibit forbidden content, while being required to prevent the dissemination of information deemed necessary to suppress. Art. 34 further mandates that platforms adopt appropriate measures against individuals or entities responsible for producing, copying, or disseminating prohibited information. These measures may include issuing warnings, requiring corrections or other forms of rectification, imposing functional restrictions, suspending updates, and closing accounts, in accordance with relevant laws and contractual obligations. Additionally, under Art. 10, platforms are required to promptly remove illegal content, maintain records of such activities, and report these matters to the relevant authorities. Furthermore, Arts. 13, 14 and 15 stipulate that platforms must, among other obligations, develop and provide online products and services suitable for minors, enhance the monitoring and regulation of displayed advertisements, and establish a credit management system for user accounts, along with providing corresponding services as necessary.
Art. 41 of the Provisions specifies that the content service platforms mentioned in these Provisions refer to network information service providers that offer services for the dissemination of network information content.

According to the Administrative Measures on Internet Forum Community Service and the Administrative Measures on Internet Comment, providers of Internet forum community services and providers of comment functions (together known as 'Speech Function Providers') are required to monitor the posts and comments, take action and report to the Cyberspace Administration of China if prohibited information has been published or discovered. In such situations, Speech Function Providers are required to cease transmission of the content, delete content or comments, restrict the comment function, close user accounts or sub-forums and revoke administrator powers (in the case of a forum). For news-related comment functions, the comments must be censored before being published. Speech Function Providers are also required to set up a complaints procedure in relation to posts and comments.

It is reported that as of May 2023, at least 175 of the 1,000 most heavily visited websites and social media platforms in the world were blocked in China. Numerous international news outlets and their Chinese-language websites, including those of the New York Times, Reuters, the Wall Street Journal, the Australian Broadcasting Corporation, and the British Broadcasting Corporation, are inaccessible. Furthermore, most international social media and messaging platforms, such as Facebook, WhatsApp, Twitter, Instagram, Signal, Clubhouse, YouTube, Telegram, Snapchat, Line, and Pinterest, are also blocked. The popular discussion forum Reddit has been blocked since August 2018, and all Wikipedia languages have been inaccessible since April 2019. Additionally, several Google services, including Maps, Translate, Calendar, Docs, Drive, Scholar, and Analytics, remained blocked throughout 2023.

It is reported that blocks on global search engines severely limit the content available on the Chinese internet. Google’s search engine has been blocked since 2012, while the Yahoo search function was blocked in 2018.

It is reported that service providers are barred from setting up VPNs without government approval, and illegal VPN operations have increasingly been targeted for closure or blocking. VPN providers have observed that the technical sophistication of Chinese authorities has grown, reflected in the increasing frequency of VPN blocking incidents. In November 2021, the Cyberspace Administration of China released a draft regulation titled Network Data Security Management Regulations, which would punish individuals and institutions for helping users circumvent internet censorship. Targeting app stores and hosting sites, the regulations propose penalties of up to 500,000 yuan (approx.70,300 USD).

The indicator "6.2.4 - Government Internet shut down in practice" of the V-Dem Dataset, which measures whether the government has the technical capacity to actively make internet service cease, thus interrupting domestic access to the internet or whether the government has decided to do so, has a score of 3 in China for the year 2023. This corresponds to "Rarely but there have been a few occasions throughout the year when the government shut down domestic access to Internet."

According to Art. 10 of the Administrative Regulations for Online Publishing Services, Chinese-foreign equity joint ventures, Chinese-foreign cooperative ventures, and foreign-funded entities are prohibited from engaging in online publishing services. Moreover, according to Art. 8, any publisher of online content, including texts, pictures, maps, games, animations, audio, and videos, must store its necessary technical equipment, related servers, and storage devices in China. Furthermore, any online publication service unit needs to get prior approval from the State Administration of Radio, Film, and Television (SARFT) if they want to cooperate on a project with any foreign company, joint venture, or individual.

According to Art. 7 of the Telecom Regulations, a telecom operator must obtain a proper license for its telecom business. In accordance with Art. 8, telecom business is divided into basic telecom business and value-added telecom business. The Classification Catalogue of Telecom Business, attached to these Regulations, further divides basic telecom business and VAT business into different sub-categories, each requiring a corresponding license. One of the essential sub-categories of VAT business is called “Information Service”. The information service provided through the Internet is called “Internet Information Service”, which is usually referred to as Internet Content Provision (ICP) service. This is a very broad category and covers a wide range of online services, such as instant messaging, app stores, search engines, online communities, and online anti-virus services, among others. An ICP license is required for the ICP service. All websites with their own domain name that are hosted on the Chinese mainland territory are required to obtain an ICP license. Websites that are hosted outside of the Chinese mainland territory do not need to obtain it.
ICP filing is regulated by local regulations in each province. In general, requirements are similar in every province; for example, the core requirement fixed by Beijing municipality is that the website abides by the content laws in China and "should not contain materials related to terrorism, explosives, drugs, jurisprudence, gambling, and other illegal acts”. In addition, the following requirements and documents shall be prepared and provided:
- The domain name must be registered with a China-based domain name provider.
- The ICP Filing subject must be the domain name owner.
- For personal, a scanned copy or photo of the front and back of the ID card is required.
- For the company, a scanned copy or photo of the company’s registration certificate and scanned copies or photos of the front and back of the ID cards of the persons in charge of ICP Filing and the website.
- Other documents required by the local communications administration, such as a domain name certificate.
Websites are shut down, and companies can be blacklisted by the Chinese Ministry of Industry and Information Technology if they do not comply with the ministry's requirements.

According to Art. 5 of the Provisions on the Administration of Internet News Information Services, Internet news providers are required to obtain a permit to provide Internet news information services to the social public through Internet websites, application software, forums, blogs, microblogs, public account, instant messaging tools, online live streaming and other such methods. In addition, pursuant to Art. 6 of the Provisions, the applicant’s person-in-charge or chief editor must be a Chinese citizen, and the applicant shall have a legal person legally established within the territory of the People's Republic of China. Furthermore, the applicant must separately obtain an Internet Content Provider (ICP) license or an ICP filing from telecom industry regulators. According to Art. 16 of the law, without an ICP number, a website can be shut down by the hosting provider with no notice.
Furthermore, all privately operated news services are obligated to have their operations overseen by personnel endorsed by the ruling party. Editorial staff working on these platforms need approval from national or local government internet and information offices, and their employees are required to undergo training and obtain reporting credentials from the central government. The Provisions on Administrative Law Enforcement Procedures for Internet Information Content Management set out the procedural and administrative processes for the Cyberspace Administration of China to enforce the laws and regulations relating to Internet content.