It is reported that as of May 2023, at least 175 of the 1,000 most heavily visited websites and social media platforms in the world were blocked in China. Numerous international news outlets and their Chinese-language websites, including those of the New York Times, Reuters, the Wall Street Journal, the Australian Broadcasting Corporation, and the British Broadcasting Corporation, are inaccessible. Furthermore, most international social media and messaging platforms, such as Facebook, WhatsApp, Twitter, Instagram, Signal, Clubhouse, YouTube, Telegram, Snapchat, Line, and Pinterest, are also blocked. The popular discussion forum Reddit has been blocked since August 2018, and all Wikipedia languages have been inaccessible since April 2019. Additionally, several Google services, including Maps, Translate, Calendar, Docs, Drive, Scholar, and Analytics, remained blocked throughout 2023.

It is reported that blocks on global search engines severely limit the content available on the Chinese internet. Google’s search engine has been blocked since 2012, while the Yahoo search function was blocked in 2018.

It is reported that service providers are barred from setting up VPNs without government approval, and illegal VPN operations have increasingly been targeted for closure or blocking. VPN providers have observed that the technical sophistication of Chinese authorities has grown, reflected in the increasing frequency of VPN blocking incidents. In November 2021, the Cyberspace Administration of China released a draft regulation titled Network Data Security Management Regulations, which would punish individuals and institutions for helping users circumvent internet censorship. Targeting app stores and hosting sites, the regulations propose penalties of up to 500,000 yuan (approx.70,300 USD).

Art. 18 of the Counterterrorism Law requires Internet service providers and the telecommunication sector to “provide technical support and assistance, such as technical interface and decryption, to support the activities of the public security and state security authorities in preventing and investigating terrorist activities.”

The Provisions for the Supervision and Inspection of Network Security by Public Security Agencies authorise local law enforcement agencies to conduct remote or onsite inspections of the businesses under their supervision. Inspections must ensure compliance with general regulatory obligations on all businesses under the Cybersecurity Law or specific obligations applicable to internet service providers, including, but not limited to, the implementation of technical measures for network security and data protection that comply with national standards. During such an inspection, law enforcement agencies can physically enter business sites and machine rooms, review and copy relevant information and assess the operational conditions and effectiveness of the technical measures taken by the company to safeguard the security of networks and information.

According to Art. 14 of Decree No. 292, ISPs must provide user information to the authorities upon request, without judicial oversight.

A basic legal framework on intermediary liability for copyright infringement is absent in China's law and jurisprudence. A safe harbour defence for internet intermediaries providing hosting services is spelt out in the Guiding Framework on Protection of Copyright for Network Dissemination (Art. 14-17, 22). The hosting defence established in Art. 22, only applies to service providers who host third-party materials. However, Art. 36 of the Tort Law of the People's Republic of China states that a "network service provider" shall assume the tort liability if it infringes "upon the civil right or interest of another person."
Furthermore, the Tort Law allows victims of the tort to notify the network service provider to demand the deletion, blocking or disconnection of the cause of infringement. Failing to do so can lead to further liability for the network provider in the event of further harm to the user. Finally, liability can be further increased in the event that the network service provider knew of the infringement but did not take action.

Section 9.2.i of the 2020 Specification provides that where personal biometric information must not be shared or transferred unless actually essential for business needs, in which case the personal information subject must be separately informed of the purpose, types of biometrics involved, identification of the recipient and its data security capacity and the personal information subject consent must be explicitly obtained.

A basic legal framework on intermediary liability beyond copyright infringement is absent in China's law and jurisprudence. A safe harbour defence for internet intermediaries providing hosting services is spelt out in the Guiding Framework on Protection of Copyright for Network Dissemination (Art. 14-17, 22). The hosting defence established in Art. 22, only applies to service providers who host third-party materials. However, Art. 36 of the Tort Law of the People's Republic of China states that a "network service provider" shall assume the tort liability if it infringes "upon the civil right or interest of another person."
Furthermore, the Tort Law allows victims of the tort to notify the network service provider to demand the deletion, blocking or disconnection of the cause of infringement. Failing to do so can lead to further liability for the network provider in the event of further harm to the user. Finally, liability can be further increased in the event that the network service provider knew of the infringement but did not take action.

China has not joined any agreement with binding commitments on data flows.

According to the Administrative Provisions on Information Services of Mobile Internet Application Program, app providers must ensure that new app users register with their real names by verifying users’ mobile phone numbers and/or other identity information.

The Personal Information Protection Law (PIPL) is China's comprehensive data protection law and governs personal information processing activities carried out by entities or individuals within China. The PIPL introduces several important concepts, such as personal information, sensitive personal information, and processing.

The Regulation on Internet Information Services of the People's Republic of China requires that Internet Service Providers (ISPs) keep records of each service user’s time spent online, user account, IP address or domain name, phone number and other information for 60 days and provide that information to the authorised government authorities when required (Art. 14).
In addition, the Decision on Strengthening Network Information Protection requires ISPs to cooperate with the government and provide technical support upon inquiry from the authorised government authorities (Art. 10).

The Internet Surfing Service Business Venue Management Rules apply to commercial venues that provide Internet surfing services to the public through computers connected to the Internet. According to the Rules, Internet surfing service businesses are required to record the users' authentic ID information and relevant surfing information, record back-ups, preserve such information for 60 days and provide the same to relevant governmental departments who make inquiries according to the law.

The Provisions for the Administration of Internet Electronic Bulletin apply to electronic bulletin services, which refer to electronic bulletin boards, electronic whiteboards, electronic forums, internet chat rooms, message boards, and other forms of interactive behaviour characterised by the provision of information dissemination for online customers.
The electronic bulletin service provider must record all information content published in the electronic bulletin service system, including the internet access time, user account, Internet address or domain name, caller's phone number, and other information. Such records must be kept for 60 days and provided to the relevant state authority when inquiries are made according to the law.