China's first comprehensive legislation regulating e-commerce came into effect in January 2019. According to Art. 9, the law applies to all "e-commerce operators," including all individuals and legal entities selling goods and/or providing services on the Internet or other information networks. This includes operators of e-commerce platforms, sellers of goods and services on the e-commerce platforms of others, and those who operate their own websites or through other network services. The law is reported to extend to non-traditional shopping channels, including social media and messaging services, such as WeChat, and streaming sites, such as Douyin. According to Arts. 10-14, all e-commerce operators are obliged to obtain business licenses, register with the tax authorities, and ensure that information on their business and administrative licenses related to their business services is displayed online in a readable form at all times.

In 2012, a WTO dispute was initiated concerning China's rules governing access to its domestic electronic payments market, which were deemed to unfairly disadvantage foreign credit and debit card issuers. While China stated that it would evaluate the ruling, it has been slow to revise its market-access regulations. Currently, China UnionPay Co. holds a near monopoly on processing yuan-denominated payments, bolstered by its close ties with the Central Bank, which has acted against emerging competitors in a manner that appears to favour UnionPay.
In 2020, Mastercard received approval from the People's Bank of China (PBOC) to begin preparations for establishing a bank card clearing institution in the country, including a joint venture with NetsUnion Clearing Corp., an online payment clearing house with PBOC stakeholders. Similarly, American Express secured preliminary approval in 2018 to undertake clearing services for credit card payments in China, with its application to process domestic payments through a joint venture with LianLian Group accepted in January 2020.
These approvals were part of the US-China phase one trade deal initiated in January 2020, which required Beijing to process applications from payment firms in a timely manner. Specifically, applications to become bank card clearing houses had to be accepted within five business days, with a response required within 90 days. However, this deal expired in December 2021, leaving the future of foreign payment processors in China uncertain.
Despite this situation, in July 2023, Alipay, China’s largest payment app operated by Ant Group, announced that foreign users can now link cards issued by Visa, Mastercard, Diners Club, and Discover to their digital wallets.

According to Art. 45 of the Regulations of the People's Republic of China on Import and Export Duties (中华人民共和国进出口关税条例), goods within a single consignment, for which the estimated duties do not exceed 50 Yuan (approx. USD 7.5) shall be exempt from duties. In addition, it is reported that China Customs also applies a dedicated e-commerce clearance channel with a goods value de minimis of 5,000 RMB (approx. 700 USD), subject to meeting certain conditions, such as prior carrier and platform registration. Use of this channel is limited to an annual cap of RMB 26,000 (approx. USD 3,600).

According to Art. 53 of the Personal Information Protection Law, personal information processors outside the territory of the People's Republic of China, as specified in Art. 3, shall set up specialised agencies or designate representatives within the territory of the People's Republic of China to be responsible for handling personal information protection related matters, and shall submit the names, contact information, and other information of the agencies and representatives to the departments with personal information protection duties.

According to Art. 5 of the Internet News Information Service Management Regulations, Internet news providers are required to obtain a permit to provide Internet news information services to the social public through Internet websites, application software, forums, blogs, microblogs, public accounts, instant messaging tools, online live streaming, and other such methods. Pursuant to Art. 6 of the regulations, the applicant’s person-in-charge or chief editor must be a Chinese citizen. In addition, the applicant must separately obtain an Internet Information Service license or file procedures with the telecommunications authorities in accordance with the law. In addition, according to Art. 6, to apply for an Internet news information service license, one must have places, facilities, and funds suitable for the service. The Regulations on Administrative Enforcement Procedures for Internet Information Content set out the procedural and administrative processes for the Cyberspace Administration of China to enforce the laws and regulations relating to Internet content.
These provisions broadened the definition of “internet news information services” to “services of collecting, editing, and releasing internet news information; reposting such news information; and providing a platform to spread such news information.” They also broaden the definition of “news information” to include relevant reports and commentaries on politics, the economy, military affairs, foreign affairs, and other public affairs, as well as relevant reports and commentaries on social emergencies.

The Chinese consumer protection framework is set out in the Law of the People's Republic of China on Protection of Consumer Rights and Interests. The law applies to all consumers purchasing and using commodities or receiving services for daily consumption and to business operators in their supply of commodities produced and sold by them or services provided to consumers.

China has signed but not ratified the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

China has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

It is reported that the Chinese Government is working to improve its standards system by incorporating both government guidance and market input, moving away from a solely government-led approach. Despite this progress, foreign participation in standards setting remains limited, and China often pursues unique national standards for strategic reasons. The revised standardisation Law, effective since January 2018, includes measures recognising the value of international standards and the participation of foreign-invested enterprises. However, foreign stakeholders are concerned that these measures still prioritise Chinese standards over international ones and do not ensure equal participation for foreign companies. Reports indicate that foreign companies often face restrictions in participating in China's domestic standards-setting processes, and even when participation is allowed, it is usually under less favourable terms than for domestic competitors.

China’s current certification requirements for telecommunications equipment are reported to conflict with its WTO obligations of limiting imported products to no more than one conformity assessment scheme and requiring the same mark for all products (Article 13.4.a of China’s WTO Accession).
China has three different licensing regimes: the State Radio Regulation of China (SRRC), the Network Access License (NAL) and the China Compulsory Certification (CCC). The CCC is required for a list of products that includes many types of IT products, such as video and audio equipment. The NAL is required for all telecommunications equipment in China. The NAL license requires extensive testing and support and may include network trials and review of the product by a local panel of experts, in addition to labouratory testing against China's national standards. Radio communication equipment intended to be marketed in China requires radio-type approval granted by the Ministry of Industry and Information Technology of the People’s Republic of China (MIIT)’s ‘State Radio Regulation Committee (SRRC). Specified equipment samples are tested in designated labouratories according to local Chinese standards.
Therefore, for a given piece of equipment, it can cost between USD 30,000-35,000 to test for all three licenses (SRRC, NAL, and CCC). The CCC mark is used for both Chinese and foreign products. Moreover, all testing for the CCC mark must be conducted in China, and US exporters are often required to submit their products to Chinese labouratories for additional tests.
The CCC certificate and permission to print the CCC mark must be renewed annually as part of a follow-up certification. Part of the follow-up certification is also a one-day factory audit.
China is also reported as having limitations on foreign -invested conformity assessment bodies in the country.

The Administrative Measures for the Multi-level Protection of Information Security (MLPS) require all IT systems in China to be classified into different levels of security, from one to five (with the most sensitive systems designated as level 5). In 2019, the MLPS 2.0 (composed by GB/T 22239-2019, GB/T 25070-2019, and GB/T 28448-2019) has expanded the definition of 'information systems' to broader systems, including network infrastructure, cloud computing systems, mobile application platforms, connected devices and industrial control systems.
The MLPS 2.0 requires networks of level 3 and above to adopt network products and services appropriate to their security protection levels. Companies classified as level 2 and above require the procurement and use of encryption products and services to be preapproved by the Chinese government. Under the MLPS 2.0, companies must self-assess their security management and compliance, and such assessment results must be evaluated and endorsed by the MLPS regulatory body.
The MLPS 2.0 requires companies in China to set up their cloud infrastructure, including servers, virtualised networks, software, and information systems. Such cloud infrastructures are subject to testing and evaluation by the Chinese government. Overseas operation and maintenance of Chinese cloud computing platforms must also follow Chinese laws and regulations. The national standards also state that customers' data and users' personal information processed by cloud service providers should be stored inside China, which is an additional requirement. It is currently uncertain how these national standards would be enforced, and there have not yet been reports of enforcement.

The National Security Law foresees the rollout of a “secure and controllable” internet infrastructure. Under the National Security Law, the State can establish national security review and oversight management systems and mechanisms, conduct a national security review of foreign commercial investment, special items and technologies, internet information technology produces and services, projects involving national security matters, as well as other major matters and activities, that impact or might impact national security.

Imported and exported encryption products must be certified by the Office of State Commercial Cryptography Administration (OSCCA). The use of encryption products without OSCCA certification is prohibited, regardless of the public, commercial or individual nature of use. However, it is reported that, in practice, only Chinese or Chinese-owned companies are eligible for OSCCA certification to sell, produce and carry out R&D for encryption technology in China, as well as to gain product licensing. Foreign or foreign-owned companies, even if based in China, are excluded. In 2007, OSCCA started to consider products such as Trusted Platform Module (used in computers) or smartcards (used in banking, insurance, health, transport, etc.) as core encryption products. As a result, such products could no longer be produced or sold by foreign or foreign-invested companies.
Under the Cryptography Law, the import and export of commercial encryption products, technologies and services remain subject to government approval. Commercial encryption products that may affect national security and public interest and have encryption-based protective functions can only be imported under a permit. The Ministry of Commerce, together with the OSCCA and the General Administration of Customs, will issue catalogues of commercial encryption products that are subject to the above import permit and export controls. The requirements above will not apply to commercial encryption used in "products for consumption by the general population". However, the cryptography law does not define the term, leaving it unclear how this will be implemented in practice.
The Cryptography Law has removed the requirement for mandatory certification and has instead established a voluntary certification scheme, which encourages manufacturers to apply to qualified agencies for the testing and certification of their commercial encryption products. The products in the Product Catalogue will no longer be subject to mandatory approval requirements before they are launched. The product catalogue includes smart password keys, smart IC cards, ATM application systems, security authentication, and financial data encryption machines, among others.

It is reported that a locally developed encryption standard (WAPI) is required to be used in all wireless equipment despite the existing international standard IEEE 802.11i.

China's telecom laws require all foreign firms that provide data centres or cloud computing services to enter into a joint venture with a Chinese firm and obtain an Internet data centre license.