![]() |
| Pix credit here (Rene Magritte) |
On July 3, 2026, the Cyberspace Administration of China (CAC) released for comment a new draft of a substantial revision of its "Administrative Measures for Internet Information Services Law" [《互联网信息服务管理办法》]. Geopolitechs has provided a quite useful English language summary and analysis of its provisions, including an English language translation of the provision. That summary and analysis may be accessed from their website HERE.
I add only the following comments.
![]() |
| developed in conversation with Google Gemini |
As one considers this addition to the constellation of Chinese AI regulatory production (itself an element and a factor in the ability of China to appropriately develop its productive forces in ways that align with its current understanding the of historically appropriate general contradiction within the guardrails of the 3rd and 4th Plenum focus on the trajectories of development and its character). Within these overarching constraint structures, China’s regulatory architecture operates on two distinct regulatory axes. The first is the Ideological/Value Axis: Driven by the Cyberspace Administration of China (CAC) and Party leadership, this track ensures that generative outputs, algorithmic recommendations, and multi-channel distribution adhere tightly to mainstream socialist values. This is executed through binding mechanisms such as algorithmic filing, security assessments for systems with public mobilization capabilities, and strict generation/synthesis watermarking. The second is the Technical/Industrial Axis: Coordinated via ministries like MIIT and the Ministry of Science and Technology, this track focuses on infrastructure, compute allocation, standardizing large model toolchains, and data security classification (e.g., the recent Network Data Security Risk Assessment Measures).
Here is my own summary of the Law--the complexity of which, along with its layering in and ar0und the growing stable of related or applicable law, regulation, and instruction on administrative application begin to reveal a regulatory foundation which, eventually (and like their European counterparts through the elaboration of their culturally necessary performance of regulatory supervision) can be understood, synthesized, aligned and eventually driven by and through the computational capabilities of a machine systems. The result, as in Europe is the continued evolution of textually based simulacra, or instruction manual, from which simulation or virtualized instruction set for an idealized and deeply programmed performative rationality human collectives, their interactions and the role of individuals within it may be programmed. Indeed, what these measures suggest is merely another layer of the larger project of textually programming human behaviors by developing not law but a set of computational parameters that can be encoded onto the human (collective) body and the performance of humans within it. Perhaps it cannot be helped; and perhaps it is a vision of the what lies ahead as humans march toward the detachment of their idealized reality from the human condition, and thus detached of enhancing the role of vanguard human elements as the priest/experts/technician types of a scientifically ordered world the genius of which is now safeguarded in and as the idealized simulacra of the world which will represent the physical simulation of the the simulacra of perfection.
Overview and Administrative Framework
The document consists of two main parts: an official notice issued by the Cyberspace Administration of China (简称“国家网信办”) dated July 3, 2026, announcing a public comment period ending August 2, 2026; the full text of the revised draft regulation (comprising 6 chapters and 94 articles); and an accompanying explanatory note detailing the rationale behind the revisions.
Chapter 1: General Provisions (Articles 1–7)
The first chapter establishes the statutory basis, scope, and foundational principles of the Measures.
Statutory Basis and Scope (Articles 1–2): The regulation is formulated pursuant to upper-level laws including the Cybersecurity Law of the PRC. It applies strictly to any internet information services conducted within the territory of the PRC, as well as the supervision and management of those services.
Core Principles (Article 3): Service providers and regulators must adhere to the leadership of the Communist Party of China, use Socialist Core Values as guidance, and follow the principles of human-centric design, classified management, collaborative progression, and innovative development. The explicit goal is to create a positive, healthy, and "clear" cyberspace.
Regulatory Matrix (Article 4): The draft codifies a multi-agency horizontal division of regulatory authority:
National Cyberspace Administration (网信部门): Responsible for overarching coordination of national cybersecurity and the direct supervision, management, and enforcement of internet information content.
State Council Telecommunications Department (电信主管部门/MIIT): Responsible for industry management, market access, market order, network resources, and network infrastructure security.
State Council Public Security Department (公安部门): Responsible for physical network security protection, maintaining public order in cyberspace, and punishing cybercrimes.
State Security Agencies (国家安全机关): Responsible for combating internet activities that endanger national security.
Other Departments: Exercise supervision within their respective portfolios, while local authorities' duties are determined by state regulations.
State Encouragement and Obligations (Articles 5–7): The state protects citizens' and organizations' rights to use internet services, encourages foundational research, and prioritizes IPv6 adoption. Providers must fulfill cybersecurity obligations, observe commercial and social ethics, and accept public supervision. Industry organizations are encouraged to establish self-regulatory codes. Article 7 mandates state monitoring and mitigation of domestic and overseas threats to national security, public interests, or citizen rights.
Market Access and Operational Establishment
Chapter 2: Establishment (Articles 8–13)
This chapter regulates the entry barriers, licensing tracks, and personnel requirements for operating an internet information service.
The Approval Mandate (Articles 8–9): No entity may engage in internet information services without prior approval from the telecom department. If the service constitutes a commercial telecommunications business, the operator must secure a Telecommunications Business Operation License.
License Revocation and Data Reporting: If an approved provider fails to conduct relevant business for two consecutive years, or ceases to meet the licensing criteria, the telecom department will cancel the license. Providers are also required to report network resources and operational metrics to assist market monitoring systems.
Technical Compliance and Standards (Article 10): Services must utilize telecom-compliant network resources and deploy information security management systems and technical safeguards that meet mandatory national standards.
Sector-Specific Pre-Approvals (Article 11): For specialized content areas—specifically news, culture, publishing, audio-visual programs, education, religion, and finance—operators must obtain explicit administrative permission from the respective sector-specific ministry prior to filing for telecom approvals or licenses.
Personnel Qualifications (Article 12): Employees must maintain correct political, value, and public opinion orientations. Crucially, personnel in internet news information services must obtain specific professional qualifications and undergo mandatory training and assessments organized by national news, publishing, and cyberspace departments. Platforms must systematically train internal information security reviewers.
Corporate Modifications (Article 13): Operators ceasing business must cancel their permits. Any changes to licensing parameters caused by mergers, acquisitions, or corporate restructuring require formal modification procedures with the original approving organ.
Operational Regulations and General Intermediary Duties
Chapter 3, Section 1: General Operational Provisions (Articles 14–40)
This section lays out the baseline compliance rules for day-to-day operations, applying across infrastructure, domain, and content service layers.
Infrastructure and Domain Integrity (Articles 14–15): Network access providers (ISPs) are forbidden from providing hosting or connection services to any platform lacking a valid telecom approval number. The establishment of domain root servers, root registries, and recursive resolution services requires explicit telecom licenses. Domains must be legally owned by the operator, cannot contain legally prohibited content, and must be updated or cancelled upon corporate expiration. IP address allocation operates under a strict filing registry; ISPs cannot provide connections to unverified or false IP allocations.
Public Filing and Labeling Display (Articles 16–17): Providers must file their operational indexes with local public security bureaus within 30 days of network connectivity. Platforms must clearly display their license numbers, approval IDs, and public security filing numbers in conspicuous locations. Operating outside the approved scope of services is strictly prohibited.
Internal Governance and User Verification (Articles 18–19): Platforms must maintain robust internal structures, including user registration controls, account management, content review protocols, public patrol systems, emergency response capabilities, and content orientation management. They must verify user-submitted credentials if the user operates in a field requiring specific professional qualifications.
Real-Name Identity Verification (Articles 19–21): Access providers, domain registrars, and information platforms must verify the true identity of users via national public network identity authentication services, resident identity cards, or unified social credit codes. Services must be withheld if a user refuses to provide valid identity info. Special verification measures must be deployed for minor users. Article 20 outlaws identity evasion tactics, such as using false credentials, misappropriating external accounts, or providing technical support to bypass real-name gates. Platforms must run dynamic verifications on existing accounts; accounts inactive for over six months must be flagged, prompted, or subjected to functional restrictions, suspension, or closure. Platforms must also support unlinking phone numbers when line ownership changes.
Crime Prevention and Content Promotion (Articles 22–23): Intermediaries must deploy technical checks to prevent their services from facilitating criminal activity and report violations to public security organs. Conversely, Article 23 explicitly encourages the production and dissemination of content that elevates Socialist Core Values, traditional Chinese culture, revolutionary history, national unity, and achievements in socio-economic development.
Prohibited and Adverse Content (Articles 24–25): Article 24 contains nine distinct bans on content that opposes constitutional principles, threatens national security or state secrets, incites subversion or secession, promotes terrorism/extremism, damages ethnic unity, desecrates revolutionary martyrs, devalues the military, spreads obscenity/gambling, propagates rumors disrupting economic order, or violates civil rights (reputation, privacy, intellectual property). Article 25 targets "adverse information" (不良信息), such as sensationalizing major policy adjustments, sudden emergencies, or high-profile criminal cases, as well as content harming minors. Such information cannot be highlighted or placed in prominent high-traffic sections.
Market and Information Order (Articles 26–30): Article 26 explicitly bans malicious traffic manipulation, including illicitly publishing, deleting, or suppressing links for pay; automated algorithm gaming; bulk account creation; generating fake clicks, votes, rankings, or comments; hijacking traffic; or deliberately bypassing state regulatory technical controls. If prohibited or adverse information is detected, platforms, electronic message blasters, software download portals, and ISPs must immediately sever transmission, delete or block content, restrict account monetization or functionality, preserve logs, and report to authorities (Articles 27–29). Overseas entities generating content that damages national security or public interests face targeted state countermeasures. Article 30 bans providing data, tools, hosting, billing, or advertising assistance to anyone known to be violating these provisions.
User Rights, Vulnerable Groups, and Specialized Frameworks (Articles 31–40):
Fact-Checking: Platforms must maintain mechanisms to actively refute online rumors (辟谣机制).
Fair Competition: Operators are prohibited from blocking competitors' legal links, interrupting app installations/upgrades, or using misleading buttons to divert users without consent (Article 32).
Consumer Protection: Pricing and service items must be fully transparent; bundled or forced subscription alterations are forbidden (Article 33).
Customer Service: Providers must supply human customer service staff scaled to their user base to handle complaints and appeals within reasonable windows (Article 34).
Minor Protection: The development of specialized "minor modes" and anti-addiction systems is heavily incentivized (Article 35).
Accessibility: Services must provide dedicated features and safety interfaces for elderly and disabled citizens (Article 36).
Security Assessments: Any service possessing public opinion attributes or social mobilization capabilities must complete a formal administrative security assessment (Article 37).
Special Management Shares: Media and publishing platforms may be subject to the state's special management share ("golden share") system (特殊管理股制度) (Article 38).
Log Retention: Platforms must preserve user registrations, published information records, and network logs for a minimum of 6 months, including NAT (Network Address Translation) registries for shared access points (Article 39).
Open Source: Operators are encouraged to prioritize open-source operating systems for app development (Article 40).
Specialized Intermediate Frameworks: Platforms and AI
Chapter 3, Section 2: Platform Information Services (Articles 41–54)
This section introduces precise obligations for platform service providers acting as structural intermediaries.
Rule Transparency and Credit Grading (Articles 41–42): Platforms must visibly display their community guidelines, rulebooks, and terms of service on homepages or application settings. Alterations require formal public comment periods. Regulatory authorities can order revisions of non-compliant rules. Platforms must track user accounts via credit-grading systems and report these metrics to the CAC.
Public Account ("We-Media") and MCN Management (Articles 43–46): For accounts operating in regulated professional domains (e.g., medicine, law, finance, education, military), platforms must verify their professional backgrounds and certifications, applying specific visual tags to their accounts. Public account homepages must display the operator's actual identity, unified social credit code, contact info, IP location, and their associated Multi-Channel Network (MCN) agency. High-impact public accounts are forbidden from spreading prohibited or adverse content; platforms must deploy strict penalties (monetization suspensions, account caps, bans) against violators. High-impact account registries and livestreaming platforms must file their background rosters with provincial cyberspace departments within 30 days of operation.
Anti-Cyberbullying Mandates (Article 47): Platforms must build algorithmic detection models, feature databases, and risk-warning alerts to identify cyber-violence. If risk is detected, platforms must dynamically re-verify account identities, throttle traffic, or issue warning pop-ups. They must also provide users with immediate defensive tools: one-click blocking of specific users, disabling trackbacks/comments, rejecting direct messages, and automated evidence preservation features.
MCN Agency Accountability (Articles 52–53): Content content distribution networks and MCNs must register as formal businesses, appoint content directors, maintain sufficient review staff, and publicize internal rules. If their contracted accounts violate content laws due to the MCN's lack of oversight, the MCN faces shared legal liability. MCNs are prohibited from organizing, inducing, or assisting accounts in violating rules, and platforms must penalize non-compliant MCNs via service restrictions or blacklist bans.
Large-scale Internet Platforms (Article 54): Defined specifically as platforms possessing over 50 million registered users or more than 10 million monthly active users (MAUs). They are legally required to:
Maintain independent compliance departments and dedicated compliance officers, conducting regular open security reviews.
Publish distinct platform rules protecting the rights of internal vendors and platform-dependent laborers.
Resolve complaints regarding prohibited content or adverse behavior within an accelerated 24-hour window.
Publish annual corporate social responsibility reports tracking data safety, privacy, and minor safety.
Report adjustments in major shareholders, actual controlling individuals, or primary business vectors to local cyberspace bureaus.
Refrain from utilizing data, proprietary algorithms, or platform rules to disadvantage competitors or harm consumer rights.

Pix generated with Google Gemini

Chapter 3, Section 3: Smart Information Services (Articles 55–64)
This section regulates the development and hosting of artificial intelligence and algorithmic recommendation systems.
Development Incentives and General Transparency (Articles 55–56): The state balances safety with development, supporting high-quality datasets, algorithm standards, and AI model training. Smart service operators must publicly disclose the basic technical principles, core deployment mechanisms, training data sources, and intended objectives of their models.
Algorithmic Filings and Data Lineage (Articles 57–59): Models with public opinion or mobilization capabilities must undergo independent security reviews, complete formal algorithm filings (算法备案), and track subsequent updates or cancellations. Apps accessing smart hardware systems must undergo compatibility and security testing. Training data data processing must rely on legal data and verified base models. If a smart service generates news content, its training corpora must be sourced exclusively from units officially authorized by state regulations.
Synthesized Content and Recommendation Restraints (Articles 60–61): Generated or synthetically altered content must feature permanent watermarks complying with national technical standards; altering, removing, or hiding these labels is prohibited. Recommendation engine providers must allow users to easily opt-out of personalized profiling or select entirely non-personalized alternatives. Algorithms must favor mainstream values in high-visibility areas (landing pages, hot-searches, pop-ups) and are prohibited from tagging users with illegal interest keywords, manipulating search rankings, over-recommending content, or engineering fake trending topics.
Gig Economy Labor Safeguards (Article 62): AI systems used for labor scheduling, recruitment, or job evaluation must follow strict necessity principles. Order distribution, payment algorithms, and work-hour assignments must remain fair, reasonable, and transparent. Algorithms affecting labor rights cannot be modified without seeking input from workers and publicizing changes beforehand.
Agent Services and Risk Mitigation (Articles 63–64): Providers of AI agents (智能体) or agent distribution platforms must ensure their products comply with national safety rules and maintain active security oversight. If a model generates prohibited information or exhibits major systemic risks, operators must immediately halt generation, cut transmissions, update training protocols to rectify the error, and file reports with cyberspace departments.
Supervision, Inspection, and Corporate Liability
Chapter 4: Supervision and Inspection (Articles 65–73)
Agency Powers (Articles 65–66): Cyberspace, telecom, and public security organs possess full mandates to inspect providers, who cannot refuse or obstruct investigations. Agencies must coordinate to prevent overlapping or redundant inspections. Shared information systems must link licensing data, MCN filings, and user registries. Criminal cases must be transferred to judicial organs promptly.
Investigative Actions and Special Controls (Articles 69–73): Regulators will focus inspections on complaint processing, account crackdowns, platform rules, and credit monitoring. If safety risks emerge, regulators can formally summon (约谈) corporate legal representatives for mandatory rectifications. During investigations, officers are authorized to interrogate witnesses, copy network logs, conduct on-site inspections, and seize or seal electronic hardware, storage drives, and premises (Article 70). Confidential information acquired during enforcement must be kept secret by staff (Article 71). Under Article 73, subject to direct State Council approval, cyberspace and telecom ministries can enforce temporary, localized, or functional restrictions on any communication platform possessing public mobilization capabilities during severe cyber or social crises.
Chapter 5: Legal Responsibility (Articles 74–89)
This chapter outlines the penalty scale for compliance failures.
| Offenses | Statutory Penalties and Administrative Actions |
| Unlicensed Telecom Operations (Article 74) | Confiscation of illicit revenue; fines of 3 to 5 times the illicit gains. If gains are under 50,000 RMB, fines range from 100,000 to 1,000,000 RMB. Serious cases face mandatory business suspension. |
| Operating Without Baseline Approval (Article 74) | Ordered rectification; persistent failure results in forced operational shutdown. |
| Missing Public Security Filings (Article 74) | Warning and ordered correction; failure to comply leads to technical network suspension. |
| Fraudulent Licensing/Approvals (Article 75) | Revocation of permits/IDs; confiscation of gains; fines from 100,000 to 1,000,000 RMB. |
| General Structural Infractions (Article 76) | (Covers missing labels, rule failures, bad customer service, minor safety leaks). Warnings, revenue confiscation; persistent or serious failures trigger fines from 50,000 to 500,000 RMB, website/app closures, or business license cancellations. Executives face personal fines from 10,000 to 100,000 RMB. |
| Severe Content & Algorithmic Failures (Article 77) | Standard: Fines up to 500,000 RMB, app suspension, or license revocation. Serious: Fines from 500,000 to 2,000,000 RMB; managers face 10,000 to 100,000 RMB fines and 6-month to 1-year sector management bans. Extremely Severe: Fines from 2,000,000 to 10,000,000 RMB; managers face fines up to 1,000,000 RMB and a permanent ban from executive or security roles in the internet sector. |
| Failure to Halt Prohibited Content (Article 81) | Fines from 50,000 to 500,000 RMB; serious cases trigger fines from 500,000 to 2,000,000 RMB. If the fallout causes "especially severe consequences," corporate fines scale from 2,000,000 to 10,000,000 RMB, and executives face personal fines up to 1,000,000 RMB. |
| "We-Media" Violations (Article 83) | Baseline accounts face warnings and profile restrictions, plus fines from 10,000 to 50,000 RMB. High-impact accounts face fines from 50,000 to 500,000 RMB alongside account termination or re-registration bans. |
| Market/Traffic Manipulation (Article 84) | Fines from 100,000 to 1,000,000 RMB; serious infractions scale from 1,000,000 to 5,000,000 RMB with mandatory business suspension. |
| Regulatory Misconduct (Article 82) | State staff leaking data or abusing power face formal administrative or criminal prosecution. |
Coordinated Statutes and Civil Remedies (Articles 86–89): Other infractions defer to upper-level laws like the Data Security Law and the Personal Information Protection Law. Civil damages must be compensated independently, and criminal accountability overrides administrative fines. Under Article 88, severe violators face inclusion on the Internet Serious Dishonesty List, resulting in long-term multi-platform restrictions on registering new accounts or using information features. Mitigations follow the Administrative Punishment Law guidelines.
Supplementary Definitions
Chapter 6: Supplementary Provisions (Articles 90–94)
Article 90 provides precise definitions for ten core operational terms used throughout the regulation:
Internet Information Services: Providing information to the public via websites, applications, or agents using microblogs, instant messaging, search engines, livestreams, video, text sharing, knowledge reasoning, task execution, or public accounts.
Internet Access Services (ISPs): Providing network routing or hosting to platforms, including IDC (Internet Data Center) operations, CDN (Content Delivery Network) management, and basic ISP access via network proxies, server hosting, or space leasing.
Internet Accounts: Usernames and profiles registered to use internet information services.
Internet User Public Accounts ("We-Media"): Accounts producing text, graphics, or audio-visual content aimed at the general public, excluding profiles meant solely for private communication.
Highly Influential Public Accounts: Accounts categorized by substantial follower bases, high read/forward/comment volume, significant annual monetization revenue, or prominent influence within a specialized domain or demographic.
Public Account Production/Operation Entities: Individuals or organizations registering and running public accounts for content generation.
Internet Information Content Multi-Channel Distribution Services (MCNs): Agencies providing planning, production, distribution, marketing, promotion, or brokerage services to public accounts.
Internet Livestreaming Platform Providers: Platform intermediaries hosting live broadcast content.
Application Distribution Platform Providers: Marketplaces hosting and distributing software applications.
Large-scale Internet Platforms: Digital platforms with over 50 million registered users or more than 10 million Monthly Active Users (MAUs), whose operations exert a significant impact on economic performance, online order, or user rights.
Foreign Investment and Transnational Services (Articles 91–92): Foreign-invested entities must comply with specific foreign investment statutes, alongside special rules governing e-commerce retail and supply chains. Foreign entities or individuals distributing information into the PRC or utilizing domestic internet infrastructure must strictly obey these Measures. International treaties apply unless the PRC has explicitly registered a reservation.
Cross-Sectoral Compliance and Enforcement Date (Articles 93–94): Services touching upon data privacy, competition, media management, or state secrets must obey adjacent specialized laws. The document leaves the final enactment date open for subsequent formal confirmation.
The text of the original draft appears below.










