Promulgated by: Cyberspace Administration of China. Document No.: Order of the Cyberspace Administration of China No. 3 (2022). Adopted and promulgated on June 14, 2022. Effective August 1, 2022. Supersedes the Provisions on the Administration of Mobile Internet Application Information Services promulgated on June 28, 2016.
Chapter I General Provisions
Article 1. These Provisions are formulated in accordance with the Cybersecurity Law of the People’s Republic of China, the Data Security Law of the People’s Republic of China, the Personal Information Protection Law of the People’s Republic of China, the Law of the People’s Republic of China on the Protection of Minors, the Administrative Measures for Internet Information Services, the Provisions on the Administration of Internet News Information Services, the Regulations on the Governance of the Information Content Ecosystem on the Internet, and other laws, administrative regulations, and relevant State provisions, with a view to regulating mobile internet application (app) information services, protecting the lawful rights and interests of citizens, legal persons, and other organizations, and safeguarding national security and the public interest.
Article 2. These Provisions apply to the provision of app information services within the territory of the People’s Republic of China, as well as to the provision of app distribution services such as through internet app stores. For purposes of these Provisions, “app information services” refers to activities of producing, reproducing, publishing, and transmitting information in the form of text, images, audio, video, and other content to users through apps, including instant messaging, news and information, knowledge and question-and-answer, forum communities, online live-streaming, e-commerce, online audio and video, life services, and other types. “App distribution services” refers to activities of providing app release, download, dynamic loading, and other services via the internet, including app stores, quick-app centers, internet mini-program platforms, browser plug-in platforms, and other types.
Article 3. The national cyberspace administration authority is responsible for the supervision and administration of app information content throughout the country. Local cyberspace administration authorities are responsible, in accordance with their duties, for the supervision and administration of app information content within their respective administrative regions.
Article 4. App providers and app distribution platforms shall comply with the Constitution, laws, and administrative regulations; shall promote socialist core values; shall adhere to the correct political orientation, public-opinion guidance, and value orientation; shall observe public order and good customs; shall fulfill social responsibilities; and shall maintain a clean cyberspace. App providers and app distribution platforms shall not use apps to engage in activities prohibited by laws and regulations, such as endangering national security, disrupting social order, or infringing on the lawful rights and interests of others.
Article 5. App providers and app distribution platforms shall fulfill primary responsibility for information content management; shall actively cooperate with the State’s implementation of the network trusted-identity strategy; and shall establish and improve management systems covering information content security management, information content ecosystem governance, data security and personal information protection, and the protection of minors, thereby ensuring network security and maintaining a sound network ecology.
Chapter II App Providers
Article 6. Where an app provider offers services such as information publication or instant messaging to users, it shall verify the real identity information of users applying for registration by means such as mobile-phone number, identity-document number, or unified social credit code. Where a user fails to provide real identity information, or uses the identity information of an organization or another person to register falsely, the relevant services shall not be provided to that user.
Article 7. Where an app provider provides internet news information services through an app, it shall obtain a permit for internet news information services; engaging in internet news information services without a permit or beyond the permitted scope is prohibited. Where an app provider provides other internet information services that are required by law to be subject to review and approval or licensing by the competent authority, it may provide such services only after obtaining the review and approval or license of the competent authority.
Article 8. An app provider shall be responsible for the results of information-content presentation, shall not produce or disseminate unlawful information, and shall conscientiously guard against and resist harmful information. An app provider shall establish and improve mechanisms for reviewing and managing information content, and shall establish and refine management measures covering user registration, account management, information review, daily inspection, and emergency handling; it shall also equip itself with professional staff and technical capabilities commensurate with the scale of its services.
Article 9. An app provider shall not attract users to download through false advertising, bundled downloading, or similar conduct, through artificial or automated means of inflating rankings, inflating traffic volumes, or manipulating reviews, or by inducing users with unlawful or harmful information.
Article 10. Apps shall comply with the mandatory requirements of relevant national standards. Where an app provider discovers security deficiencies, vulnerabilities, or other risks in an app, it shall immediately take remedial measures, inform users in a timely manner in accordance with the relevant provisions, and report the matter to the competent authority.
Article 11. Where an app provider engages in data processing activities in connection with an app, it shall fulfill data security protection obligations, establish and improve a comprehensive full-lifecycle data security management system, adopt technical measures and other security measures to ensure data security, and strengthen risk monitoring; it shall not endanger national security or the public interest, and shall not harm the lawful rights and interests of others.
Article 12. An app provider processing personal information shall follow the principles of lawfulness, legitimacy, necessity, and good faith, shall have a specific and reasonable purpose and disclose the processing rules, shall comply with the relevant provisions on the scope of necessary personal information, shall regulate personal information processing activities, and shall take necessary measures to protect personal information security. An app provider shall not require users to consent to personal information processing conduct on any grounds whatsoever, and shall not deny users the use of basic functionality services on the ground that a user declines to provide non-essential personal information.
Article 13. An app provider shall adhere to the principle of the best interests of minors, shall be attentive to the healthy development of minors, shall fulfill all obligations relating to the network protection of minors, and shall strictly implement, in accordance with law, the real identity information registration and login requirements for minor user accounts. An app provider shall not, in any form, provide minor users with products or services that induce addiction, and shall not produce, reproduce, publish, or transmit information containing content that is harmful to the physical and mental health of minors.
Article 14. Where an app provider launches new technologies, new applications, or new functions that have attributes capable of shaping public opinion or mobilizing society, it shall carry out a security assessment in accordance with the relevant State provisions.
Article 15. App providers are encouraged to proactively adopt Internet Protocol Version 6 (IPv6) to provide information services to users.
Article 16. An app provider shall, in accordance with laws, regulations, and relevant State provisions, formulate and make public management rules, and shall enter into service agreements with registered users specifying the respective rights and obligations of both parties. For registered users who violate these Provisions, the relevant laws and regulations, or the service agreement, an app provider shall, in accordance with law and the agreement, take measures such as warning, restriction of functionality, and account closure, shall preserve records, and shall report to the competent authority.
Chapter III App Distribution Platforms
Article 17. An app distribution platform shall, within thirty days of commencing operation, file for registration with the provincial-level, autonomous-region-level, or directly-administered-municipality-level cyberspace administration authority of its place of domicile. When filing, the following materials shall be submitted:
(1) basic information on the platform’s operating entity;
(2) information such as the platform name, domain name, access services, service qualifications, and categories of apps listed;
(3) materials such as the platform’s commercial internet information service permit or non-commercial internet information service filing;
(4) the relevant institutional documents required to be established and improved under Article 5 of these Provisions; and
(5) the platform’s management rules, service agreements, and other documents.
Upon receiving filing materials, the provincial-level, autonomous-region-level, or directly-administered-municipality-level cyberspace administration authority shall complete the filing if the materials are complete. The national cyberspace administration authority shall promptly publish the list of app distribution platforms that have completed the filing procedures.
Article 18. An app distribution platform shall establish a classification management system, implement classification management of apps listed on the platform, and file the apps by category with the provincial-level, autonomous-region-level, or directly-administered-municipality-level cyberspace administration authority of its place of domicile.
Article 19. An app distribution platform shall adopt composite verification and other measures to verify the real identity information of app providers applying to list apps, using a combination of methods such as mobile-phone number, identity-document number, and unified social credit code. Based on the different nature of the app provider’s entity, the platform shall publicly display information such as the provider’s name and unified social credit code, so as to facilitate public supervision and inquiry.
Article 20. An app distribution platform shall establish and improve management mechanisms and technical means, and shall establish and refine management measures for pre-listing review, routine management, and emergency handling.
An app distribution platform shall review apps applying to be listed or updated; where it discovers that an app’s name, icon, or description contains unlawful or harmful information, does not correspond to the registered entity’s real identity information, or presents business-type violations, it shall not provide services for that app.
Where the information services provided by an app fall within the scope of Article 7 of these Provisions, the app distribution platform shall verify the relevant permit status; where they fall within the scope of Article 14 of these Provisions, the app distribution platform shall verify whether the security assessment has been completed.
An app distribution platform shall strengthen routine management of listed apps; where an app contains unlawful or harmful information, has falsified download-volume or review-rating data, presents data security risks, engages in illegal or excessive collection and use of personal information, or harms the lawful rights and interests of others, the platform shall not provide services for that app.
Article 21. An app distribution platform shall, in accordance with laws, regulations, and relevant State provisions, formulate and make public management rules, and shall enter into service agreements with app providers specifying the respective rights and obligations of both parties. For apps that violate these Provisions, the relevant laws and regulations, or the service agreement, an app distribution platform shall, in accordance with law and the agreement, take measures such as warning, suspension of service, or removal from the platform, shall preserve records, and shall report to the competent authority.
Chapter IV Supervision and Administration
Article 22. App providers and app distribution platforms shall consciously accept social supervision, shall set up prominent and easily accessible channels for complaints and reports, shall publicize the means for complaints and reports, and shall establish and improve mechanisms for receiving, handling, and providing feedback on such matters, so as to handle public complaints and reports in a timely manner.
Article 23. Internet industry organizations are encouraged to establish and improve industry self-discipline mechanisms, to formulate and refine industry norms and self-discipline conventions, to guide member entities in establishing and improving service standards, to provide information services in accordance with laws and regulations, to uphold market fairness, and to promote the sound development of the industry.
Article 24. The cyberspace administration authorities, together with the relevant competent authorities, shall establish and improve working mechanisms to supervise and guide app providers and app distribution platforms in engaging in information service activities in accordance with laws and regulations. App providers and app distribution platforms shall cooperate with supervision and inspection lawfully carried out by the cyberspace administration authorities and the relevant competent authorities, and shall provide the necessary support and assistance.
Article 25. Where an app provider or an app distribution platform violates these Provisions, the cyberspace administration authorities and the relevant competent authorities shall handle the matter in accordance with the relevant laws and regulations within the scope of their respective duties.
Chapter V Supplementary Provisions
Article 26. For the purposes of these Provisions, “mobile internet application (app)” refers to application software running on mobile smart terminals that provides information services to users. “Mobile internet application (app) provider” refers to the owner or operator of a mobile internet application (app) that provides information services. “Mobile internet application (app) distribution platform” refers to an internet information service provider that provides distribution services such as app release, download, and dynamic loading.
Article 27. These Provisions shall come into force on August 1, 2022. The Provisions on the Administration of Mobile Internet Application Information Services promulgated on June 28, 2016 are hereby simultaneously repealed.