Promulgation Authorities: Cyberspace Administration of China
Release Date: 2022-06-14
Effective Date: 2022-08-01
Original Title: 移动互联网应用程序信息服务管理规定（2022）
Administrative Provisions on Mobile Internet Applications Information Services (2022)
Chapter I General Principles
Article 1 These Provisions are enacted in accordance with the Cybersecurity Law of the People’s Republic of China, the Data Security Law of the People’s Republic of China, the Law of the People’s Republic of China on Personal Information Protection, the Law of the People’s Republic of China on the Protection of Minors, the Administrative Measures on Internet Information Services, the Regulations on Internet News Information Services, the Regulations on Ecological Governance of Network Information Contents and other laws, Administrative Provisions and relevant provisions of the State for the purposes of regulating the mobile Internet applications (hereinafter referred to as the “applications” in short) information services, protecting the legitimate rights and interests of citizens, legal persons and other organizations, and safeguarding the national security and public interests.
Article 2 Those that provide application information services within the territory of the People’s Republic of China and those that engage in Internet application stores and other application distribution services shall abide by these Provisions.For the purpose of these Provisions, “application information services” refer to the activities of producing, reproducing, releasing and disseminating text, pictures, audios, videos and other information through applications for users, including instant messaging, news information, knowledge quizzes, forum communities, live webcast, e-commerce, network audios and videos, life services and other types of services.
For the purpose of these Provisions, “application distribution services” refer to the activities of providing application releasing, downloading, dynamic loading and other services through the Internet, including application stores, fast application centers, Internet applet platforms, browser plug-in platforms and other types.
Article 3 The Cyberspace Administration of China is responsible for the supervision and administration of application information contents nationwide. Local cyberspace administrations are responsible for the supervision and administration of application information contents in their respective administrative regions ex officio.
Article 4 Application providers and application distribution platforms shall abide by the Constitution, laws and Administrative Provisions, promote socialist core values, adhere to the correct political direction, public opinion guidance and value orientation, follow public order and good customs, perform social responsibility and maintain a clean cyberspace.Application providers and application distribution platforms shall not use applications to engage in activities prohibited by laws and regulations such as endangering national security, disturbing social order or infringing upon others’ legitimate rights and interests.
Article 5 Application providers and application distribution platforms shall perform their duties as information content administrators, actively cooperate with the State in implementing the strategy for trusted identities in cyberspace, and establish sound management systems such as information content security management, information content ecological governance, data security and personal information protection and minors protection so as to ensure cybersecurity and maintain good cyberspace ecology.
Chapter II Application Providers
Article 6 Where the application providers provide the users with the information releasing, instant messaging and other services, they shall authenticate the real identity information of the users applying for registration based on the mobile phone numbers, identity document numbers or unified social credit codes or otherwise. If users fail to provide real identity information, or fraudulently use identity information of organizations or others for fake registration, no relevant services may be provided.
Article 7 Application providers providing Internet-based news information services through applications shall obtain the license for Internet-based news information services, and are prohibited from carrying out activities of Internet-based news information services without license or beyond the scope of the license.Where the application providers provide other internet information services, they shall obtain the approval of the relevant competent departments or the relevant licenses, and they shall not provide such services until they have obtained the approval of the relevant competent departments or the relevant licenses.
Article 8 The application providers shall be responsible for the information contents presented; they shall not produce and disseminate illegal information, and shall consciously prevent and resist unhealthy information.Application providers shall establish sound information content review and management mechanism, establish sound management measures such as user registration, account management, information review, daily inspection and emergency disposal, and be staffed with professionals and technical ability appropriate to the service scale.
Article 9 The application providers shall not conduct acts such as false advertising and bundled downloading, nor shall they employ machine or manual click farm services for instantly boosting popularity in rankings, increasing quantity and control the ratings etc., or use illegal and unhealthy information to induce users to download.
Article 10 The applications shall meet the mandatory requirements of relevant national standards. When application providers find that applications have risks such as safety defects or loopholes, they shall immediate take measures for rectification and timely inform the users and report to relevant competent authorities in accordance with regulations.
Article 11 Application providers engaging in application data processing activities shall fulfill the obligations of data security protection, establish sound whole-process data security management system, adopt technical measures and other security measures to ensure data security, and strengthen risk monitoring. Meanwhile, the application providers may not endanger national security and public interests, or damage the legitimate rights and interests of others.
Article 12 Application providers shall process personal information by following the principles of legitimacy, rightfulness, necessity and good faith, have clear and reasonable purposes, disclose processing rules, comply with the relevant provisions on the scope of necessary personal information, regulate personal information processing activities, and take necessary measures to ensure the security of personal information. They shall not, for any reason, force users to consent to personal information processing, or refuse users to use their basic functions and services on the ground that users do not agree to provide unnecessary personal information.
Article 13 Application providers shall adhere to the principles of benefiting minors to the most, pay attention to the healthy growth of minors, perform various obligations to protect minors online, and strictly implement the requirements for registration and login of real identity information of minor user accounts in accordance with the law. They may not provide the relevant products and services in any form that induce minor users to become addicted to such products and services, and nor may they produce, reproduce, release or spread the information with the content that endangers the physical and mental health of minors.
Article 14 Application providers that launch new technologies, new applications and new functions with the attribute of public opinions or capable of social mobilization shall conduct security assessment in accordance with the relevant provisions of the State.
Article 15 Application providers are encouraged to actively adopt Internet Protocol Version 6 (IPv6) to provide information services to users.
Article 16 Application providers shall, in accordance with laws, regulations and the relevant provisions of the State, formulate and disclose management rules, and sign service agreements with registered users to specify the relevant rights and obligations of both parties.For registered users who violate these Provisions, the relevant laws, regulations and service agreements, the application providers shall, in accordance with the law or as agreed, take disposal measures such as warning, restriction of functions or closure of accounts, keep records and report the same to the competent authorities.
Chapter III Application Distribution Platforms
Article 17 An application distribution platform shall, within 30 days after its online operation, be filed for record with the cyberspace administration of the province, autonomous region or centrally-administered municipality where it is located. The following materials shall be submitted for the record-filing:
(I) The basic information about the platform operator;
(II) The platform name, domain name, access service, service qualification, the type of applications on the shelves and other information;
(III) The commercial Internet-based information service license obtained by the platform or the record-filing materials for non-commercial Internet-based information services obtained by the platform;
(IV) The relevant sound system documents to be established as required by Article 5 hereof; and
(V) The platform management rules and service agreements, etc.After receiving the record-filing materials, the cyberspace administration of the province, autonomous region or centrally-administered municipality concerned shall grant the record-filing if the materials are complete.
The Cyberspace Administration of China shall timely announce the list of application distribution platforms that have completed the record-filing formalities.
Article 18 An application distribution platform shall establish a classification management system, implement classification management for the applications on the shelves, and file the applications by category with the cyberspace administration of the province, autonomous region or centrally-administered municipality where it is located for the record filing.
Article 19 The application distribution platform shall take measures such as compound verification to authenticate the real identity information of the application providers applying for the shelves in various ways such as mobile phone numbers, identity document numbers or unified social credit codes. Meanwhile, it is required to make public the names, unified social credit codes and other information of the mobile application providers in accordance with the different subject natures of application providers to facilitate public supervision and inquiry.
Article 20 The application distribution platform shall establish a sound management mechanism and technical means, and establish sound management measures such as shelf review, daily management and emergency response, etc.The application distribution platform shall review the applications applied for being put on shelves or updated; if it is found that the application name, icon or brief introduction contains any illegal or unhealthy information, does not match the real identity information of the registration subject, or has any illegal or irregular business type, etc., the application distribution platform shall not provide services for them.
Where the information services provided by the applications fall within the scope as stipulated in Article 7 hereof, the application distribution platforms shall verify the relevant licenses; where the information services provided by the applications fall within the scope as stipulated in Article 14 hereof, the application distribution platforms shall verify the safety evaluation situations.
The application distribution platform shall strengthen the daily management of the applications on the shelves, and shall not provide services for the applications that contain illegal and unhealthy information, that have data fraud such as the number of downloads and evaluation indicators, that have potential data security risks, that illegally collect and use personal information, or that damage the legitimate rights and interests of others.
Article 21 The application distribution platform shall, according to laws, regulations and relevant provisions of the State, formulate and disclose management rules, and sign service agreements with application providers to specify the relevant rights and obligations of both parties.For the applications that violate these Provisions, related laws, regulations and service agreements, the application distribution platform shall, in accordance with the laws or as agreed, take such measures as warning, service suspension or removal from shelves, keep records and report the same to the competent authorities.
Chapter IV Supervision and Administration
Article 22 Application providers and application distribution platforms shall consciously accept social supervision, set up conspicuous and convenient entrances for complaints and whistleblowing, announce the ways of complaints and whistleblowing, improve the acceptance, handling and feedback mechanisms, and timely deal with public complaints and whistleblowing.
Article 23 Internet industry organizations are encouraged to establish sound industry self-discipline mechanism, formulate sound industry standards and self-discipline conventions, guide the members to establish sound service standards, provide information services in accordance with the laws and regulations, maintain market fairness and promote the sound development of the industry.
Article 24 Cyberspace administrations shall, in concert with the relevant competent authorities, establish sound working mechanism, supervise and guide application providers and application distribution platforms to carry out information service activities in accordance with the laws and regulations.Application providers and application distribution platforms shall cooperate in the supervision and inspection conducted by cyberspace administrations and relevant competent authorities in accordance with the law, and provide necessary support and assistance.
Article 25 Any application provider or application distribution platform that violates these Provisions shall be punished by cyberspace administration and relevant competent authorities within the scope of their duties in accordance with relevant laws and regulations.
Chapter V Supplemental Provisions
Article 26 For the purpose of these Provisions, “mobile Internet applications” shall refer to the application software running on mobile smart terminals to provide information services to users.For the purpose of these Provisions, “mobile Internet application providers” shall refer to the owners or operators of mobile Internet applications that provide information services.
For the purpose of these Provisions, “mobile Internet application distribution platforms” shall refer to the Internet information service providers that provide distribution services such as releasing, downloading and dynamic loading of mobile Internet applications.
Article 27 These Provisions shall come into force on August 1, 2022, repealing simultaneously The Administrative Provisions on Mobile Internet Application Information Services promulgated on June 28, 2016.