China: Regulations on the Management of Algorithm Recommendation for Internet Information Services
[Unofficial translation by Digital Policy Alert]
Chapter I General Provisions
Article 1
In order to regulate internet information services algorithm recommendation activities, carry forward Core Socialist Values, safeguard national security and social public interests, protect the legitimate rights and interests of citizens, legal entities, and other organisations, and promote the healthy development of Internet information services; these Regulations are developed in accordance with the “Cybersecurity Law of the People’s Republic of China”, the “Data Security Law of the People’s Republic of China”, the “Personal Information Protection Law of the People’s Republic of China”, the “Internet Information Service Management Rules”, as well as other laws and regulations.
Article 2
These Regulations apply to the use of algorithmic recommendation technology within the mainland territory of the People’s Republic of China. When other laws and regulations provide otherwise, such laws and regulations shall prevail.
The use of algorithmic recommendation technology mentioned in the preceding paragraph refers to the use of algorithm technologies that provide information for users, including generation and synthesis, personalised push notifications, sorting and selection, retrieval and filtering, scheduling and decision-making, among others.
Article 3
The Cyberspace Administration of China is responsible for the overall supervision, governance, and enforcement of algorithm recommendation services at the national level. The State Council departments for telecommunications, public security, market regulators and other relevant institutions are responsible for supervising and managing algorithm recommendation services in accordance with their respective competences.
Local cybersecurity and information departments are responsible for the overall supervision, governance, and enforcement of algorithm recommendation services within their administrative region. Local departments for telecommunications, public security, market regulations and other relevant organs are responsible for supervising and managing algorithm recommendation services in accordance with their administrative region.
Article 4
Algorithmic recommendation service providers shall comply with the law and regulations, observe positive social moral values, comply with business and professional ethics, and respect the principles of justice and fairness, openness and transparency, scientific reasoning, and honesty and good faith.
Article 5
Relevant business associations are encouraged to strengthen industry and self-regulation; develop and comply with industry standards, guidelines, and self-regulation requirements; supervise and provide guidance for algorithmic recommendation service providers for the development and improvement of service specifications in accordance with the law; and promote public participation.
Chapter II Regulation of Information Services
Article 6
Algorithmic recommendation service providers shall observe general social values, optimize mechanisms for algorithmic recommendation services, actively disseminate positive influence, and promote the use of algorithms for the general welfare.
Algorithmic recommendation service providers shall not use algorithmic recommendation services to engage in activities prohibited by laws and regulations such as those that endanger national security and public interest, disrupt the economic and social order, or infringe the legitimate rights and interests of others. They shall not use algorithmic recommendation services to disseminate information prohibited by laws and regulations and shall be required to adopt measures to prevent and stop the dissemination of harmful content.
Article 7
Algorithmic recommendation service providers shall be responsible for implementing systems to ensure algorithmic security, establish and improve management systems and technical measures for algorithmic assessment and verification, technology ethics assessment, user registration, information verification, data security and personal information protection, addressing telecommunications network fraud, security assessment and monitoring, security incident response and handling, developing and disclosing algorithmic recommendation service rules; and designating professional staff and technical support to in accordance with the scale of the algorithmic recommendation services.
Article 8
Algorithmic recommendation service providers shall conduct periodic reviews, verification, and assessment of algorithm mechanisms, models, data and application outcomes, and may not develop algorithm models against laws and regulations or ethics and morals, such as those that lead users to addiction or excessive spending.
Article 9
Algorithmic recommendation service providers shall strengthen information security management; establish and improve data entry features for identifying unlawful and harmful; and improve data entry standards, rules, and procedures. Where it is discovered that algorithmically generated or synthetic information has not been labelled as such, dissemination of information may only be continued after being correctly labelled.
If algorithmic recommendation service providers find illegal information, dissemination shall cease immediately, and deletion or other measures shall be adopted to prevent the dissemination of content and to store the relevant records. A report shall be submitted to the relevant cybersecurity and information departments. If harmful content is identified it shall be handled in accordance with the Provisions on the Governance of Network Information Content Ecosystem.
Article 10
Algorithmic recommendation service providers shall strengthen user modeling and user tagging systems and improve rules for logging interests in user models and tag systems. Unlawful or harmful content shall not be used as keywords for user tags recommending content.
Article 11
Algorithmic recommendation service providers shall strengthen the ecological management of their sites, establish and improve manual and auto-selection mechanisms, and actively display information complying with general orientation values in key segments including home screen and home pages, trending searches, selected content, ranking lists, and pop-up windows.
Article 12
Algorithmic recommendation service providers are encouraged to use comprehensive strategies such as content sorting, scattering, and intervention, and to improve transparency and provide clear explanations of rules for searching, sorting, selecting, pushing notifications, displaying content, in order to avoid harmful content for users and to prevent controversies and disputes.
Article 13
Algorithmic recommendation service providers supplying Internet news information services shall obtain an Internet News Information Services License in accordance with the law, develop rules for collecting and publishing Internet news information, republishing services, and broadcasting in platform services. Providers shall not generate or synthesize fake news information or disseminate news information published by press work units outside the scope of national regulations.
Article 14
Algorithmic recommendation service providers shall not use algorithms to register fake accounts or illegal trading accounts, manipulate user accounts, or provide fake likes, comments or reshares. Algorithmic recommendation service providers shall not use algorithms to block recommendations, provide excessive recommendations, manipulate ranking lists or search results, control trending topics or select content, interfere in any other way to influence online public opinion or to circumvent supervision and control.
Article 15
Algorithmic recommendation service providers shall not use algorithms to impose unreasonable restrictions on other Internet information service providers, or to obstruct or undermine the regular operation of the lawful Internet information services they provide, or to carry out monopolistic or unfair competition acts.
Chapter III Protection of User Rights and Interests
Article 16
Algorithmic recommendation service providers shall inform users in a clear manner of the conditions concerning the algorithmic recommendation services they provide and publish the general principles, purposes and operating mechanisms of the algorithmic recommendation services provided.
Article 17
Algorithmic recommendation service providers shall provide users with the option that the service is not tailored to their personal characteristics, or provide users with the convenient option to turn off the algorithmic recommendation service. If the user chooses to turn off the algorithmic recommendation service, the algorithmic recommendation service provider shall immediately stop providing those services.
Algorithmic recommendation service providers shall provide users with the function of selecting or deleting user tags of their personal characteristics for the algorithmic recommendation service.
If algorithmic recommendation service providers use algorithms in a manner that significantly impacts the rights and interests of users, they shall provide an explanation and will be held liable in accordance with the law.
Article 18
Algorithmic recommendation service providers that provide services to minors shall perform their obligations to protect the network of minors in accordance with the law, and facilitate access to information beneficial to minors’ physical and mental health by developing models suitable for use by minors and providing services suitable for the characteristics of minors.
Algorithmic recommendation services providers shall not push information to minors that may cause minors to imitate unsafe behaviours, violate social morality, or induce bad habits, among other things, that may affect the physical and mental health of minors or lead them to become addicted to the Internet.
Article 19
Algorithmic recommendation service providers that provide services to the elderly shall safeguard their rights and interests under the law, and take into consideration the elderly’s needs relating to travel, medical care, consumption, and handling of affairs; provide elderly-friendly smart services in accordance with relevant regulations; carry out monitoring, identification and handling telecommunications and internet fraud information; and facilitate the safe use of algorithm recommendation services by the elderly.
Article 20
Algorithmic recommendation service providers providing work scheduling services to workers shall safeguard workers’ lawful rights on remuneration, rest and vacation; and they shall develop and improve algorithms involving platform order distribution, composition, and payment of remuneration, working hours, rewards and penalties, among others.
Article 21
Algorithmic recommendation service providers selling goods or services to consumers shall safeguard consumers’ rights to fair transactions and shall not use algorithms to impose unreasonable differential treatment in prices and other transaction conditions based on consumer preferences, transaction habits, and other characteristics.
Article 22
Algorithmic recommendation service providers shall establish a convenient complaint channel for users and the public, publish information on the process and feedback time limit, accept and promptly handle complaints and reports and provide feedback on the results.
Chapter IV Supervision and Management
Article 23
The cybersecurity and information departments in conjunction with the telecommunications, public security, market regulators and other relevant institutions will establish a graded and categorized algorithm security management system for algorithmic recommendation service providers taking into account public opinion properties or social mobilization capacity, content categories, user scale, the type of data processed by algorithmic recommendation technology, and the degree of interference in user activities, among others.
Article 24
Algorithmic recommendation service providers with public opinion properties or social mobilization capacity shall report, through the Internet Information Service Algorithm Filing System, their name, service type, application field, algorithm type, algorithm self-evaluation report, and content to be publicised, within ten working days from the date they start to provide the relevant services.
If there is a change in the information filed, the algorithmic recommendation service provider shall file the change within ten working days from the date the change occurred.
If the algorithmic recommendation service provider terminates its services, it shall file cancellation procedures and make appropriate arrangements within twenty working days from the termination of its services.
Article 25
The national, provincial, autonomous regions and municipal cybersecurity and information departments receiving materials from an applicant shall file them within thirty working days if they are complete, and issue a record-filing number and publish the materials. If the materials are incomplete, filing will not be granted and the applicant shall be notified, including an explanation of the reasons, within thirty working days.
Article 26
Algorithmic recommendation service providers that have completed the filing process shall prominently display their filing number and the link to the public record of the filing on on their websites and applications.
Article 27
Algorithmic recommendation service providers with public opinion properties or social mobilization capacity shall conduct security assessments in accordance with relevant national regulations.
Article 28
Cybersecurity and information departments, in conjunction with telecommunications, public security, market regulators and other relevant institutions, shall conduct security assessments, oversight and inspections of algorithmic recommendation services in accordance with the law, and shall promptly provide correcting suggestions and specify a time limit to submit rectifications.
Algorithmic recommendation service providers should preserve network records in accordance with the law, cooperate with the cybersecurity and information departments and relevant telecommunications, public security, and market regulations organs conducting security assessments, oversight and inspections, and provide necessary technical, data support and assistance.
Article 29
Relevant institutions and personnel involved in security assessments, supervision and inspections of algorithmic recommendation services shall preserve the confidentiality of personal information, privacy, and trade secrets acquired when performing their duties and shall not disclose or unlawfully provide them to others.
Article 30
Any organization or individual that identifies acts violating these Regulations may file a complaint or report to the cybersecurity and information departments and relevant institutions. Departments receiving complaints or reports shall handle them promptly and in accordance with the law.
Chapter V Legal Liability
Article 31
When algorithmic recommendation service providers violate the provisions of Articles 7, 8, 9(1), 10, 14, 16, 17, 22, 24, and 26 of these Regulations and there are laws and regulations sanctioning these violations, such sanctions shall apply. If there are no provisions in the laws and regulations, the relevant departments such as the Cyberspace Administration, telecommunications, public security, and market regulators shall, in accordance with their duties, issue warnings, publish criticisms, or order rectification within a specified period. Failure to rectify, or if the circumstances are serious, will result in suspension of information updates and a fine of no less than ten thousand yuan and no more than one hundred thousand yuan. If the violation infringes public security, public security administrative sanctions will be imposed. If the violation constitutes a crime, criminal responsibility shall be investigated according to the law.
Article 32
When algorithmic recommendation service providers violate the provisions of Article 6, Article 9 paragraph 2, Article 11, Article 13, Article 15, Article 18, Article 19, Article 20, Article 21, Article 27, or Article 28 paragraph 2 of these Regulations, the cybersecurity and information departments, the telecommunications, public security, market regulators and other relevant institutions will, in accordance with their obligations, handle the matter according to the provisions of relevant laws, regulations and department rules.
Article 33
When algorithmic recommendation services providers with public opinion properties or social mobilization capacity obtain registration by concealing relevant circumstances in their filing process, providing false materials, or using other irregular means, national, provincial, autonomous regions and municipal cybersecurity and information departments shall cancel registration according to the law, and issue a warning or a public criticism. When serious circumstances exist, they will order provisional suspension of information updates, and impose a fine of no less than ten thousand yuan and no more than one hundred thousand yuan.
When algorithmic recommendation services providers with public opinion properties or social mobilization capacity cease services without carrying out filing cancellation requirements according to Article 24 paragraph 3, or they receive administrative penalties such as an order to close websites or cancellation of relevant business permits, national, provincial, autonomous regions and municipal cybersecurity and information departments will cancel their registration.
Chapter VI Supplementary Provisions
Article 34
The Cybersecurity Administration of China, in conjunction with the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation, shall be responsible for the interpretation of these Regulations.
Article 35
These Regulations shall come into force on 1 March 2022.