Translation: Internet Information Service Algorithmic Recommendation Management Provisions (Draft for Comment) – Aug. 2021

Major new regulations on the use of recommendation algorithms issued for public comment

Published

August 27, 2021

Published

August 27, 2021


The Cyberspace Administration of China on Aug. 27 released draft "Internet Information Service Algorithmic Recommendation Management Provisions" 《互联网信息服务算法推荐管理规定(征求意见稿)》for public comment, with submissions due Sept. 26.

TRANSLATION

Internet Information Service Algorithmic Recommendation Management Provisions (Opinion-seeking Draft)

Article 1: In order to standardize Internet information service algorithmic recommendation activities, safeguard national security and the social and public interest, protect the lawful rights and interests of citizens, legal persons, and other organizations, stimulate the healthy development of Internet information services, and carry forward the Socialist core value view; and on the basis of the “Cybersecurity Law of the People’s Republic of China," the “Data Security Law of the People’s Republic of China," the “Personal Information Protection Law of the People’s Republic of China," the “Internet Information Service Management Rules,” and other such laws and administrative regulations; these Provisions are formulated.

Article 2: These Provisions apply to the use of algorithmic recommendation technology to provide Internet information services (hereafter abbreviated as algorithmic recommendation services) within the mainland territory of the People’s Republic of China. Where laws and administrative regulations contain other provisions, those provisions are to be followed.

The use of algorithmic recommendation technology as mentioned in the previous Paragraph refers to the use of generative or synthetic–type, personalized recommendation–type, ranking and selection–type, search filter–type, dispatching and decision-making–type, and other such algorithmic technologies to provide information content to users.

Article 3: The national cybersecurity and informatization department is responsible for nationwide algorithmic recommendation service supervision, management, and law enforcement work. Provincial, autonomous region, and municipal cybersecurity and informatization departments are, on the basis of their duties and responsibilities, responsible for algorithmic recommendation service supervision, management, and law enforcement work within their administrative areas.

Article 4: Algorithmic recommendation service providers providing algorithmic recommendation services shall abide by laws and regulations, observe social morality and ethics, abide by commercial ethics and professional ethics, and respect the principles of fairness and justice, openness and transparency, science and reason, and sincerity and trustworthiness.

Article 5: Relevant sectoral organizations are encouraged to strengthen sectoral self-discipline, establish and complete self-discipline structures and sectoral norms, organize the formulation of sectoral standards, supervise and guide algorithmic recommendation service providers in establishing and completing service standards, providing services according to the law and accepting social supervision.

Article 6: Algorithmic recommendation service providers shall uphold mainstream value orientations, optimize algorithmic recommendation service mechanisms, vigorously disseminate positive energy, and advance the use of algorithms upwards and in the direction of good.

Algorithmic recommendation service providers may not use algorithmic recommendation services to engage in activities harming national security, upsetting the economic order and social order, infringing the lawful rights and interests of other persons, and other such acts prohibited by laws and administrative regulations. They may not use algorithmic recommendation services to disseminate information prohibited by laws and administrative regulations.

Article 7: Algorithmic recommendation service providers shall: fulfil their primary responsibility for algorithmic security, establish and complete management systems for user registration, information dissemination examination and verification, algorithmic mechanism examination and verification, security assessment and monitoring, security incident response and handling, data security protection and personal information protection, etc.; formulate and disclose algorithmic recommendation-related service norms; and allocate specialized personnel and technical support suited to the scale of algorithmic recommendation services.

Article 8: Algorithmic recommendation service providers shall regularly examine, verify, assess, and check algorithmic mechanisms, models, data, and application outcomes, etc., and may not set up algorithmic models that go against public order and good customs, such as by leading users to addiction or high-value consumption.

Article 9: Algorithmic recommendation service providers shall strengthen information content management; establish and complete feature databases to be used to identify unlawful and harmful information; and perfect database entry standards, norms, and processes. Where it is discovered that algorithmically generated or synthetic information has not been marked with an indicator, it shall be marked with an indicator, and only then may dissemination continue.

Where unlawful information is discovered, transmission shall be ceased immediately, measures such as deletion adopted to handle it, information spread prevented, and relevant records preserved; and a report shall be made to the cybersecurity and informatization department. Where harmful information is discovered, it shall be dealt with according to online information content ecology management-related regulations.

Article 10: Algorithmic recommendation service providers shall strengthen user model and user tagging management and perfect norms for logging interests in user models. They may not enter unlawful or harmful information as keywords into user interests or make them into user tags to use them as a basis for recommending information content, and may not set up discriminatory or biased user tags.

Article 11: Algorithmic recommendation service providers shall strengthen algorithmic recommendation service display or page ecology management, establish and perfect mechanisms for manual intervention and autonomous user choice, and vigorously present information content conform to mainstream value orientations in key segments such as front pages and main screens, hot search terms, selected topics, topic lists, pop-up windows, etc.

Article 12: Algorithmic recommendation service providers shall comprehensively use tactics such as content de-weighting, scattering interventions, etc., and optimize the transparency and understandability of search, ranking, selection, push notification, display, and other such norms, to avoid creating harmful influence on users, or triggering controversies or disputes.

Article 13: Algorithmic recommendation service providers may not use algorithms to falsely register users, illegally trade accounts, or manipulate user accounts; or for false likes, comments, reshares, web page navigation, etc.; or to carry out flow falsification or flow hijack. They may not use algorithms to shield information, over-recommend, manipulate topic lists or search result rankings, or control hot search terms or selections and other such interventions in information presentation; or to carry out self-preferencing, improper competition, influence on online public opinion, or evasion of supervision and management.

Article 14: Algorithmic recommendation service providers shall notify users in a clear manner about the situation of the algorithmic recommendation services they provide, and publicize the basic principles, purposes and motives, operational mechanisms, etc., of the algorithmic recommendation services in a suitable manner.

Article 15: Algorithmic recommendation service providers shall provide users with a choice to not target their individual characteristics, or provide users with a convenient option to switch off algorithmic recommendation services. Where users choose to switch off algorithmic recommendation services, the algorithmic recommendation service provider shall immediately cease providing related services.

Algorithmic recommendation service providers shall provide users with functions to choose, revise, or delete user tags used for algorithmic recommendation services.

Where users believe algorithmic recommendation service providers use algorithms in a manner creating a major influence on their rights and interests, they have the right to require the algorithmic recommendation service provider to give an explanation and adopt related measures to improve or remedy the situation.

Article 16: Where algorithmic recommendation service providers provide services to minors, they shall fulfill duties for the online protection of minors according to the law, and make it convenient for minors to obtain information content beneficial to their physical and mental health, through developing models suited for use with minors, providing services suited to the specific characteristics of minors, etc.

Algorithmic recommendation service providers may not push information content toward minor users that may incite the minor to imitate unsafe conduct, or acts violating social morals, or lead the minor towards harmful tendencies or may influence minors’ physical and mental health in other ways; and they may not use algorithmic recommendation services to lead minors to online addiction.

Article 17: Where algorithmic recommendation service providers provide work dispatch services to workers, they shall establish and perfect algorithms related to platform sign-on and allocation, remuneration composition and payment, work time, rewards, etc., and fulfil the duty to ensure workers’ rights and interests.

Article 18: Where algorithmic recommendation service providers sell products or provide services to consumers, they shall protect consumers’ lawful rights and interests, they may not use algorithms to commit acts of extending unreasonably differentiated treatment in trading conditions such as trading prices, etc., and other such unlawful activities, on the basis of consumers’ tendencies, trading habits and other such characteristics.

Article 19: The national cybersecurity and informatization department is to establish a categorized and graded management system, to implement categorized and graded management of algorithmic recommendation service providers on the basis of the public opinion properties of algorithmic recommendation services or their social mobilization capability, content categories, scale of users, the degree of sensitivity of data handled in algorithmic recommendation, the degree of interference in users’ activities, etc.

Article 20: Providers of algorithmic recommendation services with public opinion properties or having social mobilization capabilities shall, within 10 working days of providing services, report the provider’s name, form of service, domain of application, algorithm type, algorithm self-assessment report, content intended to be publicized, and other such information through the Internet information service algorithm filing system, and carry out filing formalities.

When a change occurs in the filed information of algorithmic recommendation service providers, they shall carry out modification procedures within five working days of the change occurring.

Where algorithmic recommendation service providers cease services, they shall carry out filing cancellation procedures within 30 working days of ceasing services, and make appropriate arrangements.

Article 21: The national and provincial, autonomous region, and municipal cybersecurity and informatization departments shall, after receiving filing materials submitted by a filing applicant, and where the materials are complete, grant filing within 30 working days, and issue a filing number and publish the matter; where materials are not complete, filing is not to be granted, and the filing applicant shall be notified within 30 working days, and the reason explained.

Article 22: Algorithmic recommendation service providers who have completed filing shall indicate their filing number in a clear position on their website, application program, etc., used for providing external services, and provide a link to the published information.

Article 23: The providers of algorithmic recommendation services with public opinion properties or social mobilization capabilities shall conduct a security assessment according to relevant State regulations.

Algorithmic recommendation service providers shall perfect algorithmic recommendation service management mechanisms and preserve information such as algorithmic recommendation service daily records, etc., with a preservation period not less than six months, and shall provide them when relevant law enforcement departments inquire for them according to the law.

Article 24: The national, provincial, autonomous region, and municipal cybersecurity and informatization departments, together with relevant competent departments, conduct algorithm security assessment and supervision and inspection work on algorithmic recommendation services, and promptly give suggestions to correct discovered problems and provide a time limit for rectification.

Algorithmic recommendation service providers shall cooperate with relevant competent departments carrying out security assessment, supervision, and inspection work according to the law, and provide the necessary technical, data, etc., support and assistance.

Article 25: Related bodies and personnel participating in algorithmic recommendation service security assessment, supervision, and inspection shall maintain strict confidentiality of the personal information, private [information], and commercial secrets they learn when exercising their duties and responsibilities, they may not disclose, sell, or illegally provide it to other persons.

Article 26: Algorithmic recommendation service providers shall accept social supervision, set up convenient complaints and reporting interfaces, and promptly accept and handle complaints and reports from the public.

Algorithmic recommendation service providers shall establish user appeals channels and mechanisms, to standardize the handling of user appeals and the timely provision of feedback, and realistically ensure the lawful rights and interests of users.

Article 27: Where algorithmic recommendation service providers violate the provisions of Article 7, Article 8, Article 9 Paragraph I, Article 10, Article 11, Article 12, Article 13, Article 14, Article 15 Paragraph II, Article 22, or Article 26 of these Provisions, the national or provincial, autonomous region, or municipal cybersecurity and informatization departments are to, on the basis of their duties and responsibilities, issue a warning or a report of criticism, and order rectification within a limited time; where rectification is refused or circumstances are grave, they are to order provisional suspension of information updates, and impose a fine between 5,000 and 30,000 yuan. Where an act violating public order management is constituted, public order management punishment is to be imposed according to the law; where a crime is constituted, criminal liability is to be prosecuted according to the law.

Article 28: Where algorithmic recommendation service providers violate the provisions of Article 6, Article 9 Paragraph II, Article 15 Paragraph I and Paragraph III, Article 16, Article 17, Article 18, Article 23, or Article 24 Paragraph II of these Provisions, the cybersecurity and informatization or other relevant competent departments are to, on the basis of their duties and responsibilities, handle the matter according to the provisions of relevant laws, administrative regulations, and departmental rules.

Article 29: Where providers of algorithmic recommendation services with public opinion properties or social mobilization capabilities violate the provisions of Article 20 of these Provisions, by not filing according to requirements or hiding relevant circumstances when reporting for filing, providing false materials, or obtaining filing through fraud, bribery, or other such improper means, the national and provincial, autonomous region, or municipal cybersecurity and informatization departments are to cancel filing according to the law, issue a warning or a report of criticism, and order rectification within a limited time; where rectification is refused or circumstances are grave, they are to order provisional suspension of information updates, and impose a fine between 5,000 and 30,000 yuan.

Where providers of algorithmic recommendation services with public opinion properties or social mobilization capabilities cease services without promptly carrying out filing cancellation formalities according to requirements, or they receive administrative punishments such as cancellation of Internet information service permits, website closure, cessation of services, etc., because grave unlawful situations occurred, the national, provincial, autonomous region, and municipal cybersecurity and informatization departments are to impose filing cancellation.

Article 30: These Provisions take effect on [month], [day], 2021.

CHINESE-LANGUAGE ORIGINAL

Source: http://www.cac.gov.cn/2021-08/27/c_1631652502874117.htm

互联网信息服务算法推荐管理规定(征求意见稿)

第一条 为了规范互联网信息服务算法推荐活动,维护国家安全和社会公共利益,保护公民、法人和其他组织的合法权益,促进互联网信息服务健康发展,弘扬社会主义核心价值观,根据《中华人民共和国网络安全法》、《中华人民共和国数据安全法》、《中华人民共和国个人信息保护法》、《互联网信息服务管理办法》等法律、行政法规,制定本规定。

第二条 在中华人民共和国境内应用算法推荐技术提供互联网信息服务(以下简称算法推荐服务),适用本规定。法律、行政法规另有规定的,依照其规定。

前款所称应用算法推荐技术,是指应用生成合成类、个性化推送类、排序精选类、检索过滤类、调度决策类等算法技术向用户提供信息内容。

第三条 国家网信部门负责全国算法推荐服务的监督管理执法工作。省、自治区、直辖市网信部门依据职责负责本行政区域内算法推荐服务的监督管理执法工作。

第四条 算法推荐服务提供者提供算法推荐服务,应当遵守法律法规,尊重社会公德和伦理,遵守商业道德和职业道德,遵循公正公平、公开透明、科学合理和诚实信用的原则。

第五条 鼓励相关行业组织加强行业自律,建立健全自律制度和行业准则,组织制定行业标准,督促指导算法推荐服务提供者建立健全服务规范、依法提供服务并接受社会监督。

第六条 算法推荐服务提供者应当坚持主流价值导向,优化算法推荐服务机制,积极传播正能量,促进算法应用向上向善。

算法推荐服务提供者不得利用算法推荐服务从事危害国家安全、扰乱经济秩序和社会秩序、侵犯他人合法权益等法律、行政法规禁止的活动,不得利用算法推荐服务传播法律、行政法规禁止的信息。

第七条 算法推荐服务提供者应当落实算法安全主体责任,建立健全用户注册、信息发布审核、算法机制机理审核、安全评估监测、安全事件应急处置、数据安全保护和个人信息保护等管理制度,制定并公开算法推荐相关服务规则,配备与算法推荐服务规模相适应的专业人员和技术支撑。

第八条 算法推荐服务提供者应当定期审核、评估、验证算法机制机理、模型、数据和应用结果等,不得设置诱导用户沉迷或者高额消费等违背公序良俗的算法模型。

第九条 算法推荐服务提供者应当加强信息内容管理,建立健全用于识别违法和不良信息的特征库,完善入库标准、规则和程序。发现未作显著标识的算法生成合成信息的,应当作出显著标识后,方可继续传输。

发现违法信息的,应当立即停止传输,采取消除等处置措施,防止信息扩散,保存有关记录,并向网信部门报告。发现不良信息的,应当按照网络信息内容生态治理有关规定予以处置。

第十条 算法推荐服务提供者应当加强用户模型和用户标签管理,完善记入用户模型的兴趣点规则,不得将违法和不良信息关键词记入用户兴趣点或者作为用户标签并据以推送信息内容,不得设置歧视性或者偏见性用户标签。

第十一条 算法推荐服务提供者应当加强算法推荐服务版面页面生态管理,建立完善人工干预和用户自主选择机制,在首页首屏、热搜、精选、榜单类、弹窗等重点环节积极呈现符合主流价值导向的信息内容。

第十二条 算法推荐服务提供者应当综合运用内容去重、打散干预等策略,并优化检索、排序、选择、推送、展示等规则的透明度和可解释性,避免对用户产生不良影响、引发争议纠纷。

第十三条 算法推荐服务提供者不得利用算法虚假注册账号、非法交易账号、操纵用户账号,或者虚假点赞、评论、转发、网页导航等,实施流量造假、流量劫持;不得利用算法屏蔽信息、过度推荐、操纵榜单或者检索结果排序、控制热搜或者精选等干预信息呈现,实施自我优待、不正当竞争、影响网络舆论或者规避监管。

第十四条 算法推荐服务提供者应当以显著方式告知用户其提供算法推荐服务的情况,并以适当方式公示算法推荐服务的基本原理、目的意图、运行机制等。

第十五条 算法推荐服务提供者应当向用户提供不针对其个人特征的选项,或者向用户提供便捷的关闭算法推荐服务的选项。用户选择关闭算法推荐服务的,算法推荐服务提供者应当立即停止提供相关服务。

算法推荐服务提供者应当向用户提供选择、修改或者删除用于算法推荐服务的用户标签的功能。

用户认为算法推荐服务提供者应用算法对其权益造成重大影响的,有权要求算法推荐服务提供者予以说明并采取相应改进或者补救措施。

第十六条 算法推荐服务提供者向未成年人提供服务的,应当依法履行未成年人网络保护义务,并通过开发适合未成年人使用的模式、提供适合未成年人特点的服务等方式,便利未成年人获取有益身心健康的信息内容。

算法推荐服务提供者不得向未成年人用户推送可能引发未成年人模仿不安全行为和违反社会公德行为、诱导未成年人不良嗜好等可能影响未成年人身心健康的信息内容,不得利用算法推荐服务诱导未成年人沉迷网络。

第十七条 算法推荐服务提供者向劳动者提供工作调度服务的,应当建立完善平台订单分配、报酬构成及支付、工作时间、奖惩等相关算法,履行劳动者权益保障义务。

第十八条 算法推荐服务提供者向消费者销售商品或者提供服务的,应当保护消费者合法权益,不得根据消费者的偏好、交易习惯等特征,利用算法在交易价格等交易条件上实行不合理的差别待遇等违法行为。

第十九条 国家网信部门建立分类分级管理制度,根据算法推荐服务的舆论属性或者社会动员能力、内容类别、用户规模、算法推荐技术处理的数据敏感程度、对用户行为的干预程度等对算法推荐服务提供者实施分类分级管理。

第二十条 具有舆论属性或者社会动员能力的算法推荐服务提供者应当在提供服务之日起十个工作日内通过互联网信息服务算法备案系统填报服务提供者的名称、服务形式、应用领域、算法类型、算法自评估报告、拟公示内容等信息,履行备案手续。

算法推荐服务提供者的备案信息发生变更时,应当在变更之日起五个工作日内办理变更手续。

算法推荐服务提供者终止服务的,应当在终止服务三十个工作日前办理注销备案手续,并作出妥善安排。

第二十一条 国家和省、自治区、直辖市网信部门收到备案人提交的备案材料后,材料齐全的,应当在三十个工作日内予以备案,发放备案编号并进行公示;材料不齐全的,不予备案,并应当在三十个工作日内通知备案人并说明理由。

第二十二条 完成备案的算法推荐服务提供者应当在其对外提供服务的网站、应用程序等显著位置标明其备案编号并提供公示信息链接。

第二十三条 具有舆论属性或者社会动员能力的算法推荐服务提供者应当按照国家有关规定开展安全评估。

算法推荐服务提供者应当完善算法推荐服务管理机制,对算法推荐服务日志等信息进行留存,留存期限不少于六个月,并在相关执法部门依法查询时予以提供。

第二十四条 国家和省、自治区、直辖市网信部门会同有关主管部门对算法推荐服务开展算法安全评估和监督检查工作,对发现的问题及时提出整改意见并限期整改。

算法推荐服务提供者应当配合有关主管部门依法实施的安全评估和监督检查工作,并提供必要的技术、数据等支持和协助。

第二十五条 参与算法推荐服务安全评估和监督检查的相关机构和人员应当对在履行职责中知悉的个人信息、隐私和商业秘密严格保密,不得泄露、出售或者非法向他人提供。

第二十六条 算法推荐服务提供者应当接受社会监督,设置便捷的投诉举报入口,及时受理和处理公众投诉举报。

算法推荐服务提供者应当建立用户申诉渠道和制度,规范处理用户申诉并及时反馈,切实保障用户合法权益。

第二十七条 算法推荐服务提供者违反本规定第七条、第八条、第九条第一款、第十条、第十一条、第十二条、第十三条、第十四条、第十五条第二款、第二十二条、第二十六条规定的,由国家和省、自治区、直辖市网信部门依据职责给予警告、通报批评,责令限期改正;拒不改正或者情节严重的,责令暂停信息更新,并处五千元以上三万元以下罚款。构成违反治安管理行为的,依法给予治安管理处罚;构成犯罪的,依法追究刑事责任。

第二十八条 算法推荐服务提供者违反本规定第六条、第九条第二款、第十五条第一款、第三款、第十六条、第十七条、第十八条、第二十三条、第二十四条第二款规定的,由网信等有关主管部门依据职责,按照有关法律、行政法规和部门规章的规定予以处理。

第二十九条 具有舆论属性或者社会动员能力的算法推荐服务提供者违反本规定第二十条的规定,未按照要求备案或者在报送备案时隐瞒有关情况、提供虚假材料或者通过欺骗、贿赂等不正当手段取得备案的,由国家和省、自治区、直辖市网信部门依法撤销备案,并给予警告、通报批评,责令限期改正;拒不改正或者情节严重的,责令暂停信息更新,并处五千元以上三万元以下罚款。

具有舆论属性或者社会动员能力的算法推荐服务提供者终止服务未按照要求及时办理注销备案手续,或者发生严重违法情形受到吊销互联网信息服务许可、关闭网站、终止服务等行政处罚的,由国家和省、自治区、直辖市网信部门予以注销备案。

第三十条 本规定自2021年 月 日起施行。