The Cyberspace Administration of China on Aug. 27 released draft "Internet Information Service Algorithmic Recommendation Management Provisions" 《互联网信息服务算法推荐管理规定（征求意见稿）》for public comment, with submissions due Sept. 26.
Internet Information Service Algorithmic Recommendation Management Provisions (Opinion-seeking Draft)
Article 1: In order to standardize Internet information service algorithmic recommendation activities, safeguard national security and the social and public interest, protect the lawful rights and interests of citizens, legal persons, and other organizations, stimulate the healthy development of Internet information services, and carry forward the Socialist core value view; and on the basis of the “Cybersecurity Law of the People’s Republic of China," the “Data Security Law of the People’s Republic of China," the “Personal Information Protection Law of the People’s Republic of China," the “Internet Information Service Management Rules,” and other such laws and administrative regulations; these Provisions are formulated.
Article 2: These Provisions apply to the use of algorithmic recommendation technology to provide Internet information services (hereafter abbreviated as algorithmic recommendation services) within the mainland territory of the People’s Republic of China. Where laws and administrative regulations contain other provisions, those provisions are to be followed.
The use of algorithmic recommendation technology as mentioned in the previous Paragraph refers to the use of generative or synthetic–type, personalized recommendation–type, ranking and selection–type, search filter–type, dispatching and decision-making–type, and other such algorithmic technologies to provide information content to users.
Article 3: The national cybersecurity and informatization department is responsible for nationwide algorithmic recommendation service supervision, management, and law enforcement work. Provincial, autonomous region, and municipal cybersecurity and informatization departments are, on the basis of their duties and responsibilities, responsible for algorithmic recommendation service supervision, management, and law enforcement work within their administrative areas.
Article 4: Algorithmic recommendation service providers providing algorithmic recommendation services shall abide by laws and regulations, observe social morality and ethics, abide by commercial ethics and professional ethics, and respect the principles of fairness and justice, openness and transparency, science and reason, and sincerity and trustworthiness.
Article 5: Relevant sectoral organizations are encouraged to strengthen sectoral self-discipline, establish and complete self-discipline structures and sectoral norms, organize the formulation of sectoral standards, supervise and guide algorithmic recommendation service providers in establishing and completing service standards, providing services according to the law and accepting social supervision.
Article 6: Algorithmic recommendation service providers shall uphold mainstream value orientations, optimize algorithmic recommendation service mechanisms, vigorously disseminate positive energy, and advance the use of algorithms upwards and in the direction of good.
Algorithmic recommendation service providers may not use algorithmic recommendation services to engage in activities harming national security, upsetting the economic order and social order, infringing the lawful rights and interests of other persons, and other such acts prohibited by laws and administrative regulations. They may not use algorithmic recommendation services to disseminate information prohibited by laws and administrative regulations.
Article 7: Algorithmic recommendation service providers shall: fulfil their primary responsibility for algorithmic security, establish and complete management systems for user registration, information dissemination examination and verification, algorithmic mechanism examination and verification, security assessment and monitoring, security incident response and handling, data security protection and personal information protection, etc.; formulate and disclose algorithmic recommendation-related service norms; and allocate specialized personnel and technical support suited to the scale of algorithmic recommendation services.
Article 8: Algorithmic recommendation service providers shall regularly examine, verify, assess, and check algorithmic mechanisms, models, data, and application outcomes, etc., and may not set up algorithmic models that go against public order and good customs, such as by leading users to addiction or high-value consumption.
Article 9: Algorithmic recommendation service providers shall strengthen information content management; establish and complete feature databases to be used to identify unlawful and harmful information; and perfect database entry standards, norms, and processes. Where it is discovered that algorithmically generated or synthetic information has not been marked with an indicator, it shall be marked with an indicator, and only then may dissemination continue.
Where unlawful information is discovered, transmission shall be ceased immediately, measures such as deletion adopted to handle it, information spread prevented, and relevant records preserved; and a report shall be made to the cybersecurity and informatization department. Where harmful information is discovered, it shall be dealt with according to online information content ecology management-related regulations.
Article 10: Algorithmic recommendation service providers shall strengthen user model and user tagging management and perfect norms for logging interests in user models. They may not enter unlawful or harmful information as keywords into user interests or make them into user tags to use them as a basis for recommending information content, and may not set up discriminatory or biased user tags.
Article 11: Algorithmic recommendation service providers shall strengthen algorithmic recommendation service display or page ecology management, establish and perfect mechanisms for manual intervention and autonomous user choice, and vigorously present information content conform to mainstream value orientations in key segments such as front pages and main screens, hot search terms, selected topics, topic lists, pop-up windows, etc.
Article 12: Algorithmic recommendation service providers shall comprehensively use tactics such as content de-weighting, scattering interventions, etc., and optimize the transparency and understandability of search, ranking, selection, push notification, display, and other such norms, to avoid creating harmful influence on users, or triggering controversies or disputes.
Article 13: Algorithmic recommendation service providers may not use algorithms to falsely register users, illegally trade accounts, or manipulate user accounts; or for false likes, comments, reshares, web page navigation, etc.; or to carry out flow falsification or flow hijack. They may not use algorithms to shield information, over-recommend, manipulate topic lists or search result rankings, or control hot search terms or selections and other such interventions in information presentation; or to carry out self-preferencing, improper competition, influence on online public opinion, or evasion of supervision and management.
Article 14: Algorithmic recommendation service providers shall notify users in a clear manner about the situation of the algorithmic recommendation services they provide, and publicize the basic principles, purposes and motives, operational mechanisms, etc., of the algorithmic recommendation services in a suitable manner.
Article 15: Algorithmic recommendation service providers shall provide users with a choice to not target their individual characteristics, or provide users with a convenient option to switch off algorithmic recommendation services. Where users choose to switch off algorithmic recommendation services, the algorithmic recommendation service provider shall immediately cease providing related services.
Algorithmic recommendation service providers shall provide users with functions to choose, revise, or delete user tags used for algorithmic recommendation services.
Where users believe algorithmic recommendation service providers use algorithms in a manner creating a major influence on their rights and interests, they have the right to require the algorithmic recommendation service provider to give an explanation and adopt related measures to improve or remedy the situation.
Article 16: Where algorithmic recommendation service providers provide services to minors, they shall fulfill duties for the online protection of minors according to the law, and make it convenient for minors to obtain information content beneficial to their physical and mental health, through developing models suited for use with minors, providing services suited to the specific characteristics of minors, etc.
Algorithmic recommendation service providers may not push information content toward minor users that may incite the minor to imitate unsafe conduct, or acts violating social morals, or lead the minor towards harmful tendencies or may influence minors’ physical and mental health in other ways; and they may not use algorithmic recommendation services to lead minors to online addiction.
Article 17: Where algorithmic recommendation service providers provide work dispatch services to workers, they shall establish and perfect algorithms related to platform sign-on and allocation, remuneration composition and payment, work time, rewards, etc., and fulfil the duty to ensure workers’ rights and interests.
Article 18: Where algorithmic recommendation service providers sell products or provide services to consumers, they shall protect consumers’ lawful rights and interests, they may not use algorithms to commit acts of extending unreasonably differentiated treatment in trading conditions such as trading prices, etc., and other such unlawful activities, on the basis of consumers’ tendencies, trading habits and other such characteristics.
Article 19: The national cybersecurity and informatization department is to establish a categorized and graded management system, to implement categorized and graded management of algorithmic recommendation service providers on the basis of the public opinion properties of algorithmic recommendation services or their social mobilization capability, content categories, scale of users, the degree of sensitivity of data handled in algorithmic recommendation, the degree of interference in users’ activities, etc.
Article 20: Providers of algorithmic recommendation services with public opinion properties or having social mobilization capabilities shall, within 10 working days of providing services, report the provider’s name, form of service, domain of application, algorithm type, algorithm self-assessment report, content intended to be publicized, and other such information through the Internet information service algorithm filing system, and carry out filing formalities.
When a change occurs in the filed information of algorithmic recommendation service providers, they shall carry out modification procedures within five working days of the change occurring.
Where algorithmic recommendation service providers cease services, they shall carry out filing cancellation procedures within 30 working days of ceasing services, and make appropriate arrangements.
Article 21: The national and provincial, autonomous region, and municipal cybersecurity and informatization departments shall, after receiving filing materials submitted by a filing applicant, and where the materials are complete, grant filing within 30 working days, and issue a filing number and publish the matter; where materials are not complete, filing is not to be granted, and the filing applicant shall be notified within 30 working days, and the reason explained.
Article 22: Algorithmic recommendation service providers who have completed filing shall indicate their filing number in a clear position on their website, application program, etc., used for providing external services, and provide a link to the published information.
Article 23: The providers of algorithmic recommendation services with public opinion properties or social mobilization capabilities shall conduct a security assessment according to relevant State regulations.
Algorithmic recommendation service providers shall perfect algorithmic recommendation service management mechanisms and preserve information such as algorithmic recommendation service daily records, etc., with a preservation period not less than six months, and shall provide them when relevant law enforcement departments inquire for them according to the law.
Article 24: The national, provincial, autonomous region, and municipal cybersecurity and informatization departments, together with relevant competent departments, conduct algorithm security assessment and supervision and inspection work on algorithmic recommendation services, and promptly give suggestions to correct discovered problems and provide a time limit for rectification.
Algorithmic recommendation service providers shall cooperate with relevant competent departments carrying out security assessment, supervision, and inspection work according to the law, and provide the necessary technical, data, etc., support and assistance.
Article 25: Related bodies and personnel participating in algorithmic recommendation service security assessment, supervision, and inspection shall maintain strict confidentiality of the personal information, private [information], and commercial secrets they learn when exercising their duties and responsibilities, they may not disclose, sell, or illegally provide it to other persons.
Article 26: Algorithmic recommendation service providers shall accept social supervision, set up convenient complaints and reporting interfaces, and promptly accept and handle complaints and reports from the public.
Algorithmic recommendation service providers shall establish user appeals channels and mechanisms, to standardize the handling of user appeals and the timely provision of feedback, and realistically ensure the lawful rights and interests of users.
Article 27: Where algorithmic recommendation service providers violate the provisions of Article 7, Article 8, Article 9 Paragraph I, Article 10, Article 11, Article 12, Article 13, Article 14, Article 15 Paragraph II, Article 22, or Article 26 of these Provisions, the national or provincial, autonomous region, or municipal cybersecurity and informatization departments are to, on the basis of their duties and responsibilities, issue a warning or a report of criticism, and order rectification within a limited time; where rectification is refused or circumstances are grave, they are to order provisional suspension of information updates, and impose a fine between 5,000 and 30,000 yuan. Where an act violating public order management is constituted, public order management punishment is to be imposed according to the law; where a crime is constituted, criminal liability is to be prosecuted according to the law.
Article 28: Where algorithmic recommendation service providers violate the provisions of Article 6, Article 9 Paragraph II, Article 15 Paragraph I and Paragraph III, Article 16, Article 17, Article 18, Article 23, or Article 24 Paragraph II of these Provisions, the cybersecurity and informatization or other relevant competent departments are to, on the basis of their duties and responsibilities, handle the matter according to the provisions of relevant laws, administrative regulations, and departmental rules.
Article 29: Where providers of algorithmic recommendation services with public opinion properties or social mobilization capabilities violate the provisions of Article 20 of these Provisions, by not filing according to requirements or hiding relevant circumstances when reporting for filing, providing false materials, or obtaining filing through fraud, bribery, or other such improper means, the national and provincial, autonomous region, or municipal cybersecurity and informatization departments are to cancel filing according to the law, issue a warning or a report of criticism, and order rectification within a limited time; where rectification is refused or circumstances are grave, they are to order provisional suspension of information updates, and impose a fine between 5,000 and 30,000 yuan.
Where providers of algorithmic recommendation services with public opinion properties or social mobilization capabilities cease services without promptly carrying out filing cancellation formalities according to requirements, or they receive administrative punishments such as cancellation of Internet information service permits, website closure, cessation of services, etc., because grave unlawful situations occurred, the national, provincial, autonomous region, and municipal cybersecurity and informatization departments are to impose filing cancellation.
Article 30: These Provisions take effect on [month], [day], 2021.
第三十条 本规定自2021年 月 日起施行。