This translation by Rogier Creemers has not been edited or reviewed by the DigiChina team and should be treated as an initial reference, in line with the hundreds of translations DigiChina has imported from the China Copyright & Media project (see here). If it is edited and reviewed in the future, the update will be noted. –Ed.

TRANSLATION

In order to fully standardize mobile Internet programme information service management, stimulate the healthy and orderly development of the sector, ensure the lawful rights and interests of citizens, legal persons and other organizations, create a clean and crisp cyberspace, on the basis of legal provisions such as the "Cybersecurity Law of the People's Republic of China", the "Data Security Law of the People's Republic of China", the "Personal Information Protection Law of the People's Republic of China", the "Internet Information Service Management Rules", the Online Information Content Ecology Governance Regulations", etc., the Cyberspace Administration of China has revised the "Mobile Internet Application Information Service Management Regulations" that officially took effect on 1 August 2016, and publicly solicits opinions from society.

The public may send their feedback and opinions through e-mail to: yycxxd@cac.gov.cn, the deadline for opinions and feedback is 20 January 2022.

Cyberspace Administration of China

5 January 2022

Mobile Internet Application Programme Information Service Management Regulations (Opinion-seeking Draft)

Chapter I: General provisions

Article 1: In order to standardize mobile Internet application programme information services, protect the lawful rights and interests of citizens, legal persons and other organizations, and safeguard national security and the public interest, on the basis of legal provisions such as the "Cybersecurity Law of the People's Republic of China", the "Data Security Law of the People's Republic of China", the "Personal Information Protection Law of the People's Republic of China", the "Internet Information Service Management Rules", the Online Information Content Ecology Governance Regulations", etc., these Regulations are formulated.

Article 2: These regulations shall be complied with when providing information services through mobile Internet application programmes (hereafter abbreviated as applications), and engaging in Internet application stores and other such application distribution services within the territory of the People's Republic of China.

Application information services as mentioned in these Regulations refers to activities of providing services to produce, reproduce, disseminate, broadcast, etc. text, images, speech, audiovisual and other such information through applications, including instant messaging, news information, knowledge questions and answers, forums and communities, online live-streaming, e-commerce, online audiovisual, life services and other such information service categories.

Engaging in Internet application stores and other such application distribution services as mentioned in these Regulations refers to activities of providing services to users of application dissemination, download, dynamic addition, etc., through the Internet, including application stores, fast applications, small Internet programmes, browser plug-ins and other such platform distribution service categories.

Article 3: The Cyberspace Administration of China is responsible for supervision, management and law enforcement work concerning application information content nationwide. Local Internet information offices are, on the basis of their duties and responsibilities, responsible for supervision, management and law enforcement work of application information content within their administrative areas.

Article 4: Application providers and application distribution platforms shall abide by the Constitution, the law and administrative regulations, abide by public order and fine customs, fulfil social responsibilities, persist in the correct political opinion, public opinion orientation and value orientation, carry forward the Socialist cove value vision, develop vigorous and healthy online culture, preserve a clean and crisp cyberspace, enrich the people's spiritual and cultural lives, and stimulate social and cultural progress.

Application providers and application distribution platforms may not use applications to engage in activities violating national security, upsetting social order, infringing other persons' lawful rights and interests and other such acts prohibited by laws and administrative regulations.

Article 5: Application providers and application distribution platforms shall fulfil dominant responsibility concerning information content management, establish and complete management structures for information content security management, information content ecology management, online data security, personal information protection, protection of minors, etc., ensure the security of information content, create a benign online ecology, and strengthen the protection of users' rights and interests.

Chapter II: Application providers

Article 6: Where applications provide information dissemination, instant messaging and other such services to users, real identity information verification shall be conducted of users applying to register based on the mobile telephone number, identity card number or uniform social credit code or other such methods. Where users do not provide real identity information, or illegally use the identity information of organizations, bodies or other persons to conduct false registrations, related services may not be provided to them.

Article 7: Application providers providing Internet news information services through applications shall obtain an Internet news information service permit, it is prohibited for Internet news information services to be launched without a permit or in excess of a permit's scope.

Where the provision of other Internet information services requires obtaining the consent of related competent departments or related permits according to the law, these services may only be provided after obtaining consent from the relevant competent department or the relevant permit.

Article 8: Application providers shall formulate and publish management norms and platform conventions, sign service agreement with registered users, clarify the related rights and duties of both sides, and require registered users to abide by these Regulations and related laws and regulations.

Article 9: Application providers shall establish and complete information content verification and management mechanisms, establish and perfect management measures for user registration, account management, information verification, daily inspections, emergency response, etc., and allocate specialist personnel and technical capabilities suited to the scale of the service.

With regard to registered users violating related laws and regulations as well as service agreements, application providers shall adopt punitive measures according to the law and according to contract such as warnings, limitation of functionality, account closure, etc., preserve records and notify the relevant competent department.

Article 10: Application providers shall standardize commercial management activities, they may not induce users to download through false advertising, bundled downloads or other such activities, or using unlawful and harmful information, and they may not cheat on rankings, cheat on quantities or control ratings through machine or manual means, or create false traffic.

Article 11: Applications shall comply with the mandatory requirements of cybersecurity-related national standards. When application providers discover their application contents security flaws, vulnerabilities, and other such risks, they shall immediately adopt remedial measures, timely notify users according to regulations and report the matter to the relevant competent department. 

Article 12: Those launching application data handling activities, shall fulfil data security protection duties, establish and perfect whole-workflow data security management structures, adopt technical measures to ensure data security and other security measures, and strengthen risk monitoring strengthened, they may not harm national security and the public interest, and may not harm the lawful rights and interests of other individuals or organizations.

Article 13: Those engaging in application personal information handling activities shall abide by the principles of legality, propriety, necessity and sincerity, have clear and reasonable purposes and publish handling rules, abide by provisions relating to the necessary personal information scope, standardize personal information handling activities, adopt the necessary measures to ensure the security of personal information, they may not coerce or require users to consent to non-necessary personal information handling activities for any reason, they may not refuse users to use basic functions of the service due to their refusal to consent to provide non=necessary personal information.

Article 14: Application providers shall persist in the principle of most benefit to minors, pay attention to the healthy growing up of minors, implement all duties concerning the online protection of minors, strictly implement minor user account real-name registration and recording requirements, and may not provide related products and services to minor users that lead them to addiction in any way.

Article 15: Application providers uploading new technologies, new applications or new functions with public opinion characteristics or social mobilization capabilities shall conduct security assessment according to relevant state regulations.

Chapter III: Application Distribution Platforms

Article 16: Application distribution platforms shall, within thirty days of the business going online, file with the local provincial, autonomous region or municipal Internet information office. When handling filing, they shall submit the following materials:

(1) The basic situation of the platform operating subject;

(2) The platform's name, domain name, access service, service credentials, categories of traded applications and other such information;

(3) The commercial Internet information service permit the platform has obtained or the non-commercial Internet information service filing, and other such materials;

(4) Documents related to the structures of which Article 5 of these Regulations requires the establishment and completion;

(5) The platform's management rules, conventions, service agreements, etc.

Provincial, autonomous region and municipal Internet information departments conducts examination and verification of the veracity and completeness of the filing materials, and shall grant filing to those meeting conditions.

The Cyberspace Administration of China will publish an application distribution platform name list of those having fulfilled filing procedures to society.

Article 17: Application distribution platforms shall establish categorized management systems, implement categorized management of traded applications, and file the applications with the local provincial, autonomous region or municipal Internet information office of the application distribution platform.

Article 18: Application distribution platforms shall adopt composite verification and other such methods to conduct rea identity information verification of application providers applying to trade, based on integrating mobile telephone numbers, identity card numbers or uniform social credit codes and multiple other methods. On the basis of the different subjective natures of application providers, [they shall] publish providers' names, uniform social credit codes and other such information. 

Article 19: Application distribution platforms shall conduct examination and verification of the name, icon, presentation text, information services, personal information collection and use activities, etc. of applications applied for trading or updates, where they discover discrepancies with the registered subject's real identity information, and especially where the matter uses Party and State imagery or symbols or pass off under the guise of State bodies in violation of regulations, services may not be provided to them, where they discover [applications] contain information that violated laws, regulations or is harmful, data security risks and dangers exist, personal information collection in violation of laws or regulation occurs, or the lawful rights and interests of individuals or organizations are harmed, they shall cease provision of service.

Where application-provided information services fall within the scope provided in Article 7 of these Regulations, application distribution platforms shall conduct examination and verification of the related permits and other such matters; where it falls within the scope provided in Article 15 of these Regulations, application distribution platforms shall conduct examination and verification of the security assessment situation. Where examination and verification are not passed, they shall cease providing services.

Article 20: Application distribution platforms shall establish application monitoring and assessment mechanisms, enhance technological capabilities and management efficacy, determinedly attack the online black and grey industry, prevent activities of falsification of download quantities, evaluation indicators and other such data, they may not conduct false advertising by fabricating download numbers, fabricating evaluations and other such methods.

Article 21: Application distribution platforms shall sign service agreements with application providers, clarifying both sides' related rights and duties, and implement management responsibility according to the law and the contract.

Application distribution platforms shall establish and complete management and technology measures to timely discover and prevent activities violating laws and regulations in applications.

With regard to applications violating related laws and regulations as well as the service agreement, application distribution platforms shall adopt response measures such as warnings, cessation of services, removal from trading, etc. according to the law and the contract, preserve records and report the matter to the relevant competent department.

Chapter IV: Supervision and management

Article 22: Application providers and application distribution platforms shall consciously accept social supervision, set up eye-catching and convenient complaint and reporting access points, publish complaint and reporting methods. complete mechanisms for acceptance, handling, feedback etc., and timely handle the public's reports and complaints.

Article 23: Internet sectoral organizations are encouraged to establish and complete sectoral self-discipline mechanisms, formulate and perfect sectoral norms and self-discipline conventions, guide member work units in establishing and completing service standards, provide information services according to the law and according to regulations, uphold market fairness, and stimulate the healthy development of the sector.

Article 24: Cybersecurity and informatization departments will, together with relevant competent departments, establish and complete work mechanisms, to supervise and guide application providers and application distributing platforms to engage in information service activities according to the law and according to regulations. Application providers and application distribution platforms shall grant cooperation with relevant departments carrying out supervision and inspection according to the law, and provide the necessary technical support and assistance.

Article 25: Application providers and application distribution platforms violating the provisions of this law, shall be dealt with according to related laws and regulations by the cybersecurity and informatization departments and relevant competent departments within their scope of duties and responsibilities.

Chapter V: Supplementary provisions

Article 26: Mobile Internet application programmes as mentioned in these Regulations, refers to application software operating on mobile terminals, providing information services to users.

Internet application provider as mentioned in these Regulations, refers to the owner or operator of mobile Internet application programmes providing information services.

Internet application distribution platforms as mentioned in these Regulation, refers to mobile Internet information service providers providing Internet application programme dissemination, download, dynamic loading and other such distribution services. 

Article 27: These Regulations take effect on (day, month) 2022.

CHINESE-LANGUAGE ORIGINAL

Source: http://www.cac.gov.cn/2022-01/05/c_1642983962594050.htm

为了进一步规范移动互联网应用程序信息服务管理，促进行业健康有序发展，保障公民、法人和其他组织的合法权益，营造清朗网络空间，根据《中华人民共和国网络安全法》《中华人民共和国数据安全法》《中华人民共和国个人信息保护法》《互联网信息服务管理办法》《网络信息内容生态治理规定》等法律规定，国家互联网信息办公室对2016年8月1日正式施行的《移动互联网应用程序信息服务管理规定》进行了修订，现向社会公开征求意见。

公众可将反馈意见通过电子邮件方式发送至：yycxxd@cac.gov.cn，意见反馈截止时间为2022年1月20日。

国家互联网信息办公室

2022年1月5日

移动互联网应用程序信息服务管理规定

（征求意见稿）

第一章 总 则

第一条 为了规范移动互联网应用程序信息服务，保护公民、法人和其他组织的合法权益，维护国家安全和公共利益，根据《中华人民共和国网络安全法》《中华人民共和国数据安全法》《中华人民共和国个人信息保护法》《中华人民共和国未成年人保护法》《互联网信息服务管理办法》《互联网新闻信息服务管理规定》《网络信息内容生态治理规定》等法律规定，制定本规定。

第二条 在中华人民共和国境内通过移动互联网应用程序（以下简称应用程序）提供信息服务，从事互联网应用商店等应用程序分发服务，应当遵守本规定。

本规定所称应用程序信息服务是指通过应用程序向用户提供文字、图片、语音、视频等信息制作、复制、发布、传播等服务的活动，包含即时通讯、新闻资讯、知识问答、论坛社区、网络直播、电子商务、网络音视频、生活服务等信息服务类型。

本规定所称从事互联网应用商店等应用程序分发服务是指通过互联网向用户提供应用程序发布、下载、动态加载等服务的活动，包含应用商店、快应用、互联网小程序、浏览器插件等平台分发服务类型。

第三条 国家互联网信息办公室负责全国应用程序信息内容的监督管理执法工作。地方互联网信息办公室依据职责负责本行政区域内应用程序信息内容的监督管理执法工作。

第四条 应用程序提供者和应用程序分发平台应当遵守宪法、法律和行政法规，遵循公序良俗，履行社会责任，坚持正确政治方向、舆论导向和价值取向，弘扬社会主义核心价值观，发展积极健康的网络文化，维护清朗网络空间，丰富人民精神文化生活，促进社会文明进步。

应用程序提供者和应用程序分发平台不得利用应用程序从事危害国家安全、扰乱社会秩序、侵犯他人合法权益等法律法规禁止的活动。

第五条 应用程序提供者和应用程序分发平台应当履行信息内容管理主体责任，建立健全信息内容安全管理、信息内容生态治理、网络数据安全、个人信息保护、未成年人保护等管理制度，确保信息内容安全，营造良好网络生态，强化用户权益保护。

第二章 应用程序提供者

第六条 应用程序为用户提供信息发布、即时通讯等服务的，应当对申请注册的用户进行基于移动电话号码、身份证件号码或者统一社会信用代码等方式的真实身份信息认证。用户不提供真实身份信息，或者冒用组织机构、他人身份信息进行虚假注册的，不得为其提供相关服务。

第七条 应用程序提供者通过应用程序提供互联网新闻信息服务，应当取得互联网新闻信息服务许可，禁止未经许可或者超越许可范围开展互联网新闻信息服务活动。

提供其他互联网信息服务，依法须经有关主管部门审核同意或者取得相关许可的，经有关主管部门审核同意或者取得相关许可后方可提供服务。

第八条 应用程序提供者应当制定并公开管理规则和平台公约，与注册用户签订服务协议，明确双方相关权利义务，要求注册用户遵守本规定及相关法律法规。

第九条 应用程序提供者应当建立健全信息内容审核管理机制，建立完善用户注册、账号管理、信息审核、日常巡查、应急处置等管理措施，配备与服务规模相适应的专业人员和技术能力。

对违反相关法律法规及服务协议的注册用户，应用程序提供者应当依法依约采取警示、限制功能、关闭账号等处置措施，保存记录并向有关主管部门报告。

第十条 应用程序提供者应当规范经营管理行为，不得通过虚假宣传、捆绑下载等行为，或者利用违法和不良信息诱导用户下载，不得通过机器或人工方式刷榜、刷量、控评，营造虚假流量。

第十一条 应用程序应当符合网络安全相关国家标准的强制性要求。应用程序提供者发现其应用程序存在安全缺陷、漏洞等风险时，应当立即采取补救措施，按照规定及时告知用户并向有关主管部门报告。

第十二条 开展应用程序数据处理活动，应当履行数据安全保护义务，建立健全全流程数据安全管理制度，采取保障数据安全技术措施和其他安全措施，加强风险监测，不得危害国家安全、公共利益，不得损害个人、组织的合法权益。

第十三条 从事应用程序个人信息处理活动应当遵循合法、正当、必要和诚信原则，具有明确、合理的目的并公开处理规则，遵守必要个人信息范围的有关规定，规范个人信息处理活动，采取必要措施保障个人信息安全，不得以任何理由强制要求用户同意非必要的个人信息处理行为，不得因用户不同意提供非必要个人信息，而拒绝用户使用其基本功能服务。

第十四条 应用程序提供者应当坚持最有利于未成年人的原则，关注未成年人健康成长，履行未成年人网络保护各项义务，严格落实未成年用户账号实名注册和登录要求，不得以任何形式向未成年用户提供诱导其沉迷的相关产品和服务。

第十五条 应用程序提供者上线具有舆论属性或者社会动员能力的新技术、新应用、新功能，应当按照国家有关规定进行安全评估。

第三章 应用程序分发平台

第十六条 应用程序分发平台应当在业务上线运营三十日内向所在地省、自治区、直辖市互联网信息办公室备案。办理备案时，应当提交以下材料：

（一）平台运营主体基本情况；

（二）平台名称、域名、接入服务、服务资质、上架应用程序类别等信息；

（三）平台取得的经营性互联网信息服务许可或者非经营性互联网信息服务备案等材料；

（四）本规定第五条要求建立健全的相关制度文件；

（五）平台管理规则、公约、服务协议等。

省、自治区、直辖市互联网信息办公室对备案材料的真实性、完备性进行审核，符合条件的应当予以备案。

国家互联网信息办公室向社会公布已经履行备案手续的应用程序分发平台名单。

第十七条 应用程序分发平台应当建立分类管理制度，对上架的应用程序实施分类管理，并将应用程序向应用程序分发平台所在地省、自治区、直辖市互联网信息办公室备案。

第十八条 应用程序分发平台应当采取复合验证等措施，对申请上架的应用程序提供者进行基于移动电话号码、身份证件号码或者统一社会信用代码等多种方式相结合的真实身份信息认证。根据应用程序提供者的不同主体性质，公示提供者名称、统一社会信用代码等信息。

第十九条 应用程序分发平台应当对申请上架和更新的应用程序名称、图标、简介、信息服务、个人信息收集使用行为等进行审核，发现与注册主体真实身份信息不相符的，特别是违规使用党和国家形象标识或者假冒国家机关名义的，不得为其提供服务；发现含有违法违规和不良信息的，存在数据安全风险隐患、违法违规收集使用个人信息行为的，或者损害个人、组织合法权益的，应当停止提供服务。

应用程序提供的信息服务属于本规定第七条规定范围的，应用程序分发平台应当对相关许可等情况进行核验；属于本规定第十五条规定范围的，应用程序分发平台应当对安全评估情况进行核验。未通过核验的，应当停止提供服务。

第二十条 应用程序分发平台应当建立应用程序监测评估机制，提升技术能力和管理效能，坚决打击网络黑灰产，防范下载量、评价指标等数据造假行为，不得以虚构下载量、编造评价等方式进行虚假宣传。

第二十一条 应用程序分发平台应当与应用程序提供者签订服务协议，明确双方相关权利义务，并依法依约履行管理责任。

应用程序分发平台应当建立健全管理和技术措施，及时发现防范应用程序违法违规行为。

对违反相关法律法规及服务协议的应用程序，应用程序分发平台应当依法依约采取警示、暂停服务、下架等处置措施，保存记录并向有关主管部门报告。

第四章 监督管理

第二十二条 应用程序提供者和应用程序分发平台应当自觉接受社会监督，设置醒目、便捷的投诉举报入口，公布投诉举报方式，健全受理、处置、反馈等机制，及时处理公众投诉举报。

第二十三条 鼓励互联网行业组织建立健全行业自律机制，制定完善行业规范和自律公约，指导会员单位建立健全服务规范，依法依规提供信息服务，维护市场公平，促进行业健康发展。

第二十四条 网信部门会同有关主管部门建立健全工作机制，监督指导应用程序提供者和应用程序分发平台依法依规从事信息服务活动。

应用程序提供者和应用程序分发平台应当对有关主管部门依法实施的监督检查予以配合，并提供必要的技术支持和协助。

第二十五条 应用程序提供者和应用程序分发平台违反本规定的，由网信部门和有关主管部门在职责范围内依照相关法律法规处理。

第五章 附 则

第二十六条 本规定所称移动互联网应用程序，是指运行在移动智能终端上向用户提供信息服务的应用软件。

本规定所称移动互联网应用程序提供者，是指提供信息服务的移动互联网应用程序所有者或者运营者。

本规定所称移动互联网应用程序分发平台，是指提供移动互联网应用程序发布、下载、动态加载等分发服务的互联网信息服务提供者。

第二十七条 本规定自2022年 月 日起施行。