China Algorithm Recommendation Rules Take Effect

China’s Provisions on the Administration of Algorithmic Recommendation for Internet Information Services took effect on 1 March 2022. Issued by the Cyberspace Administration of China (CAC) alongside the Ministry of Industry and Information Technology, Ministry of Public Security, and State Administration for Market Regulation, the rules apply to a wide range of platforms using algorithms for content ranking, personalised recommendations, dispatching, or generative synthesis. Companies operating in China must register qualifying algorithms with the CAC, provide user controls, prevent addictive or discriminatory outcomes, and ensure political and public-order compliance. Multinationals and domestic firms alike need to integrate algorithm governance into product development, data management, and compliance programs.

Scope and registration

The Provisions cover providers of algorithmic recommendation services, including information feeds, e-commerce rankings, short video platforms, social media, ride-hailing, delivery platforms, and AI-generated content. Providers with public opinion attributes or the ability to mobilize social sentiment must submit security assessments. All providers must file algorithms with the Internet Information Service Algorithm Filing System, providing details on algorithm type, application scenarios, and self-assessment of safety measures. Changes to algorithms or service termination require updates within ten working days.

Core obligations

• User rights: Providers must offer options to disable algorithmic recommendations, select non-targeted modes, or choose topic preferences. They must also allow users to delete tags used for personalised recommendations.
• Transparency: Platforms must disclose basic principles, purposes, and main operating mechanisms of algorithms, including rules affecting user rights. They must not impose unreasonable differential treatment based on transaction history or preferences.
• Content governance: Providers must avoid disseminating illegal or harmful information, prevent online addiction among minors, and refrain from influencing online public opinion in ways that harm national security or social stability. News and publishing services must obtain appropriate qualifications.
• Fair competition: The rules prohibit using algorithms to implement monopolistic practices, manipulate rankings, or squeeze competitors. Platforms must not obstruct others’ normal provision of algorithmic services.
• Worker protections: Dispatch platforms must protect the legitimate rights of gig workers by setting reasonable schedules and remuneration, avoiding algorithmic penalties that harm safety or health.

Where to start

• Algorithm inventory: catalog all algorithms used in China-facing products, noting purpose, data inputs, and decision outputs. Identify those requiring CAC filing or security assessments.
• Governance framework: Establish cross-functional committees involving product managers, data scientists, compliance, legal, and public policy teams. Set approval gates for deploying or modifying algorithms.
• User interface updates: Add controls allowing users to switch off personalised recommendations, manage tags, or opt into chronological feeds. Ensure interfaces support Simplified Chinese and comply with accessibility requirements.
• Risk assessments: Conduct regular audits evaluating discrimination, addiction, and content risks. Document methodologies, mitigation measures, and incident response plans. Integrate findings into enterprise risk registers.
• Content moderation integration: Align algorithm outputs with moderation policies, ensuring automated and human review processes can intercept prohibited content. Implement real-time monitoring for trending topics that may pose public-order risks.

Governance and compliance considerations

• Regulatory engagement: Maintain communication with CAC regional bureaus and industry associations. Monitor evolving guidance, particularly around security assessments for public opinion attributes.
• Board oversight: Brief boards or China governance committees on algorithm risks, compliance status, and enforcement trends. Document accountability for senior management under China’s cybersecurity and data laws.
• Policy alignment: Update privacy policies, terms of service, and community guidelines to reflect user rights and content obligations. Ensure alignment with the Personal Information Protection Law (PIPL) and Data Security Law (DSL).
• Incident reporting: Prepare procedures for reporting significant algorithm incidents to regulators. Maintain logs detailing algorithm adjustments, content takedowns, and user complaints.
• Training programs: Educate engineers, product teams, and moderation staff on regulatory requirements, acceptable content, and escalation processes.

Technology and data controls

• Explainability tooling: Implement model interpretability tools to generate disclosures on algorithm logic and key features influencing recommendations.
• Tag management: Build data governance processes to track user tags, ensure deletion upon request, and prevent unauthorized use across business units.
• Logging and monitoring: Capture telemetry on recommendation outcomes, including diversity metrics, complaint rates, and manual overrides. Use dashboards to detect anomalies or policy breaches.
• Security safeguards: Protect algorithm infrastructure from tampering. Apply access controls, secure deployment pipelines, and regular penetration tests to comply with cybersecurity obligations.
• Localization: Adapt data storage and processing to China’s localization requirements. Coordinate with cloud providers that meet Multi-Level Protection Scheme (MLPS) controls.

Sourcing and partnerships

• Vendor assessments: Evaluate third-party recommendation engines, advertising platforms, or data providers for compliance readiness. Ensure contracts require adherence to algorithm filing, user controls, and content standards.
• Joint ventures: In partnerships with Chinese firms, clarify responsibility for filings, security assessments, and regulatory communications. Ensure governance agreements cover algorithm updates and incident handling.
• Gig worker platforms: Collaborate with logistics or delivery partners to align scheduling algorithms with worker protection rules. Document adjustments to avoid excessive penalties or unrealistic performance metrics.
• Academic collaboration: Work with Chinese research institutions to strengthen responsible AI frameworks and stay informed on evolving standards.
• Monitoring services: Contract with compliance monitoring providers to track enforcement actions, public sentiment, and emerging regulatory guidance.

Rollout plan

1. Immediate (0–3 months): Complete algorithm inventory, submit filings for existing services, implement basic user controls, and brief leadership on compliance obligations.
2. Short term (3–6 months): Build governance committees, integrate risk assessment workflows, and update terms of service. Launch explainability tooling and improved monitoring dashboards.
3. Medium term (6–12 months): Conduct third-party audits, refine user experience for transparency, and expand training programs. Prepare for potential CAC inspections or enforcement actions.

Strategic outlook

China’s algorithm rules are part of a broader regulatory push covering personal data, competition, and platform accountability. Companies that show early compliance, strong governance, and user-centric controls can maintain market access while building trust with regulators and consumers. Aligning with international responsible AI frameworks will also support global operations as jurisdictions like the EU pursue similar regulations.

Cross-border operations and future outlook

Multinational companies must coordinate China compliance with global AI governance frameworks. Aligning Chinese disclosures with EU AI Act proposals or U.S. NIST AI Risk Management Framework workstreams reduces duplication and shows consistent ethics principles. Teams should maintain separate model cards and documentation tailored to Chinese regulators while preserving comparable metrics for global reporting. Companies operating cross-border recommendation systems must confirm that data localization policies do not impair performance, using federated learning or synthetic data to respect jurisdictional boundaries.

Enforcement trends suggest the CAC will continue targeted inspections, especially for platforms influencing public opinion or youth behavior. If you are affected, monitor CAC algorithm registry updates, public enforcement bulletins, and industry association guidelines. Establishing internal audit functions for algorithms, with periodic reporting to executive risk committees, will provide early warning of compliance gaps and prepare firms for evolving AI regulations worldwide.

Related articles

Curated signals from the same pillar or overlapping topics.

Policy · Credibility 91/100 · March 17, 2022

UK Online Safety Bill Introduced

The UK Online Safety Bill’s March 2022 introduction expands Ofcom oversight, illegal content duties, and risk assessments for user-to-user and search services, demanding governance, moderation, and supplier upgrades.

Policy · Credibility 92/100 · February 23, 2022

EU Corporate Sustainability Due Diligence Directive Proposal

The European Commission proposed the Corporate Sustainability Due Diligence Directive. Large companies would need to identify and address human rights and environmental impacts across their value chains. This is…

Policy · Credibility 93/100 · March 9, 2022

SEC proposes cyber incident disclosure rules

On 9 March 2022 the SEC proposed rules requiring public companies to disclose material cybersecurity incidents within four business days and provide annual disclosure of cybersecurity governance.

Policy · Credibility 88/100 · March 9, 2022

SEC Cybersecurity Disclosure Proposal

The SEC proposed mandatory cybersecurity disclosure rules. Public companies would report material incidents within four business days, disclose board oversight of cyber risk, and describe their risk management programs.

Policy · Credibility 71/100 · March 9, 2022

EO 14067 on responsible development of digital assets

The White House finally weighed in on crypto. Executive Order 14067 kicks off the first whole-of-government approach to digital assets—everything from consumer protection to stablecoin risks to whether the Fed should…

Continue in the Policy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• AI Policy Implementation Guide

  Coordinate governance, safety, and reporting programmes that meet EU Artificial Intelligence Act timelines and U.S. National AI Initiative Act mandates while sustaining product…

• Digital Markets Compliance Guide

  Implement EU Digital Markets Act, EU Digital Services Act, UK Digital Markets, Competition and Consumers Act, and U.S. Sherman Act requirements with cross-functional operating…

• Semiconductor Industrial Strategy Policy Guide

  Coordinate CHIPS and Science Act, EU Chips Act, and Defense Production Act programmes with capital planning, compliance, and supplier readiness.

Coverage intelligence

Published

March 1, 2022

Coverage pillar

Policy

Source credibility

90/100 — high confidence

Topics

Algorithm Governance · China · Content Regulation

Sources cited

3 sources (cac.gov.cn, gov.cn, iso.org)

Reading time

6 min

References

1. 互联网信息服务算法推荐管理规定 — Cyberspace Administration of China
2. 国务院办公厅关于印发互联网信息服务算法推荐管理规定的通知 — State Council of the People’s Republic of China
3. ISO 31000:2018 — Risk Management Guidelines — International Organization for Standardization