← Back to all briefings
Policy 5 min read Published Updated Credibility 90/100

Policy Briefing — China Algorithm Recommendation Rules Take Effect

China’s algorithm recommendation rules, effective 1 March 2022, require platforms to register algorithms, rein in profiling, and provide user controls—demanding governance, engineering, and sourcing changes for companies operating in the PRC.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: China’s Provisions on the Administration of Algorithmic Recommendation for Internet Information Services took effect on 1 March 2022. Issued by the Cyberspace Administration of China (CAC) alongside the Ministry of Industry and Information Technology, Ministry of Public Security, and State Administration for Market Regulation, the rules apply to a wide range of platforms using algorithms for content ranking, personalised recommendations, dispatching, or generative synthesis. Companies operating in China must register qualifying algorithms with the CAC, provide user controls, prevent addictive or discriminatory outcomes, and ensure political and public-order compliance. Multinationals and domestic firms alike need to integrate algorithm governance into product development, data management, and compliance programmes.

Scope and registration

The Provisions cover providers of algorithmic recommendation services, including information feeds, e-commerce rankings, short video platforms, social media, ride-hailing, delivery platforms, and AI-generated content. Providers with public opinion attributes or the ability to mobilise social sentiment must submit security assessments. All providers must file algorithms with the Internet Information Service Algorithm Filing System, providing details on algorithm type, application scenarios, and self-assessment of safety measures. Changes to algorithms or service termination require updates within ten working days.

Core obligations

  • User rights: Providers must offer options to disable algorithmic recommendations, select non-targeted modes, or choose topic preferences. They must also allow users to delete tags used for personalised recommendations.
  • Transparency: Platforms must disclose basic principles, purposes, and main operating mechanisms of algorithms, including rules affecting user rights. They must not impose unreasonable differential treatment based on transaction history or preferences.
  • Content governance: Providers must avoid disseminating illegal or harmful information, prevent online addiction among minors, and refrain from influencing online public opinion in ways that harm national security or social stability. News and publishing services must obtain appropriate qualifications.
  • Fair competition: The rules prohibit using algorithms to implement monopolistic practices, manipulate rankings, or squeeze competitors. Platforms must not obstruct others’ normal provision of algorithmic services.
  • Worker protections: Dispatch platforms must protect the legitimate rights of gig workers by setting reasonable schedules and remuneration, avoiding algorithmic penalties that harm safety or health.

Operational priorities

  • Algorithm inventory: Catalogue all algorithms used in China-facing products, noting purpose, data inputs, and decision outputs. Identify those requiring CAC filing or security assessments.
  • Governance framework: Establish cross-functional committees involving product managers, data scientists, compliance, legal, and public policy teams. Set approval gates for deploying or modifying algorithms.
  • User interface updates: Add controls allowing users to switch off personalised recommendations, manage tags, or opt into chronological feeds. Ensure interfaces support Simplified Chinese and comply with accessibility requirements.
  • Risk assessments: Conduct regular audits evaluating discrimination, addiction, and content risks. Document methodologies, mitigation measures, and incident response plans. Integrate findings into enterprise risk registers.
  • Content moderation integration: Align algorithm outputs with moderation policies, ensuring automated and human review processes can intercept prohibited content. Implement real-time monitoring for trending topics that may pose public-order risks.

Governance and compliance considerations

  • Regulatory engagement: Maintain communication with CAC regional bureaus and industry associations. Monitor evolving guidance, particularly around security assessments for public opinion attributes.
  • Board oversight: Brief boards or China governance committees on algorithm risks, compliance status, and enforcement trends. Document accountability for senior management under China’s cybersecurity and data laws.
  • Policy alignment: Update privacy policies, terms of service, and community guidelines to reflect user rights and content obligations. Ensure alignment with the Personal Information Protection Law (PIPL) and Data Security Law (DSL).
  • Incident reporting: Prepare procedures for reporting significant algorithm incidents to regulators. Maintain logs detailing algorithm adjustments, content takedowns, and user complaints.
  • Training programmes: Educate engineers, product teams, and moderation staff on regulatory requirements, acceptable content, and escalation processes.

Technology and data controls

  • Explainability tooling: Implement model interpretability tools to generate disclosures on algorithm logic and key features influencing recommendations.
  • Tag management: Build data governance processes to track user tags, ensure deletion upon request, and prevent unauthorized use across business units.
  • Logging and monitoring: Capture telemetry on recommendation outcomes, including diversity metrics, complaint rates, and manual overrides. Use dashboards to detect anomalies or policy breaches.
  • Security safeguards: Protect algorithm infrastructure from tampering. Apply access controls, secure deployment pipelines, and regular penetration tests to comply with cybersecurity obligations.
  • Localization: Adapt data storage and processing to China’s localization requirements. Coordinate with cloud providers that meet Multi-Level Protection Scheme (MLPS) controls.

Sourcing and partnerships

  • Vendor assessments: Evaluate third-party recommendation engines, advertising platforms, or data providers for compliance readiness. Ensure contracts require adherence to algorithm filing, user controls, and content standards.
  • Joint ventures: In partnerships with Chinese firms, clarify responsibility for filings, security assessments, and regulatory communications. Ensure governance agreements cover algorithm updates and incident handling.
  • Gig worker platforms: Collaborate with logistics or delivery partners to align scheduling algorithms with worker protection rules. Document adjustments to avoid excessive penalties or unrealistic performance metrics.
  • Academic collaboration: Work with Chinese research institutions to strengthen responsible AI frameworks and stay informed on evolving standards.
  • Monitoring services: Contract with compliance monitoring providers to track enforcement actions, public sentiment, and emerging regulatory guidance.

Implementation roadmap

  1. Immediate (0–3 months): Complete algorithm inventory, submit filings for existing services, implement basic user controls, and brief leadership on compliance obligations.
  2. Short term (3–6 months): Build governance committees, integrate risk assessment workflows, and update terms of service. Launch explainability tooling and enhanced monitoring dashboards.
  3. Medium term (6–12 months): Conduct third-party audits, refine user experience for transparency, and expand training programmes. Prepare for potential CAC inspections or enforcement actions.

Strategic outlook

China’s algorithm rules are part of a broader regulatory push covering personal data, competition, and platform accountability. Companies that demonstrate proactive compliance, robust governance, and user-centric controls can maintain market access while building trust with regulators and consumers. Aligning with international responsible AI frameworks will also support global operations as jurisdictions like the EU pursue similar regulations.

Cross-border operations and future outlook

Multinational companies must coordinate China compliance with global AI governance frameworks. Aligning Chinese disclosures with EU AI Act proposals or U.S. NIST AI Risk Management Framework workstreams reduces duplication and demonstrates consistent ethics principles. Enterprises should maintain separate model cards and documentation tailored to Chinese regulators while preserving comparable metrics for global reporting. Companies operating cross-border recommendation systems must confirm that data localization policies do not impair performance, using federated learning or synthetic data to respect jurisdictional boundaries.

Enforcement trends suggest the CAC will continue targeted inspections, especially for platforms influencing public opinion or youth behaviour. Organizations should monitor CAC algorithm registry updates, public enforcement bulletins, and industry association guidelines. Establishing internal audit functions for algorithms, with periodic reporting to executive risk committees, will provide early warning of compliance gaps and prepare firms for evolving AI regulations worldwide.

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Policy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • Algorithm Governance
  • China
  • Content Regulation
Back to curated briefings