Internet Information Service Algorithm Recommendation Management Regulations

January 4, 2022

State Internet Information Office

Ministry of Industry and Information Technology of the People’s Republic of China

Ministry of Public Security of the People’s Republic of China

State Administration for Market Regulation make nº 9

The “Internet Information Service Algorithm Recommendation Management Regulations” were reviewed and adopted at the 20th office meeting of the Cyberspace Administration of China on November 16, 2021, and approved by the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation. It is now It is announced and will come into effect on March 1, 2022.

Zhuang Rongwen, Director of the Cyberspace Administration of China

Xiao Yaqing, Minister of Industry and Information Technology

Minister of Public Security Zhao Kezhi

Zhang Gong, Director of the State Administration for Market Regulation

December 31, 2021

Internet Information Service Algorithm Recommendation Management Regulations

Chapter 1 General Provisions

Article 1 In order to regulate the algorithm recommendation activities of Internet information services, promote the core socialist values, safeguard national security and social public interests, protect the legitimate rights and interests of citizens, legal persons and other organizations, and promote the healthy and orderly development of Internet information services, according to the “People’s Republic of China The Cybersecurity Law of the Republic of China, the Data Security Law of the People’s Republic of China, the Personal Information Protection Law of the People’s Republic of China, the Measures for the Administration of Internet Information Services and other laws and administrative regulations formulate these regulations.

Article 2 These regulations shall apply to the application of algorithm recommendation technology to provide Internet information services (hereinafter referred to as algorithm recommendation services) within the territory of the People’s Republic of China. If laws and administrative regulations provide otherwise, such provisions shall prevail.

The application of algorithm recommendation technology as mentioned in the preceding paragraph refers to the use of algorithm technologies such as generation and synthesis, personalized push, sorting and selection, retrieval and filtering, and scheduling and decision-making to provide information to users.

Article 3 The national cybersecurity and informatization department is responsible for overall coordination of national algorithm recommendation service governance and related supervision and management work. The telecommunications, public security, market supervision and other relevant departments of the State Council are responsible for the supervision and management of algorithm recommendation services according to their respective responsibilities.

Local cyberspace departments are responsible for coordinating the governance of algorithm recommendation services and related supervision and management within their respective administrative regions. Local telecommunications, public security, market supervision and other relevant departments are responsible for the supervision and management of algorithm recommendation services within their respective administrative regions according to their respective responsibilities.

Article 4 Providing algorithm recommendation services must abide by laws and regulations, respect social morality and ethics, abide by business ethics and professional ethics, and follow the principles of fairness, openness, transparency, scientific rationality, and good faith.

Article 5 Relevant industry organizations are encouraged to strengthen industry self-discipline, establish and improve industry standards, industry guidelines and self-discipline management systems, and urge and guide algorithm recommendation service providers to formulate and improve service specifications, provide services in accordance with the law and accept social supervision.

Chapter 2 Information Service Specifications

Article 6 Algorithm recommendation service providers should adhere to the mainstream value orientation, optimize the algorithm recommendation service mechanism, actively spread positive energy, and promote the application of algorithms for good.

Algorithm recommendation service providers shall not use algorithm recommendation services to engage in activities prohibited by laws and administrative regulations such as endangering national security and social public interests, disrupting economic and social order, infringing upon the legitimate rights and interests of others, and shall not use algorithm recommendation services to spread information prohibited by laws and administrative regulations. information, measures should be taken to prevent and resist the spread of bad information.

Article 7 Algorithm recommendation service providers shall implement the main responsibilities for algorithm security, establish and improve algorithm mechanism mechanism review, technology ethics review, user registration, information release review, data security and personal information protection, anti-telecom network fraud, security assessment monitoring, security Management systems and technical measures such as incident emergency response, formulate and disclose relevant rules for algorithm recommendation services, and equip professionals and technical support commensurate with the scale of algorithm recommendation services.

Article 8 Algorithm recommendation service providers shall regularly review, evaluate, and verify algorithm mechanisms, models, data, and application results, etc., and shall not set up algorithm models that induce user addiction, excessive consumption, or other violations of laws, regulations, or ethics.

Article 9 Algorithm recommendation service providers should strengthen information security management, establish and improve feature databases for identifying illegal and harmful information, and improve database entry standards, rules and procedures. If it is found that an algorithm that has not been significantly marked generates synthetic information, it should be marked clearly before transmission can continue.

If illegal information is discovered, the transmission should be stopped immediately, elimination and other disposal measures should be taken to prevent the spread of information, relevant records should be kept, and reports should be reported to the cyberspace department and relevant departments. If any harmful information is discovered, it shall be dealt with in accordance with the relevant provisions on ecological governance of network information content.

Article 10 Algorithm recommendation service providers shall strengthen the management of user models and user tags, improve the rules for points of interest recorded in user models and the management rules for user tags, and shall not record illegal and harmful information keywords into user points of interest or use them as user tags. To push information accordingly.

Article 11 Algorithm recommendation service providers should strengthen the ecological management of algorithm recommendation service pages, establish and improve manual intervention and user independent selection mechanisms, and actively provide services in key links such as the first screen of the homepage, hot searches, selections, lists, and pop-up windows. Present information that is consistent with mainstream value orientation.

Article 12: Algorithm recommendation service providers are encouraged to comprehensively use strategies such as content deduplication and fragmentation intervention, and optimize the transparency and interpretability of retrieval, sorting, selection, push, display and other rules to avoid adverse effects on users and prevent and reduce disputes and disputes.

Article 13 Algorithm recommendation service providers that provide Internet news information services shall obtain an Internet news information service license in accordance with the law, standardize Internet news information collection, editing and release services, reprint services and dissemination platform services, and shall not generate synthetic false news information or disseminate it. News information released by units not within the scope of national regulations.

Article 14 Algorithm recommendation service providers shall not use algorithms to falsely register accounts, illegally trade accounts, manipulate user accounts, or falsely like, comment, or forward. They shall not use algorithms to block information, over-recommend, manipulate lists, or sort or control search results. Interference in the presentation of information such as hot searches or selections, and conduct behaviors that influence online public opinion or circumvent supervision and management.

Article 15 Algorithm recommendation service providers shall not use algorithms to impose unreasonable restrictions on other Internet information service providers, or hinder or destroy the normal operation of the Internet information services they legally provide, or implement monopoly and unfair competition behaviors.

Chapter 3 Protection of User Rights and Interests

Article 16 Algorithm recommendation service providers shall inform users of the provision of algorithm recommendation services in a conspicuous manner, and disclose the basic principles, purpose intentions and main operating mechanisms of algorithm recommendation services in an appropriate manner.

Article 17 Algorithm recommendation service providers shall provide users with options that are not specific to their personal characteristics, or provide users with a convenient option to turn off algorithm recommendation services. If the user chooses to turn off the algorithm recommendation service, the algorithm recommendation service provider should immediately stop providing related services.

Algorithm recommendation service providers should provide users with the function of selecting or deleting user tags based on their personal characteristics used for algorithm recommendation services.

If algorithm recommendation service providers apply algorithms that have a significant impact on users’ rights and interests, they must explain it in accordance with the law and bear corresponding responsibilities.

Article 18 If an algorithm recommendation service provider provides services to minors, it shall fulfill its obligations to protect minors online in accordance with the law, and facilitate the use of minors by developing models suitable for minors and providing services suitable for the characteristics of minors. Minors obtain information beneficial to their physical and mental health.

Algorithm recommendation service providers shall not push information to minors that may cause minors to imitate unsafe behaviors or violate social ethics, induce minors to have bad habits, or other information that may affect the physical and mental health of minors, and shall not use algorithm recommendation services to induce minors to Adults are addicted to the Internet.

Article 19 When service providers recommended by algorithms provide services to the elderly, they shall protect the rights and interests enjoyed by the elderly in accordance with the law, fully consider the needs of the elderly for travel, medical treatment, consumption, and errands, and provide intelligent elderly-friendly services in accordance with relevant national regulations. Carry out monitoring, identification and disposal of telecommunications network fraud information in accordance with the law to facilitate the safe use of algorithm recommendation services by the elderly.

Article 20 If an algorithm recommendation service provider provides work scheduling services to workers, it shall protect workers’ legitimate rights and interests in obtaining labor remuneration, rest and vacation, and establish and improve relevant algorithms for platform order distribution, remuneration composition and payment, working hours, rewards and punishments, etc. .

Article 21 When an algorithm recommendation service provider sells goods or provides services to consumers, it shall protect consumers’ rights to fair transactions and shall not use algorithms to determine transaction prices and other transaction conditions based on consumers’ preferences, transaction habits and other characteristics. Carrying out unreasonable differential treatment and other illegal acts.

Article 22 Algorithm recommendation service providers should set up convenient and effective entrances for user complaints and public complaints and reports, clarify the processing procedures and feedback time limits, and promptly accept, process and feedback the results.

Chapter 4 Supervision and Management

Article 23: The cybersecurity and informatization department shall work with telecommunications, public security, market supervision and other relevant departments to establish an algorithm hierarchical and classified security management system, based on the public opinion attributes of algorithm recommendation services or social mobilization capabilities, content categories, user scale, and data processed by algorithm recommendation technology. Implement hierarchical and classified management of algorithm recommendation service providers based on their importance and degree of intervention in user behavior.

Article 24 Algorithm recommendation service providers with public opinion attributes or social mobilization capabilities shall fill in the service provider’s name, service form, application field, etc. through the Internet Information Service Algorithm Registration System within ten working days from the date of providing services. Algorithm type, algorithm self-assessment report, content to be disclosed and other information must be completed and the filing procedures must be completed.

If the registration information of the algorithm recommendation service provider changes, the change procedures shall be completed within ten working days from the date of change.

If an algorithm recommendation service provider terminates its services, it shall go through the cancellation filing procedures within twenty working days from the date of termination of services and make appropriate arrangements.

Article 25: After receiving the filing materials submitted by the filing party, the national and provincial, autonomous region, and municipality cybersecurity and informatization departments shall file the filing within thirty working days, issue a filing number and make public the materials; if the materials are incomplete, , the filing will not be granted, and the filing party shall be notified within thirty working days and the reasons shall be explained.

Article 26 Algorithm recommendation service providers that have completed registration shall indicate their registration number and provide a public information link in a prominent position on the websites, applications, etc. that provide external services.

Article 27 Algorithm recommendation service providers with public opinion attributes or social mobilization capabilities should conduct security assessments in accordance with relevant national regulations.

Article 28 The cybersecurity and informatization department, together with telecommunications, public security, market supervision and other relevant departments, shall carry out security assessment, supervision and inspection of algorithm recommendation services in accordance with the law, promptly propose rectification opinions on discovered problems and make rectifications within a time limit.

Algorithm recommendation service providers should retain network logs in accordance with the law, cooperate with the cybersecurity and informatization departments and relevant departments such as telecommunications, public security, and market supervision to carry out security assessments and supervision and inspections, and provide necessary technical, data and other support and assistance.

Article 29 Relevant institutions and personnel participating in the security assessment and supervision and inspection of algorithm recommendation services shall keep personal privacy, personal information and business secrets learned in the performance of their duties confidential in accordance with the law, and shall not disclose or illegally provide them to others.

Article 30 Any organization or individual who discovers violations of these regulations may complain or report to the cybersecurity and informatization department and relevant departments. Departments that receive complaints or reports should handle them promptly and in accordance with the law.

Chapter 5 Legal Liability

Article 31 Algorithm recommendation service providers violate Article 7, Article 8, Article 9, Paragraph 1, Article 10, Article 14, Article 16, Article 17, and Article 20 of these Regulations Article 2, Article 24, and Article 26 stipulate that if laws and administrative regulations have provisions, such provisions shall prevail; if laws and administrative regulations do not provide for them, the cybersecurity and informatization departments and relevant departments such as telecommunications, public security, and market supervision shall Warnings, notifications of criticism, and orders to make corrections within a time limit shall be given in accordance with duties; if corrections are refused or the circumstances are serious, information updates shall be suspended and a fine of not less than RMB 10,000 but not more than RMB 100,000 shall be imposed. If a violation of public security management is constituted, public security management penalties shall be imposed in accordance with the law; if a crime is constituted, criminal liability shall be pursued in accordance with the law.

Article 32 Algorithm recommendation service providers violate Article 6, Article 9, Paragraph 2, Article 11, Article 13, Article 15, Article 18, Article 19, Article As stipulated in Article 20, Article 21, Article 27, and Paragraph 2 of Article 28, the cybersecurity and informatization departments and relevant departments such as telecommunications, public security, and market supervision shall, in accordance with their duties and in accordance with relevant laws and administrative regulations, and be dealt with in accordance with departmental regulations.

Article 33: If an algorithm recommendation service provider with public opinion attributes or social mobilization capabilities obtains registration by concealing relevant information, providing false materials, or other improper means, the national and provincial, autonomous region, or municipality cybersecurity and informatization departments shall revoke the registration and impose a penalty. Warnings and notifications of criticism; if the circumstances are serious, they may be ordered to suspend information updates and be fined not less than RMB 10,000 but not more than RMB 100,000.

Algorithm recommendation service providers with public opinion attributes or social mobilization capabilities terminate their services and fail to go through the deregistration and registration procedures in accordance with the requirements of Article 24, Paragraph 3 of these Regulations, or they commit serious violations and are ordered to close their websites, revoke relevant business licenses, or have their relevant business licenses revoked. Business licenses and other administrative penalties will be canceled and filed by the national and provincial, autonomous region, and municipal cybersecurity and informatization departments.

Chapter 6 Supplementary Provisions

Article 34 These regulations are interpreted by the Cyberspace Administration of China in conjunction with the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation.

Article 35 These regulations will come into effect on March 1, 2022.