The Provisions on the Management of Internet News Services[1] (the “Provisions”) were released by the Cyberspace Administration of China (“CAC”) on 2 May 2017. Issued jointly by the State Council Information Office (“SCIO”) and the Ministry of Information Industry, the Provisions replace the previous provisions from 2005 (the “2005 Provisions”). They establish a brand-new regulatory framework and approach in response to the development of the Internet over the last decade, responding to the growth of self-media and diversified means of communication. The Provisions are expected to open up a new era of Internet news regulation in China.

Background to the Provisions: fully implementing CAC’s control of Internet news

Before the release of the Provisions, the regulations on “Internet news and information services” were the 2005 Provisions, under which regulatory powers were in the hands of SCIO. On 26 August 2014, the State Council issued a notice[2] officially delegating all regulatory powers over “Internet information content” to the restructured CAC. On 29 April 2015, CAC issued a notice[3] clarifying its role of approver of Internet news and information service providers. The release of the Provisions marked the implementation of CAC’s jurisdiction over Internet news and information services. They also clarified the relationship between the State Council as the source of powers and CAC as the enforcement authority. Gone are the days when CAC enjoyed nominal rights that had no statutory basis[4].

CAC is the core cybersecurity regulator designated by the Cybersecurity Law of the People’s Republic of China (the “Cybersecurity Law”), which will come into force soon. Not only has CAC produced the Provisions based on the Cybersecurity and other laws, but it has also integrated, using the Provisions, under the Cybersecurity Law, other matters such as information security protection and user real-name registration, for the purpose of regulating internet news and information services. These moves highlight the importance of the third dimension of internet news regulation – cybersecurity (in addition to regulation of services and public opinion), making the Provisions an important pillar of the Cybersecurity Law.

Shift from “service provider-based regulation” to “service license-based regulation”

The rapid development of internet technologies and the widespread use of the internet have radically changed the environment for internet news since the original 2005 Provisions. For instance, the scope of internet news providers has extended to a “self-media ecosphere” that enables anyone to produce news and information such as commentaries about current affairs and politics. In addition, as shown in the table below, the content of “internet news and information services” has changed dramatically. Many traditional services (such as electronic bulletin services on current affairs and politics) have almost disappeared, having been replaced by other popular media such as WeChat official accounts, Sina Weibo and online live shows:

Regulation of Internet news must reflect this new trend. To this end, the Provisions discard the classifications of “news entity” and “non-news entity”, and the class-based approval or filing approach. Instead, license-based regulation is introduced to cover three areas: Internet news and information collection, editing and publishing; news and information reposting; and dissemination platforms. Anyone who intends to provide online news services must obtain an Internet news and information service license and must apply for renewal when it expires. Under this new regime, except for certain types of services (collecting, editing and publishing Internet news and information) which must meet stricter conditions[5], the Provisions set forth uniform requirements for all applicants on application conditions[6] and materials to be submitted[7], whether they are authorized news providers or not. The Provisions no longer emphasize the classification of news providers. Instead, greater attention is given to the qualifications of service providers, such as staffing, content censoring, technical capabilities and information security.

Attention must be paid to transitional practices during the shift. For instance, for news portals that already have a license to “publish news on websites”, this type of service no longer exists for the purposes of the Provisions. However, the 2005 Provisions do not provide a validity period for such licenses. It is unclear whether the license holders should renew their licenses. The Provisions[8] also prohibit foreign-invested enterprises from providing Internet news and information services and retain the requirement in the 2005 Provisions[9] for security evaluation of cooperation with foreign-invested enterprises. In other words, the market access prohibition for foreign-invested entitles remains unchanged.

Self-media Regulation: Establishing the Responsibilities of Dissemination Platforms

A major highlight of the Provisions is that it addresses the increasing convergence of self-media and online news and adopts a series of targeted, practical regulatory measures as follows:

The Provisions’ regulation of Internet news disseminated by self-media focuses on platform providers instead of individual users who post information. This is in line with the basic regulatory logic for current Internet services – putting emphasis on platforms instead of users. Users are influenced indirectly through direct influence on platforms. The core of the Provisions’ regulation over self-media lies in “content”. Platforms are responsible throughout the whole process of “registration – agreement signing – daily regulation – after event handling”. This ensures that content posted by users on platforms is both “visible” and “manageable” and that there exists no “land of lawlessness” where users are not traceable or unrestrained content can be published.

Apart from the measures mentioned above, two more articles of the Provisions may operate to regulate self-media. One is Article 15, which requires that only “news and information released by organizations recognized by the government” may be reposted. This makes unrestrained dissemination of self-media news by way of “reposting” impossible. The other is Article 17, which requires that any Internet news and information service provider who “intends to adopt new technologies” or “adjust or introduce new application functions of a media nature or with social mobilization ability” must report in the same way to the Cyberspace Administration of China. This lays the groundwork for regulating future dissemination technologies so that the Provisions will remain effective regardless of technological developments in self-media.

Conclusion: the Concept of “Wider Online Regulation” Is Emerging

The approach of the Cyber Security Law, which will be implemented soon, of treating “content security”, “information security” and “technology security” equally, is already reflected to some degree in the Provisions. On the one hand, Internet news and information service providers, the target of the Provisions’ regulation, are required to know and take up their responsibilities. Platform providers, especially, must play well their dual roles of Internet news and information disseminators and “content firewalls”. On the other hand, while enjoying the convenience of publishing online information, users must act prudently and register with real names so as to avoid violations of any provision.

A question ensues: as information content like Internet news takes different forms, such as texts, pictures, audios or videos, is it necessary to establish a consistent logic and a coordination mechanism for such different forms? The author notes that the Provisions expressly require Internet news and information service providers to obey the Provisions as well as regulations for telecommunications (Internet information services), Internet audio-visual programs, and online publication services[11]. This, in effect, demonstrates the emergence of the concept of “wider online regulation” under the umbrella of the Cyber Security Law. That is to say, while the relevant government organs retain their respective jurisdictions, the Cyber Security Law’s requirements for “content security”, “information security”, and “technology security” will permeate into individual regulations and different regulatory practices. In this way, service providers and users will have consistent codes of conduct to follow regardless of their specific areas of service. No doubt this will promote a stable and predictable regulatory environment for businesses and other market players.