Cyberspace Administration of China

The Cyberspace Administration of China (CAC; ) is the national internet regulator and censor of the People's Republic of China.

The agency was initially established in 2011 by the State Council as the State Internet Information Office (SIIO), a subgroup of the State Council Information Office (SCIO). In 2014, the SIIO was renamed in English as the Cyberspace Administration of China, and transformed into the executive arm of the newly established Central Leading Group for Cybersecurity and Informatization of the Chinese Communist Party (CCP), which was promoted to the Central Cyberspace Affairs Commission in 2018.

The CAC's current director is Zhuang Rongwen, who concurrently serves as a Deputy Head of the CCP's Publicity Department of the Central Committee.

History
On 5 May 2011, the State Council approved the establishment of the State Internet Information Office (SIIO). The SIIO was initially a subgroup of the State Council Information Office (SCIO), which was an external name of the External Propaganda Office (EOP) of the Chinese Communist Party (CCP). The first SIIO director was Wang Chen, who was also the director of the SCIO. Though initially a nameplate of the SCIO, SIIO soon gained full-time staff.

Reforms in February 2014 led to the creation of the Central Leading Group for Cybersecurity and Information. The SIIO was transformed to become the external name of the Central Leading Group's general office. It additionally changed its name in English to the Cyberspace Administration of China, while its Chinese name stayed the same.

Lu Wei, who was the head of CAC until 2016, was previously the head of the Beijing CCP Central Committee's Publicity Department, and oversaw the Internet Management Office, a "massive human effort" that involved over 60,000 Internet propaganda workers and two million others employed off-payroll. It was this experience that assisted CCP general secretary Xi Jinping in selecting Lu as the head of the CAC.

Further reforms in February 2018 upgraded the Central Leading Group to the Central Cyberspace Affairs Commission (CACC), with the CAC staying as the executive arm of the commission.

Structure
The Cyberspace Administration of China and the Office of the Central Cyberspace Affairs Commission of the CCP, its executive arm, are one institution with two names. The CAC is involved in the formulation and implementation of policy on a variety of issues related to the internet in China. It is under direct jurisdiction of the Central Cyberspace Affairs Commission, a party institution subordinate to the CCP Central Committee. The Director of both the state and party institutions is Zhuang Rongwen, who serves concurrently as a Deputy Head of the CCP's Central Committee Publicity Department.

The CAC includes the following departments: an Internet Security Emergency Command Center, an Agency Service Center, and an Illegal and Unhealthy Information Reporting Center. Unlike most other Chinese administrative agencies, the CAC does not regularly publish information about its organizational structure, structure, budget, duties as well as its personnel arrangements, except for brief biographies of its director and deputy directors.

Many of the CAC's regulatory functions are delegated to the China Electronic Technology Standardization Institute. The institute tests cybersecurity compliance and data protection.

The CAC is the majority owner of the China Internet Investment Fund, which has golden share ownership stakes in technology firms such as ByteDance, Weibo Corporation, SenseTime, and Kuaishou. The CAC additionally organizes the World Internet Conference.

Role
The CAC is the national internet regulation agency in China. Its functions include rulemaking, administrative licensing and punishment activities.

The CAC implements information-dissemination guidelines and policies, regulates internet information content and management, supervises network news businesses, and investigates illegal or non-regulatory compliant websites. The CAC maintains censorship functions, including issuing directives to media companies in China. After a campaign to arrest almost 200 lawyers and activists in China, the CAC published a directive saying that "All websites must, without exception, use as the standard official and authoritative media reports with regards to the detention of trouble-making lawyers by the relevant departments." The CAC has also been given the responsibility for reviewing the security of devices made by foreign countries.

The initial powers and legal basis of the CAC came from a 2014 authorization by the State Council. According to the Cybersecurity Law passed in 2016, "state cybersecurity and information departments", generally regarded to refer to the CAC, have the authority to plan and coordinate cybersecurity and related regulation with other regulatory agencies with overlapping or complementary jurisdiction. The Data Security Law passed in 2021 tasked CAC with online data security and export of important data, while the Personal Information Protection Law passed in 2021 granted CAC with powers for planning, coordinating and supervising personal information protection work, retaliating its authority over control of personal information overseas.

Since its founding in 2011, CAC had the authority to issue punitive orders, including imposing fines, license revocations, and business closures. Since 2017, the CAC has also been publishing legally-binding departmental rules, issued by State Council administrative agencies.

Internet sovereignty
In 2017, the CAC issued a rule stating that nonpublic capital should not be allowed to invest in internet-based newsgathering.

In 2022, the CAC issued measures and guidelines on security assessments for cross-border data transfers as part of an effort to institutionalize data transfer review mechanisms.

Censorship
In 2015, the CAC was also responsible for chasing down Internet users and web sites that published "rumors" following an explosion in the port city of Tianjin. Such rumors included claims that blasts killed 1,000 people, or that there was looting, or leadership ructions as a result of the blast. The same year, the CAC debuted a song that Paul Mozur of The New York Times called "a throwback to revolutionary songs glorifying the state." The song included the lines: “Unified with the strength of all living things, Devoted to turning the global village into the most beautiful scene” and “An Internet power: Tell the world that the Chinese Dream is uplifting China.” The efforts of the CAC have been linked with a broader push by the Xi Jinping administration, characterized by Xiao Qiang, head of China Digital Times, as a "ferocious assault on civil society."

In May 2020, the CAC announced a campaign to "clean up" online political and religious content deemed "illegal."

In July 2020, CAC commenced a three-month censorship action on We-Media in China.

In December 2020, CAC removed 105 apps, including that of Tripadvisor, from China's app stores that were deemed "illegal" in a move to "clean up China's internet".

A 2020 investigation by ProPublica and The New York Times found that CAC systematically placed censorship restrictions on Chinese media outlets and social media to avoid mentions of the COVID-19 outbreak, mentions of Li Wenliang, and "activated legions of fake online commenters to flood social sites with distracting chatter".

In 2021, CAC launched a hotline to report online comments against the Chinese Communist Party, including comments which it deemed historical nihilism. In 2022, CAC published rules that mandate that all online comments must be pre-reviewed before being published.

During the 2022 COVID-19 protests in China, the CAC directed companies such as Tencent and ByteDance to intensify their censorship efforts.

In January 2023, CAC ordered any content displaying "gloomy emotions" to be censored during Lunar New Year celebrations as part of its "Spring Festival internet environment rectification" campaign.

In December 2023, CAC launched a crackdown on content "spreading wrong views on marriage."

Artificial intelligence
In April 2023, the Cyberspace Administration of China issued draft measures stating that tech companies will be obligated to ensure AI-generated content upholds the ideology of the CCP such as Core Socialist Values, avoids discrimination, respects intellectual property rights, and safeguards user data. Under these draft measures, companies bear legal responsibility for training data and content generated through their platforms. In July 2023, CAC announced a licensing requirement for generative artificial intelligence systems. Before releasing a large language model to the public, companies must seek approval from the CAC to certify that the model refuses to answer certain questions relating to political ideology and criticism of the CCP.

In May 2024, CAC announced that it rolled out a large language model trained on Xi Jinping Thought.

Cooperation with Russia
Since at least 2017, CAC has cooperated with Russia's principal internet regulator and censor, Roskomnadzor.

Cyber attacks
The CAC has been accused of assisting in cyber attacks against visitors to Chinese websites. The anti-censorship group GreatFire.org provided data and reports showing man-in-the-middle attacks against major foreign web services, including iCloud, Yahoo, Microsoft, and Google. The attack would have required the ability to "tap into the backbone of the Chinese Internet."

Gibson Research Corporation attributed some of the attacks against GitHub to the CAC's operations. In the attack, ads hosted on Baidu were able to leverage computers visiting from outside China, redirecting their traffic to overload the servers of GitHub. "The tampering takes places someplace between when the traffic enters China and when it hits Baidu's servers," Gibson wrote. "This is consistent with previous malicious actions and points to the Cyberspace Administration of China (CAC) being directly involved..."

Online access for minors
In November 2019, CAC imposed a curfew on online gaming for minors. The restrictions included banning children under 18 from gaming between 10 p.m and 8 a.m. In addition to that, these children were restricted to only 90 minutes of online gaming on weekdays and 3 hours on weekends and holidays. Extra restrictions were imposed on spending where 8 to 16 year old gamers were allowed to spend 200 yuan (£22, $29) per month while 16 to 18 year old only 400 yuan per month.

In August 2023, CAC proposed regulations to curb perceived internet addiction on minors. These regulations would limit minors between the ages of 16 and 18 to only 2 hours of mobile usage per day although they can be bypassed with permission from parents. Children under the age of 18 will be restricted from accessing the internet between 10 p.m and 6 a.m whereas children under age 8 will be allowed only 8 minutes a day. CAC says that online platforms will be responsible for the execution of the law if passed although the specific penalties were not disclosed in the event of failure to comply.