China: Ministry of Public Security opened consultation on Law on the Prevention and Control of Cybercrime including user identification requirement

On 31 January 2026, the Ministry of Public Security opened a public consultation on the Law on the Prevention and Control of Cybercrime until 2 March 2026. Article 11 requires the use of authentic identity information when opening mobile, Internet of Things, and payment accounts. Further, Article 15 requires the registration of purchaser and user identities for tools that enable batch control, virtual location, or system intrusion. Additionally, Article 16 requires telecommunications, financial, and internet service providers (ISPs) to implement dynamic identity verification mechanisms and to increase verification frequency in areas with a high incidence of cybercrime. Article 17 further establishes a national online identity verification service and provides that service providers may be required to use it to re-verify accounts linked to cybercrime. Moreover, Article 40 requires ISPs to verify users of call interface services and to block illegal call data. It also mandates that providers of paid search services lawfully verify the qualifications of their customers. Finally, Article 46 stipulates that cybersecurity product and service providers must verify authorisation documents for users of crowdsourced testing platforms. Regarding enforcement, failure to comply with Article 11 may result in fines of one to ten times the unlawful gains, or up to RMB 200’000 where unlawful gains are below RMB 20’000. In addition, violations of Articles 15 or 17 involving the use of illegal equipment may lead to confiscation of the equipment and fines of one to ten times the unlawful gains, or up to RMB 500’000 where unlawful gains are below RMB 50,000. Furthermore, breaches of Articles 16, 17, 40, or 46 may trigger corrective orders, warnings, suspension of operations, revocation of permits, or fines ranging from RMB 50,000 to RMB 5,000,000. In certain cases, violations may also result in detention of up to 15 days or blacklisting.