China's regulators have accelerated the pace of digital services oversight. The Guowuyuan (State Council) and the Shichang Jianguan Zongju – SAMR (State Administration for Market Regulation) have together advanced a consolidated digital services regulatory package. International technology companies operating through a Waizi Duli Qiye. WFOE (wholly foreign-owned enterprise) structure. Alternatively. Supplying digital services into China from abroad, now face binding compliance obligations that take effect on a rolling basis through mid-2026.
China's updated digital services regulation imposes new licensing, algorithmic accountability, and software liability requirements on companies providing internet-based products or services to users in China. The rules apply regardless of whether the operator is incorporated locally or delivers services cross-border. Companies must complete initial registration and internal compliance procedures within prescribed periods – in most cases between 30 and 90 days from the relevant effective date of each regulatory instrument.
This alert identifies which business categories are affected, explains the threshold criteria that trigger compliance obligations, and sets out five immediate action items for international companies managing their China technology exposure.
What changed – the regulatory development and effective dates
China's technology legislation has evolved through several interconnected instruments administered by the State Council and SAMR. Three developments are now operationally significant for international companies.
First, expanded digital services registration requirements entered force in late 2025. All providers of information intermediary services, app distribution, and cloud-based software to Chinese users must register with the competent authority. This replaces informal self-declaration with a formal licensing step that carries ongoing renewal obligations.
Second, algorithmic accountability rules – building on China's earlier algorithmic recommendation legislation – now extend to a broader category of personalisation, content curation, and automated decision-making systems. Companies must document how their algorithms function, conduct periodic self-assessments, and retain records for inspection. The obligation to file algorithmic transparency reports applies from the first quarter of 2026.
Third, software liability provisions under China's updated data and technology legislation clarify when a provider is deemed the responsible party for harm caused by a defective digital product or service. These provisions shift the burden of proof in certain dispute categories and are directly relevant to companies that license software into China without a local entity. Disputes under this regime may be referred to Zhongguo Guoji Jingji Maoyi Zhongcai Weiyuanhui. CIETAC (China International Economic and Trade Arbitration Commission) or resolved before the Zhongguo Guoji Shangshi Fayuan – China International Commercial Court.
A fourth instrument – governing cross-border data transfers and technology licensing – sets out new conditions for transferring data generated in China to overseas servers. Companies relying on standard contractual mechanisms must re-execute updated forms with their Chinese counterparts.
Effective dates vary by instrument. The registration and licensing requirements were enforceable from 1 January 2026. The algorithmic accountability reporting obligation applies from 1 April 2026. The software liability and cross-border data transfer rules take full effect on 1 July 2026. Non-compliance after each respective date may trigger administrative penalties, suspension of services, or reputational consequences in the Chinese market.
For a full overview of how China's AI Act compliance obligations interact with these digital services rules, see our dedicated page on AI and technology law in China.
Who is affected – threshold criteria and business categories
The new rules apply broadly. However, they carry the most immediate weight for four categories of operator.
App and software distributors offering products to Chinese users – whether through domestic app stores or direct download – must register under the digital services licensing regime. The threshold is set by user reach, not revenue: any service accessed by Chinese users above a defined volume qualifies, regardless of the operator's country of incorporation.
Cloud and SaaS providers supplying infrastructure or application services to Chinese businesses or consumers are subject to both the registration requirement and the software liability provisions. WFOEs operating data centres in China carry direct obligations. Offshore providers contracting with Chinese counterparties carry obligations through technology licensing terms.
Algorithm-driven platforms – including recommendation engines, content moderation systems, pricing algorithms, and automated customer engagement tools – face the algorithmic accountability reporting and audit obligations. The rules apply if the algorithm influences content seen by, or decisions made about, Chinese users.
Cross-border data exporters – companies transferring personal data or important data generated in China to servers located outside the country – must complete a security assessment or execute updated standard contractual clauses before 1 July 2026. This affects any international group with a Chinese affiliate or user base.
Smaller operators providing purely business-to-business services with limited user interaction may fall below the registration threshold. However, SAMR has indicated an intent to extend coverage incrementally. Companies near the threshold should not assume continued exemption without legal review.
To receive a preliminary review of your technology licensing and digital services exposure in China, contact us at info@ferrazwhitmore.com.
What to do now – immediate actions and timeline
International companies should treat the following five steps as urgent priorities.
- Map your China-facing digital services footprint. Identify every product, app, platform, or algorithm that reaches Chinese users – directly or through a Chinese partner. This mapping exercise is the foundation for all subsequent compliance steps and should be completed within the next 30 days.
- Audit your WFOE and technology licensing structures. Confirm whether your existing entity structure requires registration under the new digital services regime. Review all intra-group technology licensing agreements for clauses that address software liability, data transfers, and dispute resolution. Agreements that predate the 2026 updates may contain gaps.
- Prepare algorithmic accountability documentation. If your products use recommendation, personalisation, or automated decision systems, begin compiling the technical and governance documentation required for SAMR filings. The April 2026 reporting deadline for algorithmic accountability disclosures is already current.
- Re-execute cross-border data transfer agreements. Companies relying on standard contractual clauses for data transfers from China should identify affected data flows and arrange execution of updated agreements before 1 July 2026. Delays in this step carry the highest enforcement risk under the data and technology legislation.
- Establish a dispute resolution protocol. Given the expanded scope of software liability, review your contracts with Chinese counterparties to confirm whether CIETAC arbitration or the China International Commercial Court is designated for technology disputes. Outdated or absent dispute resolution clauses create material litigation exposure under the new liability rules.
Companies with intellectual property registered or pending in China should also assess how the new software liability rules interact with their existing protection strategy. Our analysis of intellectual property protection in China addresses this intersection in detail.
For a comparison of how equivalent digital services obligations have developed in other high-growth markets, see our alert on digital services regulation in the UAE.
About Ferraz & Whitmore
Ferraz & Whitmore is an international law firm based in Lisbon, advising business clients across 46 jurisdictions. Our technology law practice supports international companies operating in China on digital services compliance, AI Act compliance requirements, algorithmic accountability obligations, software liability exposure, and technology licensing structures. We work with WFOEs, cross-border SaaS providers, and in-house legal teams managing China regulatory risk across both civil law and common law systems. Our attorneys have advised on cross-border technology transactions before CIETAC and have practical experience with SAMR regulatory filings and State Council-level compliance requirements. As an international law firm in China-facing practice, Ferraz & Whitmore brings the dual-tradition perspective that cross-border technology matters demand. To discuss how China's updated digital services rules apply to your operations, contact us at info@ferrazwhitmore.com.
Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. Ferraz & Whitmore assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@ferrazwhitmore.com.