If you care about China tech, it’s time to get to know the country’s main tech regulators. 2021 started with the country tightening antitrust regulations on big technology players, shaving billions of dollars off their market caps. 

The crackdown reached a new high this month when the Cyberspace Administration of China (CAC) launched a security probe into ride-hailing platform Didi Global just days after its New York listing, sending shock waves among investors around the world.


Insights is a series of explainers on developing stories in China tech, published in the subscriber-only TechNode Distilled newsletter.

It’s normally exclusive to TechNode subscribers, but we’re making this issue free as a sample of our work. Sign up here to get access to every issue.

These crackdowns aren’t new—for the past few years, regulators have been subjecting tech firms to stricter data and privacy rules. Understanding who they are and what they do is becoming more important than ever for investors in and watchers of China tech. Below are the top three Chinese tech regulators you should know.

Bottom line: Dozens of agencies regulate China tech, but the current crackdown is driven by three key regulators: the Cyberspace Administration of China (CAC) polices content, privacy, and cybersecurity. The State Administration for Market Regulation (SAMR) is in charge of markets and consumer protection, and has led the recent anti-monopoly campaign. The People’s Bank of China (PBoC), China’s central bank, is the key organization for financial regulation, and has been the most important player in writing new rules on lending, payments, and the “rectification” of Ant Group.

Cyberspace Administration of China (CAC)

The CAC was created in 2011 as part of the State Council Information Office but its powers have mushroomed over the past few years. The agency is in charge of areas like online content, privacy, and data security.

When it was created, the agency was only an online content moderator: The CAC’s duties included online content moderation, online news regulation, and “online propaganda work,” state newspaper Guangming Daily (in Chinese) reported in 2011 when the agency was founded.

A reshuffle made it a regulator: In 2014, the CAC joined the Office of the Central Cyberspace Affairs Commission, a body of the ruling Chinese Communist Party. 

  • The two bodies share the same staff and offices under a special arrangement called “one institution with two names.” The party body is under the Central Leading Group for Cybersecurity and Informatization, which reports directly to Chinese President Xi Jinping.
  • The 2014 reshuffle officially gave the CAC the authority to regulate content on China’s internet. In a document (in Chinese) published in August 2014, the State Council authorized the CAC to “take responsibility for nationwide internet information content management and for the supervision and management of law enforcement.”
  • The 2014 document was the only legal basis of the CAC’s law enforcement power before the 2017 Cybersecurity Law, Liu Jinxin, an editor at a website managed by the CAC, wrote (in Chinese) in 2016 when the law was passed by China’s legislature.

Now, it’s about more than just content: Over the course of the last ten years, the CAC has expanded its reach beyond content moderation, taking on responsibility for privacy regulation and cybersecurity, among several others areas. 

  • Subsequent laws since the CAC was created have given it the power to “coordinate” the regulation of online privacy and data, said Carly Ramsey, a Shanghai-based director at consultancy Control Risks.
  • China’s Cybersecurity Law says the CAC is responsible for “coordinating” the nation’s cybersecurity regulations. 
  • The country’s Data Security Law, which was passed in June and will take effect in September, charges the CAC with “coordinating” network data security and regulation.
  • According to the cybersecurity and data security laws, said Ramsey, “the CAC always has a coordination and supervision role when it comes to the development and implementation of cybersecurity-related laws and regulations.”

It may also have a say in who can go public: Earlier this month, the CAC proposed an overhaul of China’s cybersecurity review process, requiring companies holding data on more than 1 million users to seek permission from regulators before filing for initial public offerings (IPOs) overseas.

  • One key purpose for overseas IPO reviews is to control the risk of companies exporting “core” and “important” data or being “influenced, controlled, or abused” by foreign governments during the listing process, the regulator said in the draft provisions.

Related regulators: The CAC works with government agencies like the Ministry of Industry and Information Technology (MIIT) and the Ministry of Public Security (MPS) to regulate privacy and data issues.

State Administration for Market Regulation (SAMR)

SAMR is China’s top market regulator. It is the main regulator in China’s antitrust campaign against tech companies.

Until 2020, dealing with the CAC was often the top priority for Chinese tech companies’ government relations departments. But ever since the Chinese government launched an antitrust crackdown on the sector in November, SAMR has become another major regulator that has left government relations staff scratching their heads. 

China’s antitrust regulators have largely left tech companies alone. The situation changed dramatically in November, when SAMR proposed guidelines targeting anticompetitive behavior, specifically including internet companies. The new rules widen the reach of antitrust, which previously only applied to the physical economy.

Next, SAMR took direct aim at big tech players like Alibaba and Tencent, punishing them for minor violations of China’s Anti-Monopoly Law, such as unreported merger and acquisition deals from years before. In December, the agency launched an anti-monopoly investigation targeting Alibaba. The probe ended in April when SAMR issued Alibaba an RMB 18.2 billion ($2.8 billion) fine for antitrust practices including “forced exclusivity.”

Most recently, SAMR blocked a merger deal between Tencent-backed game streaming platforms Huya and Douyu.

New broom: SAMR was established in March 2018 during a structural reshuffle of the State Council, China’s cabinet. It absorbed three ministry-level government agencies and inherited antitrust authority from three other central government bodies, under a government reorganization plan (in Chinese).

  • In the structural reshuffle, the State Council eliminated the State Administration for Industry and Commerce, the General Administration of Quality Supervision, Inspection and Quarantine, and the China Food and Drug Administration. All three agencies’ enforcement authorities were transferred to SAMR.
  • The mega-regulator also assumed powers to enforce antitrust laws that had belonged to the National Development and Reform Commission, the Commerce Ministry, and the State Council.

Top trustbuster: China’s 2008 Anti-Monopoly Law identified an antitrust commission under the State Council as being responsible for the coordination and supervision of China’s anti-monopoly regulation. The commission, like the others, was also merged into SAMR in the 2018 reshuffle.

  • SAMR also has the authority to formulate antitrust regulations and guidelines, according to the Anti-Monopoly Law.

Price regulation: Inheriting powers from the State Administration for Industry and Commerce, SAMR regulates companies’ pricing strategies, per the nation’s 1997 Price Law (in Chinese).

  • As a result, online marketplaces like Taobao and Ctrip fall under SAMR’s purview.
  • SAMR earlier this month proposed (in Chinese) regulations on consumer pricing practices, banning e-commerce platforms from using big data and algorithms to charge customers different prices for the same product or service by analyzing their purchasing history.

People’s Bank of China (PBoC)

The PBoC, the country’s central bank, is the major regulator for fintech. The financial regulator oversees China’s online payment sector, supervising companies like Alipay and Tencent’s WeChat Pay, which combined have more than 1 billion users.

The bank has been involved in high-profile moves against China’s tech sector, leading the investigation into fintech giant Ant Group after China halted the company’s plans for a mega IPO in November. 

Ruling online payments: The PBoC became a fintech regulator in 2015 after it issued regulations (in Chinese) governing the online payment sector, requiring companies that provide digital payment services to be subject to its oversight. Ant Group’s Alipay is China’s largest mobile payment service, followed by Tencent’s WeChat Pay.

It doesn’t like cryptocurrencies: The bank and online payment regulator is also use its power to crack down on cryptocurrencies. In June, the central bank summoned several commercial banks and Alipay, asking them not to provide financial services to cryptocurrency traders, according to state news agency Xinhua (in Chinese).

See also: Finance is also governed by two specialist regulators. The China Banking and Insurance Regulatory Commission (CBIRC) is also responsible for online banking and insurance products. 

And if you like IPOs: The China Securities Regulatory Commission (CSRC) regulates stocks, and appears to be taking an increasingly important role in approving the listings of all Chinese companies.

Writing about semiconductors and telecommunications.