Operating a digital platform, hosting web services, or importing wireless devices in Mainland China requires strict adherence to the regulatory frameworks of the Ministry of Industry and Information Technology (MIIT). As the primary administrative authority overseeing China's telecommunications, software, and electronic hardware sectors, the MIIT administers the licensing, filings, and equipment approvals that serve as the entry gate for China's digital economy. For international enterprises, establishing a compliant structure early is essential to secure domestic hosting, obtain operational licenses, and clear customs without disruption.
Understanding the Role of the MIIT in China
The Ministry of Industry and Information Technology (MIIT) is responsible for the state administration of China's software, hardware, and telecommunications sectors. For international businesses, its oversight covers two key domains: Value-Added Telecommunications Services (VATS), which govern websites, software-as-a-service (SaaS) products, apps, and e-commerce platforms; and radio spectrum management, which governs all hardware emitting wireless signals. Navigating these systems requires technical alignment with state-accredited infrastructure and local administrative coordination.
It is critical for foreign investors to distinguish the jurisdiction of the MIIT from other Chinese cyber authorities. The MIIT acts strictly as the industry regulator for telecommunications and hardware. It is not a data privacy regulator, a data localization auditor, or a content regulator. Governance over data privacy and cross-border data transfer assessments falls under the Cyberspace Administration of China (CAC). Meanwhile, website public security registrations and cybersecurity policing fall under the Ministry of Public Security (MPS).
Infrastructure Enforcement: Establishing a digital presence on servers physically located within Mainland China requires administrative registration with the MIIT. Operating domestic hosting without an ICP Filing is prevented at the infrastructure level, as cloud and hosting providers are legally prohibited from binding domain names to Mainland IP addresses until the filing is verified.
Strategic Benefits of MIIT Compliance
Achieving proper telecommunications licensing and product approvals provides substantial strategic and operational advantages for foreign-invested enterprises:
- High-Performance Domestic Hosting Securing a verified ICP Filing allows businesses to host platforms on Mainland China servers and content delivery networks (CDNs), reducing latency and ensuring high availability.
- Authorized Commercial Operations Obtaining commercial ICP (B25) or EDI (B21) licenses permits legal online billing, marketplace hosting, SaaS subscriptions, and digital transaction processing in Mainland China.
- Unobstructed Customs Clearance Acquiring SRRC Type Approval and Network Access Licenses (NAL) prevents equipment confiscation by China Customs (GACC) and allows placement on local retail networks.
- Compliant Cross-Border Networks Utilizing MIIT-approved cross-border lines leased from licensed state-owned carriers ensures compliant connectivity between local operations and international headquarters.
Value-Added Telecommunications Services (VATS) Licensing
For digital businesses, navigating MIIT compliance requires a clear understanding of the difference between administrative filings and commercial telecommunications licenses:
Non-Commercial ICP Filing (ICP 备案)
An ICP Filing is a mandatory administrative registration required for any website hosted on servers located within Mainland China. It is not a business license. It is designed for informational, non-commercial websites that do not process payments, display commercial advertisements, or charge user fees. If your website is hosted on servers outside Mainland China, an ICP Filing is not required, though your website traffic will be subject to latency and network filtering.
Commercial VATS Licenses
Commercial operations require formal Value-Added Telecommunications Services (VATS) licenses. The two most common licenses for foreign-invested digital platforms are:
- Commercial ICP License (B25 Information Services): Required for platforms that provide commercial information, paid subscriptions, online advertising, or SaaS platforms that bill users directly for access.
- EDI License (B21 Online Data Processing & Transaction Processing): Required for e-commerce stores, multi-vendor marketplaces, and digital transaction processing platforms.
Foreign Investment Restrictions & Structure Policies
The PRC Telecommunications Regulation imposes foreign equity limits on VATS licenses, though these limits vary by category and location:
- Commercial ICP (B25): Foreign equity is generally capped at 50% nationwide. However, pilot policies in specific regions, such as the Shanghai Free Trade Zone (FTZ), permit up to 100% foreign-owned enterprises (WFOEs) to obtain licenses for specific information services sub-categories.
- EDI License (B21): In line with national liberalization rules, 100% foreign equity is permitted nationwide for platforms engaged in e-commerce under the Online Data Processing and Transaction Processing (EDI - Category B21) classification. This allows foreign companies to set up 100% WFOE e-commerce platforms in China. However, other sub-categories of B21, such as public cloud computing, remain restricted.
- Variable Interest Entities (VIE): Historically, some foreign investors have utilized VIE structures to participate in restricted telecommunications sectors in China. The regulatory environment surrounding VIEs is complex and subject to strict regulatory oversight by the MIIT and other authorities. Investors should secure structured, case-by-case legal counsel rather than assuming automatic compliance or guaranteed bypass of equity rules.
Infrastructure & Cloud Compliance in China
To establish a domestically hosted website, application, or SaaS platform in Mainland China, businesses must use approved local infrastructure. The selection of hosting providers and network architecture is driven by regulatory compliance, licensing status, and technical design requirements:
- Mainland Cloud Platforms Companies can utilize authorized domestic cloud providers (such as Alibaba Cloud, Tencent Cloud, or Huawei Cloud) or the isolated domestic operations of global providers.
- International Joint Ventures AWS China (operated independently by Beijing Sinnet or Ningxia Western Cloud Data) and Microsoft Azure China (operated independently by 21Vianet) provide localized environments that require domestic accounts.
- Filing Pre-requisites Regardless of the provider chosen, Mainland servers cannot bind domain names or direct traffic to public IP addresses until the host provider validates a verified ICP Filing.
No single cloud provider is legally mandatory. The choice of architecture—whether fully localized, hybrid, or CDN-focused—depends on the legal structure of your enterprise, your technical budget, and the specific data security requirements of your industry.
Wireless & Hardware Certifications (SRRC & NAL)
Hardware developers importing, selling, or distributing electronic devices in Mainland China must secure product certifications from the MIIT. The two primary regulatory pathways are:
SRRC Type Approval (无线电设备型号核准)
Administered by the State Radio Regulation Committee under the MIIT, SRRC Type Approval is mandatory for any hardware device that actively emits radio waves. This covers devices utilizing wireless frequencies such as Wi-Fi, Bluetooth, Zigbee, NFC, RFID, cellular (4G/5G), or radar. Devices must undergo laboratory testing at state-accredited facilities to ensure they operate within authorized frequency ranges and do not cause harmful spectrum interference. Certified products are issued a unique CMIIT ID that must be displayed on the product label.
Network Access License (进网许可 - NAL)
A Network Access License is required specifically for telecommunications equipment that connects to public telecommunications networks. This includes public telecom terminal equipment, radio communication equipment, and network interconnection equipment (such as smartphones, cellular modems, network switches, routers, and gateway devices). The NAL review includes security and performance evaluations to verify the safety and stability of the public network interface.
Not all electronic devices require both approvals. A device without wireless transmission capabilities does not require SRRC. Conversely, a wireless product that does not connect directly to the public telecommunications network (e.g., a Bluetooth-only consumer accessory) does not require a NAL. Certification requirements are determined on a case-by-case basis depending on the technical parameters of the product.
Cross-Border Network & Corporate Connectivity
Multinational companies operating in Mainland China frequently require secure, low-latency connectivity to link local branches with overseas headquarters. The MIIT regulates the establishment of these cross-border network channels to ensure data security and infrastructural control:
- Authorized Carriers: Cross-border private lines, such as International Private Leased Circuits (IPLC), International Ethernet Private Lines (IEPL), or managed SD-WAN architectures, must be leased from basic telecommunications carriers licensed by the MIIT (such as China Telecom, China Unicom, and China Mobile).
- Regulatory Border Management: The use of unauthorized VPN tunnels or unapproved routing mechanisms to bypass the state network gateway is non-compliant. However, standard VPN protocols themselves are not illegal; the regulation targets unauthorized network channels and unlicensed commercial VPN providers.
- Data Security Boundaries: Cross-border networks must be managed in accordance with the Data Security Law (DSL) and the Personal Information Protection Law (PIPL). No single network configuration or connectivity solution guarantees automatic regulatory compliance. Businesses must align their traffic routing with data classification guidelines and obtain necessary approvals for cross-border data export where applicable.
Integration with Cyberspace (CAC) & Security (MPS) Authorities
MIIT licensing is part of an integrated compliance ecosystem in Mainland China. Businesses must coordinate their MIIT filings with other regulatory authorities:
The CAC is the primary authority for data protection, data privacy, and data security audits. While the MIIT registers the domain names and licenses telecommunications platforms, the CAC regulates the data flowing through them. Businesses must comply with the Personal Information Protection Law (PIPL) and obtain CAC approval for cross-border data transfer security assessments where required.
The MPS oversees public security compliance. Within 30 days of a website going live under an ICP Filing, the operator is legally required to complete a Public Security Bureau (PSB) website registration (公安网备) through the national internet security management platform. Operators must also ensure system security matches the requirements of the Multi-Level Protection Scheme (MLPS).
Step-by-Step MIIT Licensing & Filing Process
Registering digital platforms or hardware with the MIIT involves a structured administrative and technical workflow:
Deliverables You Receive
Frequently Asked Questions
Optimize Your Technical Compliance in Mainland China
Ensure your digital platforms, hosting architectures, corporate networks, and wireless hardware meet all MIIT, CAC, and MPS regulatory requirements. Contact our senior advisory team for a compliance review.
Get MIIT Support