|
Why China
Market Entry
AI Market Entry PlannerEntry PathwaysRegulatory Overview
Services & Packages
Our ServicesPackages & PricingPartner Network
Opportunities
IndustriesDevelopment InitiativesEventsLife in China
Resources
AI ToolsFAQsSuccess StoriesNews & Insights
← Back to Ecosystem

MIIT Services &
Tech Compliance in China

Establish a compliant digital footprint in Mainland China. Expert advisory for value-added telecommunications licensing (ICP/EDI), SRRC radio type approvals, Network Access Licenses (NAL), and compliant cross-border network architecture.

Request Tech Compliance Consultation

Operating a digital platform, hosting web services, or importing wireless devices in Mainland China requires strict adherence to the regulatory frameworks of the Ministry of Industry and Information Technology (MIIT). As the primary administrative authority overseeing China's telecommunications, software, and electronic hardware sectors, the MIIT administers the licensing, filings, and equipment approvals that serve as the entry gate for China's digital economy. For international enterprises, establishing a compliant structure early is essential to secure domestic hosting, obtain operational licenses, and clear customs without disruption.

Understanding the Role of the MIIT in China

The Ministry of Industry and Information Technology (MIIT) is responsible for the state administration of China's software, hardware, and telecommunications sectors. For international businesses, its oversight covers two key domains: Value-Added Telecommunications Services (VATS), which govern websites, software-as-a-service (SaaS) products, apps, and e-commerce platforms; and radio spectrum management, which governs all hardware emitting wireless signals. Navigating these systems requires technical alignment with state-accredited infrastructure and local administrative coordination.

It is critical for foreign investors to distinguish the jurisdiction of the MIIT from other Chinese cyber authorities. The MIIT acts strictly as the industry regulator for telecommunications and hardware. It is not a data privacy regulator, a data localization auditor, or a content regulator. Governance over data privacy and cross-border data transfer assessments falls under the Cyberspace Administration of China (CAC). Meanwhile, website public security registrations and cybersecurity policing fall under the Ministry of Public Security (MPS).

Infrastructure Enforcement: Establishing a digital presence on servers physically located within Mainland China requires administrative registration with the MIIT. Operating domestic hosting without an ICP Filing is prevented at the infrastructure level, as cloud and hosting providers are legally prohibited from binding domain names to Mainland IP addresses until the filing is verified.

Strategic Benefits of MIIT Compliance

Achieving proper telecommunications licensing and product approvals provides substantial strategic and operational advantages for foreign-invested enterprises:

  • High-Performance Domestic Hosting Securing a verified ICP Filing allows businesses to host platforms on Mainland China servers and content delivery networks (CDNs), reducing latency and ensuring high availability.
  • Authorized Commercial Operations Obtaining commercial ICP (B25) or EDI (B21) licenses permits legal online billing, marketplace hosting, SaaS subscriptions, and digital transaction processing in Mainland China.
  • Unobstructed Customs Clearance Acquiring SRRC Type Approval and Network Access Licenses (NAL) prevents equipment confiscation by China Customs (GACC) and allows placement on local retail networks.
  • Compliant Cross-Border Networks Utilizing MIIT-approved cross-border lines leased from licensed state-owned carriers ensures compliant connectivity between local operations and international headquarters.

Value-Added Telecommunications Services (VATS) Licensing

For digital businesses, navigating MIIT compliance requires a clear understanding of the difference between administrative filings and commercial telecommunications licenses:

Non-Commercial ICP Filing (ICP 备案)

An ICP Filing is a mandatory administrative registration required for any website hosted on servers located within Mainland China. It is not a business license. It is designed for informational, non-commercial websites that do not process payments, display commercial advertisements, or charge user fees. If your website is hosted on servers outside Mainland China, an ICP Filing is not required, though your website traffic will be subject to latency and network filtering.

Commercial VATS Licenses

Commercial operations require formal Value-Added Telecommunications Services (VATS) licenses. The two most common licenses for foreign-invested digital platforms are:

  • Commercial ICP License (B25 Information Services): Required for platforms that provide commercial information, paid subscriptions, online advertising, or SaaS platforms that bill users directly for access.
  • EDI License (B21 Online Data Processing & Transaction Processing): Required for e-commerce stores, multi-vendor marketplaces, and digital transaction processing platforms.

Foreign Investment Restrictions & Structure Policies

The PRC Telecommunications Regulation imposes foreign equity limits on VATS licenses, though these limits vary by category and location:

  • Commercial ICP (B25): Foreign equity is generally capped at 50% nationwide. However, pilot policies in specific regions, such as the Shanghai Free Trade Zone (FTZ), permit up to 100% foreign-owned enterprises (WFOEs) to obtain licenses for specific information services sub-categories.
  • EDI License (B21): In line with national liberalization rules, 100% foreign equity is permitted nationwide for platforms engaged in e-commerce under the Online Data Processing and Transaction Processing (EDI - Category B21) classification. This allows foreign companies to set up 100% WFOE e-commerce platforms in China. However, other sub-categories of B21, such as public cloud computing, remain restricted.
  • Variable Interest Entities (VIE): Historically, some foreign investors have utilized VIE structures to participate in restricted telecommunications sectors in China. The regulatory environment surrounding VIEs is complex and subject to strict regulatory oversight by the MIIT and other authorities. Investors should secure structured, case-by-case legal counsel rather than assuming automatic compliance or guaranteed bypass of equity rules.

Infrastructure & Cloud Compliance in China

To establish a domestically hosted website, application, or SaaS platform in Mainland China, businesses must use approved local infrastructure. The selection of hosting providers and network architecture is driven by regulatory compliance, licensing status, and technical design requirements:

  • Mainland Cloud Platforms Companies can utilize authorized domestic cloud providers (such as Alibaba Cloud, Tencent Cloud, or Huawei Cloud) or the isolated domestic operations of global providers.
  • International Joint Ventures AWS China (operated independently by Beijing Sinnet or Ningxia Western Cloud Data) and Microsoft Azure China (operated independently by 21Vianet) provide localized environments that require domestic accounts.
  • Filing Pre-requisites Regardless of the provider chosen, Mainland servers cannot bind domain names or direct traffic to public IP addresses until the host provider validates a verified ICP Filing.

No single cloud provider is legally mandatory. The choice of architecture—whether fully localized, hybrid, or CDN-focused—depends on the legal structure of your enterprise, your technical budget, and the specific data security requirements of your industry.

Wireless & Hardware Certifications (SRRC & NAL)

Hardware developers importing, selling, or distributing electronic devices in Mainland China must secure product certifications from the MIIT. The two primary regulatory pathways are:

SRRC Type Approval (无线电设备型号核准)

Administered by the State Radio Regulation Committee under the MIIT, SRRC Type Approval is mandatory for any hardware device that actively emits radio waves. This covers devices utilizing wireless frequencies such as Wi-Fi, Bluetooth, Zigbee, NFC, RFID, cellular (4G/5G), or radar. Devices must undergo laboratory testing at state-accredited facilities to ensure they operate within authorized frequency ranges and do not cause harmful spectrum interference. Certified products are issued a unique CMIIT ID that must be displayed on the product label.

Network Access License (进网许可 - NAL)

A Network Access License is required specifically for telecommunications equipment that connects to public telecommunications networks. This includes public telecom terminal equipment, radio communication equipment, and network interconnection equipment (such as smartphones, cellular modems, network switches, routers, and gateway devices). The NAL review includes security and performance evaluations to verify the safety and stability of the public network interface.

Not all electronic devices require both approvals. A device without wireless transmission capabilities does not require SRRC. Conversely, a wireless product that does not connect directly to the public telecommunications network (e.g., a Bluetooth-only consumer accessory) does not require a NAL. Certification requirements are determined on a case-by-case basis depending on the technical parameters of the product.

Cross-Border Network & Corporate Connectivity

Multinational companies operating in Mainland China frequently require secure, low-latency connectivity to link local branches with overseas headquarters. The MIIT regulates the establishment of these cross-border network channels to ensure data security and infrastructural control:

  • Authorized Carriers: Cross-border private lines, such as International Private Leased Circuits (IPLC), International Ethernet Private Lines (IEPL), or managed SD-WAN architectures, must be leased from basic telecommunications carriers licensed by the MIIT (such as China Telecom, China Unicom, and China Mobile).
  • Regulatory Border Management: The use of unauthorized VPN tunnels or unapproved routing mechanisms to bypass the state network gateway is non-compliant. However, standard VPN protocols themselves are not illegal; the regulation targets unauthorized network channels and unlicensed commercial VPN providers.
  • Data Security Boundaries: Cross-border networks must be managed in accordance with the Data Security Law (DSL) and the Personal Information Protection Law (PIPL). No single network configuration or connectivity solution guarantees automatic regulatory compliance. Businesses must align their traffic routing with data classification guidelines and obtain necessary approvals for cross-border data export where applicable.

Integration with Cyberspace (CAC) & Security (MPS) Authorities

MIIT licensing is part of an integrated compliance ecosystem in Mainland China. Businesses must coordinate their MIIT filings with other regulatory authorities:

Cyberspace Administration of China (CAC)

The CAC is the primary authority for data protection, data privacy, and data security audits. While the MIIT registers the domain names and licenses telecommunications platforms, the CAC regulates the data flowing through them. Businesses must comply with the Personal Information Protection Law (PIPL) and obtain CAC approval for cross-border data transfer security assessments where required.

Ministry of Public Security (MPS)

The MPS oversees public security compliance. Within 30 days of a website going live under an ICP Filing, the operator is legally required to complete a Public Security Bureau (PSB) website registration (公安网备) through the national internet security management platform. Operators must also ensure system security matches the requirements of the Multi-Level Protection Scheme (MLPS).

Step-by-Step MIIT Licensing & Filing Process

Registering digital platforms or hardware with the MIIT involves a structured administrative and technical workflow:

1
Entity & Domain Verification Confirm the Chinese legal entity holds a valid SAMR Business License. Register the domain name under the exact name of the local Chinese company using an MIIT-accredited registrar in China.
2
Hosting Integration Provision localized hosting or cloud computing resources from an authorized domestic provider, obtaining the necessary IP address allocations and host binding certificates.
3
Documentation & Portal Submission Prepare the administrative filing dossiers, including corporate credentials, local contact details, network security declarations, and submit them via the provincial Communications Administration portal.
4
Verification & Provincial Review Complete face/video identification through designated administrative mobile applications. The application undergoes review by the provincial Communications Administration.
5
ICP Number Placement Once approved, the unique ICP Filing number (e.g., 京ICP备XXXX号) must be displayed in the website footer, linking to the official MIIT domain verification query database.
6
Public Security Bureau Filing Within 30 days of the website launch, submit the internet security registration dossier to the Ministry of Public Security (MPS) online portal to complete the digital compliance cycle.

Deliverables You Receive

ICP Filing Registration Code A verified administrative registration record in the central MIIT database and the official filing code to display in your China website footer.
Commercial VATS / EDI License Certificate The formal paper-based telecommunications operating license issued by the MIIT or provincial Communications Administration for B21/B25 commercial activities.
SRRC Type Approval Certificate The official radio type approval certificate issued by the MIIT containing the CMIIT ID code to display on your wireless hardware products.
Network Access License (NAL) Label The official network access approval certificate and access stickers, authorizing connection of public-network communication devices.

Frequently Asked Questions

No. Hosting inside Mainland China is not a mandatory requirement for websites accessed from China. Websites hosted overseas (e.g., in Singapore, Hong Kong, or Europe) do not require an ICP Filing. However, websites hosted outside the Mainland may suffer from significant network latency, packet loss, or filtering at the network border. Local hosting is required if you wish to bind your domain to domestic IP addresses or utilize Mainland CDN nodes, which in turn mandates an ICP Filing.
Yes, but foreign ownership is subject to limits. Nationwide, foreign equity in a commercial ICP license (Information Services - Category B25) is capped at 50%. However, under pilot liberalization programs in specific regions, such as the Shanghai Free Trade Zone (FTZ), 100% foreign-owned enterprises (WFOEs) are permitted to apply for commercial B25 licenses for specific information service types, subject to provincial and MIIT review.
Under China's national foreign investment laws and telecommunications liberalization rules, 100% foreign equity is permitted nationwide for platforms engaged in e-commerce under the Online Data Processing and Transaction Processing (EDI - Category B21) classification. This allows foreign companies to set up 100% WFOE e-commerce platforms in China. However, other sub-categories of B21, such as public cloud computing or virtual private networks, remain capped or restricted.
An ICP Filing (ICP 备案) is a mandatory administrative registration for non-commercial, informational websites hosted on domestic Chinese servers that do not process transactions or charge user fees. A Commercial ICP License (ICP 许可证 - B25) is an operational telecommunications license required for platforms hosted in China that generate revenue directly from users (e.g., online advertising, paid SaaS platforms, paid database access, or subscription services).
VIE structures have historically been used by some foreign investors to participate in restricted telecommunications sectors (like public cloud and SaaS). However, the regulatory framework surrounding VIE structures is complex and subject to strict regulatory scrutiny by the MIIT and other state authorities. They are not formally recommended or endorsed by regulators as a simple bypass. A detailed legal assessment of your specific business model is required to evaluate compliance risk.
No. Global AWS or Microsoft Azure infrastructure is not connected directly to Mainland China local servers. To host domestically in China, you must open separate accounts with their isolated domestic operations: AWS China (operated by Beijing Sinnet or Ningxia Western Cloud Data) or Microsoft Azure China (operated by 21Vianet). Operating these localized accounts requires a valid Chinese business license and a verified domestic ICP Filing.
No. SRRC (State Radio Regulation Committee) Type Approval is required only for active radio transmitting equipment emitting radio waves (e.g., Wi-Fi, Bluetooth, cellular, RFID devices). A Network Access License (NAL) is required specifically for telecommunications terminal equipment that connects directly to public networks (e.g., routers, switches, modems, mobile phones). A Bluetooth-only headphone requires SRRC but not NAL. A network device without wireless radio capabilities may require NAL but not SRRC. A smartphone requires both.
VPN technology itself is not illegal in China. However, under MIIT regulations, cross-border network channels used for corporate communications must be leased from authorized basic telecommunications carriers (such as China Telecom, China Unicom, or China Mobile) using compliant services like IPLC or IEPL. The establishment or use of unauthorized VPN tunnels or unapproved routing mechanisms to bypass the state gateway is non-compliant.
Yes, it is entirely separate. A Public Security Bureau (PSB) website registration (公安网备) is an internet security registration managed by the Ministry of Public Security (MPS). Within 30 days of your website going live under an MIIT ICP Filing, you must submit the registration dossier via the national internet security management portal. Failing to do so can result in administrative warnings or website suspension, independent of your MIIT status.
The MIIT is the industrial and infrastructure regulator, overseeing telecommunications operations, issuing VATS/EDI licenses, administering ICP filings, and managing hardware certifications (SRRC, NAL). The Cyberspace Administration of China (CAC) is the data protection and cybersecurity regulator, supervising compliance with the Personal Information Protection Law (PIPL) and the Data Security Law (DSL), managing data localization reviews, and performing security assessments for cross-border data transfers.

Optimize Your Technical Compliance in Mainland China

Ensure your digital platforms, hosting architectures, corporate networks, and wireless hardware meet all MIIT, CAC, and MPS regulatory requirements. Contact our senior advisory team for a compliance review.

Get MIIT Support
Chat with us!