Security Assessments
Overview
Since November 30, 2018, apps offering social or interactive functionalities in China are required to undergo a Security Assessment, as mandated by the Cyberspace Administration of China (CAC). This is a regulatory procedure to ensure that platforms offering information services are compliant with cybersecurity, data protection, and content control regulations.
The assessment evaluates the app’s ability to prevent risks such as illegal content dissemination, information leakage, destabilizing speech, and privacy violations.
Note: This requirement applies to many social, media, or content platforms-even if user interaction features are not the app’s primary function.
Who Needs to Apply?
You may be required to undergo a Security Assessment if your app includes:
- Forums, blogs, microblogs, or comment sections
- Chat rooms, group messaging, or community features
- Official accounts, user-generated content (UGC), short videos, or live streaming
- Information-sharing services, mini-program hosting, or AI-generated content
- Any other feature that enables public expression or the spread of public opinion
If you’re unsure whether your app qualifies, we can help assess your risk and obligation level.
What You’ll Need
We will assist you through the entire process. In addition to basic app information, you will need to prepare responses to the following operational and technical questions:
| # | Key Questions |
|---|---|
| 1 | How have you designated personnel responsible for security (superintendent, reviewer, admin)? |
| 2 | How do you verify users’ real identities, and how is registration data retained? |
| 3 | What logs do you retain (e.g. user accounts, IPs, timestamps, client device info, user actions)? |
| 4 | What measures do you take to identify and handle illegal/harmful content in names, posts, comments? |
| 5 | What technical measures do you use to protect personal data and prevent the spread of harmful info? |
| 6 | Do you have a complaints/reporting mechanism? How is it published and managed? |
| 7 | How do you cooperate with regulators and law enforcement in accordance with the law? |
We will help ensure your responses meet regulatory expectations and support documentation is complete.
Processing Time
There is currently no official timeline published by the CAC. In our experience, most security assessments are completed in 6–8 weeks, but this depends heavily on the workload of local cybersecurity departments.
We recommend preparing early to avoid launch delays.
Need Help?
We provide expert support for completing the Security Assessment process, including document preparation, risk evaluation, and regulator communication.
Contact us to find out whether your app needs an assessment and how we can help.