Your privacy is very important to us.When you visit our website,please agree to the use of all cookies.For more information about personal data processing,please go to Privacy Policy.

Make an Enquiry
Home
About us
News
Services
Our Clients
Insights
Careers
Contact Us

China's Digital Identity Authentication Comes into Force, New Standard for Cross-Border Data Compliance

2025-08-05

On July 15, 2025, the Measures for the Administration of National Network Identity Authentication Public Service (hereinafter referred to as the “Measures”) came into force.

Measures to build a new network identity authentication system with “network number + network certificate” as the core, marking the construction of China's trusted identity system in cyberspace has entered a new stage, at present, the national network identity authentication public service has been carried out in part of the Internet platforms and government services, education and examination, culture and tourism, medical and health care, postal and courier services, transportation and travel industry fields to carry out pilot applications. At present, the national network identity authentication public service has been carried out on some Internet platforms and government services, education and examination, culture and tourism, medical and health care, postal delivery, transportation and other industrial fields.

I. Core Changes in the New Regulations on Network Identity Authentication

The national network identity authentication public service takes “network number + network certificate” as its core:

network number is a network identity symbol composed of letters and numbers, which corresponds to the real identity of citizens one by one, but is stripped of explicit information, such as name and ID card number;

network certificate is a dynamic credential that carries the number and non-explicit identity information, and is encrypted by algorithms, and will be used for the purpose of identity verification. NetID is a dynamic credential carrying network number and non-plaintext identity information and encrypted by algorithm, which transforms identity information into “digital password”, and the platform can only verify the authenticity of the identity, but can't obtain the user's original identity data, realizing “zero exposure of information, available and invisible”.

Scenarios applicable to “network number + network certificate”:

Wherever registration and verification of the user's real identity information is required in Internet services, network numbers and network certificates can be used for registration and verification in accordance with the law.

It is expected that the key areas of coverage include:

- Administrative services: online social security, taxation and other services;

- Internet platforms: real-name registration for e-commerce, social account management;

- Public services: medical registration, transportation ticketing, education examination verification, etc.

Application process:

users need to download the “National Network Identity Authentication APP”, read the physical ID card information through the NFC-enabled cell phone, and set the network number after completing the face recognition verification.

For minors, the measures set up a hierarchical management: guardians under the age of 14 need to apply on behalf of the application, and those aged 14-18 need to apply under the supervision of a guardian.

II Compliance Challenges and Responses for Cross-Border Enterprises

Against the backdrop of increasingly stringent regulation of cross-border flow of data, for cross-border enterprises, the new regulations bring not only changes in compliance requirements, but also improvement in data management efficiency.

Data outbound risk is significantly reduced. In the traditional mode, cross-border enterprises need to face complex outbound security assessments for handling user identity information. In the case of net certificate authentication, the third-party platform only obtains the encrypted authentication result, which does not involve the storage of the original identity data, significantly reducing the compliance pressure on cross-border data transmission.

The new regulations strictly follow the principle of “minimum necessary”, and clearly stipulate that when users choose to use the network number and network certificate and pass the verification, “Internet platforms shall not require users to separately provide explicit identity information”, unless otherwise provided by law or agreed by the user. This requirement directly restricts the scope and method of enterprises collecting user information.

Cost optimization of enterprise identity authentication. Prior to the implementation of the new regulations, foreign enterprises often needed to invest a large amount of money to build or access commercial identity authentication systems. Now, by accessing the national unified network identity authentication public service platform, enterprises can directly call the standardized interface to complete user authentication. Especially for platform enterprises, the use of network certificate authentication can significantly reduce the cost of construction of identity verification system of enterprises, and at the same time, avoid spending a lot of expenses on credit repair and disposal of public opinion caused by data leakage.

Ⅲ Implementation Path and Compliance Points

Cross-border enterprises need to systematically adjust the existing operation mechanism in order to effectively land on the requirements of the new regulations.

Step 1: Technical system transformation. Evaluate the compatibility of the existing identity authentication system with the net certificate mechanism and embed the interface of the public service platform. During the docking process, it is necessary to ensure that the system meets the requirements of dynamic credential verification, and the net certificate adopts the security mechanism of “8-digit non-contiguous digital password automatically updated every 30 seconds”.

Step 2: Business process re-engineering. Redesign the user registration and authentication process, and strictly avoid collecting additional explicit identity information when users choose to use the network certificate for authentication, and at the same time, ensure that users who do not use the network certificate enjoy the same service rights as traditional users, and retain the traditional identity verification methods (e.g., uploading ID cards, SMS verification, etc.).

Step 3: Upgrade the compliance system. Update the privacy policy and clearly inform users of the way to use the net certificate and the data processing rules.

Step 4: Cross-border data policy adjustment. For identity information that must go out of the country, enterprises need to pay special attention to the provisions of Article 12 of the Measures: “Important data and personal information processed by the public service platform shall be stored within the country; if it is really necessary to provide it outside the country due to business needs, it shall be subject to security assessment in accordance with the relevant national regulations”.

Conclusion

As the new regulations are implemented, the public service platform for network identity authentication has docked more than 400 APPs, with a cumulative download volume of more than 16 million times. With the access of more government services and Internet platforms, NetID authentication will become the infrastructure of China's digital economy. For cross-border enterprises, this mechanism is not only a compliance requirement, but also a strategic tool to improve data management efficiency, reduce operational costs, and enhance user trust, harboring the cornerstone of trust for cross-border enterprises to take root in the Chinese market.


-END-

 


Make an Enquiry
Please fill out the form below and we will respond as soon as we can.
  • Ms.
    Mr.
  • PRC
    Other jurisdictions
  • ODI services
    FDI services
    Fund services
    Tax services
    Foreign exchange services
    Bank services
    Offshore services
    Public Policy services
  • Search engine
    Sinobravo website
    Brochure
    Event
    Recommendation
    Social media
  • Yes,Please
    No,Thanks
  • I have read, acknowledged and understood the《Privacy Statement》,  and agree with the contents thereof.