China Issues Benchmark for Discretion for Administrative Punishment Decisions by the Cyberspace Department
Published 30 June 2025
Fei Dang
On June 26, 2025, the Cyberspace Administration of China (the CAC) issued the Regulation on the Application of the Benchmark for Discretion over Administrative Punishments by the Cyberspace Department (the Regulation).
The Regulation contains 20 provisions, and the benchmark for discretion over administrative punishments therein refers to “the specific law enforcement scales and standards generated from the refinement and quantification of content such as facts, nature, circumstances, degree of social harm, the subjective fault of the parties concerned, and other factors, the principle of laws, rules, and regulations, or with a certain degree of flexibility in the law enforcement authority, the margin of discretion, and so on, adopted by the cyberspace department during the implementation of administrative penalties.”
According to the Regulation, the benchmark for discretion over the administrative punishment can be divided into five discretionary orders: no penalty, mitigated penalty, light penalty, general penalty, and heavy penalty; and each of the discretionary orders is specified with circumstances to be applied to.
For instance, in the case of one of the following circumstances, there is no penalty: “(1) if the violation is minor and corrected in time, without causing harmful consequences; (2) the concerned party has evidence sufficient to prove that there is no subjective fault, unless the laws and administrative regulations provide otherwise, then it shall be subject to their provisions; (3) other circumstances that are not punishable by law.”
For mitigated or light punishment, the circumstances include “(1) taking the initiative to eliminate or mitigate the harmful consequences of the offense; (2) being coerced or induced by others to commit illegal acts; (3) taking the initiative to confess to the cyberspace department, which has not yet grasped the illegal behavior; (4) cooperating with the cyberspace department to investigate and deal with illegal behavior with meritorious performance; (5) other cases in which the punishment is lightened or mitigated in accordance with the law.”
On the other hand, the circumstances that should be punished more severely include “(1) the violation seriously jeopardizing the security of cyberspace, network operation security, or network data security, and the handling of personal information in violation of the law or failure to fulfill the obligation to protect personal information is serious when handling of personal information; (2) receiving more than two administrative penalties from the cyberspace department within one year for the same kind of illegal behavior; (3) Abetting, coercing or enticing others to commit illegal acts; (4) refusing to cooperate, obstructing, threatening with violence to the law enforcement officers of the cyberspace department to perform their official duties in accordance with the law; (5) concealment, destruction, forgery, tampering with relevant evidence; (6) retaliation against witnesses, informants, cyberspace department staff; (7) violations that cause strong reactions from the public, trigger mass incidents or cause other serious adverse social impact; (8) violation of the relevant provisions of the protection of minors under serious circumstances; (9) other circumstances that are in bad nature, severe, or socially harmful.”
In addition, the following factors shall be taken into consideration when applying the benchmark to determine the nature, circumstance, and degree of social harmfulness: “(1) the specific method or means of the violation, and the degree of subjective fault of the party committing the violation; (2) the duration and number of occurrences of the offense, the social impact and harmful consequences of the offense; (3) the harmful objects of the offense and their number; (4) the penalties imposed on the party during the current year; (5) the illegal proceeds obtained by the party concerned; (6) the scale of the type of production and operation of the party concerned, its operation and its influence; (7) the subjective attitude of the party to correct the illegal behavior, the cooperation with the inspection, the corrective measures taken and their effects; (8) other factors stipulated by laws, regulations and rules.”
The Regulation specifies the benchmarks for the discretionary power of the cyberspace department when implementing the administrative penalties and refines and quantifies the principle provisions of laws, rules, and regulations, or the content of flexible law enforcement authority and discretionary margins and then forms the specific law enforcement scales and standards in order to provide the cyberspace department with a clearer and more specific basis for the law enforcement process, and to reduce arbitrariness. The issuance of the Regulation is beneficial to protect the legitimate rights and interests of citizens, enhance the transparency of the law enforcement process and allow the parties to clearly understand the basis and reasons for punishment, which improves the credibility of law enforcement. The Regulation will come into effect on August 1, 2025.
The Regulation contains 20 provisions, and the benchmark for discretion over administrative punishments therein refers to “the specific law enforcement scales and standards generated from the refinement and quantification of content such as facts, nature, circumstances, degree of social harm, the subjective fault of the parties concerned, and other factors, the principle of laws, rules, and regulations, or with a certain degree of flexibility in the law enforcement authority, the margin of discretion, and so on, adopted by the cyberspace department during the implementation of administrative penalties.”
According to the Regulation, the benchmark for discretion over the administrative punishment can be divided into five discretionary orders: no penalty, mitigated penalty, light penalty, general penalty, and heavy penalty; and each of the discretionary orders is specified with circumstances to be applied to.
For instance, in the case of one of the following circumstances, there is no penalty: “(1) if the violation is minor and corrected in time, without causing harmful consequences; (2) the concerned party has evidence sufficient to prove that there is no subjective fault, unless the laws and administrative regulations provide otherwise, then it shall be subject to their provisions; (3) other circumstances that are not punishable by law.”
For mitigated or light punishment, the circumstances include “(1) taking the initiative to eliminate or mitigate the harmful consequences of the offense; (2) being coerced or induced by others to commit illegal acts; (3) taking the initiative to confess to the cyberspace department, which has not yet grasped the illegal behavior; (4) cooperating with the cyberspace department to investigate and deal with illegal behavior with meritorious performance; (5) other cases in which the punishment is lightened or mitigated in accordance with the law.”
On the other hand, the circumstances that should be punished more severely include “(1) the violation seriously jeopardizing the security of cyberspace, network operation security, or network data security, and the handling of personal information in violation of the law or failure to fulfill the obligation to protect personal information is serious when handling of personal information; (2) receiving more than two administrative penalties from the cyberspace department within one year for the same kind of illegal behavior; (3) Abetting, coercing or enticing others to commit illegal acts; (4) refusing to cooperate, obstructing, threatening with violence to the law enforcement officers of the cyberspace department to perform their official duties in accordance with the law; (5) concealment, destruction, forgery, tampering with relevant evidence; (6) retaliation against witnesses, informants, cyberspace department staff; (7) violations that cause strong reactions from the public, trigger mass incidents or cause other serious adverse social impact; (8) violation of the relevant provisions of the protection of minors under serious circumstances; (9) other circumstances that are in bad nature, severe, or socially harmful.”
In addition, the following factors shall be taken into consideration when applying the benchmark to determine the nature, circumstance, and degree of social harmfulness: “(1) the specific method or means of the violation, and the degree of subjective fault of the party committing the violation; (2) the duration and number of occurrences of the offense, the social impact and harmful consequences of the offense; (3) the harmful objects of the offense and their number; (4) the penalties imposed on the party during the current year; (5) the illegal proceeds obtained by the party concerned; (6) the scale of the type of production and operation of the party concerned, its operation and its influence; (7) the subjective attitude of the party to correct the illegal behavior, the cooperation with the inspection, the corrective measures taken and their effects; (8) other factors stipulated by laws, regulations and rules.”
The Regulation specifies the benchmarks for the discretionary power of the cyberspace department when implementing the administrative penalties and refines and quantifies the principle provisions of laws, rules, and regulations, or the content of flexible law enforcement authority and discretionary margins and then forms the specific law enforcement scales and standards in order to provide the cyberspace department with a clearer and more specific basis for the law enforcement process, and to reduce arbitrariness. The issuance of the Regulation is beneficial to protect the legitimate rights and interests of citizens, enhance the transparency of the law enforcement process and allow the parties to clearly understand the basis and reasons for punishment, which improves the credibility of law enforcement. The Regulation will come into effect on August 1, 2025.