China Proposes New Law to Dismantle Cybercrime Supply Chains

1. China is planning to strengthen its legal framework against the underground economy that supports online fraud by introducing new legislation designed to cut off supplies of anonymous SIM cards, bank accounts, and internet infrastructure often exploited by criminal syndicates. This move underscores Beijing’s intent to tackle the technological and logistical underpinnings of cybercrime, rather than just its direct perpetuators. [para. 1]

2. The Ministry of Public Security has announced a draft version of the Network Crime Prevention and Control Law, opening it to public comment. This signals a strategic shift targeting the “black and gray” markets—specialized support networks that make large-scale cybercrime possible in China. [para. 2]

3. The core focus of the draft law is the disruption of supply chains that enable criminals to operate under the radar. It explicitly prohibits tampering with systems requiring real-name registration, aiming to stop the illegal trade in verified credentials—a key enabler for anonymous operations. [para. 3]

4. Law enforcement officials stress that much traditional crime has moved online, harnessing the decentralized architecture of the internet to operate transnational criminal networks. These rely on extensive, segmental supply chains to provide elements like technical capabilities, illicit traffic, and payment processing. [para. 4]

5. An official note accompanying the draft asserts that simply cracking down on offenders after the fact is not enough; the proposed prevention strategy requires robust administrative oversight to “clean up” the digital environment and preempt criminal activity. [para. 5]

6. Comprising seven chapters and 68 articles, the new bill aims to build a layered prevention system, fostering collaborations across governmental departments and regional boundaries. The legislation calls on businesses and internet users to help detect cybercrime at its inception. [para. 6]

7. Targeting telecom and online fraud as top priorities, authorities report that in 2025, Chinese police solved 258,000 relevant cases, stopped 3.6 billion scam calls, blocked 3.3 billion fraudulent texts, and froze 21.7 million yuan (approximately $3.13 million) in criminal proceeds. [para. 7]

8. Schemes are sustained by complex illegal activities, including personal data trading, human trafficking, document forgery, and misuse of information networks. Such operations are highly structured, involving specialists in driving traffic, managing equipment, and laundering money. [para. 8]

9. Central to China’s new policy is the regulation of these illicit support markets. Since 2019, the legal definition of “aiding crime” has been broadened; 2020 saw the “Card Breaking” campaign to stem illegal sales of SIM and bank cards. Prior laws, like the Anti-Telecom and Online Fraud Law, set precedents for these measures. [para. 9]

10. The draft clarifies management protocols for internet infrastructure, building on the Cybersecurity Law to reinforce real-name requirements and ramp up monitoring of suspicious network behavior and illicit “black cards.” [para. 10]

11. Under the law, individuals and organizations must present real identity information for mobile, IoT, bank, or payment account setup; use of counterfeit credentials is banned. [para. 11]

12. Obligations also extend to service providers, who must document clients' real identities, installation addresses, and service usage, applying this to industries ranging from messaging to domain registration. [para. 12]

13. Penalties for violations can include confiscation of illegal earnings, fines (one to ten times illicit proceeds), fines up to 200,000 yuan where proceeds are minor or absent, and up to 15 days' detention in severe instances. Authorities can also blacklist violators and block their access to new accounts. [para. 13]

14. Officials highlight that the close relationship between criminals and their upstream suppliers has made cybercrime more accessible. The law aims to offer a definitive legal basis for clamping down on upstream activities like payment processing and online promotion. [para. 14]

15. Network service providers are expected to serve as the “first line of defense,” instituting crime-detection systems proportional to their size and technical capacity. The draft also advances a trusted digital ID campaign and proposes a national network identity authentication service. [para. 15]

16. Given the cross-border nature of cybercrime, the legislation includes sanctions for international offenses and stipulates that overseas providers can be blocked from Chinese networks if supporting criminal activity. The Cyberspace Administration is empowered to implement these mechanisms. [para. 16]

17. The draft was posted online by the Ministry of Public Security on January 31, with a public comment window open until March 2, 2026. [para. 17]

18. As of now, the bill remains at the ministerial drafting stage and has not entered the National People’s Congress legislative process; it is absent from the NPC Standing Committee’s legislative work plan for 2025. [para. 18]