China has launched a voluntary national cyber ID system aimed at protecting citizens’ online identities and personal information, though concerns persist regarding potential government surveillance.
The system, officially named the National Online Identity Authentication Public Service, enables citizens to register using official government documents. This process is designed to shield their personal information from various Internet services, thereby reducing their overall digital footprint. While voluntary for users, the system is mandatory for companies, which are now largely prohibited from collecting identity information from users who opt into the service, unless legally mandated.
Kendra Schaefer, a partner at Beijing-based policy consultancy Trivium China, notes that the system centralizes identity data with the government, aiming to prevent inconsistent data handling by private companies. “Basically, they’re just switching the holder of data,” Schaefer explained, adding that the previous system required users to repeatedly provide ID information on new websites, with platforms responsible for encryption and transmission to the state for verification. This process is now largely eliminated.
This initiative aligns with a broader global trend of countries adopting digital ID systems to link real-world identities with online personas. Examples include Australia’s Digital ID Act of 2024, which expanded its government digital ID and included private-sector participation and privacy protections, and Singapore’s long-standing SingPass system for government transactions, modeled on Estonia’s digital-government framework.
However, China’s approach has sparked significant fears among critics who believe it will increase government surveillance under the guise of data security and privacy. An analysis by the Network of Chinese Human Rights Defenders (CHRD) and Article 19, an international NGO, highlights that despite privacy and notification clauses, numerous exceptions could allow authorities to access personal data without notification.
Shane Yi, a researcher with CHRD, contends that the new Internet ID system primarily strengthens the state’s surveillance infrastructure rather than protecting privacy. “The system centralizes more control over digital identity,” Yi stated. “When authorities can revoke your Web certificate, they can effectively erase your entire online existence — an escalation from the previous system where being banned from one platform could still leaves access to others.”
The Internet ID numbers, or Network Numbers, are designed to centralize the verification of citizens’ digital identities. China’s government mandates real-name verification, a process that, when distributed across many online services, can lead to data security vulnerabilities. Under the new measures, which went into effect on July 15, 2025, Internet platforms are prohibited from storing information about a user’s real identity if they opt to use a digital ID.
The regulation states, “After internet platforms access the Public Service, where users elect to use Network Numbers or Network Credentials to register and verify their real identity information, and pass verification, the internet platforms must not require that the users separately provide explicit identification information, except where laws or administrative regulations provide otherwise or the users consent to provide it.”
The Public Service Platform is required to store user data domestically, and any storage abroad necessitates a thorough security assessment.
Chinese officials argue the system enhances citizen privacy. Lin Wei, president of the Southwest University of Political Science and Law in Chongqing, China, claimed that 67 sites and applications adopting the virtual ID service collect 89% less personal information. This claim was reportedly published by China’s Ministry of Public Security.
Despite these claims, digital-rights activists remain concerned. Yi noted the lack of detailed information from the Chinese government regarding the system’s construction or policies for protecting data from misuse. He expressed alarm, stating, “The pattern is unmistakable — promise redress with one hand while creating surveillance loopholes with the other. When the same government that jails activists for ‘subversion’ can secretly monitor their digital lives under vague ‘confidential’ exemptions, we’re not looking at privacy protection — we’re looking at mass surveillance dressed up as user rights.”
Schaefer acknowledges that the impact on oversight of citizens’ online activities depends on future government actions and prevailing perspectives. She noted, “The perception both from the state-level and, frankly, from many citizens, is the government’s job is to protect me and my data from hackers and marketers. The government conveniently gets to leave itself out of that equation, but there is a genuine perception by the government … that it is the sort of protector of data, and that means it gets access to that data in some ways.”
