The Chinese government’s control over the internet is gradually extending beyond targeting individuals to reaching the infrastructure of enterprises. Recently, a notice letter titled “Notice on Cooperating with the Province’s Network Security Special Governance Work” leaked from a network service provider in Jiangsu has been circulating online. The content of the document reveals that the relevant departments are requiring IDC (Data Center) service providers to cooperate through the operator system to directly handle behaviors involving cross-border access.
Several unredacted documents that have surfaced indicate that the notice letter aligns with the content released by an IDC service provider based in Suzhou, Jiangsu. Public information shows that this company primarily engages in server hosting, cloud computing, and network access services, with clients encompassing e-commerce, foreign trade enterprises, and internet platforms. Industry insiders point out that these types of enterprises are crucial nodes in the network chain, and once they execute directives, it will directly sever the overseas connections of a large number of end-users.
According to the content of the notice letter, the Jiangsu Provincial Communications Administration and relevant higher-level units are requiring all access service providers to sign a “Network Security Compliance Commitment” agreement and conduct comprehensive self-inspections of the services they carry. The document outlines various requirements, including continuous monitoring of servers, ports, and network connections, as well as the identification and handling of abnormal traffic.
Nanjing network security expert Zhong Ping (pseudonym) stated to reporters, “Such notifications are generally not decided by companies themselves but come from (higher-level) unified deployments. Service providers are part of the execution link in the system; once they receive a notification, they must handle it immediately according to the procedures.”
As per the document, for IP addresses or business ports identified as so-called “violating cross-border access,” they must be immediately disconnected and services terminated, with relevant notifications directly issued by higher-level departments without any prior warnings or rectification deadlines. Industry insiders express that this “act first, explain later” approach differs from past practices that involved reminders or correction periods.
According to the requirements of the notice letter, service providers need to continuously monitor clients’ network environments, including server access paths, port usage, and external connection behaviors. Once triggered identification rules, the relevant connections will be immediately severed, and business access will be halted simultaneously. Some service providers are also required to retrospectively inspect historical access records to identify long-term cross-border connection behaviors.
Zhong Ping further explained, “Once there is a violation of cross-border access by users, the related responsibility will be borne by the service provider. In this way, service providers will proactively strengthen inspections, and users, seeing the increased risks, will also reduce their usage, thus, this mechanism itself will serve as a limiting factor.”
The document also stipulates that customers who are suspended from services due to violations still need to pay the full monthly fees and cannot apply for reductions on the grounds of unused completion periods. If customer actions lead to penalties for service providers or affect their qualifications, service providers can pursue liabilities and require customers to bear related losses.
Zhejiang University scholar Xu Haitao mentioned to reporters that this arrangement transfers risks from the regulatory level down to enterprises and users: “When responsibility is passed down through the contract mechanism, service providers will actively enhance screening, and users will reduce relevant behaviors in uncertain environments, creating a continued constraint mechanism.”
At the technical level, insiders point out that in recent years, there has been a change in the identification methods for cross-border traffic, shifting from previous identification based on port and protocol characteristics to comprehensive analysis of connection behavior and data patterns.
Former internet enterprise architect Mr. Pan stated to reporters, “In the past, it mainly targeted specific software or protocols, but now, it has evolved to identify connection behaviors as a whole. Once the system determines an anomaly, it will automatically trigger the block without the need for manual intervention, indicating that some technical space that was previously present is being compressed.”
Peking University scholar Mr. Qian told reporters, “The current management approach has shifted from simply restricting content to regulating the network operating environment itself. By implementing these requirements through enterprises, a greater scope of control can be achieved without directly confronting individual users.”
In recent times, some netizens from Guangdong, Zhejiang, Jiangsu, and other places have reported a decrease in stability for cross-border access tools, with some platforms experiencing interruptions or increased delays in access. Personnel engaged in foreign trade operations have expressed that these changes have impacted their daily communications, disrupting the synchronization of some business engagements.
Some foreign trade practitioners mentioned that certain enterprises rely on cross-border platforms for customer communication and order confirmations. Once the connection is interrupted, it could directly affect the progress of transactions, potentially leading to order losses and further striking the already weakened Chinese foreign trade economy.