China’s tightening grip on the internet is moving beyond individual users and into the backbone of the country’s digital infrastructure, according to a leaked document that suggests that the regime is now directing internet service providers to cut off cross-border connections.
A notice circulating online in recent days, issued through a Jiangsu Province-based internet service provider, outlines a coordinated campaign in which regulators are working through telecom operators to require internet data center companies in China to identify and terminate what the regime deems “non-compliant” overseas access.
The shift signals a new phase in China’s already stringent system of online control and censorship—one that relies less on policing individual behavior and more on embedding enforcement directly into the companies that keep the internet running.
Enforcement Role for Service Providers
Multiple unredacted versions of the document reviewed by The Epoch Times appear consistent with materials distributed by an internet data center provider headquartered in Suzhou, China. Public records show that the company offers server hosting, cloud computing, and network access services to clients, including e-commerce firms, exporters, and online platforms.
Such companies play a critical role in the network chain. If they comply with official directives, they can effectively sever overseas connections for large numbers of end users at once.
According to the notice, the Jiangsu provincial communications authority and higher-level regulators require all access service providers to sign a “network security compliance pledge” and conduct comprehensive internal audits of their operations.
The document instructs companies to continuously monitor servers, ports, and network connections, and to detect and handle “abnormal traffic.”
Several China-based insiders spoke to The Epoch Times on condition of anonymity out of fear of reprisal.
“This kind of notice is typically not a business decision—it comes from [the regime’s] top-level coordination,” a Nanjing-based cybersecurity expert said. “Service providers are the enforcement layer in the system. Once they receive instructions, they are expected to act immediately.”
Under the rules outlined in the document, IP addresses—numeric designations for devices connected to the internet—or service ports identified as involving “unauthorized cross-border access” must be disconnected immediately, with services terminated on the spot.
Unlike earlier regulatory approaches that often included warnings or grace periods for rectification, the current measures appear to follow a “shut down first, explain later” model, according to industry insiders.
Service providers are also required to maintain ongoing surveillance of client network environments, including traffic routes, port usage, and external connections. Some companies have been instructed to conduct retrospective reviews of historical data to identify long-term cross-border activity.
The notice makes clear that responsibility for violations does not stop with users.
“If a client engages in non-compliant cross-border access, the service provider will be held accountable,” the cybersecurity expert said. “That creates an incentive for providers to tighten their own screening. As risks increase, users will also scale back usage. The mechanism itself becomes a form of restriction.”
The document also stipulates that customers whose services are terminated for violations must still pay their full monthly fees, even if access is cut off early. If penalties imposed on providers affect their business licenses or operations, companies may seek compensation from clients for resulting losses.
A scholar at China’s Zhejiang University told The Epoch Times that the arrangement effectively pushes regulatory risk down the chain.
“By transmitting responsibility through contractual relationships, regulators shift the burden onto companies and ultimately users,” the scholar said. “Service providers will proactively increase scrutiny, while users will reduce risky behavior. This creates a sustained form of constraint.”
New Detection Methods
Industry insiders say the technical approach to identifying cross-border traffic has also evolved. In the past, enforcement often relied on detecting specific ports or protocols associated with circumvention tools. Now, systems increasingly analyze overall connection behavior and data patterns.
“It used to be about targeting specific software or protocols,” a China-based former internet infrastructure architect told The Epoch Times. “Now it’s upgraded to comprehensive behavioral analysis. Once the system flags something as abnormal, blocking can be triggered automatically, without human intervention. The technical space that once existed is shrinking.”
A scholar at China’s Peking University told The Epoch Times that the shift reflects a broader change in regulatory strategy.
“Control has moved from restricting content to constraining the operating environment of the network itself,” the scholar said. “By enforcing rules through companies rather than confronting individual users directly, [the regime] can achieve broader control.”
In recent weeks, internet users in provinces including Guangdong, Zhejiang, and Jiangsu revealed on Chinese social media declining stability in tools used to access overseas platforms, with increased disruptions and slower connection speeds.
For businesses engaged in international trade, the effects are already being felt.
Some Chinese exporters posted online that they rely on cross-border platforms to communicate with clients and confirm orders. When connections are interrupted, negotiations can stall, delaying transactions or even leading to lost deals.
Wang Xin contributed to this report.
Friends Read Free
Copy
Facebook
Tweet
