The Ministry of Public Security has issued a comprehensive new framework titled the Rules for Public Security Organ Electronic Data Evidence Collection, signaling a major shift in how digital information is identified, secured, and utilized within the Chinese legal system. Scheduled to take full effect in 2026, these regulations will supersede the previous standards established in 2018. The move reflects the increasing complexity of criminal and administrative cases in an era dominated by cloud computing, encrypted communications, and artificial intelligence. By standardizing the procedures for data extraction, onsite inspections, and forensic appraisals, the new rules aim to balance the efficiency of law enforcement with the protection of the legal rights of citizens and organizations.
Background and Context: The Evolution of Digital Evidence
The necessity for these updated rules stems from the rapid digitization of society. In modern criminal investigations, nearly every case—ranging from financial fraud and cyber-terrorism to traditional crimes like theft or assault—leaves a digital footprint. Electronic data has moved from being a supplementary form of evidence to becoming the primary anchor for many prosecutions.
Historically, Chinese public security organs followed guidelines issued in 2014 and 2016, which were later consolidated into the 2018 "Rules on Electronic Data Evidence Collection." However, the technological landscape of 2018 did not fully account for the ubiquity of decentralized data, the rise of "Deepfake" technology, or the complexities of cross-border cloud storage. The 2026 rules represent a legislative effort to close these gaps, providing clear mandates for how police should handle everything from a suspect’s smartphone to remote servers located outside a specific jurisdiction.
Chronology of Implementation and Regulatory Transition
The transition to the new regulatory standard follows a clear timeline designed to allow law enforcement agencies and judicial bodies to adapt their internal protocols.
- December 2018: The Ministry of Public Security issues Notice No. 41, establishing the first major set of rules for electronic data collection.
- 2024–2025: Draft phases and solicitation of comments from legal experts, technology firms, and provincial public security departments.
- 2026: The new Rules for Public Security Organ Electronic Data Evidence Collection officially come into force, immediately terminating the validity of the 2018 version.
This timeline underscores a deliberate approach to legal reform, ensuring that the infrastructure for digital forensics—including the designation of specialized appraisal institutions—is in place before the mandates become law.
Core Principles: Legality, Authenticity, and Integrity
Article 3 of the new rules establishes four pillars for all electronic data evidence: legality, authenticity, integrity, and relevance. To ensure these standards are met, the rules mandate that at least two police officers must conduct any evidence collection activity. For complex cases, specialized technical personnel may be invited to assist, provided they operate under the direct supervision of the police.
A significant portion of the rules is dedicated to the "chain of custody." This involves the use of integrity check values (such as MD5 or SHA hashes) to prove that data has not been altered from the moment it was seized to the moment it is presented in court. Article 22 specifically outlines that freezing electronic data must involve calculating these integrity values or employing write-protection measures to prevent any modification, deletion, or addition to the evidence.
Onsite Inspection and the Problem of Encryption
One of the most discussed sections of the new rules involves Article 8, which addresses the retrieval of passwords and account information. Law enforcement is directed to first request passwords from the data holder. If the holder refuses to cooperate, the rules grant the police the authority to employ "corresponding measures" to bypass security, provided they have approval from a public security organ at the county level or above.
In urgent cases where data might be lost or remotely wiped, Article 8 allows for immediate action, with the requirement that the formal approval process be completed within 24 hours. This provision highlights the tension between individual privacy and the state’s interest in preventing the destruction of evidence. To mitigate risks of abuse, the rules require that such actions be witnessed or, if no witness is available, documented through continuous audio and video recording.
Remote and Cloud Data Extraction
As data increasingly moves from local hard drives to remote servers, the 2026 rules provide detailed protocols for "online extraction." Article 30 allows for the collection of data that is publicly available or stored on remote systems within Chinese territory via network access.
For data stored on overseas servers, the rules permit extraction if the suspect provides the necessary credentials (usernames and passwords). This is particularly relevant in cases involving international fraud or money laundering. Article 32 mandates that during such extractions, the police must record the visit method, the date and time, the tools used, and the network path taken to reach the data. This level of detail is intended to satisfy judicial scrutiny regarding the "digital location" and origin of the evidence.
Specialized Appraisals and the Challenge of Artificial Intelligence
In a forward-looking move, Article 50 of the rules addresses the need for specialized knowledge to analyze "artificial intelligence-generated information." As generative AI becomes more sophisticated, the ability to distinguish between authentic digital records and AI-generated "Deepfakes" has become a critical forensic requirement.
The rules authorize the Ministry of Public Security to designate specific institutions to conduct these high-level appraisals. These institutions must possess the necessary instruments and hold legal qualifications for laboratory testing. The experts involved are held to a high standard of accountability; they must remain independent of external influence and are required to appear in court to testify if necessary.
Supporting Data: The Scale of Digital Evidence
While the Ministry of Public Security does not release exhaustive annual totals for all digital seizures, judicial reports from the Supreme People’s Procuratorate indicate a sharp rise in cyber-related prosecutions.
- Case Volume: Between 2020 and 2023, cases involving "telecommunications and network fraud" in China saw a year-on-year increase of approximately 15% to 20%.
- Evidence Density: In 2018, an average criminal case might have involved one or two digital devices. By 2024, that average has risen to five devices per case, including smartphones, smart home devices, and wearable technology.
- Forensic Demand: The number of certified digital forensic laboratories across China has expanded by over 40% since the 2018 rules were implemented, reflecting the massive investment in technical infrastructure required to support these regulations.
Official Responses and Legal Analysis
Legal scholars and official spokespersons have characterized the 2026 rules as a necessary evolution. A spokesperson for the Ministry of Public Security stated that the goal is "to provide a clear, standardized path for investigators that withstands the rigors of modern judicial requirements."
Independent legal analysts suggest that the emphasis on "mandatory recording" (Article 13) for cases involving sentences of five years or more is a vital safeguard. "By requiring a continuous video record of the evidence collection process in serious cases, the rules reduce the likelihood of procedural challenges regarding the planting or tampering of evidence," noted a Beijing-based criminal defense attorney.
However, some analysts point out that the definition of "corresponding measures" for password retrieval remains broad. There is an expectation that further "implementing guidelines" will be issued to define the technical boundaries of what police can do to break encryption on private devices.
Broader Impact and Implications
The implementation of these rules will have far-reaching consequences for the Chinese legal landscape.
- Judicial Admissibility: Courts are expected to become stricter regarding the "integrity check values" of digital evidence. If the hash value of a file in court does not match the value recorded at the scene, the evidence may be deemed inadmissible.
- Standardization of the Tech Industry: Companies providing internet services in China will need to ensure their data retention and "freezing" protocols align with Articles 21 and 22. This may lead to the development of new enterprise software tools specifically designed to facilitate law enforcement’s "integrity checks."
- Privacy and Compliance: For multinational corporations operating in China, the rules regarding "cross-jurisdictional investigate and collect evidence" (Article 38) mean that local police branches can coordinate more effectively through digital information systems, potentially accelerating the speed of corporate investigations.
- Professionalization of the Police Force: The requirement for specialized appraisals and the handling of AI-generated content will necessitate a higher level of technical training for the public security force. We are likely to see a shift where "digital investigators" become as common as traditional detectives.
In conclusion, the Rules for Public Security Organ Electronic Data Evidence Collection represent a significant milestone in China’s effort to modernize its criminal justice system. By codifying the technical nuances of digital forensics into a formal legal framework, the Ministry of Public Security is attempting to ensure that as the world moves further into the digital age, the rule of law keeps pace with the speed of innovation. The success of these rules will ultimately depend on their consistent application across different provinces and the continued transparency of the forensic appraisal process.








