Selling Connected Products in China? Prepare for the New Cybersecurity Label

China’s new voluntary cybersecurity labelling regime for internet-connected products takes effect on July 1, 2026. For foreign companies selling smart devices, routers, cameras, industrial IoT systems, or other connected products in China, the China Cybersecurity Label is more than a compliance marker. It is likely to become a commercial trust signal for buyers, distributors, platforms, and procurement teams.

Although participation is voluntary, foreign manufacturers should not wait until the label becomes a customer requirement. In China’s increasingly security-conscious market, connected products that visibly demonstrate cybersecurity readiness may be better positioned than comparable products without recognized credentials.

Selling connected products in China? Assess whether your devices may fall within China’s cybersecurity labelling regime.

What is the China Cybersecurity Label?

The China Cybersecurity Label is an information label that shows a product’s cybersecurity capability. It indicates whether a connected product can resist attacks, intrusions, interference, and destruction, while maintaining data integrity, confidentiality, and availability.

The scheme applies to internet-connected products included in a Product Catalogue, which will be released in batches. This means companies should monitor catalogue updates closely, as additional product categories may be added over time.

Each label includes the manufacturer name, product model, cybersecurity capability level, validity period, testing laboratory, reference standard or technical document, and QR registration code. Scanning the QR code links to the product’s test report, key indicators, and manufacturer conformity declaration.

Is China’s cybersecurity label mandatory for foreign IoT products?

The China Cybersecurity Label is voluntary. However, voluntary does not mean commercially irrelevant.

China has previously introduced voluntary product schemes that later became important in practice through procurement preferences, platform requirements, distributor expectations, and buyer due diligence. The cybersecurity label may follow a similar path, especially for products used in smart homes, enterprise systems, industrial environments, public infrastructure, or government-linked projects.

For foreign IoT companies, the practical question is not only whether registration is legally required today. The more important question is whether customers, platforms, or channel partners may begin to expect labelled products tomorrow.

Our China advisory team can help you evaluate whether early registration could support your sales, distribution, or procurement strategy.

How does the China Cybersecurity Label rating system work?

The label uses a three-tier star rating.

One Star indicates basic cybersecurity capability, including no weak or default passwords, vulnerability patching, software update capability, and compliance with minimum national standard requirements.

Two Stars indicates enhanced cybersecurity capability compared with similar products on the market.

Three Stars indicates leading cybersecurity capability and requires penetration testing by a qualified third-party laboratory to verify resilience against advanced cyberattacks.

The right rating depends on the product’s risk profile and commercial use case. Consumer devices may benefit from a baseline trust signal. Enterprise, industrial, or government-linked customers may place greater value on stronger cybersecurity assurance.

ALSO READ: A Comprehensive Guide to China’s Cybersecurity Label

How can foreign manufacturers register for the China Cybersecurity Label?

Foreign manufacturers may register directly. Companies without a registered entity in China may submit materials through a Chinese agent, distributor, importer, or professional services firm. However, the manufacturer remains responsible for the accuracy of all submitted materials.

A practical registration process includes confirming product scope, selecting the target star rating, conducting security testing, preparing registration documents, submitting materials through the CESI online platform, and displaying the label once registration is confirmed.

Before applying, companies should review product cybersecurity controls, identify qualified testing laboratories, prepare technical documentation, and clarify responsibilities with distributors, importers, and OEM partners.

Need support with China cybersecurity registration preparation? Speak with our local compliance and technical advisory team.

What are the risks of misusing the China Cybersecurity Label?

Once a company registers and uses the label, enforcement obligations apply. Misuse, false advertising, inaccurate registration materials, fabricated test results, or failure to re-register after key technical changes can lead to cancellation of registration, public announcement, re-application restrictions, and potential sanctions.

Violations may also be reported to China’s National Credit Information Sharing Platform, creating broader reputational and operational risk. Foreign companies should ensure that any Chinese agent, distributor, or importer submitting materials on their behalf follows strict documentation and accuracy controls.

What should foreign IoT companies do now?

Foreign companies selling connected products in China should begin with a product-level cybersecurity readiness review. This should include checking whether the product may fall within current or future catalogue categories, assessing gaps against Chinese standards, determining the most commercially appropriate star rating, and reviewing contractual responsibilities across OEM, distributor, and importer arrangements.

For brands using Chinese OEM manufacturers, this step is especially important. Even where production is outsourced, the foreign brand may still face commercial exposure if the product is sold under its name in China.

• Previous Article European Business in China: Key Takeaways from the EU Chamber’s 2026 Survey
• Next Article