Foreign interest in China’s social credit system often focuses on the vast quantities of information it is imagined to process. The global adoption of internet and mobile technology has led to the creation or collection of unprecedented volumes of data on individuals, leaving many around the world with a persistent, if often ill-defined, anxiety that their information is being used against them. Nor are such concerns unjustified. Machine-enabled analysis of browsing histories, purchase records, GPS tracking, etc. has been a boon to the forces of both law enforcement and marketing, and the pace of technological development has far outpaced that of corresponding legal and social restraints.
The portrayal of China’s social credit system as a panopticon, an all-seeing eye of state power, often taps into this more universal anxiety. In fact, many of the articles discussing social credit only nominally address China’s system, raising it only as a cartoonish worst-case scenario of “what could happen here” to start a domestic conversation on privacy. Others, with the dark humor of social media circles, seem to take glee or comfort in the belief that at least the situation is worse in China – something we’ve also seen surrounding pollution and the pandemic.
While China, like all governments with the capacity, has increasingly sought to integrate new technologies into its governance model, the social credit system itself has never been an attempt to profile or rank citizens in the way imagined in western media. The information considered in social credit has consistently been limited to information intended to reflect its subjects’ compliance with legal or contractual obligations. That information is divided into two categories: public credit information and market credit information (increasingly referred to as non-public credit information in local regulations). Public credit information is created or collected by government agencies in the course of their normal duties, while market credit information is collected and processed by third parties.
In 2021, the central authorities began releasing a basic national catalog of Public Credit Information (PCI). The catalog aims to further restrict the scope of government information considered in social credit, in part to stop a trend of local governments adding increasingly trivial information. The 2021 catalog even went so far to as to essentially “call out” some overzealous local governments’ inclusion of minor offenses, such as public transit fare skipping, building code violations, and minor traffic violations in PCI, by explicitly listing them as items that should only be collected with great caution where they reflect serious malice. While local governments are still able to compile supplementary local PCI catalogs, the national catalog requires them to articulate a clear legal basis for any additions.
Structure of the Catalog:
For each item of PCI included in the catalog, an information category, impacted entity type, responsible government agency, and legal basis is provided.
The 2021 PCI catalog and a draft 2022 catalog both break PCI into 11 basic categories of information, described in more detail below. The 2021 catalog slightly elaborated on these categories by breaking them down into 18 subtypes, but also included a separate list of professional or social fields for key scrutiny and called on individual government departments to add more detailed items of PCI relevant to their duties. The 2022 draft list contains a single list of PCI now greatly expanded to include 101 specific information subtypes within the original 11 categories. Many of the added subtypes are industry-specific applications of the 11 basic categories, perhaps incorporating information contributed by the individual departments as requested in the first catalog.
The 11 Basic Information categories
(1) Basic registry information：As the name suggests, this is the basic identifying information required for establishing and registering all forms of business, public institutions, and social organizations. It also includes registrations with customs officials for import and export, and other basic business filings.
(2) Information on court judgments and rulings, and their enforcement: This category includes effective criminal and civil judgments against subjects, and information on their enforcement. The 2022 draft further mentions specific information on bankruptcy proceedings and proceedings related to environmental harms.
The draft also adds entry onto the courts’ ”Judgment Defaulters List” as PCI. This refers to a blacklist of those who have an effective court judgment against them (including for enforcement for administrative penalties) but refuse to fulfil it despite having the ability to do so. The list is a key component of social credit intended to make court judgments more enforceable and increase the credibility of the courts. The Judgment Defaulters List is the sole or primary basis of many of the ‘sexier’ social credit penalty measures, such as restrictions on spending and airplane travel which are also to be included as PCI.
(3) Administrative management information: This includes information created by administrative regulatory departments such as that relating to administrative permits, penalties, confirmations, requisitions, payments, rulings, compensation, rewards, and information from administrative oversight inspections. While this information only accounts for 10 of the draft PCI catalog’s 101 subtypes, it reflects information the heart of government regulation and is likely a large percentage of PCI.
(4) Information on professional titles and professional qualifications: This concerns professions where credentials and titles are already regulated, and the 2022 draft limits this category to the fields of athletics (coaches, lifeguards, trainers), civil aviation, road transportation, finance trading (securities, futures, and funds), railway conductors, patent agency, education, environmental impact assessment, and law.
(5) Irregular business (activity) list (status) information: This refers to inclusion in the longstanding (pre-social credit) list of businesses and, a newer list of social organizations, for entities that have been identified for increased governmental scrutiny based on their relevant misconduct – compiled by the State Administration for Market Regulation and the Ministry of Civil Affairs respectively.
(6) Information on lists of seriously untrustworthy entities: This refers to a series of ‘blacklists’ created since 2014 as part of the social credit system. Various national regulatory agencies were initially tasked with creating list systems for serious violators of the laws they enforce, including the standards and procedures for inclusion and removal for the list. The lists do not include all violators, and are generally limited to those violations that endangered public health, market order, or national security and stability. Inclusion in a list brings increased regulatory scrutiny, and the entry onto a blacklist is itself viewed as a social credit penalty, as well as a PCI input, because other agencies or individuals may consider the listing in future action.
Thirty-nine separate blacklists are included in the draft catalog for 2022, (included in the table below), but despite their comprising a large chunk of the catalog’s 101 PCI subtypes, the blacklists are unlikely to involve most entities due to the stringent entry requirements and industry-specific focus.
Earlier in the evolution of social credit, we made a tool for understanding the consequences of the blacklists we knew of at the time which may still be of interest.
(7) Information on the performance of contracts: Breach of contract is information that may be viewed as reflecting on an entity’s future reliability in fulfilling legal obligations, but because PCI is limited to the information normally controlled by government agencies, only two types of contract are specifically listed in the draft 2022 catalog: violation of foreign labor service cooperation contracts, and violation of contracts with medical students in which they agree to serve rural areas after graduation in exchange for tuition (also in the 2021 list).
(8) Information on credit pledges and their fulfillment: The credit pledge system involves promises made by entities or individuals regarding their future conduct and conditions. Pledges are often made to waive burdensome administrative inspections prior to beginning business operations, such as where a promise is made that all systems and facilities required for permitting will be in place. Pledges may also be made following violations to reduce consequences, such as by pledging to correct defects, minimize the impact of violations etc.
(9) Information on the outcomes of credit assessments: While there is no universal social credit rating or scoring system, credit-regulation for businesses does involve comprehensive credit appraisals based on PCI to assign one of four ratings: excellent, good, fair, or poor. The information in this PCI category, however, does not refer to the comprehensive appraisal, and instead refers to industry-specific evaluations.
As in some other nations, certain regulatory bodies assign grades to the entities in the industries over which they have jurisdiction, allowing those with good compliance records to enjoy simplified procedures, reduced inspection rates, and other “green channel” type facilitation measures. The 2022 PCI draft catalog considers such assessments for tax services, transport, statistics, the energy sector, courier services, patent agencies, the environmental impact assessment field, and proposed sea usage.
(10) Information on honors related to honesty and trustworthiness: Specifically regarding youth volunteerism, post and courier services, securities industry, and statistics.
(11) Credit information that is voluntarily provided by market entities. This is the vaguest PCI category and is also a major exception to the general rule that PCI contains only information generated and collected by state actors. Market entities are encouraged to voluntarily offer other information that they believe reflects on their credit status (compliance with legal and contractual obligations)
Market Credit Information
As mentioned above, the PCI refers only to one area of social credit information, the information created and collected by state actors. The PCI catalog does not consider or restrict the collection of the other area, Market Credit Information, sometimes referred to as Non-public Credit Information.
Market credit information is the larger category of information, including information that reflects a person or entity’s credit status which is collected or created by businesses, industry associations, chambers of commerce, social organizations, etc. during their operations. This means that it could include information from online platforms like social media, search engines, and mobile apps, to name just a few tributaries that feed the ocean of data now available on most people.
It could also include “credit service products” created by non-state actors through the analysis of credit information, which they hope will become relied on by government and business entities alike in lending, regulatory, or commercial activities. Existing social credit regulations work to foster the development of the credit services industry, and to encourage use of these credit products.
In following social credit’s evolution, market credit information has remained an area of concern because of the sheer scope of information potentially involved. Market entities simply interact more regularly with the public than government, and are positioned to amass huge amounts of data in doing so. In the US, an industry of data brokers has emerged to trade in this information, including processing it for sale to law enforcement and other state actors.
While the PCI catalog doesn’t address Market Credit Information, the collection and use of such information in China is regulated by a host of recent laws and regulations including the Personal Information Protection Law, which greatly restrict its collection, sharing, and use. Generally, the collection of information from which an individual can be identified requires their informed consent, must be limited to the minimum amount necessary to provide the services sought by that individual, and the information must only be used for expressly stated purposes.
Maintaining a meaningful conception of privacy in the information age, against both commercial and government interests, is a massive challenge. Big data and its capacity to reveal hidden behavior patterns, or even shape behavior patterns, is unquestionable of interest to those in power or seeking profit. That social credit remains focused on PCI, the government information most directly reflecting legal compliance, does not mean that the broader information will never be used for other aspects of governance, but rather tells us about the goals of social credit. The core functions of social credit are primarily at encouraging legal compliance, and better allocate regulatory resources by focusing attention on those with records of non-compliance.