China officially launched its National Online Identity Authentication Public Service in July 2025, deploying what appears to be the world’s largest centralized digital identity system. The service provides Chinese citizens with a unique online identity token, described as a “network number”, for verifying identity across digital services without repeatedly disclosing full personal details to private platforms.
The Chinese government released rules for the new system in late May 2025 and implemented it in mid-July 2025. While officials characterize participation as voluntary, the system integrates deeply with existing government databases and represents a state-led model of digital identity management that differs fundamentally from approaches in other regions.
How the System Works
Registration requires citizens to verify their identity using official Chinese identity documents, facial recognition, and a linked mobile phone number. Once registered, users receive a unique network number that allows them to sign up for and access digital services without providing complete personal information to each platform.
According to a Ministry of Public Security cybersecurity official quoted by Xinhua, the service is “voluntary”, but the government encourages various industries and sectors to integrate with it. The official stated goal is to “provide individuals with a secure, convenient, authoritative and efficient means of identity verification, in support of the development of the digital economy.”
Government regulations require the Public Service Platform to strengthen online operational security, data security, and personal information protection.
Voluntary in Name, Integrated in Practice
The system’s characterization as voluntary has drawn scrutiny. While citizens are not technically required to register, the government’s active encouragement of industry integration raises questions about how optional participation will remain in practice. As more services adopt the authentication system, citizens who choose not to register may find themselves excluded from essential digital platforms.
Experts cited by CNN Business have raised concerns that the policy will erode freedom of expression by forcing internet users to relinquish more control to the state. The centralized collection of personal information also creates risks of potential data breaches that could expose the identity details of millions of citizens.
Global Context and Implications
The launch positions China’s approach in stark contrast to privacy-focused digital identity models emerging in Western democracies. Where European systems like eIDAS 2.0 emphasize user control, decentralization, and minimal data disclosure, China’s system centralizes authentication through state infrastructure with direct government oversight.
As the largest deployment of state-managed digital identity to date, China’s system could serve as a template for other authoritarian governments seeking greater control over online activity. The model may also appeal to developing nations without existing digital identity infrastructure, though implementation would require similar levels of state capacity and centralized data management.
The coming months will reveal how quickly industries integrate with the platform and whether participation remains genuinely voluntary as adoption spreads.
Contains information related to marketing campaigns of the user. These are shared with Google AdWords / Google Ads when the Google Ads and Google Analytics accounts are linked together.
90 days
__utma
ID used to identify users and sessions
2 years after last activity
__utmt
Used to monitor number of Google Analytics server requests
10 minutes
__utmb
Used to distinguish new sessions and visits. This cookie is set when the GA.js javascript library is loaded and there is no existing __utmb cookie. The cookie is updated every time data is sent to the Google Analytics server.
30 minutes after last activity
__utmc
Used only with old Urchin versions of Google Analytics and not with GA.js. Was used to distinguish between new sessions and visits at the end of a session.
End of session (browser)
__utmz
Contains information about the traffic source or campaign that directed user to the website. The cookie is set when the GA.js javascript is loaded and updated when data is sent to the Google Anaytics server
6 months after last activity
__utmv
Contains custom information set by the web developer via the _setCustomVar method in Google Analytics. This cookie is updated every time new data is sent to the Google Analytics server.
2 years after last activity
__utmx
Used to determine whether a user is included in an A / B or Multivariate test.
18 months
_ga
ID used to identify users
2 years
_gali
Used by Google Analytics to determine which links on a page are being clicked
30 seconds
_ga_
ID used to identify users
2 years
_gid
ID used to identify users for 24 hours after last activity
24 hours
_gat
Used to monitor number of Google Analytics server requests when using Google Tag Manager