What does the draft Cybercrime Prevention and Control Law (for public comment) mean for the cryptocurrency industry when the notification is upgraded to law?

On January 31, 2026, at a time when the market was experiencing sharp fluctuations due to liquidity pressures, the Ministry of Public Security, together with relevant departments, officially released the "Draft Law on the Prevention and Control of Cybercrime" for public comment.

A search for "Cybercrime Prevention and Control Law" on Twitter reveals very little discussion. Given the diminishing marginal effect of the documents issued by multiple ministries over the past few years, most people's reactions are: "Isn't this just another old topic?" or "It's already been banned, so what else can be done?"

This is an extremely dangerous misjudgment. The elevation from a "ministerial notice" to "national law" signifies a shift in regulatory logic from preventing financial risks to precise criminal governance. Biteye believes this is likely the most far-reaching piece of legislation impacting the Web3 ecosystem in mainland China in recent years.

A careful reading of these 68 draft articles reveals that they no longer dwell on macro concepts such as "financial risk" or "illegal fundraising," but rather act like a scalpel, precisely targeting the three core vulnerabilities of the cryptocurrency industry: OTC cash flow, technology development, and public chain node operation.

This article from Biteye provides an in-depth breakdown:

1. Key legal provisions

2. Legal experts interpret

3. What compliance behaviors should practitioners begin to adopt?

First, compared to previous documents issued by ministries, it has broken three floorboards.

1️⃣ The OTC Dilemma: Redefining "Knowing"

In the past, OTC merchants (U-merchants) often used the argument that "I am just doing business and do not know the source of the other party's funds" as a defense. Legally, this was often classified as illegal business operations or aiding and abetting fraud, with a high threshold for conviction.

However, Article 26, Paragraph 3 of the new bill has been clarified again:

"No individual or organization may knowingly use funds obtained through illegal or criminal activities of others to engage in the following fund transfer, payment, or settlement activities... or use virtual currencies or other online virtual assets to provide fund transfer services to others."

While the term "knowingly" is retained here, the scope of "knowingly" is expanding dramatically in judicial practice. If you trade at unusually high prices, use encrypted chat software to evade regulation, or fail to conduct extremely rigorous KYC verification, you may be presumed to have "knowingly" committed the offense.

This is no longer a simple "ban on trading," but rather formally bringing cryptocurrencies like USDT into the regulatory purview of cybercrime fund transfers . For the OTC industry, this means compliance costs will skyrocket; it's no longer a question of how easy it is, but whether it's even possible.

2️⃣ Long-arm jurisdiction and "joint liability" mechanism

The cryptocurrency community has long believed in the adage "code is law, technology is innocent." However, Articles 19 and 31 of the new bill have dealt a fatal blow to this belief:

"It is prohibited to knowingly provide support and assistance to others who use the internet to commit illegal or criminal activities, such as development and maintenance, advertising and promotion, application packaging, etc."

What's even more troubling is the second provision regarding "long-arm jurisdiction":

"Citizens of the People's Republic of China residing outside the territory, as well as foreign organizations and individuals providing services to users within the territory of the People's Republic of China, who commit acts that violate the provisions of this law... shall be held legally responsible in accordance with the law."

Biteye consulted Sharon ( @sharonxmeng618 ), a financial compliance lawyer at Allbright Law, regarding this regulation: Many provisions in the draft "Cybercrime Prevention and Control Law" stipulate administrative obligations. Generally, the first consequence is administrative penalties such as orders to rectify, confiscation of illegal gains, and fines. Only serious cases (such as those involving huge sums of money defrauded, or not only providing signatures but also participating in the operation) escalate to the criminal level.

Moreover, long-arm jurisdiction also has a "cost-effectiveness" issue: Although Chinese criminal law has the principle of personal/territorial jurisdiction, in cross-border practice, unless it involves a major case (such as PlusToken level) or national security, the judicial cost of cross-border arrest is extremely high for programmers who are overseas.

3️⃣ Public Blockchain Governance: The One-Way Challenge of Decentralization

This bill will also affect the public blockchain ecosystem in mainland China. Article 40, Paragraph 9 requires nodes or institutions providing blockchain services to have the ability to "monitor, block, and handle" illegal information and payment settlement.

Those who understand technology know that a true decentralized public blockchain (Permissionless Blockchain) cannot achieve single-point "blocking".

This presents an unsolvable dilemma for Web3 projects within China: either you become a "consortium blockchain" (pseudo-blockchain), possessing backdoors and censorship rights, or you are illegal because you cannot fulfill your "blocking" obligations.

II. Echoes of History: From "September 4th" to "February 1st"

To understand the magnitude of this impact, we need to extend the timeline and compare it with three milestones in China's crypto regulatory landscape:

• 2013/2017 (September 4): "Announcement," defensive phase. The focus was on "risk prevention," and ICOs were banned. At that time, the regulatory goal was "to prevent ordinary people from losing money."

• 2021 (September 24): "Notice," the cleanup phase. The focus is on "illegal financial activities," and mining will be wiped out. The purpose of regulation is to ensure that "the cryptocurrency industry does not disrupt financial order."

• 2026 (Cybercrime Prevention and Control Law): "Law," governance phase. The focus is on "cryptocurrency-related cybercrimes."

In the first two phases, the regulatory bodies were the People's Bank of China and the National Development and Reform Commission, whose focus was on their own business areas, namely "money" and "matters ." But this time, the Ministry of Public Security is leading the charge . They are in charge of "crimes" and "people."

Sharon ( @sharonxmeng618 ) , a financial compliance lawyer at Jingtian & Gongcheng , interprets it this way: "In recent years, both crypto-driven crimes (such as money laundering and fraud using crypto assets) and crypto-native crimes (such as hacking and rug pulls) have been on the rise. This series of legislative actions is an inevitable response from regulators to upgrade from 'administrative prohibition' to 'criminal regulation' in response to these new types of crimes."

In conclusion: 2026 will be a year of rebuilding the rules of the cryptocurrency industry.

The market crash on February 1st may simply be a reactive response to tightening liquidity; the candlestick chart will eventually recover, and the red bars will eventually turn green. However, when the scalpel of law cuts into code and funds, compliance is no longer an option, but a prerequisite for survival.

Sharon, an attorney, advises: "The scope of 'telemarketing fraud' has been expanding in recent years in judicial practice. Given this context, Web3 practitioners and entrepreneurs are advised against viewing 'technological neutrality' as a legal exemption. Instead, they need to carefully separate their activities within their businesses. This includes strictly enforcing KYC (Know Your Customer) procedures to effectively block domestic user IP addresses; establishing anti-money laundering risk controls; and avoiding participation in token market making and commission-based promotions for high-risk projects."

In this new era, for practitioners and investors in mainland China, "compliance" is no longer just a slogan, but a red line that determines life and death.