ClawHosters ClawHosters
China's MIIT Publishes First National OpenClaw Security Guidelines
$ ./blog/news
News

China's MIIT Publishes First National OpenClaw Security Guidelines

ClawHosters
ClawHosters by Daniel Samer
3 min read

The same week Shenzhen started offering 2 million yuan subsidies to anyone building on OpenClaw, Beijing told state agencies to stop installing it. That pretty much sums up China's relationship with the platform right now.

On March 11, China's Ministry of Industry and Information Technology published formal security guidelines through its National Vulnerability Database. Six recommended practices. Six prohibited practices. It's the first national-level regulatory framework for OpenClaw anywhere in the world.

The Rules That Actually Matter

The full list covers four risk scenarios (smart offices, IT ops, personal assistants, financial trading), but three prohibitions stand out because they map directly to real attacks we've seen this year:

  1. No third-party mirrors. Only install from official sources. The ClawHavoc supply chain campaign poisoned roughly 800 skills in ClawHub, about 20% of the marketplace at the time.
  2. No admin accounts during deployment. Principle of least privilege. Sounds obvious, but the CVSS 8.8 ClawJacked vulnerability (CVE-2026-25253) exploited exactly this kind of over-permissioned setup.
  3. No disabling log auditing. When an agent goes rogue, and one famously did after being connected to iMessage, you need a trail.

The other three don'ts are solid advice too (don't expose instances publicly, avoid skills that request passwords, don't browse unverified sites through the agent), but they're more situational.

Who Is Actually Restricted?

This is the part most headlines get wrong. Bloomberg reported the restrictions cover state-owned banks, government agencies, and SOEs. Not private companies. Not individual developers. Not startups.

The day after the MIIT guidelines dropped, three universities banned OpenClaw from campus networks: Anhui Normal, Jiangsu Normal, and Zhuhai Science and Technology Institute. Violators face disciplinary action.

But across town in Shenzhen, Longgang District was publishing a draft policy to hand out millions in subsidies for OpenClaw developers. Private sector adoption is being actively encouraged.

Why This Matters for You

You probably don't operate a Chinese state-owned bank. But look at those three hard bans again. No unofficial sources, least privilege, always keep audit logs. That's just good operational hygiene for anyone running OpenClaw.

If you self-host, these are things you have to configure and maintain yourself. On ClawHosters managed instances, every single one of those MIIT requirements is handled by default. Official builds only, locked-down permissions, full audit logging.

China publishing formal guidelines is a signal. Governments worldwide are watching how open-source AI agents get deployed. The security bar is going up. Better to be ahead of it.

Frequently Asked Questions

No. Restrictions target state-owned enterprises, government agencies, and state-run banks. Private companies, developers, and individuals face no national-level ban. Local governments like Shenzhen are actively subsidizing private-sector OpenClaw development.

The MIIT's NVDB published six recommended security practices and six explicit prohibitions for OpenClaw deployment, covering smart offices, IT operations, personal assistants, and financial trading. The three hardest bans: no third-party mirrors, no admin accounts during deployment, no disabling log auditing.

Not directly. ClawHosters managed instances already comply with every security practice outlined in the MIIT guidelines. Official builds, least-privilege permissions, and audit logging are part of the standard setup. No action needed on your end.
*Last updated: March 2026*

Sources

  1. 1 offering 2 million yuan subsidies
  2. 2 National Vulnerability Database
  3. 3 ClawHavoc supply chain campaign
  4. 4 Bloomberg reported
  5. 5 three universities
$ ./related --posts