With gradual program development and technological updates, online games have become increasingly popular among the masses, and the巨大的 wealth potential hidden within has gradually been discovered by online game enterprises. However, the rapidly developing online game industry has also brought many legal issues, attracting government attention. Today, online game enterprises face increasing legal risks: strong policy-level supervision, non-compliant internal business activities, and novel fraud schemes that are hard to defend against. Big data analysis of criminal cases involving online game enterprises reveals that many such enterprises still lack legal awareness, with insufficient or incomplete means to规避 and defend against legal risks. Therefore, it is imperative to strengthen online game enterprises’ understanding and response to the legal risks they may face.

I. Introduction

According to the “2020 China Game Industry Report” published by the Game Publishing Committee of the China Audio-Video and Digital Publishing Association, China has become the world’s largest game market. The report indicates that in 2020, China’s game market achieved total actual marketing revenue of RMB 278.687 billion, a year-on-year increase of 20.71%; meanwhile, the number of game users reached 665 million, a year-on-year increase of 3.7%.

The continuous development of the game industry brings巨大 profits but also frequent legal risks. Among various common risks in the game industry, criminal risks predominate, with gambling, money laundering, and盗刷 risks being relatively serious. At the company operation level, issues such as advertising, data compliance, and trade secret protection require focused attention. Meanwhile, as supervision tightens, the number of administrative penalties imposed on game companies is increasing year by year.

II. Big Data Analysis of Criminal Cases Involving Online Game Enterprises

From 2017 to 2022, searches on the Alpha website using keywords such as “online,” “game,” “enterprise,” and “criminal case” yielded 6,587 judgments and rulings related to criminal cases involving online game enterprises.

(I) Criminal Cases Not Directly Related to Online Game Enterprises

Through preliminary sorting, 1,526 cases involved perpetrators who were not directly related to operators or managers of online game enterprises. Specific manifestations included:

(1) Making acquaintances through online games to commit other offline crimes;

(2) Meeting victims through online games and then committing fraud or other crimes;

(3) Using部分 proceeds from illegal activities to充值 and consume in online games;

(4) Committing other property-related crimes offline, such as robbery, extortion, theft, to充值 for online games;

(5) Attacking online game enterprises online or offline to demand refunds of充值 amounts or due to dissatisfaction with game probability settings.

(II) Overview of Criminal Cases Involving Online Game Enterprises

After further screening, preliminary statistics of the types and numbers of crimes involving online game operators and managers, money laundering through online game platforms, and other crimes with strong connections to online game enterprises are shown in the following chart:

Number of criminal case types involving online game enterprises

As shown in the chart, from 2017 to 2022, criminal cases involving online game enterprises were mostly concentrated in gambling and fraud crimes, with 3,975 cases, accounting for 78%. Computer information system crimes followed with 552 cases, accounting for 11%. Pyramid schemes, illegal business operations, and embezzlement were roughly similar, with 169 and 137 cases respectively, each accounting for 3%. Relatively fewer were copyright infringement, infringement of citizens’ personal information, illegal absorption of public deposits, and bribery of non-state employees, with 100, 60, 59, and 9 cases respectively, totaling less than 5%.

(III) Specific Manifestations of Crimes Involving Online Game Enterprises

Online games themselves are hotbeds for online gambling, making it relatively easy to establish gambling game platforms allowing players to gamble and withdraw money online. Different online game enterprises have their own source codes, which may involve trade secret infringement and copyright infringement. Additionally, a feature of online games is that players own virtual property that can be traded, potentially引发 money laundering through virtual game items, offline transactions,充值, and other property rights issues. Understanding the behavioral patterns of these crimes is a prerequisite for summarizing how online game enterprises should respond to criminal risks. The following provides a brief analysis of the specific manifestations of these crimes.

(1) Gambling Crimes

As mentioned above, online game enterprises can directly create gambling games for players to engage in online gambling. According to the timeline, gambling game crimes have increased year by year, peaking in 2020. Although dropping to half of the 2020 number in 2021, they remain relatively high compared to other types of crimes. Geographical analysis shows concentration in coastal or southern cities, with Zhejiang and Guangdong ranking among the top five regions for gambling cases involving both live streaming platforms and online game enterprises.

Specific manifestations of these gambling crimes include:

① Game enterprise management personnel发现 others using games for gambling without stopping them, instead providing gaming services for economic gain

② Establishing gambling games on computer networks, acting as agents for gambling games, and accepting bets

③ In their chess and card games, game enterprises charge legitimate room fees and also collect a certain percentage of game coins from winners as “commission”

④ Online game enterprises directly or indirectly enable game coin gifting or transfer functions between players, such as favoring特定的player matches, allowing players to transfer game coins through game wins/losses

⑤ Establishing reverse兑换 channels between game coins and cash, or放任私下 selling game coins for profit

⑥ Failing to预设 sensitive word filters, allowing gambling-related terms to appear in games, directing traffic to other gambling games, and becoming accessory offenders

(2) Fraud Crimes

From the timeline and geographical chart, fraud crimes have increased annually since 2017, peaking in 2020 and declining in 2021. Coastal cities remain severely affected by fraud crimes. Due to some cases where perpetrators used illicit funds to充值 in games after committing crimes, there is some content误差 in the statistics.

Specific manifestations of these fraud crimes include:

① Perpetrators通过 illegal access to victims’ credit card information, use all credit card funds to purchase game points, then sell game points for money laundering profit

② Game staff impersonating women to trick victims into充值, ending the relationship when victims stop充值

③ Perpetrators using illicit gains to充值 in games

④ Perpetrators offering to buy victims’ game accounts, then fabricating account or balance freezes and demanding充值 to unfreeze

⑤ Fabricating reasons to exploit information asymmetry between Apple’s closed-source mobile system and Apple users unable to directly transact with developers, maliciously refunding and charging high fees for profit

⑥ Exploiting mobile phone vulnerabilities allowing small payments where funds can be debited after crediting,大量making small payments then canceling accounts to prevent debiting

⑦ Posting fake in-game advertisements for充值 and game coin purchasing services, then defrauding players of their充值 funds

(3) Computer Information System Crimes

From the timeline, excluding 2022 data that has not fully stabilized, computer information system crimes involving online game enterprises have increased year by year. One reason is the 2019 interpretation issued by the Supreme People’s Court and Supreme People’s Procuratorate on illegal use of information networks and aiding information network criminal activities, which strictly cracks down on these crimes. Geographically, these crimes are concentrated in wealthy eastern cities with relatively mature data centers.

Specific manifestations of these crimes include:

① Decrypting account passwords to access backends, illegally篡改 computers, modifying designated users’ gold coin amounts for illegal profit

② Unauthorized login to game servers, using software to generate game equipment and selling for profit

③ Knowing others are establishing websites to sell game cheats for profit, still providing corporate accounts for fund settlement

④ Purchasing source codes, domain names, and Baidu keywords from game account trading websites, setting up multiple counterfeit legitimate account trading platforms as fraudulent websites, then renting them to others for online fraud

⑤ Knowing others are using information networks for online gambling crimes and lacking game publication numbers or other游戏上市 qualifications, still providing payment settlement assistance

⑥ Setting up websites directly selling game cheats

⑦ Game enterprises attacking competitors’ networks through employees or hired attackers to harm competitors

⑧ Attacking game enterprises and extorting them for benefits

⑨ Exploiting enterprise game platform vulnerabilities to illegally obtain game user accounts and corresponding QQ numbers, storing them on data websites for paid inquiries

(4) Pyramid Scheme and Illegal Business Operation Crimes

From the timeline, these two types of crimes were more numerous in 2018 and 2019, with cases gradually decreasing thereafter. With the popularization of intellectual property concepts and intensified crackdowns on pyramid schemes, using technology to write scripts or develop pyramid schemes has become increasingly rare.

Specific manifestations include:

① Using online game operation as a pretext, requiring participants to pay membership fees or purchase virtual assets to qualify for entry, and各自 develop downlines or reward monetary incentives based on game output

② Illegally building private online game servers for fund payment and settlement services

③ Unauthorized rental of foreign servers to operate VPN services for consumers to access foreign websites and play foreign games

④ Using technology to write game scripts and sell them to players, allowing automatic task completion without操作

⑤ Developing and selling game cheats for profit

(5) Embezzlement

According to data analysis, most embezzlement cases involved perpetrators using illicit funds to充值 in games after commission of the crime; a minority involved online game enterprise employees using their positions to embezzle enterprise property. These are not related to the online game enterprise’s own operations, so no representative timeline or geographical chart was created.

Specific manifestations of embezzlement involving online game enterprises include:

① Using managerial account privileges to modify game data, generate and distribute game equipment for personal gain

② Using position to privately gamble with enterprise virtual assets, causing losses to the enterprise

③ Using authority to distribute game rewards or补偿投诉 to appropriate game virtual assets, then selling them to others for profit

(6) Intellectual Property Crimes

Online game enterprises also face criminal risks related to intellectual property, mainly copyright infringement, with one case of trade secret infringement. From the timeline and geographical chart, annual case numbers remain around 20, concentrated in Jiangsu and Shanghai.

Specific manifestations include:

① Unauthorized reproduction of others’ works,转载 of infringing content, or direct抄袭 of game content and webpage design

② Game source codes illegally sold or leaked by others, with perpetrators purchasing them to reskin and launch games

③ Software source codes illegally解析 and obtained by perpetrators for setting up private servers for profit

④ Former employees violating confidentiality agreements, using front-end codes developed at former employers to develop and launch new games

(7) Infringement of Citizens’ Personal Information

Most of these crimes are unrelated to online game enterprises, such as perpetrators meeting through games or acting as代练. Therefore, only cases involving online game enterprises are selected for summary:

① Purchasing大量 others’ game account information online, distributing to accomplices, and selling equipped or resource-rich accounts for profit

② Using VPN to侵入 others’ game accounts, stealing game data and selling it

③ Illegally downloading大量 citizens’ personal information for registering online game实名认证, for personal use or resale

④ Exploiting online game vulnerabilities to illegally obtain citizens’ personal information through technical means

⑤ Online game enterprise employees purchasing online game player personal information to expand sales, targeting sales of games the enterprise代理 for profit

(8) Illegal Absorption of Public Deposits

This type of crime uses game development as a pretext to entice players to充值 or invest in games, promising profit returns through task completion or game output,骗取 public funds under the guise of making money through gaming

(9) Crimes Against Corporate Management Order

Two types: bribery of non-state employees and acceptance of bribes by non-state employees. Over five years, only 9 cases, with specific manifestations:

① Employees using positions to accept bribes, helping others bypass risk controls or imposing risk controls on competitors

② Employees responsible for game advertising review, game launch, and commercial operations accepting bribes to assist in launching games without publication numbers

③ Employees with online game live streaming privileges accepting bribes to help others obtain game broadcast rights

④ Employees accepting bribes to unauthorizedly modify enterprise system permissions, providing IP addresses to the briber’s broadband account for快速 dial-up internet access

III. Recent Policy Regulatory Developments and Impacts

(I) Continuous Improvement of Internet Regulations

On October 25, 2019, the Supreme People’s Court and Supreme People’s Procuratorate issued the Interpretation on Several Issues Concerning the Application of Law in Criminal Cases Involving Illegal Use of Information Networks and Aiding Information Network Criminal Activities, clarifying the stance on strict punishment of cyber crimes, and specifying conviction and sentencing standards and the scope of criminal subjects.

On January 22, 2021, the National Internet Information Office issued the Provisions on the Administration of Internet User Public Account Services, regulating public account information services and explicitly prohibiting illegal trading of public accounts.

On June 11, 2021, the Data Security Law was adopted, expanding the connotation and extension of “data,” improving data security system construction, and clarifying data security protection obligations of all parties.

On August 20, 2021, the Personal Information Protection Law was adopted, clarifying personal information processing rules and cross-border provision rules, and defining individual rights and obligations in personal information processing.

On September 1, 2021, the Regulations on the Security Protection of Critical Information Infrastructure took effect, clarifying protection principles for critical information infrastructure to protect it from attack, intrusion, interference, and destruction, and strictly punishing illegal and criminal activities.

On November 16, 2021, the Ministry of Industry and Information Technology implemented the “14th Five-Year” Plan for Information and Communication Industry Development, strengthening network security assurance system and capacity building.

On August 30, 2022, the Supreme People’s Court, Supreme People’s Procuratorate, and Ministry of Public Security jointly issued the Opinions on Several Issues Concerning the Application of Criminal Procedure in Information Network Crime Cases, standardizing jurisdiction, evidence collection, evidence review, and handling of涉案 property in cyber crime cases.

On September 2, 2022, the 36th Session of the Standing Committee of the 13th National People’s Congress voted to adopt the Anti-Telecommunications and Online Fraud Law, strengthening monitoring and governance of fraud-related apps, and explicitly proposing to strengthen internet supervision and vigorously rectify internet access, app development, online payment, online games, live streaming, traffic引流 and promotion, and other key fraud-related areas.

(II) Normalization of Public Security Crackdowns on Cyber Crimes

To combat telecommunications and online fraud, public security organs regularly conduct various special operations against cyber crimes, such as the 100-Day Campaign, Net Cleanup Special Operation, Card-Breaking Operation, Flow-Breaking Operation, Cloud Sword Operation, Great Wall Operation, etc.

Taking the 100-Day Campaign as an example, areas where online game enterprises face targeted crackdowns include: strictly cracking down on hacker groups and individuals producing ransomware, botnets, and DDoS attacks; strictly cracking down on gangs illegally stealing and trading citizens’ personal information, insiders, and data black-market enterprises; strictly cracking down on fraud, gambling, illegal fundraising, and pyramid schemes conducted through online games; strictly cracking down on “money laundering” through free trading of game items and game coins; strictly cracking down on key black-market industries supporting online game crimes, such as special rectification of illegal payment settlements, technical support, traffic引流, and website setup providing support for online game fraud and gambling.

After initial investigations,大量 victim reports, and gradual improvement of laws and regulations, public security organs have become familiar with various patterns of criminal involvement by online game enterprises. Various special operations have gradually transitioned to normalized crackdowns, targeting specific online game enterprises and tracing fraud gangs along the chain. Specific cases include: Maonan Public Security Bureau in Maoming, Guangdong, cracking a特大 illegal online game operation case involving illegal business operation of unlicensed山寨 online games; Wuyi County Public Security Bureau successfully investigating a大型 cheat black-market case involving copyright infringement for解析 game software code and破坏 computer information systems; Shanghai police solving a major copyright infringement case involving大型 game copyright theft.

IV. Legal Risks Facing Online Game Enterprises

(I) Criminal Risks

The main criminal legal risks facing online game enterprises include:

(1) Criminal risks in online transactions, such as money laundering through purchasing game items and points for低价 resale;

(2) Criminal risks in technology application, such as developing cheats,破解 original enterprise codes, modifying data;

(3) Criminal risks in intellectual property protection, such as employees or other enterprises stealing game data and codes to set up private servers;

(4) Criminal risks in user information protection, such as illegally collecting game users’ personal information,强制 requiring provision or unauthorized downloading of users’ location, identity information, albums, SMS messages for sale;

(5) Criminal risks in internal management, such as employees embezzling enterprise property or disclosing game development information to relatives and friends, causing game content leaks to competitors.

(II) Administrative Risks

On November 7, 2022, the State Council Information Office released the white paper “Building a Community with a Shared Future in Cyberspace.” The Central Cyberspace Affairs Commission reiterated its philosophy of promoting development alongside regulatory standardization for internet platform enterprises, conducting日常 supervision. If突出 problems emerge online, “Clear and Bright” special rectification actions will be launched. From past to future, for internet platform enterprises and broader internet enterprises, the government generally maintains the理念 of promoting development alongside regulatory standardization, policy guidance alongside legal management, balancing social and economic benefits, creating a favorable environment for internet enterprise development. However, as evidenced by the大量 “Clear and Bright” special rectification actions in recent years, strong administrative supervision will remain the主旋律 facing internet enterprises, including online game enterprises.

The main administrative supervision areas facing online game enterprises include:

(1) Improvement of Internet Regulations

① The Data Security Law stipulates data security protection obligations and corresponding legal responsibilities from perspectives of data security and development, data security systems, data security protection obligations, and government data security and openness.

② The Personal Information Protection Law clarifies rules for personal information processing and cross-border provision, and obligations of processors.

③ The Regulations on the Security Protection of Critical Information Infrastructure were formally implemented, stating that no individual or organization may illegally侵入, interfere with, or破坏 critical information infrastructure.

④ The Data出境 Security Assessment Measures (Draft for Comments) were published for public comment, proposing normative requirements for data security of foreign-related enterprises or enterprises investing in foreign entities.

⑤ The MIIT issued the “14th Five-Year” Plan for Information and Communication Industry Development, proposing to strengthen internet market order supervision.

(2) Strict Crackdown on Data Security and Personal Rights Violations by Online Game Enterprises, Focusing on:

① Rectifying algorithmic abuse;

② Combating online trolls, traffic fraud, and black PR;

③ Rectifying the online environment for minors;

④ Rectifying unlicensed and pirated game illegal operations;

⑤ Cracking down on fraud, gambling, and money laundering through online games.

(III) Civil Risks

(1) Virtual Currency and Asset Policy Risks

Game enterprises primarily generate revenue through selling virtual items. However, relevant regulations on virtual items remain incomplete, such as property rights attribution and inheritance of virtual property. Operating virtual currency兑换 is also prone to civil disputes, such as代充, and serious cases may escalate to money laundering. If policies change in the future, filling legal gaps in this area, such as restricting virtual currency and asset businesses, enterprises’ operating performance, financial condition, and business prospects may suffer重大 adverse effects.

(2) Network Security Risks

Online game business is internet-based. The open nature of the internet makes it relatively susceptible to faults caused by network infrastructure failures, software vulnerabilities, power supply issues, natural disasters, and even malicious hacker attacks, interfering with normal internet operation and information security. The most severe impacts on online game enterprises are game piracy, private server setup, and player cheating, directly causing player property losses, reducing player experience, affecting enterprise reputation, and negatively impacting enterprise performance.

(3) Privacy Infringement Risks

Online game enterprises must comply with privacy regulations when processing, storing, and using personal data and other information. If enterprises unauthorizedly use or sell players’ personal information, they may face administrative penalties, and serious cases may involve the crime of infringing citizens’ personal information.

(4) Risks of Infringing Others’ Intellectual Property

During independent R&D of online game products, enterprises may face third-party intellectual property infringement lawsuits due to insufficient internal controls, procedural errors, or employee misunderstandings of intellectual property. In game enterprise competition, means to obtain or leak competitors’ core game codes may also occur. If enterprise products are subsequently determined by authorities to infringe others’ intellectual property, the enterprise may bear corresponding侵权 liability and must modify or adjust original products, potentially leading to product removal, negatively affecting business performance.

(5) Protection Risks of Game Enterprises’ Own Intellectual Property

Game enterprises may generate trademarks, computer software copyrights, and other intellectual property in online game R&D, operation, and mobile gaming. Although enterprises may implement protection measures such as applying for intangible asset certificates, code segregation, internal permission controls, and employee confidentiality and non-compete agreements, third parties may still infringe enterprise intellectual property, negatively affecting normal production and operations. Inadequate protection of intellectual property may lead to malicious competition and loss of game players, adversely affecting enterprise performance.

V. Countermeasures and Recommendations

For online game enterprises, to ensure stable development under strong regulatory supervision, it is necessary to prevent criminal risks at the source. Enterprises can take the following measures:

(I) Operate According to Law, Draw Three Lines.

(1) Hold the baseline. Firmly refuse activities that violate public order, good customs, or administrative regulations, such as false advertising or content violations.

(2) Do not touch the red line. Familiarize oneself with newly issued laws and regulations concerning online games, such as virtual property provisions, strengthen communication with legal teams, and continuously update legal red lines for online game activities, being wary of gray areas.

(3) Standardize the safety line. Operate according to law; establish rules and systems (personnel, finance, operations, supervision); conduct periodic compliance self-inspections to timely抵御 external risks.

(II) Strengthen Risk Control, Build Two Walls, Prepare Fire Extinguishers.

(1) Build a “Firewall” in Advance

Focus on compliance, especially criminal compliance. In recent years, China has shown significant development trends in criminal compliance, accompanied by innovative development and large-scale adaptation of compliance systems and corporate-related criminal laws. The intention is to establish a legal system for preventing corporate crime liability models and incentivizing enterprises to proactively implement compliance plans through corporate-related criminal law system integration. At this level, criminal compliance is formally distinct from general enterprise compliance and is essential compliance content for enterprises conducting compliance affairs.

The main content of criminal compliance includes criminal compliance in corporate governance and criminal compliance in criminal cases, aimed at helping online game enterprises establish a complete criminal compliance system and framework before criminal cases occur, including pre-event corporate governance criminal compliance and criminal response after criminal investigation crises emerge.

(2) Build an “Isolation Wall” During Events

Conduct rehearsals of possible violations by online game enterprises, consider temporary封控 of key permissions, temporarily suspending identified违规 projects, and timely communicating with legal teams.

(3) Prepare “Fire Extinguishers” After Events

Legal teams help online game enterprises establish pre-event criminal compliance systems and establish an early warning mechanism of “monitoring—reporting—risk response,” accurately identifying the period between potential criminal risks and public security case filing. Using this critical window period, before criminal case filing when the enterprise is not yet a suspect, help enterprises effectively respond to criminal law enforcement investigations, carry out compliance work early, and achieve the purpose of blocking or reducing corporate criminal liability.

(III) Take the Example of Online Game Enterprises Involved in Illegal Absorption of Public Deposits

(1) Case Data Analysis

Expanding the time span to three years, criminal cases involving online game enterprises total 5,061, with 59 cases of illegal absorption of public deposits, accounting for 1.16%. In 2020, cases surged, then sharply decreased.

Manifestations of this crime can be classified into two categories:

① Developing games, enticing players to充值 under the pretext of返利 and withdrawal through game道具兑换;

② Developing games, allowing players to invest and complete specific tasks for cash returns, creating the illusion of “earning while playing.”

(2) Enterprise Response Methods

① Fundamental solution: avoid direct “first充值 full refund” business models; instead use equal-value in-game virtual currency returns;

② Use partial refunds instead of full refunds, such as returning 50% or 80% of充值 amounts;

③ Limit refund ceilings, such as maximum refund of RMB 200;

④ Limit refund frequency, such as one-time refund per verified account;

⑤ Tie refund conditions to actual services, such as requiring specific login counts or task completion before withdrawal;

⑥ Ensure stable cash flow to avoid user losses from fund chain breaks.

Online game companies should attach great importance to these legal risks, formulate effective compliance measures, comply with laws and regulations, and cooperate with professional legal teams to protect the company’s legitimate rights and ensure sustainable development and compliant operations.

References:

1. Interpretation of the Interpretation on Several Issues Concerning the Application of Law in Criminal Cases Involving Illegal Use of Information Networks and Aiding Information Network Criminal Activities

2. National Internet Information Office Revised Provisions on the Administration of Internet User Public Account Services

3. 2021 Review: Industry Upgrade Challenges Behind Tightened Internet Regulation

4. Interpretation of the Data Security Law

5. Full Text of the Personal Information Protection Law (with Authoritative Interpretation)

6. Expert Interpretation of the Regulations on the Security Protection of Critical Information Infrastructure (Part 1)

7. Interpretation of the “14th Five-Year” Plan for Information and Communication Industry Development

8. Opinions on the Application of Criminal Procedure in Information Network Crime Cases

9. 2021 Review: Industry Upgrade Challenges Behind Tightened Internet Regulation

10. China Audio-Video and Digital Publishing Association Game Publishing Committee “2020 China Game Industry Report”

11. Chen Huan, “Brief Analysis and Prevention Suggestions on the Risk of Illegal Absorption of Public Deposits in Online Game ‘First Recharge Full Refund’ Models”