China is suffering a dual flood of fake ISO certifications, issued by certificate mills, alongside certificates issued by officially-accredited certification bodies that simply ignore IAF rules. To counter one of these problems, China has expanded national regulations beyond the weak, and largely unenforced, rules set forth by the IAF’s “Mandatory Documents” and ISO 17021-1.

Although it has been unable to halt the growth of certificate mills in the country, the Chinese government has issued the following updates to its regulations in an attempt to curb the fraudulent practices of accredited bodies. These rules will go into effect on January 1, 2026.

I’ve listed the full set of new rules below, as published by multiple sources on Xiaohongshu (Rednote), the Chinese social media platform. All of these should be official rules already, either included in 17021-1 or the IAF MDs. But since the IAF has stopped enforcing either of those, anything made “official” by the IAF or even ISO/CASCO would be purely theatrical anyway. At least the Chinese regulations are backed up by a government that punishes offenders.

  1. Certification bodies must have at least two professional auditors within the scope of each certification business they intend to conduct, and these auditors must meet specific qualification requirements such as education, work experience, or professional titles. If a body lacks sufficient qualified personnel for a certain type of business, it will be unable to undertake certification projects within that scope.
  2. Each audit team must include at least one full-time auditor from the certification body, who must be involved in the quality management system audit process in its entirety. The previous model of audit teams composed entirely of part-time auditors has been abolished, leading to a shortage of full-time auditors. Furthermore, most certification bodies have far fewer full-time staff than part-time auditors. To handle more projects, a model where one full-time auditor supervises multiple part-time auditors (“one-to-many”) may become the optimal choice, thereby increasing travel costs. When local full-time auditors lack the necessary expertise, deploying auditors from other regions incurs additional travel and accommodation expenses, driving up certification costs.
  3. Companies with suspended, withdrawn, or revoked certificates will not be able to get a new certificate for one year.  This means that if a company’s certificate is revoked due to failing to undergo timely surveillance audits, it will face a one-year gap during which no new certificate can be issued. Additionally, after the original body’s certification qualification is revoked, no other body can accept the company’s certification application for three months. Therefore, the choice of a certification body requires greater caution.
  4. Certification fees must be paid directly by the certification client to the certification body, prohibiting payment to third parties such as consulting firms. This adjustment makes the financial accounting of certification bodies more standardized. Currently, the majority of certification projects in the market are managed by channel intermediaries, and the increase in taxes and fees will ultimately be passed on to the certified organizations.
  5. The total time an auditor spends on on-site audits for all management systems, including quality, environmental, and occupational health and safety, within a year shall not exceed 180 days. This has led to a relative shortage of core auditors in the industry, and the audit fees for full-time auditors are bound to rise, which in turn will push up the overall certification costs. Some bodies may try to maintain costs by reducing fees for part-time auditors, but the auditors themselves may seek alternative sources of income, ultimately leading to increased certification-related costs for enterprises.
  6. The ratio of the total number of valid quality management system certification certificates held by a certification body to the number of its auditors must not exceed 50 certificates per auditor per year. This requirement will have minimal impact on compliant, well-established institutions, but it primarily targets bodies whose number of certificates is not matched by their audit capacity.
  7. The maximum interval between two surveillance audits has been reduced from the original 15 months to a maximum of 12 months. The reduced buffer time for subsequent surveillance audits further highlights the shortage of audit personnel and increases the service costs for certification bodies, which may ultimately be passed on to the client companies.
  8. The interval between the Stage 1 and Stage 2 audits of an initial certification must be at least 5 days. Auditors from outside the local area must travel to the client company twice to conduct the audits, which significantly increases travel expenses.

At the same time, China is circulating new regulations for public comment regarding the regulation of ISO consultancy organizations, to further limit conflicts of interest between accredited CBs and consultants.

It remains to be seen what the Chinese government can do to stop the plague of unaccredited certificate mills and the issuance of wholly fake ISO certificates.

UPDATE: Fixed the effective date of the changes to Jan 1, 2026.

Advertisements
Surviving ISO 9001 Book

Why we report on these topics

Since 2000, Oxebridge has worked to improve ISO and related certification schemes by identifying problems and then proposing solutions. We report on issues affecting standards users because so few other news outlets do. Our belief is that in order to fix the problems in these schemes, we must first understand the nature and breadth of those problems. Our reporting aims to do just that. Elsewhere on the Oxebridge site you will find White Papers and other articles proposing ideas to correct these problems.