Laws & RegulationsChina Cybersecurity Law
amendedcross-sectorOrder of the President of the People's Republic of China No. 53 (2016); amended 2025
Cybersecurity Law of the People's Republic of China
Also known as: China Cybersecurity Law
China's Cybersecurity Law is the foundational cybersecurity statute, establishing obligations for network operators and critical information infrastructure operators. It requires real-name registration, data localization for CII, security reviews for CII procurement, and incident reporting. The law was significantly amended in January 2026, with enhanced enforcement powers and increased penalties.
Jurisdiction
China
Regulator
Cyberspace Administration of China
Effective
6/1/2017
Sector
cross-sector
Full Text / Summary
The Cybersecurity Law establishes: (1) Network Security Protection — general obligations for all network operators; (2) CII Protection — enhanced obligations for critical information infrastructure operators including data localization, security reviews, and annual assessments; (3) Network Products and Services — security requirements and review for products used by CII operators; (4) Network Information Security — content governance and personal information protection. The 2025 amendments (effective January 1, 2026) expanded enforcement powers, increased penalties, and clarified obligations for network operators. The law works in conjunction with the Data Security Law (2021) and Personal Information Protection Law (2021).