On October 28, 2025, China adopted the first major amendments to the 2017 Cybersecurity Law, which took effect on January 1, 2026. The revised Law establishes an additional tiered penalty regime featuring stricter fines for...more
On December 6 2025, the CAC released the draft Network Data Security Risk Assessment Measures (Draft for Comments) for public consultation. The measures aim to standardize network data security risk assessment activities,...more
All data controllers processing personal data under the age of 14 (“minors“) must now submit an annual report to Chinese data regulator, the Cyberspace Administration of China (“CAC“). For 2025, the report must be submitted...more
This monthly report outlines key developments in China’s data protection sector for December. The following events merit special attention: On November 22, CAC and the MPS jointly released the Provisions on the Protection of...more
In Part 2 of this series, we discussed how the Personal Information Protection Law (“PIPL”), the centerpiece of China’s personal information (“PI”) protection law, needs to be read in conjunction with other relevant laws,...more