On September 8, 2025, a draft amendment of Cybersecurity Law was submitted to the Standing Committee of the National People’s Congress for the first round of review. Earlier on March 28, 2025, the draft amendment was released for public consultation, focusing mainly on clarifying ambiguous provisions on legal liabilities and increasing penalties for certain violations.
Implemented on June 1, 2027, Cybersecurity Law has been one of fundamental pillars to China’s cybersecurity legal framework, together with the Personal Information Protection Law and Data Security Law. In recent years, information technologies have been evolving rapidly, and network applications have permeated practically all aspects of social and economic life. Cybersecurity risk has become more prominent with frequent occurrence of unlawful activities such as network intrusions, cyberattacks and online dissemination of illegal information. In light of the growing challenges and cybersecurity requirements, the amendment seeks to refine the law’s liability provisions and impose stricter penalties to foster a healthy online environment.
To improve the legal liability for failing to fulfill obligations of cybersecurity protection, the draft amendment distinguishes between serious circumstances – such as large-scale data leaks or partial functional loss of critical information infrastructure – and particularly serious circumstances – such as failure of key functions of critical information infrastructure. In line with the relevant provisions of the Data Security Law, the amendment increases applicable fines for such violations.
To improve legal liability for failing to handle illegal online information, the draft revision incorporates recent law enforcement practices and refines the measures for handling and penalizing cases where network operators either neglect to take appropriate action after discovering illegal information online or fail to comply with instructions from competent authorities. It also imposes heavier penalties for violations that cause particularly severe impacts or consequences.
The revision of Cybersecurity Law has become inevitable, especially after China decided to advance its National AI strategy. This move signals the country’s shift towards a more comprehensive and stringent cybersecurity regime. Both enterprises and individuals will be expected to operate at heightened awareness, as non-compliance will result in heavier penalties. In this context, remaining vigilant and taking proactive action to fortify cybersecurity systems are essential. SESEC will continue to monitor the progress of revision and provide timely updates on its progress.
Source: https://www.cac.gov.cn/2025-09/08/c_1759395804049000.htm
