China: Cyberspace Administration released Measures for Administration of Compliance Audits on Personal Information Protection including operating conditions

On 12 February 2025, the Cyberspace Administration of China (CAC) released the Measures for the Administration of Compliance Audits on Personal Information Protection. The measures specify that personal information processors handling data of over 1 million individuals must appoint a personal information protection officer, while large internet platforms with extensive users and complex operations should establish independent oversight bodies. Regulatory authorities will oversee audits and investigate non-compliance, with violations subject to penalties under applicable laws. State organs and public administration bodies are exempt from these requirements. The measures take effect on 1 May 2025.