China: Cyberspace Administration of China opened consultation on Cybersecurity Law (Second Draft)

On 28 March 2025, the Cyberspace Administration of China, in cooperation with the relevant departments, initiated a public consultation on the Cybersecurity Law of the People's Republic of China (Second Draft for Comment). The consultation will remain open until 27 April 2025. The amendments align the Cybersecurity Law with the Data Security Law, the Personal Information Protection Law, and the revised Administrative Penalty Law. The draft Law updates legal liability for network operators. Fines range from CNY 10,000 to 10 million for cybersecurity breaches leading to data leaks or disruptions to critical infrastructure. It also introduces penalties for selling or providing uncertified network and cybersecurity products. Minor or promptly corrected violations may face reduced or waived penalties. Further changes include revised obligations for handling and reporting prohibited information. The draft Law also refers violations related to personal data and localisation to other applicable laws.