China: Management Regulations for Terminal Device Direct Satellite Service 2025 including cybersecurity regulation enter into force

On 1 June 2025, the Management Regulations on Terminal Equipment Directly Connecting to Satellite Services enter into force. The Regulation introduces obligations for service providers to implement security measures protecting data and digital infrastructure. Firms must comply with the Cybersecurity Law, Data Security Law, Personal Information Protection Law, and Cryptography Law. Required measures include network security classification, multi-level protection, personal data safeguards, and the application of commercial cryptography. Providers must also ensure the secure and stable operation of telecom networks and report and mitigate the transmission of prohibited content. Furthermore, the Regulation requires service providers to process domestic user data within mainland facilities and prohibits transferring such data via satellite to overseas ground stations without prior approval, while any cross-border data transfers must comply with applicable laws and administrative regulations.