China: Cyberspace Administration of China adopted order on reporting of personal information protection personnel information

On 18 July 2025, the Cyberspace Administration of China issued an order concerning the reporting obligations for designating a person responsible for personal information protection. Under Article 52 of the Personal Information Protection Law and Article 12 of the Compliance Audit Management Measures, any organisation that processes the personal information of over 1 million individuals must report the details of its designated person in charge to the relevant municipal cyberspace authority. Entities that reach the 1 million threshold after the announcement must submit the required information within 30 working days. Those that had already reached the threshold before the announcement must comply by 29 August 2025. Any material changes to submitted information must also be reported within 30 working days.