China: Cyberspace Administration of China adopted National Cybersecurity Incident Reporting Management Measures

On 11 September 2025, the Cyberspace Administration of China adopted the National Cybersecurity Incident Reporting Management Measures. These measures standardise the management of cybersecurity incident reporting. Network operators within the People's Republic of China, including owners, managers, and service providers, must report cybersecurity incidents when they occur. Operators are required to assess incidents based on the guidelines for the classification of cybersecurity incidents. For major or higher-level incidents, specific reporting procedures apply based on the type of network operator. Critical information infrastructure operators must report to their protection department and public security organs within one hour, with the protection department then reporting to the National Cyberspace Administration and the State Council Public Security Department within half an hour for particularly major incidents. Central and state department network operators must report to their respective cybersecurity and informatisation departments within two hours, who then report to the national cybersecurity and informatisation department within one hour for major incidents. Other network operators report to local provincial cyberspace administration departments within four hours, with these departments reporting to the national department within one hour for major incidents. Ransomware attacks require additional details on ransom demands. Network operators must also ensure that their service providers report incidents to them and assist in the reporting process. Following incident handling, a summary report must be submitted within 30 days. The cybersecurity and informatisation departments operate a hotline, website, email, and fax for incident reports. Non-compliance, including delayed, false, or concealed reporting, may result in penalties in accordance with relevant laws.