China: Standing Committee of National People’s Congress adopted Cybersecurity Law Amendment

On 28 October 2025, the Standing Committee of the National People’s Congress adopted the Cybersecurity Law Amendment. The amendment law introduces a new article stating that cybersecurity governance shall follow the leadership of the Communist Party of China and align with the national security framework. It also adds provisions supporting the development and regulation of artificial intelligence, including research, infrastructure, ethical standards, and supervision mechanisms. The rules on personal information handling were amended to require network operators to comply with the Cybersecurity Law, the Civil Code, the Personal Information Protection Law, and related regulations. Penalties for failing to meet cybersecurity obligations have been revised, with increased fines for incidents that endanger network security or cause significant data breaches. Additional provisions address violations related to uncertified network equipment, the disclosure of cybersecurity information, and the use of unapproved network products by operators of critical information infrastructure. Penalties may include business suspension, licence revocation, and fines of up to RMB 10 million for serious cases. The amendment consolidates and renumbers several articles, aligns penalties with the Administrative Penalty Law, and allows for reduced or exempted sanctions under specific circumstances. It also provides for sanctions, including asset freezes, on foreign entities involved in activities that harm the cybersecurity of the People’s Republic of China.