China: State Internet Information Office opened consultation on Internet Application Personal Information Collection and Use Regulations including cybersecurity regulation

On 10 January 2026, the State Internet Information Office opened a consultation on the Internet Application Personal Information Collection and Use Regulations including cybersecurity regulation until 9 February 2026. The Regulations apply to internet applications and mandate technical and management safeguards to ensure data security. Article 4 assigns primary responsibility for security protection to application operators and developers. Article 16 requires operators to take specific technical measures to protect the personal information of minors from alteration or loss. Further, according to Article 36, both application operators of both applications and software development kits must strengthen access management measures and implement security measures such as encryption and de-identification measures to prevent the leakage, loss, or unauthorised access of user information. In the event of a security breach, operators must promptly notify users and the relevant regulatory authority, detailing the nature and cause of the leakage, as well as the remedial actions taken.