China: Ministry of Public Security opened consultation on Law on Prevention and Control of Cybercrime including cybersecurity regulation

On 31 January 2026, the Ministry of Public Security opened a consultation on the draft Law on Prevention and Control of Cybercrime, including cybersecurity regulation, until 2 March 2026. It mandates that telecommunications, finance, and internet service providers adopt technical measures to monitor and block abnormal online behaviours. Providers of domain name registration, hosting, and content distribution must monitor and manage malicious domain registrations. They are also responsible for resolving denial-of-service attacks and blocking illegal VPNs. Internet service providers (ISPs) must prevent abnormalities in online payment accounts and block malicious code in advertisements. ISPs offering application distribution services must block malicious apps. ISPs offering blockchain services must monitor for and prevent illegal information distribution and financial assistance for illegal activities. Network operators must designate specialised personnel for cybercrime prevention and conduct regular training. They must monitor third-party supply chains and report cyberattack threats or clues of violations to public security organs. Additionally, they must establish a cybercrime risk assessment system for new technologies. Providers of network security products and services must report testing details to public security to prevent criminal use. The draft law requires important data processors to implement data labelling and identification for traceability of data transmission between entities. Artificial intelligence service providers must prevent their tools from generating malicious code or aiding crime, while maintaining security logs. The state cyberspace department coordinates technical measures to block foreign assistance for cybercriminal activity. Non-compliance may result in administrative penalties, including fines ranging from CNY 50'000 to CNY 5'000'000, suspension of business operations, or revocation of licences.