Cybersecurity law China: Revision takes effect in 2026 with impact on compliance
© Gorodenkoff – stock.adobe.com

Cybersecurity law China: Revision takes effect in 2026 with impact on compliance

28. January 2026

The revised cybersecurity law of the People’s Republic of China took effect on 1 January 2026. The Ecovis experts explain the key changes and their impact on compliance.

Together with the data security law (DSL) and the personal information protection law (PIPL), the cybersecurity law (CSL) forms the foundation of China’s cyber and data governance framework. The revision responds to rapid technological development, rising cybersecurity risks, and the need to align the CSL with newer and more detailed data protection legislation.

Contact us

Richard Hoffmann
Richard Hoffmann
Partner, Lawyer in Heidelberg, Ladenburg
Tel.: +49 6203 95561 2600
Find an expert

Key changes to the Chinese cybersecurity law

  • AI governance: For the first time, the CSL expressly addresses artificial intelligence. It supports AI research and encourages the use of AI technologies to strengthen cybersecurity, while at the same time requiring improved ethical standards, risk monitoring, and security oversight.
  • Alignment with data laws: The revised CSL clarifies that network operators processing personal information must comply with the CSL, together with the PIPL and other relevant laws. In practice, this confirms that the PIPL governs most personal information processing activities, including the determination of lawful processing bases.
  • Expanded regulatory oversight: Regulators are granted stronger enforcement tools across the digital ecosystem. Network product and cybersecurity service providers may face fines, confiscation of illegal gains, or revocation of business licenses. Authorities may also order the shutdown of applications, including apps and mini programmes, extending oversight beyond traditional websites.
  • Broader extraterritorial reach: The CSL now applies to overseas activities that undermine China’s cybersecurity, such as cyberattacks or data theft. In serious cases, Chinese authorities may impose countermeasures against foreign entities or individuals.
  • Higher and more flexible penalties: The penalty framework has been refined to better reflect the seriousness of violations. In exceptionally serious cases, companies may face fines of up to RMB 10 million, while responsible individuals may be fined up to RMB 1 million. At the same time, the CSL incorporates leniency principles, allowing penalties to be reduced or waived where violations are minor or promptly corrected.

“We help companies take appropriate measures to improve their cybersecurity governance in order to meet the new requirements.”

Richard Hoffmann, Lawyer, ECOVIS Rechtsanwaltskanzlei Richard Hoffmann, Ladenburg, Germany

Compliance implications of the changes to the law

The revised CSL significantly raises the cost of non-compliance and expands the range of situations where penalties may be imposed. Cybersecurity compliance should therefore be treated as an ongoing governance issue rather than a one-time exercise.

Companies operating in or connected to China should review and strengthen their cybersecurity and data protection frameworks. This includes aligning personal information handling with the PIPL, enhancing technical and organisational security measures, providing regular employee training, and establishing clear incident response and documentation procedures.

For further information please contact

Richard Hoffmann
Richard Hoffmann
Partner, Lawyer in Heidelberg, Ladenburg
Tel.: +49 6203 95561 2600

Contact form

Related posts

APACNL0425_CHN2.jpg

Intellectual Property Infringement China: New Judicial Interpretation

Intellectual Property Infringement continues to be a key focus of legislative and judicial reform in China. Recent interpretations issued jointly by the Supreme People’s Court (SPC) and the Supreme People’s Procuratorate (SPP) provide clearer guidance on how IP infringement cases are to be assessed and prosecuted. The experts at Shanghai K-Insight Law Firm have prepared this overview to highlight the key developments.
APACNL0425_CHN.jpg

Revisions to the Anti-Unfair Competition Law in China: Key Updates

The newly revised Anti-Unfair Competition Law in China came into effect on 15 October 2025. In this article, Shanghai K-Insight Law Firm provides an overview of the latest changes and highlights what businesses should be aware of when navigating compliance requirements under the updated legal framework.
NL0725_CHN.jpg

China’s 15th Five-Year Plan and its implications for foreign businesses

China has adopted its recommendations for the development of the 15th Five-Year Plan for Economic and Social Development. The new plan, covering the period 2026–2030, outlines how China intends to drive growth, deepen reforms, and promote green and digital transformation over the next five years. For foreign companies, the plan presents a mix of opportunities and challenges. The Ecovis consultants explain.
X