On October 28, 2025, the 18th session of the Standing Committee of the 14th National People’s Congress reviewed and passed the Decision on Amending the Cybersecurity Law of the People’s Republic of China. The amendments will take effect on January 1, 2026.

The Cybersecurity Law of China was originally passed in November 2016 and took effect in June 2017. It serves as a fundamental legal framework in the field of cybersecurity. The 2016 version consisted of 79 articles across seven chapters: General Provisions, Cybersecurity Support and Promotion, Network Operation Security, Network Information Security, Monitoring and Emergency Response, Legal Liability, and Supplementary Provisions.

This revision marks the first major amendment since the law’s enactment, aiming to tackle new risks arising from the rapid advancement of technologies such as artificial intelligence. It also strengthens coordination with newer legislation to enhance the coherence of the legal system.

The amendment introduces four new articles and modifies or consolidates thirteen existing ones, covering multiple aspects. Notably, a new article has been introduced to regulate and promote the development of AI, supporting fundamental theoretical research and technological R&D, advancing infrastructure development, and improving ethical standards and safety supervision. Additionally, key legal liability provisions have been refined, with significantly increased fines—up to 10 million yuan—and the implementation of categorized and tiered penalties. The amendment also adds circumstances for mitigated or reduced penalties and optimizes enforcement measures. Furthermore, referential provisions have been added to ensure alignment between the Cybersecurity Law and the Data Security Law and the Personal Information Protection Law, avoiding overlaps, conflicts, or inconsistencies in penalties. The amendment also expands the scope of extraterritorial application.

This revision marks a continued improvement in China’s cyber legal framework, offering a timely response to challenges posed by contemporary developments. By introducing a regulatory framework for the safety and development of artificial intelligence, it promotes the secure and healthy growth of AI. The amended law reinforces legal liability, further elevating the level of cybersecurity safeguards and fostering a safer, more trustworthy, and innovation-friendly environment for the digital economy.