LLMpediaThe first transparent, open encyclopedia generated by LLMs

Cybersecurity Law of the People's Republic of China

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Alibaba Hop 4
Expansion Funnel Raw 46 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted46
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Cybersecurity Law of the People's Republic of China
Cybersecurity Law of the People's Republic of China
澳门特别行政区立法会 / Assembleia Legislativa da Região Administrativa Especial de Macau / · Public domain · source
Short titleCybersecurity Law
LegislatureNational People's Congress
Long titleCybersecurity Law of the People's Republic of China
Enacted byStanding Committee of the National People's Congress
Date enactedNovember 7, 2016
Date commencedJune 1, 2017
Statusin force

Cybersecurity Law of the People's Republic of China is a comprehensive legal framework governing cyberspace security and data governance within the country. Enacted by the Standing Committee of the National People's Congress in 2016, it establishes fundamental principles for national cyberspace sovereignty, network operations, and information protection. The law significantly expands the regulatory authority of agencies like the Cyberspace Administration of China and imposes stringent obligations on network operators and critical information infrastructure operators.

Background and legislative history

The development of the Cybersecurity Law was driven by the rapid expansion of the Internet in China and heightened state concerns over national security and social stability in the digital age. Its drafting was influenced by prior regulations like the 2000 Decision on Internet Security and incidents such as the 2014–2015 GitHub DDoS attacks. The legislative process involved multiple readings by the Standing Committee of the National People's Congress, with a draft released for public comment in 2015. Final adoption occurred on November 7, 2016, following reviews that considered submissions from entities like the Ministry of Industry and Information Technology and the Ministry of Public Security. The law officially took effect on June 1, 2017, marking a pivotal moment in China's internet governance alongside initiatives like the Great Firewall.

Key provisions and requirements

The law articulates the principle of cyberspace sovereignty, asserting state control over internet infrastructure within its borders. It mandates a multi-level protection scheme for critical information infrastructure, covering sectors like finance, energy, and transportation, requiring security reviews and data localization. Network operators must implement real-name registration policies, censor prohibited information, and report cybersecurity incidents to authorities like the Ministry of Public Security. Provisions on personal information protection require consent for data collection and impose strict rules on cross-border data transfers, which later influenced the Personal Information Protection Law of the People's Republic of China. The law also grants powers to the Cyberspace Administration of China to conduct security inspections and coordinate responses during major incidents.

Implementation and enforcement

Enforcement is carried out by a multi-agency framework led by the Cyberspace Administration of China, in coordination with the Ministry of Public Security, the Ministry of State Security, and the Ministry of Industry and Information Technology. Implementation has involved issuing supporting regulations, such as the Multi-Level Protection Scheme 2.0, and conducting nationwide inspections of companies like Alibaba Group and Tencent. Notable enforcement actions include fines levied against DiDi Global following its 2021 DiDi IPO and the suspension of apps for non-compliance. The law's provisions are also enforced through technical measures managed by the Great Firewall and partnerships with state-owned enterprises like China Telecom.

Impact and reception

The law has profoundly reshaped China's digital ecosystem, compelling multinational corporations like Apple Inc., Microsoft, and Tesla, Inc. to localize data and adapt business practices. Domestically, it has accelerated consolidation in the tech sector, favoring firms that align with state priorities, while raising compliance costs for small and medium-sized enterprises. Internationally, it has sparked debate among organizations like the World Trade Organization and foreign governments, including the United States Department of State, over issues of digital trade barriers and human rights. Critics, including Human Rights Watch and Reporters Without Borders, argue it facilitates censorship and surveillance, while proponents within the Chinese Communist Party frame it as essential for security and development, akin to the Social Credit System.

The Cybersecurity Law forms the cornerstone of an expanding regulatory architecture, which includes the subsequent Data Security Law of the People's Republic of China and the Personal Information Protection Law of the People's Republic of China. It is closely linked to the National Intelligence Law and the Counter-Espionage Law, which grant broad powers to agencies like the Ministry of State Security. Other relevant rules include the Measures for Security Assessment of Cross-Border Data Transfers and regulations on critical information infrastructure protection issued by the Cyberspace Administration of China. This legal ecosystem aligns with broader policies like the Made in China 2025 strategy and the Belt and Road Initiative, which emphasize technological self-reliance and digital sovereignty.

Category:Chinese law Category:Cybersecurity law Category:Internet censorship in China