On 28 October 2025, the Standing Committee of the 14th National People’s Congress adopted the Decision on amending the Cybersecurity Law of People’s Republic of China. The revised Cybersecurity Law (the “Revised Law”) will take effect on 1 January 2026. This is the first substantial update to the Cybersecurity Law (“Original Law”) since its promulgation […]
PIPL
China‘s Latest Updates on PIPL and Clarifications on Sensitive Personal Information
Different legislative updates were recorded in China in the last couple of months. These concern several topics related to data protection and data security, such as the definition of sensitive personal information, appointment obligations and registration of a Data Protection Officer (DPO), reporting measures in case of data security incidents for financial services and the […]
Understanding China’s new Measures for the Certification of Personal Information Protection for Overseas Transfers
The Personal Information Protection Law and the Network Data Security Management Regulation, among other laws and regulations, stipulate the methods for transferring personal information overseas, including: a data transfer security assessment, a standard contract, and certification. Additionally, other conditions may permit the personal information overseas transfer. Recently, the Cyberspace Administration of China (“CAC”) released the […]
Understanding China’s Network Data Security Management Regulation: Key Comparisons with GDPR and PIPL
After years of development, People’s Republic of China (“China”) has established a data security legal framework centered on the “Cybersecurity Law”, “Data Security Law”, and “Personal Information Protection Law” (PIPL). The issuance of the “Network Data Security Management Regulation” (“the Regulation”) by the State Council coordinates the implementation of the data security management requirements stipulated […]
Case Analysis: A Landmark Cross-Border Data Transfer Dispute in China
In a significant ruling that underscores the growing emphasis on personal data protection in China, the Guangzhou Internet Court recently concluded a case involving cross-border data transfer violations under the Personal Information Protection Law of the People’s Republic of China (PIPL). The case, titled (2022) Yue 0192 Min Chu 6486, saw Mr. Z, a Chinese […]
China passed new data protection law
China issued its comprehensive data protection law, the Personal Information Protection Law (“PIPL”), on August 20, 2021. The PIPL will come into effect on November 1, 2021. This marks a new era in China’s data protection development. Before the PIPL, the main legislations regulating data processing activities in China are the Cybersecurity Law, the Data […]