{"id":71902,"date":"2026-04-28T00:40:58","date_gmt":"2026-04-27T15:40:58","guid":{"rendered":"https:\/\/monolith.law\/en\/?p=71902"},"modified":"2026-05-01T12:27:52","modified_gmt":"2026-05-01T03:27:52","slug":"china-cybersecurity-law-prc-penalties-extraterritorial-compliance","status":"publish","type":"post","link":"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance","title":{"rendered":"Explaining the Major Amendments to China's \"Cybersecurity Law\": How Should Companies Respond to Strengthened Penalties and Expanded Extraterritorial Application?"},"content":{"rendered":"\n<p>The &#8220;Cybersecurity Law of the People&#8217;s Republic of China&#8221; (Cybersecurity Law, Chinese original: \u4e2d\u534e\u4eba\u6c11\u5171\u548c\u56fd\u7f51\u7edc\u5b89\u5168\u6cd5), which serves as the cornerstone of China&#8217;s cybersecurity regulations, has reached a significant turning point. On October 28, 2025, the Standing Committee of the National People&#8217;s Congress announced amendments to this law, which will take effect on January 1, 2026. <a href=\"https:\/\/www.cac.gov.cn\/2025-12\/29\/c_1768735112911946.htm\" target=\"_blank\" rel=\"noopener\" title=\"Amendments announced on October 28, 2025, to be enforced from January 1, 2026\">Read more<\/a>.<\/p>\n\n\n\n<p>This new law marks the first major revision since its implementation in 2017 and goes beyond mere textual amendments. It significantly strengthens legal responsibilities, addresses new technologies such as artificial intelligence (AI), and expands the extraterritorial application of law enforcement. These changes are crucial for Japanese companies conducting business in China and cannot be overlooked.<\/p>\n\n\n\n<p>This article will outline the background of this major revision to the Cybersecurity Law, detail the specific amendments, and discuss the practical responses required from Japanese companies.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_53 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Background_of_the_Major_Revision_to_the_%E2%80%9CNetwork_Security_Law%E2%80%9D_Cybersecurity_Law_in_China\" title=\"Background of the Major Revision to the &#8220;Network Security Law&#8221; (Cybersecurity Law) in China\">Background of the Major Revision to the &#8220;Network Security Law&#8221; (Cybersecurity Law) in China<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Key_Points_of_the_Revised_%E2%80%9CNetwork_Security_Law%E2%80%9D_in_Japan\" title=\"Key Points of the Revised &#8220;Network Security Law&#8221; in Japan\">Key Points of the Revised &#8220;Network Security Law&#8221; in Japan<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Establishment_of_Basic_Policies_and_AI-Related_Provisions\" title=\"Establishment of Basic Policies and AI-Related Provisions\">Establishment of Basic Policies and AI-Related Provisions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Strengthening_of_Safety_Protection_Obligations_and_Coordination_with_Personal_Information_Protection_Legislation\" title=\"Strengthening of Safety Protection Obligations and Coordination with Personal Information Protection Legislation\">Strengthening of Safety Protection Obligations and Coordination with Personal Information Protection Legislation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Ensuring_the_Safety_of_Network_Products_and_Services\" title=\"Ensuring the Safety of Network Products and Services\">Ensuring the Safety of Network Products and Services<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Significant_Strengthening_of_Legal_Responsibilities_Penalties\" title=\"Significant Strengthening of Legal Responsibilities (Penalties)\">Significant Strengthening of Legal Responsibilities (Penalties)<\/a><ul class='ez-toc-list-level-4'><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Fines_for_Network_Operators\" title=\"Fines for Network Operators\">Fines for Network Operators<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Fines_for_Individuals_Directly_Responsible_Persons\" title=\"Fines for Individuals (Directly Responsible Persons)\">Fines for Individuals (Directly Responsible Persons)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Other_Sanctions\" title=\"Other Sanctions\">Other Sanctions<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Expansion_of_Extraterritorial_Application_Scope\" title=\"Expansion of Extraterritorial Application Scope\">Expansion of Extraterritorial Application Scope<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Corporate_Compliance_with_Amendments_to_the_%E2%80%9CNetwork_Security_Law%E2%80%9D_in_Japan\" title=\"Corporate Compliance with Amendments to the &#8220;Network Security Law&#8221; in Japan\">Corporate Compliance with Amendments to the &#8220;Network Security Law&#8221; in Japan<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Reevaluation_and_Strengthening_of_Internal_Security_Management_Systems\" title=\"Reevaluation and Strengthening of Internal Security Management Systems\">Reevaluation and Strengthening of Internal Security Management Systems<\/a><ul class='ez-toc-list-level-4'><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Clarification_of_Responsibilities\" title=\"Clarification of Responsibilities\">Clarification of Responsibilities<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Implementation_of_Technical_Measures\" title=\"Implementation of Technical Measures\">Implementation of Technical Measures<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Ensuring_Supply_Chain_Compliance\" title=\"Ensuring Supply Chain Compliance\">Ensuring Supply Chain Compliance<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Verification_During_Procurement\" title=\"Verification During Procurement\">Verification During Procurement<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Confidentiality_Agreements\" title=\"Confidentiality Agreements\">Confidentiality Agreements<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Establishment_of_Incident_Response_and_Reporting_Systems\" title=\"Establishment of Incident Response and Reporting Systems\">Establishment of Incident Response and Reporting Systems<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Safety_Evaluation_for_the_Introduction_of_New_Technologies_AI\" title=\"Safety Evaluation for the Introduction of New Technologies (AI)\">Safety Evaluation for the Introduction of New Technologies (AI)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Management_of_Cross-Border_Data_Transfers\" title=\"Management of Cross-Border Data Transfers\">Management of Cross-Border Data Transfers<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Conclusion_Consult_with_a_Lawyer_for_Compliance_with_China%E2%80%99s_Network_Security_Law\" title=\"Conclusion: Consult with a Lawyer for Compliance with China&#8217;s Network Security Law\">Conclusion: Consult with a Lawyer for Compliance with China&#8217;s Network Security Law<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/monolith.law\/en\/general-corporate\/china-cybersecurity-law-prc-penalties-extraterritorial-compliance\/#Guidance_on_Measures_by_Our_Firm\" title=\"Guidance on Measures by Our Firm\">Guidance on Measures by Our Firm<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Background_of_the_Major_Revision_to_the_%E2%80%9CNetwork_Security_Law%E2%80%9D_Cybersecurity_Law_in_China\"><\/span>Background of the Major Revision to the &#8220;Network Security Law&#8221; (Cybersecurity Law) in China<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2026\/03\/f5d5b3b635fc613f10e1c4cce4fc6520.jpg\" alt=\"Background of the Law\" class=\"wp-image-210154\" style=\"aspect-ratio:1.5;width:840px;height:auto\" \/><\/figure>\n\n\n\n<p>The Network Security Law of China, alongside the &#8220;Data Security Law&#8221; and the &#8220;Personal Information Protection Law,&#8221; serves as a foundational law that supports governance in the cybersecurity domain, collectively known as the &#8220;Three Data Laws of China.&#8221;<\/p>\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-\u30e2\u30ce\u30ea\u30b9\u6cd5\u5f8b\u4e8b\u52d9\u6240 wp-block-embed-\u30e2\u30ce\u30ea\u30b9\u6cd5\u5f8b\u4e8b\u52d9\u6240\">\n<div class=\"wp-block-embed__wrapper\"><a href=\"_wp_link_placeholder\" data-wplink-edit=\"true\">https:\/\/monolith.law\/corporate\/china-cyber-security-law<\/a><\/div>\n<\/figure>\n\n\n<p>There are two main factors behind the recent revision. One is the need to address new risks arising from the rapid development of the digital economy.<\/p>\n\n\n\n<p>The swift proliferation of artificial intelligence technologies, including generative AI, has brought to light issues such as the safety of algorithms, the legality of training data, and AI ethical standards, which were not fully anticipated by existing legal frameworks. There was a demand to establish a legal framework to manage these issues.<\/p>\n\n\n\n<p>Additionally, threats such as network intrusions, cyberattacks, and the spread of illegal information have been increasing, necessitating the strengthening of legal responsibilities to enhance deterrence against these threats.<\/p>\n\n\n\n<p>The other factor is related to China&#8217;s national strategy. Under China&#8217;s initiatives to build a &#8220;cyber power&#8221; and the &#8220;overall national security concept,&#8221; efforts have been made to develop relevant legal systems to protect sovereignty and security in cyberspace.<\/p>\n\n\n\n<p>Moreover, the previous law had relatively light penalties, and discrepancies in punishment standards between it and the subsequently enacted Data Security Law and Personal Information Protection Law were also seen as issues. The current revision aims to strengthen the coordination of these &#8220;Three Data Laws&#8221; and enhance the uniformity and rigor of law enforcement.<\/p>\n\n\n\n<p>In addition, considering recent international circumstances, the scope of extraterritorial application of the law has been clarified and expanded to address attacks from outside China and actions threatening national security. This allows for the imposition of sanctions on foreign organizations and individuals.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Key_Points_of_the_Revised_%E2%80%9CNetwork_Security_Law%E2%80%9D_in_Japan\"><\/span>Key Points of the Revised &#8220;Network Security Law&#8221; in Japan<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The new law introduced by this revision not only inherits substantial obligations from the previous law but also includes several significant new provisions and amendments.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Establishment_of_Basic_Policies_and_AI-Related_Provisions\"><\/span>Establishment of Basic Policies and AI-Related Provisions<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The new law explicitly states the adherence to the leadership of the Communist Party of China in cybersecurity operations and the implementation of the &#8220;overall national security concept.&#8221;<\/p>\n\n\n\n<p>Additionally, for the first time, the revised law systematically incorporates policies related to AI into the main body of the cybersecurity law. While the government supports the research and development of AI&#8217;s fundamental theories and algorithms, it also strengthens risk monitoring, safety supervision, and the establishment of ethical norms to enhance cybersecurity levels by utilizing new technologies.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Strengthening_of_Safety_Protection_Obligations_and_Coordination_with_Personal_Information_Protection_Legislation\"><\/span>Strengthening of Safety Protection Obligations and Coordination with Personal Information Protection Legislation<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Network operators are obligated to ensure network safety by adhering to the grade protection system, which includes the establishment of internal management systems, clarification of responsible persons, and implementation of technical measures.<\/p>\n\n\n\n<p>The revision clearly states that when handling personal information, compliance is required not only with the Network Security Law but also with provisions of the Civil Code and the Personal Information Protection Law.<\/p>\n\n\n\n<p>This enhances the consistency of related legal systems and demands a more integrated compliance response.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Ensuring_the_Safety_of_Network_Products_and_Services\"><\/span>Ensuring the Safety of Network Products and Services<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The law emphasizes the safety of supply chains for critical equipment and dedicated products. The sale or provision of critical network equipment that has not undergone or failed safety certification and inspection is strictly prohibited.<\/p>\n\n\n\n<p>Violations may result in sales suspension, confiscation of illegal income, and substantial fines.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Significant_Strengthening_of_Legal_Responsibilities_Penalties\"><\/span>Significant Strengthening of Legal Responsibilities (Penalties)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>One of the most notable features of this revision is the introduction of a tiered penalty system based on the severity of harm and the overall increase in fine levels.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Fines_for_Network_Operators\"><\/span>Fines for Network Operators<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Under the new law, it is possible to impose direct fines alongside corrective orders for violations of safety protection obligations (whereas the previous law sometimes only issued corrective recommendations). Fines for refusing correction or causing harm range from 50,000 yuan to 500,000 yuan (increased from the previous law&#8217;s maximum of 100,000 yuan).<\/p>\n\n\n\n<p>Furthermore, as a newly established aggravated punishment provision, fines range from 500,000 yuan to 2 million yuan for causing significant harm such as massive data leaks or partial functional loss of critical information infrastructure. For causing especially significant harm, such as the loss of major functions of critical information infrastructure, fines range from 2 million yuan to 10 million yuan.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Fines_for_Individuals_Directly_Responsible_Persons\"><\/span>Fines for Individuals (Directly Responsible Persons)<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>The responsibility for individuals in charge within companies has also increased. Depending on the level of harm, fines range from 50,000 yuan to 200,000 yuan for significant harm, and from 200,000 yuan to 1 million yuan for especially significant harm. In addition to the traditional &#8220;person in charge,&#8221; &#8220;other directly responsible persons&#8221; are also explicitly included as subjects of punishment.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Other_Sanctions\"><\/span>Other Sanctions<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>In addition to fines, severe administrative penalties such as temporary suspension of business, business suspension and rectification, closure of websites or applications, and revocation of business licenses may be imposed depending on the circumstances. In cases of especially significant harm, these measures will be mandatorily applied.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Expansion_of_Extraterritorial_Application_Scope\"><\/span>Expansion of Extraterritorial Application Scope<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Previously, extraterritorial application was limited to activities threatening China&#8217;s critical information infrastructure (CII). However, the new law includes foreign institutions, organizations, and individuals engaged in activities threatening China&#8217;s overall network security. In cases of significant consequences, Chinese authorities may decide on sanctions such as asset freezes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Corporate_Compliance_with_Amendments_to_the_%E2%80%9CNetwork_Security_Law%E2%80%9D_in_Japan\"><\/span>Corporate Compliance with Amendments to the &#8220;Network Security Law&#8221; in Japan<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2026\/03\/a3e2bebbbd18ab9195487c8b62e3ba94.jpg\" alt=\"Corporate Compliance Requirements\" class=\"wp-image-210152\" style=\"aspect-ratio:1.5;width:840px;height:auto\" \/><\/figure>\n\n\n\n<p>With the implementation of the new law, companies operating in China must fundamentally reassess their current systems and establish more stringent governance structures.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Reevaluation_and_Strengthening_of_Internal_Security_Management_Systems\"><\/span>Reevaluation and Strengthening of Internal Security Management Systems<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Companies must ensure that their networks are protected at an appropriate level according to the Cybersecurity Grading Protection System.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Clarification_of_Responsibilities\"><\/span>Clarification of Responsibilities<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>It is essential to clearly designate a network security officer and incorporate their authority and duties into internal regulations. The new law significantly increases fines for individuals, making it crucial for companies to educate and support their personnel in fulfilling their duties to reduce legal risks.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Implementation_of_Technical_Measures\"><\/span>Implementation of Technical Measures<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Companies need to implement technical measures to prevent computer viruses and cyberattacks, and retain logs for more than six months. Additionally, they must verify that data classification, backup of critical data, and encryption measures comply with the latest technical standards.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Ensuring_Supply_Chain_Compliance\"><\/span>Ensuring Supply Chain Compliance<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>It is necessary to strictly manage whether the critical network equipment and dedicated products used or sold by the company have passed the safety certification and inspection recognized by Chinese authorities.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Verification_During_Procurement\"><\/span>Verification During Procurement<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Companies identified as CII operators must pass a national security review when procuring network products or services that may impact national security.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Confidentiality_Agreements\"><\/span>Confidentiality Agreements<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>It is mandatory to enter into agreements with providers regarding safety and confidentiality, clearly defining the scope of responsibilities.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Establishment_of_Incident_Response_and_Reporting_Systems\"><\/span>Establishment of Incident Response and Reporting Systems<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Companies are required to develop emergency response plans (manuals) for security incidents and conduct regular training. In the event of an incident, immediate remedial measures must be taken, and a process for promptly reporting to authorities must be established.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Safety_Evaluation_for_the_Introduction_of_New_Technologies_AI\"><\/span>Safety Evaluation for the Introduction of New Technologies (AI)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>When introducing AI into operations, companies must assess the safety of algorithms and their compliance with ethical standards. The law promotes the healthy development of AI while indicating a policy to strengthen risk monitoring, necessitating proactive measures in anticipation of future supervisory regulations.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Management_of_Cross-Border_Data_Transfers\"><\/span>Management of Cross-Border Data Transfers<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>For the overseas provision of critical data and personal information, companies must appropriately conduct procedures such as safety evaluations, certifications, and the conclusion of standard contracts based on the Data Security Law and the Personal Information Protection Law. The law emphasizes coordination with these other laws, making the establishment of a unified data management system an urgent task.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion_Consult_with_a_Lawyer_for_Compliance_with_China%E2%80%99s_Network_Security_Law\"><\/span>Conclusion: Consult with a Lawyer for Compliance with China&#8217;s Network Security Law<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The recent amendment to China&#8217;s Network Security Law symbolizes a shift in digital governance within China, moving from &#8220;guidance through corrective recommendations&#8221; to &#8220;strict law enforcement accompanied by substantial fines.&#8221;<\/p>\n\n\n\n<p>The fine, which can reach up to 10 million yuan, is significant enough to greatly impact a company&#8217;s operations. Companies are now required to have a more precise understanding of the law and to engage more carefully in their management decisions.<\/p>\n\n\n\n<p>Additionally, it is essential to organize the relationship with related subordinate regulations, such as the &#8220;Network Data Security Management Regulations&#8221; enacted in January 2025, and to establish a multilayered compliance system to continue business operations in the Chinese market.<\/p>\n\n\n\n<p>In addressing these legal amendments, it is crucial to utilize the support of lawyers who are well-versed not only in law but also in IT business.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Guidance_on_Measures_by_Our_Firm\"><\/span>Guidance on Measures by Our Firm<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Monolith Law Office is a legal firm with extensive experience in both IT, particularly the Internet, and law. In recent years, global business has been expanding increasingly, and the need for legal checks by experts is growing. Our firm provides solutions related to international legal affairs under Japanese law.<\/p>\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-\u30e2\u30ce\u30ea\u30b9\u6cd5\u5f8b\u4e8b\u52d9\u6240 wp-block-embed-\u30e2\u30ce\u30ea\u30b9\u6cd5\u5f8b\u4e8b\u52d9\u6240\">\n<div class=\"wp-block-embed__wrapper\"><a href=\"https:\/\/monolith.law\/global-jpn2fgn\">https:\/\/monolith.law\/global-jpn2fgn<\/a><\/div>\n<\/figure>","protected":false},"excerpt":{"rendered":"<p>The &#8220;Cybersecurity Law of the People&#8217;s Republic of China&#8221; (Cybersecurity Law, Chinese original: \u4e2d\u534e\u4eba\u6c11\u5171\u548c\u56fd\u7f51\u7edc\u5b89\u5168\u6cd5), which serves as the cornerstone of China&#8217;s cybersecurity regulati [&hellip;]<\/p>\n","protected":false},"author":32,"featured_media":71903,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[42,24,29],"acf":[],"_links":{"self":[{"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/posts\/71902"}],"collection":[{"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/comments?post=71902"}],"version-history":[{"count":3,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/posts\/71902\/revisions"}],"predecessor-version":[{"id":71968,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/posts\/71902\/revisions\/71968"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/media\/71903"}],"wp:attachment":[{"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/media?parent=71902"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/categories?post=71902"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/tags?post=71902"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}