Hunton Andrews Kurth writes:
On March 28, 2025, the Cyberspace Administration of China issued draft amendments to China’s Cybersecurity Law (“Draft Amendment”) for public comment until April 27, 2025. The Draft Amendment aims to harmonize relevant provisions of the Personal Information Protection Law (“PIPL”), Data Security Law (“DSL”) and Law of Administrative Penalties, all of which were issued after the Cybersecurity Law came into effect in 2021.
The Draft Amendment amends the liability provisions of the Cybersecurity Law as follows:
- Legal liability for network operation security: (1) classifies massive data leakage incidents, loss of partial functions of critical information infrastructure (“CII”) and other serious consequences that jeopardize network security as violations of the Cybersecurity Law and increases the range of fines set forth in the DSL for such violations; (2) imposes liability for the sale or provision of critical network equipment and specialized cybersecurity products that do not meet the Cybersecurity Law’s requirements for security certification and security testing; and (3) clarifies penalties for CII operators that use network products or services that have either not undergone or passed security review.
Read about the other provisions on Privacy & Information Security Law Blog