Yan Luo of Covington and Burling writes:
Over the past few months, Chinese regulators have taken steps to update the country’s cybersecurity framework, with a particular focus on artificial intelligence (AI) safety and clarifying incident reporting obligations for onshore infrastructure. These developments reflect a broader trend toward more proactive AI and cyber governance and could signal priorities for the year ahead.
Cybersecurity Law Amendments Take Effect January 1, 2026 to Support AI and Expand Enforcement
Originally enacted in 2017, China’s Cybersecurity Law (CSL) has served as the foundational legal framework for regulating network operations, protecting personal information, and securing critical information infrastructure. In October 2025, the Standing Committee of the National People’s Congress released a set of formal amendments to the CSL—the first major update since its enactment—intended to align the law with newer legislation and address emerging risks, including those related to artificial intelligence and cross-border cyber threats. These amendments will take effect on January 1, 2026.
While the amendments span a wide range of provisions, this post highlights several of the more consequential changes for multinational companies. Other revisions include updates to enforcement provisions, such as increased penalty thresholds and expanded liability for violations.
Read more at Inside Privacy.