The amended Cybersecurity Law of China (CSL) entered into force on Jan. 1, 2026. These amendments, officially approved by China’s top legislature in October 2025, mark the first major changes to the law since it took effect in 2017. Without altering obligations of cybernetwork operators under CSL, the amendments specify the penalties applicable to breaches of different obligations, expand the government’s power to enforce against extra-territorial activities jeopardizing China’s cybersecurity, and set forth certain policy and regulatory goals for the new governance regime on developing and applying AI.

Click here to read the full GT Alert.

Tags: China, cybersecurity, GT Insight
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Philip Ruan Philip Ruan

Philip Ruan is a member of GT’s Corporate & Securities Practice, focusing on China-related transactions including venture capital, M&A and collaborative deals, with a focus on the life science industry. Philip also advises clients over China-related regulatory matters regarding foreign exchange, data, anti-bribery…

Philip Ruan is a member of GT’s Corporate & Securities Practice, focusing on China-related transactions including venture capital, M&A and collaborative deals, with a focus on the life science industry. Philip also advises clients over China-related regulatory matters regarding foreign exchange, data, anti-bribery, etc.

Read more about Philip Ruan
Show more Show less
Photo of Jena M. Valdetero Jena M. Valdetero

Jena M. Valdetero serves as Co-Chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice where she advises clients on complex data privacy and security issues. She has led more than 1,000 data breach investigations. A litigator by background, Jena defends companies against…

Jena M. Valdetero serves as Co-Chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice where she advises clients on complex data privacy and security issues. She has led more than 1,000 data breach investigations. A litigator by background, Jena defends companies against privacy and data breach litigation, with an emphasis on class action lawsuits. She has designed and conducted dozens of data breach tabletop exercises to empower clients to respond effectively to a data security incident. She also counsels companies on data privacy and security compliance programs and advises on privacy and cyber risks associated with mergers and acquisitions, venture capital, and securities. Jena also advises a diverse array of clients on compliance with existing and emerging privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Gramm Leach Bliley Act (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA). She is a certified privacy professional through the International Association of Privacy Professionals (CIPP/US), for which she is a former KnowledgeNet Co-Chair.

Read more about Jena M. ValdeteroJena's Linkedin Profile
Show more Show less
Photo of Andrea C. Maciejewski Andrea C. Maciejewski

Andrea C. Maciejewski designs and implements privacy and security programs for clients of all sizes – from Fortune 500s to start ups – and in all sectors, including digital entertainment, marketing, online education, retail, and consumer goods. Andrea helps companies navigate the intricacies

Andrea C. Maciejewski designs and implements privacy and security programs for clients of all sizes – from Fortune 500s to start ups – and in all sectors, including digital entertainment, marketing, online education, retail, and consumer goods. Andrea helps companies navigate the intricacies of multi-jurisdictional compliance programs as well as compliance with sector-specific data privacy and security laws. Andrea offers clients practical legal counsel, striving to understand the underlying business model and provide strategies that manage costs and risks, while attempting to maintain the businesses operations.

Her practice includes international data privacy laws and regulations, including the General Data Protection Regulation (“GDPR”) and China’s Personal Information Protection Law (“PIPL”), as well as U.S. federal and state data privacy laws, such as the Children’s Online Privacy Protection Act (“COPPA”), the Family Educational Rights and Privacy Act (“FERPA”), and the California Consumer Privacy Act (“CCPA”). Some of the specialized documents Andrea drafts include data processing addendums, intracompany agreements, cross-border transfer mechanisms, privacy policies, privacy impact assessments, and data inventories. She has experience in U.S. and multi-national record retention practices, and frequently counsels on updating those practices for compliance with new privacy laws.

Additionally, Andrea provides expert counsel on data concerns unique to video games, eSports, and mobile gaming.

Read more about Andrea C. MaciejewskiAndrea's Linkedin Profile
Show more Show less
Related Posts
Shanghai Skyline
China Newsletter | Q2 2025/Issue No. 64
September 5, 2025
Shanghai Skyline
China Relaxes Requirements for Cross-Border Data Transfers
March 29, 2024
Planet Earth with detailed relief is covered with a complex luminous network of air routes based on real data. Pacific Ocean. Japan, China-Shutterstock_1112579363
China Finalizes Cross-Border Personal Information Transfer Certification Guideline
July 28, 2022