Skip to content
DCC · DATA COMPLIANCE CHINA China data law, for overseas counsel.
§ DOMAIN · CYBERSECURITY REVIEW

Cybersecurity Review.

网络安全审查

The cybersecurity review regime for critical information infrastructure operators and large data processors — including overseas listings.

[Editor to fill: 200-word domain overview.]

§ LAWS IN THIS DOMAIN

The legal corpus.

6 laws.

§ BRIEFS

In this domain.

3 briefs.

  • § 01 · SECURITY-REVIEW

    One Company, Four Reviews: JunHe Maps China's Security-Review 'Matrix' in the Security-First Era

    With the Measures for Network Data Security Risk Assessment (Order No. 24) in place, China's security-review architecture has four operating pillars: foreign investment security review (NDRC + MOFCOM), cybersecurity review (CAC + 12 departments), data export security assessment (CAC), and the new normalized network data security risk assessment (CAC coordination + sectoral authorities). JunHe lawyer Chen Sijia walks each regime through the same five questions — who reviews, what is reviewed, when review is triggered, and with what legal consequences — and lands on two points overseas counsel should not miss. First, the four regimes differ in kind: the first three are ex-ante, admission-style reviews with veto power, while the risk assessment is an annual, improvement-oriented 'physical exam.' Second, review decisions are effectively final — the mainstream view treats them as final administrative acts with no administrative reconsideration or litigation available — so cooperation during the review is the only real strategy. A closing lifecycle walkthrough shows how a single AI-model company can trip all four lines in sequence: FDI review at fundraising, cybersecurity review at GPU procurement, export assessment at model training, cybersecurity review again at foreign listing, and the annual risk assessment as a standing duty.

    security-review · national-security · cybersecurity-review
  • § 02 · FOREIGN-INVESTMENT-SECURITY-REVIEW

    Why China Used Foreign Investment Security Review on Manus — Not Tech or Data Export

    Hong Yanqing on Beijing's banning of Meta's Manus acquisition. The regulator's choice of pathway — Foreign Investment Security Review, not Technology or Data Export — signals a shift from 'transaction-level' to 'capability-level' oversight of frontier AI projects, with implications for any overseas tech investment touching China.

    foreign-investment-security-review · manus · ai-agent
  • § 03 · CSL

    China's Cybersecurity Law Just Got Teeth — The 2025 Amendment and What Changed

    On October 28, 2025, the NPC Standing Committee adopted the first amendment to China's Cybersecurity Law since 2017, effective January 1, 2026. Compliance Talker's global legal policy team walks through what changed across 14 amendments: a new framework provision on AI safety and development, harmonization with PIPL and the Civil Code on personal information, sharply increased penalties (10× cap on top fines), expanded application of the dual-penalty system to individual officers, and broader extraterritorial reach. For overseas teams, the operational takeaway is that cybersecurity compliance is now an executive-level risk, not a documentation exercise.

    csl · csl-2025-amendment · ai-governance
§ SUBSCRIBE

The Monday brief.

One short email every Monday. New briefs on Chinese data-compliance rules from the previous week, with the source law cited.

Opt-in only. Unsubscribe anytime by replying "unsubscribe" to any issue.

SUPPORT DCC

Keep the publication free to read. Suggested support is $19.99, or choose your own amount.

Support →