China's Cybersecurity Law Just Got Teeth — The 2025 Amendment and What Changed

Editor’s Note — DCC.

The first amendment to the Cybersecurity Law since its 2017 enactment was adopted by the NPC Standing Committee on October 28, 2025 and entered into force January 1, 2026. The amendment is deliberately narrow (“small-cut” revision, in the official framing) — 14 changes targeting AI, harmonization with PIPL/Civil Code, penalties, and extraterritorial application. Compliance Talker’s Global Legal Policy team produced one of the cleanest practitioner walkthroughs in the immediate post-enactment commentary. DCC’s framing emphasizes the operational shifts for overseas compliance teams, since the penalty escalation in particular fundamentally changes the CSL risk profile.

What the amendment does — and doesn’t

The 2025 amendment is structurally conservative. It does not rewrite the CSL’s underlying architecture (network operator obligations, CIIO regime, security review, data localization). What it does:

• Adds an AI-safety framework provision — putting AI on the CSL’s institutional map.
• Harmonizes with PIPL and Civil Code on personal information — closing the doctrinal seam left when PIPL took effect in November 2021.
• Sharply escalates penalties — top fines increase 10×, with expanded application of the “dual penalty” (entity + individual) regime.
• Expands extraterritorial application — moves the trigger from “endangering CII security” to the broader “endangering cybersecurity.”

Each shift has a specific operational implication for compliance teams.

What changed, in detail

1. AI safety and development — the new framework provision

The amendment adds Article 20: “The State supports basic AI theoretical research and key technology R&D such as algorithms; advances training-data-resource and computing-power infrastructure; perfects AI ethics norms; strengthens risk-monitoring assessment and security supervision; and promotes AI application and healthy development.”

The provision is framework-level — declarative rather than operational. But the placement matters. AI now sits inside the CSL’s institutional logic, which means subsequent AI regulation can be promulgated as CSL-implementing rules. Expect a wave of AI-specific implementing regulations in 2026–2027 grounded in this Article.

The Compliance Talker team’s reading: “China’s AI governance is shifting from local-sector supervision toward systematic regulation, seeking a balance between AI development and security.” The DCC corollary: the foreign-invested AI service providers who have been operating against the patchwork of generative-AI Measures, algorithmic recommendation Provisions, deep synthesis Provisions, and AI content labeling Measures should expect that patchwork to consolidate into a more coherent regulatory stack, with CSL Article 20 as the legislative anchor.

2. Harmonization with PIPL and Civil Code

Original CSL Articles 40–45 contained the bulk of pre-PIPL personal information protection rules. With PIPL effective November 2021 and the Civil Code Personality Rights Book (with its privacy and PI chapter) effective January 2021, the CSL PI provisions had completed their historical mission. The 2025 amendment recognizes this:

• Article 42 (revised): “Network operators processing personal information shall comply with this Law and the Civil Code of the PRC, the PIPL of the PRC, and other laws and administrative regulations.”
• Article 71(1)(II): PI-rights-infringement and important-data-handling violations are processed per the laws and regulations of the relevant special regime (i.e., PIPL / DSL / Network Data Security Regulation), via referral clauses.

The structural effect: the CSL becomes a cybersecurity baseline and CIIO regime anchor, while PIPL / DSL / NDR handle the specifics in their respective regimes. Cross-referencing replaces duplication. The Compliance Talker team’s framing: “This increases the consistency and coordination of the legal system, and fills potential supervisory gaps.”

3. The penalty escalation — the operational headline

This is the change with the greatest immediate compliance impact. The amendment at minimum doubles, and often 10×s, the cap on top fines, and expands the “dual penalty” regime to individual officers far beyond the prior scope.

Selected examples from the revised CSL penalty articles:

Article 61 — failure to perform network security obligations

For ordinary network operators failing to perform Article 23 / 27 obligations:

• Warning + correction order; fines of RMB 10,000–50,000 (refusal: RMB 50,000–500,000), with individual officer fines of RMB 10,000–100,000.

For CIIOs failing to perform Articles 35 / 36 / 38 / 40 obligations:

• Warning + correction order; fines of RMB 50,000–100,000 (refusal: RMB 100,000–1,000,000), with individual officer fines of RMB 10,000–100,000.

For serious cybersecurity harm (e.g., mass data leakage, partial loss of CII function): entity fines RMB 500,000–2,000,000, individual fines RMB 50,000–200,000.

For especially serious harm (e.g., loss of major CII function): entity fines RMB 2,000,000–10,000,000, individual fines RMB 200,000–1,000,000.

The top fine cap moves from RMB 1 million to RMB 10 million — a 10× increase. The dual-penalty regime applies not only to “directly responsible officers in charge” but also to “other directly responsible personnel” — substantially expanding the universe of individuals personally exposed.

Article 62 — product / service security defects

Penalties for unsafe products and services causing serious network-security harm scale similarly. New addition: failure to terminate security maintenance without authorization is now a sanctionable act.

Article 63 — unsafe network equipment / network-security products

Selling or providing uncertified or non-conforming network key equipment or network-security products: now triggers stop-sale + warning + confiscation + fines of RMB 20,000–100,000 (or 1–5× of illegal income if income exceeds RMB 100,000). For serious cases: business suspension, business license revocation, operating-permit revocation.

Article 67 — CIIO use of un-reviewed network products / services

CIIO using products/services that haven’t passed the national security review: now triggers correction order, use suspension, elimination of national-security impact, fines of 1× to 10× of the procurement amount, plus individual fines RMB 10,000–100,000.

Article 65 — non-compliant security certification / testing / risk assessment

Conducting cybersecurity certification, testing, or risk assessment in violation of regulations, or publicly disclosing system vulnerabilities, computer viruses, network attacks, or network intrusion information not in accordance with state regulations: triggers correction order + warning + fines of RMB 10,000–100,000 (refusal or serious: RMB 100,000–1,000,000) with possible business suspension, business license revocation, operating-permit revocation.

4. The dual-penalty system expansion

Three CSL penalty features that the 2025 amendment crystalizes:

• Penalty levels at historical highs. Cap-and-floor fines both substantially escalated. Business suspension and license revocation are available in significantly more violation scenarios. Cybersecurity compliance is now a survival-level risk.
• Dual-penalty regime broadened. Many penalty articles now expressly impose individual fines on “directly responsible managers” and “other directly responsible personnel”. The Compliance Talker team flags a recent enforcement pattern:
  • In an October 2025 Jiangxi Bank Suzhou Branch network/data-security violation, the compliance department deputy GM, branch head, and a customer manager were all personally fined.
  • In a Huarui Bank case, the IT security team lead was personally warned for data-security control failures and incomplete remediation.
  • The pattern is consistent with the dual-penalty regime extending beyond the headline director / officer set, reaching operational mid-management.
• “Non-penalty” compliance incentive added. New Article 73 introduces mitigated or reduced penalty for entities that proactively eliminate / reduce harm, for first-time violations with minor harm and prompt correction, and similar mitigating circumstances. This rewards mature incident-response programs.

5. Extraterritorial reach — broader trigger

Original Article 75 (now Article 77): the trigger for foreign-actor liability moved from “engaging in activities endangering China’s CIIO security” to “engaging in activities endangering China’s cybersecurity.” The broader trigger reaches:

• Foreign threat actors conducting cyber attacks against any Chinese network systems (not only CII), as long as the harm is to “China’s cybersecurity.”
• Asset freezing and other sanctions can be applied to foreign actors under Article 77.

The Compliance Talker team’s framing: “This means non-CII systems also need to defend against overseas attacks.” For foreign-invested entities, this expansion means cyber-threat intelligence sharing with home-country authorities now intersects with Article 77 in a wider set of circumstances.

Why this matters for overseas teams

Four operational takeaways:

• Cybersecurity compliance is now executive-level risk. With RMB 10 million top fines and business-license revocation available, the CSL’s compliance posture must be elevated. The compliance team’s reporting line, the board’s cyber-risk briefing cadence, and the executive ownership for cybersecurity all need to be reviewed against the new penalty calculus. The era of treating CSL as a documentation exercise is over.
• The dual-penalty system reaches your people. Compliance leads, IT security leads, and product managers handling sensitive systems are now personally exposed. Compliance-program design should explicitly identify who falls into the “other directly responsible personnel” category and ensure those individuals have meaningful authority to perform the duties for which they bear personal liability. The PI Protection Officer regime under PIPL Article 52 is the closest analog — see DCC’s PIPO vs DPO brief.
• Article 20’s AI hook will produce derivative regulation. Expect 2026–2027 AI regulation to be promulgated as CSL-implementing rules. AI service providers should plan their compliance architecture against the CSL stack, not against the AI Measures alone.
• Article 77’s expanded extraterritorial reach changes threat intel calculus. Foreign-invested entities should review their threat intelligence sharing arrangements with home-country authorities. Activities that previously were unambiguously cybersecurity defense work may now trigger CSL Article 77 attention if framed by Chinese authorities as “endangering China’s cybersecurity.”

The deeper point in the Compliance Talker piece is that CSL has shifted from being the foundational statute to being the high-stakes statute. Before 2025, the operational risk was concentrated in PIPL (personal information enforcement) and DSL (data security). After January 2026, CSL itself carries the largest direct fines in the regime. Multinational compliance teams that have under-invested in CSL relative to PIPL and DSL will need to rebalance.

— Compliance Talker (合规小叨客) Global Legal Policy Research Team, 原创 || 中国新《网络安全法》：促进AI安全与发展，升级处罚力度强化网安责任 (China’s New Cybersecurity Law: Promoting AI Safety and Development, Escalating Penalties to Strengthen Network Security Responsibility), 合规小叨客 WeChat Official Account, January 12, 2026. Original article (Chinese).

Not legal advice. The above is DCC’s structured summary of the source article’s analysis; not a verbatim translation. The source carries an original-content non-republish clause and is summarized here under fair-use principles with full attribution.