Along with the development of big data and cloud computing, the speed of information transmission has become more and more prominent, and the difficulty of cyber security and personal information protection has also increased. The Cyber Security Law of the People’s Republic of China (hereinafter referred to as the “Cyber Security Law”) is the first basic law to comprehensively regulate the security management of cyberspace in mainland China. Since its implementation, it has had a profound impact on the cybersecurity systems of enterprises.
Cyber Security
According to the main body regulated by the Cyber Security Law, almost all enterprises that “construct, operate, maintain and use the network” in China are covered. The term “enterprise” within the legislation does not distinguish between domestic and foreign enterprises, therefore, Chinese-funded enterprises and foreign-funded enterprise, as long as the enterprise “constructs, operates, maintains, and uses the network” in China, shall comply with the provisions of the Cyber Security Law . Taking a multinational enterprise that regularly processes and cross-border transmission of customer personal information as an example, it is necessary to pay attention to fulfilling compliance obligations related to the protection of personal information.
Cyber Security
First of all, relevant multinational enterprises should clarify the definition of “personal information.” For example, the information of specific clients collected by enterprises for business development may be regarded as “personal information” as they can identify “specific individuals” from such data.
Secondly, enterprises should formulate a strict system of personal information collection and use. The means of obtaining, usage, and storage of clients’ personal information shall be considered by the enterprise. It is important to obtain the authorization of the information subject, especially, in situations where the transfer of user information is from China to overseas, the situation of the party receiving the information overseas should also be disclosed to the information subject in a timely manner.
Cyber Security
It is recommended that relevant enterprises develop operational guidelines for the cross-border transmission of information and data, clarify the main responsibilities for the cross-border transmission of personal information, and strictly prohibit individuals who are not related to the business from contacting and transmitting personal information overseas in order to avoid possible legal risks.
Therefore, considering the above-mentioned scenario, we should suggest relevant investment enterprises to, while conducting cross-border investment business, take the provisions of personal information protection into account and understand the provisions of the Cyber Security Law in order to avoid potential compliance risks.
In July 2025, five government authorities, including the Ministry of Commerce, jointly issued the Work Plan to Support Beijing in Piloting the Implementation of the WTO E-Commerce Agreement.[1] This milestone marks a new stage in China’s efforts to align its institutional opening and digital trade rules with international standards. As a core hub for digital
On September 30, 2025, China’s State Council officially issued the Notice on Implementing Domestic Product Standards and Related Policies in Government Procurement (Guobanfa [2025] No. 34, hereinafter referred to as the “Notice“), which clearly outlines major adjustments to the evaluation mechanism for domestic products in government procurement. The policy takes effect on January 1, 2026, and its
On September 1, 2025, the highly anticipated Interpretation (II) of the Supreme People’s Court on Several Issues Concerning the Application of Law in the Trial of Labor Dispute Cases (hereinafter referred to as “Interpretation (II)”) officially came into effect. Among its provisions, Article 19, with its distinctive position and clear legal consequences, has aroused widespread
