The following is a translation of China’s Cybersecurity Law, as amended in October 2025. The law lays out the cybersecurity responsibilities of network service providers, app developers, and other users of computer networks, and sets fines and other civil penalties for violations. The most notable 2025 amendments to the Cybersecurity Law, originally passed in 2016, add language about state support for AI, in terms of using AI technology to bolster existing cybersecurity practices and to improve the security of AI programs themselves.

This translation incorporates the October 2025 amendments to the Cybersecurity Law into the text of the November 2016 original version of the Cybersecurity Law.

An archived version of the Chinese source text of the 2016 Cybersecurity Law is available online at: https://perma.cc/7DQH-CY5Z

An archived version of the Chinese source text of the 2025 amendments is available online at: https://perma.cc/WS7D-884A

Cybersecurity Law of the People’s Republic of China

(Adopted at the 24th Meeting of the Standing Committee of the 12th National People’s Congress on November 7, 2016.¹ Amended at the 18th Meeting of the Standing Committee of the 14th National People’s Congress on October 28, 2025.)

Chapter I       General Provisions

Article 1        This Law is formulated to ensure cybersecurity; safeguard cyberspace sovereignty and national security as well as the public interest; protect the lawful rights and interests of citizens, legal persons, and other organizations; and promote the healthy development of economic and social informatization (信息化).

Article 2          This Law applies to the construction, operation, maintenance, and use of networks within the People’s Republic of China,² as well as the supervision and administration of cybersecurity.

Article 3          Cybersecurity work upholds the leadership of the Chinese Communist Party, implements the holistic approach to national security (总体国家安全观), does overall planning for development and security, and advances the construction of China into a cyber powerhouse.³

Article 4        The state adheres to giving equal emphasis to cybersecurity and informatization development, follows the directives of active utilization, scientific development, law-based management, and ensuring security; advances the construction of network infrastructure and interconnectivity; encourages innovation and application of network technologies; supports the cultivation of cybersecurity talent; establishes and improves the cybersecurity assurance system; and enhances cybersecurity protection capabilities.

Article 5        The state formulates and continuously improves the national cybersecurity strategy, clarifies the basic requirements and primary objectives for safeguarding cybersecurity, and proposes cybersecurity policies, work tasks, and measures for key areas.

To view the rest of this translation, download the pdf below.

1. Translator’s note: This translation is of the amended 2025 version of the Cybersecurity Law. An English translation of the original 2016 version of the Cybersecurity Law is available online at: https://digichina.stanford.edu/work/translation-cybersecurity-law-of-the-peoples-republic-of-china-effective-june-1-2017/.
2. Translator’s note: The Chinese word 境內 jìngnèi, translated throughout as “within the People’s Republic of China (PRC),” literally means “inside the borders [of mainland China].” China considers Hong Kong, Macao, and Taiwan to be part of China but not to be “within the PRC.”
3. Translator’s note: Alternate English translations for the Chinese term wǎngluò qiángguó (网络强国)—here translated as “cyber powerhouse”—include “cyber superpower,” “network powerhouse,” “network superpower,” and so on. For a more thorough discussion in English of the meaning of the term wǎngluò qiángguó, see: https://www.newamerica.org/cybersecurity-initiative/digichina/blog/lexicon-wangluo-qiangguo/.