China has announced a series of draft revisions to its Cybersecurity Law for public consultation. According to the Cyberspace Administration of China (CAC), these draft amendments have been formulated to ensure alignment and coordination with other relevant laws and to improve the system of legal accountability. The drafts aim to further safeguard the legitimate rights and interests of individuals and organizations in cyberspace while also upholding national security and the public interest. The main revisions cover legal responsibilities related to network operation security, cyberspace information security, personal data protection, and the security of critical data.[1]
While this move aims to strengthen the legal framework of cybersecurity in China, it also seeks to establish a structure suited to contemporary needs. Soliciting public opinion in this context has increased the inclusiveness and legitimacy of the law. Since cybersecurity regulations directly affect technology companies, collecting feedback especially from experts and researchers in the field is crucial for ensuring sectoral compliance and the effectiveness of the law. These revisions are therefore expected to protect both national security and the rights of institutions.
The revision of the Cybersecurity Law has become a significant initiative to meet the new era’s cybersecurity needs. In the face of the growing importance of global cybersecurity, it is vital to enhance the ability to detect cyber threats and defend against them, and to effectively respond to organized cyberattacks on a national scale. Therefore, it is essential to activate the roles of all stakeholders and to collectively build a comprehensive national cybersecurity defense system.
This amendment brings together existing cybersecurity efforts by increasing the deterrent effect of the law, improving the system of accountability, introducing exemption mechanisms and other innovative initiatives, strengthening the consistency of laws and regulations related to network security, enhancing the implementation and deterrence of the law, and encouraging operator institutions to fulfil their cybersecurity obligations. In doing so, it provides a stronger guarantee of the rule of law for maintaining national network security and building a robust cyber nation.[2]
The process of shaping the digital domain under state control in China began with the 2017 “Cybersecurity Law of China.” This law increased state oversight and introduced a regulatory element over the digital economy. While security measures for data protection were enhanced, the state’s auditing authority—which allows access to data in certain situations to ensure cybersecurity—complicated data storage and processing procedures for foreign companies.
With the enactment of the “Data Security Law of China” in 2021, the state’s authority over data was further strengthened, and cross-border data transfers were subjected to strict controls to safeguard national security and public interests. That same year, the “Personal Information Protection Law” also came into force, securing individuals’ rights. Through these regulations, China has both ensured data security and reinforced its digital sovereignty. As a result, national security risks have been reduced, control over strategic data has been consolidated, and a model that could serve as an example for other countries has been established.
These regulations have played a key role in helping China achieve its long-term goals in the fields of economy and technology. With data localization and strict security practices, foreign companies have faced increased challenges in their compliance processes, while domestic firms have enjoyed a more protective environment for growth and innovation. Moreover, cybersecurity and data protection laws have provided local firms with competitive advantages not only in domestic markets but also globally. For instance, telecommunications companies such as Huawei and ZTE have developed technological infrastructures capable of global competition thanks to state support.
Furthermore, major tech companies like Alibaba and Tencent—key players in shaping China’s technology ecosystem—have been able to offer international partners and clients data security and protection in global markets thanks to their robust cybersecurity infrastructure. In other words, the competitive advantage gained in the domestic market has translated into trust and credibility in global markets, helping Chinese firms to stand out as innovative and effective actors in the global tech arena.
In conclusion, China’s rapidly advancing technological capabilities—particularly in fields like artificial intelligence, 5G, renewable energy, e-commerce, and space research—have made cybersecurity and data protection measures increasingly necessary. The importance of such activities has grown in the context of safeguarding national security and ensuring economic stability and development. By developing comprehensive laws and policies in these areas, China aims to protect both its digital security and its economy.
Just as in the case of Huawei—one of the global leaders in the telecommunications and technology sectors—investments in 5G technology have helped domestic firms gain market share worldwide. On the other hand, China’s digital security policies aim to maintain economic and political stability in line with national interests and form part of its broader strategy to enhance its standing on the international stage.
[1]“China seeks public opinions on draft revision to cybersecurity law”, Xinhua News Agency,https://english.news.cn/20250329/325c274cf0b84470be5d1cbed19c0fb6/c.html, (Access Date: 31.03.202
[2] “专家解读|完善法律责任制度 筑牢网络安全屏障”, Cyberspace Administration of China, https://www.cac.gov.cn/2025-03/28/c_1744866206378167.htm, (Access Date: 31.03.2025).
