China updates Cybersecurity Law to reinforce AI innovation and regulatory oversight
China’s top legislature has approved revisions to the Cybersecurity Law that integrate artificial intelligence (AI) into the country’s cybersecurity and digital governance framework. The amendments, effective 1 January 2026, introduce explicit state support for AI research, algorithm development, and data infrastructure, while strengthening ethical oversight, risk monitoring, and enforcement against cyber offenses.
The Standing Committee of the 14th National People’s Congress (NPC) passed the second amendment to China’s Cybersecurity Law, originally enacted in 2016. The revised law will take effect on 1 January 2026, following approval at the Committee’s 18th session in Beijing.
According to the NPC Legislative Affairs Commission, the update aims to align China’s core cybersecurity framework with the country’s strategic priorities in artificial intelligence and data governance, while maintaining consistency with related legislation such as the Data Security Law (DSL) and Personal Information Protection Law (PIPL).
New provisions: state-backed AI development and governance
A newly added article introduces, for the first time, explicit legal support for AI development, mandating national efforts to:
- promote basic theoretical research in AI and innovation in core algorithms and key technologies;
- build and manage training data resources and computing infrastructure;
- integrate AI in cybersecurity management, using emerging technologies to enhance network protection.
The revisions also address AI ethics and safety governance, requiring the establishment of systems for ethical guidelines, risk monitoring, and safety evaluation. Officials said these measures are intended to ensure that AI advances are accompanied by safeguards for “sound and secure development.”
A spokesperson for the Legislative Affairs Commission noted in a written response that the amendments “actively respond to practical needs in AI governance and development,” reflecting growing state emphasis on both innovation and oversight in the sector.
Reinforcing cybersecurity enforcement and penalties
Beyond AI, the revised law tightens legal liabilities for offences that undermine network and information security. It expands the scope of violations to cover acts that harm:
- network operation security,
- security of products and services, and
- the protection of information and personal data.
The revisions increase penalties, allow broader extraterritorial application, and provide clearer coordination between China’s cybersecurity, data, and personal information laws.
Officials said that while the 2016 Cybersecurity Law has significantly improved online governance and reduced harmful activities, new challenges such as cyberattacks, data breaches, and illegal online content require stronger enforcement mechanisms and closer legal integration across related frameworks.
Legislative context and policy implications
The 2025 update follows a first round of amendments reviewed in September, marking the law’s second major revision since adoption. It forms part of China’s ongoing legislative effort to modernise its digital governance architecture, integrating the Cybersecurity Law, DSL, and PIPL into a unified system governing data, algorithms, and online services.
A Xinhua News Agency report described the revisions as an attempt to meet new cybersecurity situations, tighten legal liability, and improve alignment with related laws. The updates also reflect Beijing’s broader push to balance innovation and control – encouraging AI-driven technological progress while maintaining strict state oversight over cyberspace and digital infrastructure.
Broader significance
By embedding AI promotion within the Cybersecurity Law, China is effectively treating artificial intelligence as a pillar of national cybersecurity and strategic capability. The law codifies the government’s role in supporting AI research, while simultaneously reinforcing the regulatory mechanisms that govern its safe deployment.
This dual approach – stimulating technological development while tightening oversight – underscores Beijing’s model of digital governance: innovation within a controlled legal and ethical framework. It signals to domestic and foreign technology firms that participation in China’s AI ecosystem will increasingly be subject to both legal obligations and state-driven standards for data use, algorithmic safety, and cross-border information flows.
