Published: 6:34pm, 15 Sep 2025Updated: 6:37pm, 15 Sep 2025
China’s top internet regulator has rolled out new rules for the rapid reporting of cybersecurity breaches and major incidents involving critical information infrastructure.
Advertisement
Network operators must report “particularly serious” cybersecurity incidents within one hour to relevant authorities, according to the draft regulation announced by the Cyberspace Administration of China on Monday.
The measures are due to come into effect on November 1.
This comes less than a week after Chinese cyber authorities fined fashion giant Dior’s Shanghai subsidiary for failing to comply with security requirements when transferring data overseas.
The “national cybersecurity incident reporting management” measures include an incident classification guide with detailed definitions of the various degrees of seriousness and how to respond.
Advertisement
“Particularly serious” cybersecurity incidents – the highest of four categories – are defined as involving the portals of provincial or higher officials and government agencies, as well as key national news websites, for prolonged periods.