China approves amendment to cybersecurity law, highlighting safe AI development

People enter the venue of the 2025 China International Consumer Electronics Exposition (CICE) in Qingdao, east China’s Shandong Province, Sept. 19, 2025. (Xinhua/Li Ziheng) As artificial intelligence (AI) rapidly reshapes industries and daily life in China, lawmakers in the top legislature are amending the Cybersecurity Law to support technological research and mitigate the emerging risks in the field. An amendment to China’s Cybersecurity Law was approved on Tuesday at the conclusion of a five-day session of the 14th National People’s Congress (NPC) Standing Committee. An article on the safe and sound development of AI was added to the revised law, which will take effect on Jan. 1, 2026. The final amendment introduces a framework aimed at ensuring the safety and development of AI, which outlines several key priorities like increased support for foundational research and key algorithmic innovations, the development of AI-related infrastructure, and stronger ethical standards for AI. It also stipulates stronger security risk monitoring and enhanced AI safety regulations. This move was seen as a response to the growing demand for AI governance and development, said Wang Xiang, a spokesperson for the Legislative Affairs Commission of the NPC Standing Committee, at a press conference last week. The Recommendations of the Central Committee of the Communist Party of China (CPC) for Formulating the 15th Five-Year Plan for National Economic and Social Development, adopted last week and made public on Tuesday, also stated that China must “strengthen governance over AI and refine relevant laws, regulations, policies, systems, application standards, and ethical codes.” The rapid advancement of AI in China has made the issue of regulation more urgent. China now ranks second globally in the World Artificial Intelligence Innovation Index, behind only the United States, according to a report from the recent World Artificial Intelligence Conference. As of June 2025, China’s generative AI user base reached 515 million, double the number just six months prior, per a recent report by the China Internet Network Information Center (CNNIC), which highlights the exponential growth of this technology. While AI continues to drive technological progress, it also brings new cybersecurity risks. A report on the cybersecurity situation in 2025 from the National Computer Virus Emergency Response Center reveals a significant rise in AI-related network and data security risks, compared to the previous year, with network attacks accounting for 29 percent and data breaches 26 percent. Hao Ping, a member of the NPC Standing Committee, emphasized the need to establish a legislative framework to ensure that AI technologies comply with security standards. He also called for forward-looking assessments and continuous monitoring to promote compliance, transparency and accountability in AI applications. In light of these growing risks, the Cybersecurity Law, which has been pivotal in safeguarding national cyberspace sovereignty and security since its implementation in June 2017, has been amended to address the new challenges posed by AI. “As AI increasingly permeates every aspect of daily life, security should no longer be treated as an afterthought or a problem to be addressed later. Instead, it must become a core focus of technological innovation,” said Li Hewu, deputy director of the Institute for Network Sciences and Cyberspace, Tsinghua University. According to CNNIC, China now has over 1.1 billion internet users, with an internet penetration rate of 79.7 percent. To enhance the protection of personal information online, the amendment stipulates better alignment with relevant laws, including the Civil Code and the Personal Information Protection Law. The amendment also clarifies penalties for violations and increases fines in a bid to strengthen legal responsibilities. Serious offenses could result in suspension, closure, or even revocation of business licenses. “The regulation of data, from its creation to its endpoint, requires a seamless coordination among laws and regulations,” Li said. “By strengthening the alignment between the Cybersecurity Law and related laws, the effectiveness and deterrence of these legal frameworks can be greatly improved.”