November 7, 2016: The Network Security Law of the People's Republic of China (the "Network Security Law") has been adopted by vote at the 24th Session of the Standing Committee of 12th National People's Congress, and is issued upon approval under the Order of the President No.53 and shall come into force as of June 1, 2017.

The Network Security Law is comprised of seven chapters with a total of 79 articles, specifying the security obligations for both providers of network products and services and network operators. It provides that: 

  • providers of those network products or services that collect users' information shall expressly inform users of such collection and obtain their consent;
  • network operators shall not reveal, falsify, or destroy any personal information they have collected; and
  • no individual or entity may steal any personal information or access such information by other illegal means, or illegally trade or unlawfully provide any personal information to other.

The Network Security Law establishes a security protection system for core information infrastructures, ascertains rules to export important data across borders through core infrastructures, and clarifies the possibility of taking measures to control network communications in case of any major emergencies.