The development of China's information security and data governance

The year 2020-2021 is a crucial year for data protection in China, with about ten laws and regulations on information protection and data governance, including the draft, being issued in this year. In fact, since 2000, when China entered the era of digital information development, relevant laws and regulations have been constantly promulgated and implemented, and China has been constantly improving data governance and information protection.Although China does not have a comprehensive data legal regime in place by 2022, comparing to the U.S. law we've been learning in this class, the Chinese government has been accelerating the pace of building a cohesive data governance mechanism, and a framework is emerging on how to collect, use and share different types of data. In fact, since the construction of a modern socialist country under the rule of law, the Chinese government has developed documents related to data and information protection for more than 15 years, and in the past few years, a more powerful system has gradually matured.

2007-06-22 12:16:41

Measures for the Multi-level Protection of Information Security

To accelerate the information security protection grade, specificate information security rank protection management, improve the capability and level of information security, safeguard state security, social stability and public interests, promote the information construction, the Ministry of Public Security, the watchdog, the state password administration, office for information technology advancement under the State Council, those departments together formulated the "information security rank protection management method". This is the first time in Chinese history that a systematic legal provision has been made on information security protection and data governance. Links to laws and regulations:

2010-07-01 09:00:38

Tort Liabilities Law

Tort Liability Law of China is a law formulated to protect the legitimate rights and interests of civil subjects, clarify tort liability, prevent and punish tort, and promote social harmony and stability. Adopted at the 12th Meeting of the Standing Committee of the eleventh National People's Congress on December 26, 2009, and effective as of July 1, 2010. Among them, the provisions related to information security and data governance include: Article 2 stipulates "privacy"; Article 36 stipulates the liability for infringing the civil rights and interests of others through the Internet; Article 62 Medical institutions and their medical personnel shall keep confidentiality for patients. Links to this Law:

2012-03-15 09:00:38

Several Provisions on Regulating the Market Order of Internet Information Services

China's Ministry of Industry and Information Technology issued a regulation that went into effect on March 15, 2012. These regulations aim to regulate the market order of Internet information service and prohibit acts infringing on the rights and interests of other Internet information service providers, including maliciously interfering with the services of other Internet information service providers on user terminals, or downloading, product installation, operation and upgrading. At the same time, we will standardize Internet "evaluation" activities. The new regulations explicitly require that users' consent be obtained and clear and complete information about software functions be provided before downloading, installing, running, upgrading or uninstalling software on their terminals. Do not deceive, mislead, or force users to install or run software. For the pop-up behavior of advertising window, Internet information service providers should provide users with the function mark of closing or quitting the advertising window in a prominent way. At the same time, the new rules strengthen the protection of users' personal information. "Personal Information" is defined as "information relevant to the user and capable of identifying the user's information, either alone or in combination with other information". Immediate remedial measures shall be taken in the event of disclosure or possible disclosure of the user's personal information in its custody; If serious consequences are caused or may be caused, they shall immediately report to the telecommunications regulatory authority and cooperate in the investigation and settlement. Provisions on information security include: Articles 11 and 12 respectively provide for the protection of "user personal information". Links to this Law and Regulation:

2012-10-01 00:32:11

State Secrets Protection Law

This Law is formulated for the purpose of guarding State secrets, safeguarding State security and interests, and ensuring the smooth progress of reform and opening up and socialist construction. The revised Law of the People's Republic of China on Guarding State Secrets came into force on October 1, 2010. Links to this Law and Regulation:

2012-12-28 00:32:11

National People’s Congress Standing Committee Decision Concerning Strengthening Network Information Protection

In China, no organization or individual is allowed to steal or obtain citizens' personal electronic information by other illegal means. No one may sell or illegally provide citizens' personal electronic information to others. China enacted the law on December 28, 2012 to protect online information security, protect the legitimate rights and interests of citizens, legal persons and other organizations, and safeguard national security and social and public interests. Links to this Law and Regulation:

2013-03-15 00:32:11

Regulations on the Administration of Credit Investigation industry

Credit investigation is an industry that provides credit information service under market economy. Credit investigation agencies, as credit information service enterprises, are responsible for preventing credit risks, creating conditions to ensure transaction security, and providing good credit records for the transaction costs of enterprises and individuals. In this way, promote the formation of honest social environment. Therefore, In order to standardize credit investigation activities, protect the legitimate rights and interests of the parties, guide and promote the healthy development of credit investigation industry, and promote the construction of social credit system, China promulgated the Regulations on the Management of Credit Investigation Industry. The promulgation of the Regulations solved the problem that the credit investigation industry could not keep up with in the development. It is beneficial to strengthen the management of credit investigation market, standardize the behavior of credit investigation agencies, information providers and information users, and protect the rights and interests of information subjects; It is beneficial to play the role of market mechanism and promote the construction of social credit system. Provisions on data governance and information security include: Article 13, regulating the collection and processing of personal information by credit informants. Links to this Law and Regulation:

2013-09-01 08:23:13

Telecommunications and Internet User Personal Information Protection Regulations

The Regulations on the Protection of Personal Information of Telecom and Internet users was formulated to protect the legitimate rights and interests of telecom and Internet users and safeguard network information security. It was deliberated and adopted at the second Ministerial Meeting of the Ministry of Industry and Information Technology, in 2013. Links to this Law and Regulation:

2015-07-01 20:52:22

National Security Law

China's National Security Law is promulgated in accordance with the Constitution for the purpose of safeguarding national security, protecting Chinese society, protecting the fundamental interests of the people and ensuring the smooth progress of social development. The law divides national security tasks into 11 areas, including political security, homeland security, military security, cultural security and scientific and technological security. The law, which has seven chapters and 84 articles, went into effect on July 1, 2015. Links to this Law and Regulation:

2016-08-01 20:52:22

Provisions on the Administration of Mobile Internet Applications Information Services

In order to strengthen the standardized management of mobile Internet application (APP) information services, promote the healthy and orderly development of the industry, and safeguard the legitimate rights and interests of citizens, China has formulated the Provisions on the Management of Mobile Internet Application Information Services. In China, mobile Internet applications have become the main carrier of mobile Internet information services, playing an important role in serving people's livelihood and promoting economic and social development. According to incomplete statistics, the number of apps on China's APP Store has exceeded 4 million and is still growing fast. At the same time, a small number of apps have been used by criminals to spread illegal information such as violence, terror, pornography and rumors, while some apps have damaged users' legitimate rights and interests by stealing privacy, maliciously withholding fees and fraud, which has aroused strong responses from the public. Therefore, the state Internet information office released the "mobile Internet application information service management regulation", regulate the mobile Internet application information service management, has been clear about the Internet users in the use of mobile Internet information service in the legitimate rights and interests, to build the mobile Internet safe, healthy and sustainable development of a long-term mechanism. Provisions on data governance and information security include: Article 7: Personal information protection, requiring mobile application service providers to implement real-name registration for users. Links to this Law and Regulation:

2016-12-18 21:14:45

Big Data Industry Development Plan

Data is a fundamental strategic resource for a country and a "diamond mine" in the 21st century. Big data industry refers to related economic activities that focus on data production, collection, storage, processing, analysis and service, including data resource construction, development, sales and leasing of big data hardware and software products, as well as related information technology services. To implement the Outline of the 13th Five-Year Plan of China for National Economic and Social Development and the Outline of Action for Promoting Big Data Development, speed up the implementation of the national Big data strategy and promote the healthy and rapid development of the big data industry, China has promulgated the big data industry development plan. Links to this Law and Regulation:

2016-12-27 20:52:22

National Cyberspace Security Strategy

The national cyber security strategy is to implement the president xi about advancing the global Internet governance system change "four principles" and construct the cyberspace community of destiny "five proposals", China about network security spatial development and the important position, to guide China's network security work, safeguarding national sovereignty, security and development interests in cyberspace. It was promulgated and implemented by the Cyberspace Administration of China on December 27, 2016. Links to this Law and Regulation:

2017-06-01 20:52:22

Cybersecurity Law

In the field of military security, cyberspace is regarded as the "fifth space" after land, sea, air and space. How to deal with the network security threats of a few countries and maintain the "fifth space" security has become the common goal of many countries. So, China promulgated the Cyber Security Law, which went into effect on June 1, 2017. Provisions on data governance and information security include: Chapter 3 specifies network security and data security requirements; Chapter four sets out the principles for collecting and using personal information. Links to this Law and Regulation:

2018-03-11 20:52:22


The Constitution is the fundamental law of China. Amendments to the Constitution were adopted at the first session of the 13th National People's Congress on March 11, 2018. Personal dignity, article 38, No Unlawful Search in Residences of Citizens and Freedom and Privacy of Correspondence are both about protecting personal information. The provisions on data governance and information security include Article 38:personal dignity; Article 39: no unlawful search in residences of citizens; Article 40: Freedom and privacy of correspondence. Links to this Law and Regulation:

2018-04-27 20:52:22

Anti-Terrorism Law

The Anti-Terrorism Law of China was enacted in accordance with the Constitution, which took effect on January 1, 2016, and was amended on April 27, 2018. It’s in order to prevent and punish terrorist activities, strengthen anti-terrorism work, and safeguard national security, public security, and the safety of people's lives and property. Among which, Articles 21 and 86 of them require service providers to check user's ID in the industries of telecommunication, internet, finance, hospitality, long-distance transportation, and automobile lend-lease. Links to this Law and Regulation:

2018-05-21 16:51:11

Guidelines for the Data Management of Banking Financial Institutions

In recent years, banking financial institutions have accumulated massive data such as customer data, transaction data and external data in the process of rapid business development. Data has become an important asset and core competitiveness of banks. It is of great significance to give full play to the value of data, drive the development of banks with data, and improve the quality and efficiency of banks' operations. High-quality data is an important basis for improving the efficiency of bank management and supervision. However, there are many problems in the data quality of China's banking financial institutions, mainly manifested in the lack of data accuracy and integrity, timeliness and adaptability. On the one hand, the problem of data quality hinders the development of banking financial institutions in the direction of high quality, and on the other hand, affects the efficiency of supervision. Therefore, data governance needs to be strengthened. So in order to guide banking financial institutions to strengthen data governance, improve data quality, give full play to the value of data, improve the level of operation and management, and transform to high-quality development in an all-round way, THE CBRC issued the Data Governance Guidelines for Banking Financial Institutions, which came into effect on May 21, 2018. Links to this Law and Regulation:

2019-01-01 05:33:21

E-Commerce Law

China's e-commerce law is a legal norm closely related to commercial relations caused by the form of commercial trade relations, which is generated through the information network when the government adjusts the transactions between enterprises and individuals. Its legislative effect is very high, and has laid the basic legal framework for the development of E-commerce in China. At the same time, it involves a very wide range, including e-commerce management subject, management behavior, contract, express logistics, electronic payment. The law took effect on January 1, 2019. The provisions concerning information security and data management include: Article 5, Article 23, Article 25, Article 32, Article 79, and Article 87: regulate the collection and use of personal information by e-commerce operators. Links to this Law and Regulation:

2019-04-10 05:33:21

Guidelines for Internet Personal Information Security Protection

In order to better implement the "Network Security Management Measures", the personal information holder to establish a sound citizen personal information security protection management system and technical measures, effectively prevent illegal infringement of citizens' personal information, protect the data security of public security organs and citizens' legitimate rights and interests. The Chinese legislative authorities, together with The Beijing Internet Industry Association and the Third Research Institute of the Ministry of Public Security, formulated the Guidance on the Protection of Internet Personal Information Security, which was issued and implemented on April 10, 2019. Links to this Law and Regulation:

2020-10-01 05:33:21

Personal Information Security Specification

The "Personal Information Security Code" is mainly aimed at the disclosure of personal information, illegal collection and abuse of personal information and other issues, so as to regulate the personal information controller in the information collection, storage, sharing, transmission and other processing links related to the behavior, so as to achieve the purpose of protecting personal information. Personal information safety regulations including the scope and normative reference files, terms and definitions, the basic principles of personal information security of personal information, personal information collection and preservation, commissioned by the use of personal information, personal information processing, share, transfer, publicly disclose, personal information security event processing and management requirements of the organization. The specification was implemented on 1 October 2020. Links to this Law and Regulation:

2021-01-01 20:52:22

Civil Code

Civil code refers to the code used by statutory countries to regulate the private legal relationship between equal subjects. The civil code regulates all kinds of legal acts and identity acts by abstract rules in the form of provisions. China's Civil Code has come into force on January 1, 2021. The provisions of personal information protection in civil code include: protection of natural person's personal information; Illegal collection, use, processing and transmission of others' personal information shall be prohibited; Illegal sale, provision or disclosure of others' personal information is prohibited. Links to this Law and Regulation:

2021-03-01 20:52:22

Criminal Law

In China, the Criminal Law is a law formulated to punish crimes and protect the people in accordance with the Constitution and in combination with the specific experience and actual conditions in combating crimes. The task of criminal law, is to use the penalty against all criminal acts, safeguard national security and safeguard system of the people's democratic dictatorship and the socialist system, protect state property and all working people's collective property, protection of the citizens' all private property, protection of the citizens' personal rights, democratic rights and other rights, maintaining social order and economic order, ensure the smooth progress of socialist construction. The provisions concerning data security in the Criminal Law include: Article 253 where personal information is illegally sold or provided; Article 286 Inadequate network security management results in disclosure of personal information. Links to this Law and Regulation:

2021-09-01 05:33:21

Data Security Law

Data security is related to the individual rights and interests of citizens, to the healthy development of the industry, and even to national security. On September 1, 2021, China's Data Security Law was officially implemented, marking that China's data security has entered the track of rule of law. From the data security of individuals, enterprises and institutions into the security system, to standardize the data security protection obligations of industry organizations and scientific research institutions and other subjects, the Data Security law has established a comprehensive supervision and protection of Chinese society. Links to this Law and Regulation:

2021-09-30 00:32:11

The Management Measures for Credit Investigation Business

The Measures for the Management of Credit Investigation Business is a new important regulation of the credit investigation industry. According to the measures, information that meets the three dimensions of "collecting information according to law, providing services for financial activities, and identifying and judging the credit status of enterprises and individuals" is credit information and can be qualified for legal credit investigation business. Substantive external credit investigation services in the name of "credit information services, credit services, credit scoring, credit rating, and credit repair" will also be included in the scope of management. This means that the behaviour of some institutions in the current market will be more effectively regulated. The introduction of the measures, to a large extent, announced the end of the "savage growth" era of the credit investigation industry. With the gradual clarification of the rules, China's credit investigation industry will also embark on a more standardized development path. Links to this Law and Regulation:

2021-10-26 20:52:22

The Provisions on the Management of Internet User Account Name Information

The Provisions on the Management of Internet User Account Information intend to regulate the management of Internet user account information, protect the legitimate rights and interests of citizens, legal persons and other organizations, maintain a good network ecology and create a clean cyberspace. According to the regulations, the Cyberspace Administration of China (CAC) officially implemented the revision of the regulations on Internet user account names on March 1, 2015. On October 26, 2021, the Cyberspace Administration of China issued the Regulations on the Management of Internet User Account Information. Links to this Law and Regulation:

2021-11-01 05:33:21

Personal Information Protection Law

Personal Information Protection Law is a legal provision for the protection of personal information, involving the establishment of legal name, legislative mode, significance, legislative status, legislative basis and legal application. The regulations are applicable to the personal information processing methods, basic principles of government information disclosure laws and regulations, the relationship between personal information processing and different regulatory modes such as government agencies, and their effects. It intends to promote the free flow of information, the application of the Personal Information Protection Law in specific industries, the protection of sensitive personal information, the regulation of law enforcement agencies and industry self-discipline mechanisms, the empowerment of information subjects, and the regulation of cross-border information exchange. It has a big impact on individuals and industries. The Personal Information Protection Law, which took effect on November 1, 2021, which marked a new stage of development for China's legislation on personal information protection and was of great significance to the protection of citizens' information rights and interests and the development of the digital economy. Links to this Law and Regulation:

The development of China's information security and data governance

Copy this timeline Login to copy this timeline 3d Game mode

Contact us

We'd love to hear from you. Please send questions or feedback to the below email addresses.

Before contacting us, you may wish to visit our FAQs page which has lots of useful info on Tiki-Toki.

We can be contacted by email at:

You can also follow us on twitter at

If you are having any problems with Tiki-Toki, please contact us as at:


Edit this timeline

Enter your name and the secret word given to you by the timeline's owner.

3-40 true Name must be at least three characters
3-40 true You need a secret word to edit this timeline

Checking details

Please check details and try again