Click above|Follow us
Recently, in terms of legislation, the "15th Five-Year Plan" has been deliberated and passed, and the construction of digital China has been clearly and deeply promoted; the "Cybersecurity Law" has been revised for the first time; the Ministry of Industry and Information Technology has publicly solicited opinions on the "Guidelines for the Construction of Computing Power Standard System"; the Cyberspace Administration has updated the questions and answers on the data exit security management policy. In terms of law enforcement, the Ministry of Industry and Information Technology reported that 20 smart terminals infringed on the rights and interests of users; the Supreme People's Procuratorate disclosed the crime of infringing on the personal information of citizens; the Cyberspace Administration launched a special action to rectify the chaos of online live broadcasting rewards; and the Internet and telecommunications departments in many places carried out special rectification and application notifications. Overseas, the European Union has passed the GDPR cross-border regulatory text, initially identifying TikTok and Meta as violating the Digital Services Act; the United States has strengthened artificial intelligence and child data protection; the United Kingdom has confirmed that Apple and Google have strategic market positions; Germany, Singapore and other places have introduced new regulations on AI and data protection; Amendments to the Personal Data Protection Act passed in Taiwan, China, etc..
HOTSPOT
HOTSPOT
First Revision of the Cybersecurity Law Came into Force
On October 28, 2025, the 18th meeting of the Standing Committee of the 14th National People's Congress voted to adopt the decision to amend the Cybersecurity Law of the People's Republic of China (hereinafter referred to as the "2025 Cybersecurity Law"), which will come into effect on January 1, 2026. The 2025 Cybersecurity Law clearly adheres to the leadership of the Party, responds to the needs of AI governance and development, adjusts the punishment methods, scope and amount of illegal acts, and expands the scope of accountability for the acts of foreign organizations that undermine network security, aiming at strengthening network security management and adapting to the needs of network security under the new situation.
For more information, please click here.
Source: National People's Congress Standing Committee
http://www.npc.gov.cn/npc/c2/c30834/202510/t20251028_449048.html
National Network Security Standards Committee solicits opinions on Data Security Technology and Data Security Protection Requirements
On October 31, 2025, the National Network Security Standardization Technical Committee publicly solicited opinions on the recommended national standard "Data Security Technology Data Security Protection Requirements (Draft)" (hereinafter referred to as "Protection Requirements"), and the deadline for feedback is December 30, 2025. The Protection Requirements are universal for the data processing activities of all subjects (not applicable to state secret data and military data), put forward the principles, objectives and framework of data security protection, and stipulate the general requirements for data security protection and the special requirements for the security protection of important data and core data. The specific implementation paths of key links such as data classification and classification, responsibility division, risk monitoring and emergency disposal are clarified, aiming at providing reference for the implementation of the data classification and classification protection system established by the Data Security Law.
For more information, please click here.
Source: TC 260
https://www.tc260.org.cn/front/bzzqyjDetail.html?id=20251031084754&norm_id=20231220163350&recode_id=59812
Questions and Answers on Outbound Security Management Policy of Cyberspace Administration Release Data (October 2025)
On October 31, 2025, the State Internet Information Office issued "Questions and Answers on Data Exit Security Management Policy (October 2025)", which focused on responding to common problems in data exit compliance practice. The main points of this question and answer include: to clarify that the exemption scenario of Article 5 of the Regulations on Promoting and Regulating the Cross-border Flow of Data is open, but it must meet the two conditions of "for the purpose of concluding or fulfilling personal contracts" and "really need personal information to leave the country", and the exemption is not applicable to the data generated by domestic individuals booking domestic hotels; Whether the employee's ID card, passport, bank account, etc. in human resource management are "really necessary" to exit shall be judged according to the rules and regulations, collective contract and the principle of minimum necessity; the time limit for reporting important data is within 2 months after being informed; if the system upgrade does not change the core elements such as the purpose and scope of data exit, it is generally not necessary to re-report and re-evaluate; The standard contract can be filed once if the personal information is continuously exported to the same recipient; if the overseas recipient needs to provide the personal information to a third party, it shall be clearly listed in the standard contract. In addition, the exit certification of personal information will be implemented mainly in accordance with the Announcement on the Implementation of Personal Information Protection Certification and the National Standard Requirements for Security Certification of Cross-border Processing Activities of Personal Information in Data Security Technology (GB/T 46068-2025).
Source: National Cyberspace Administration
NEWSLETTER
NEWSLETTER
(Click on the source or copy the corresponding link to view the details)
LEGISLATION
The 15th Five-Year Plan was reviewed and approved to further promote the construction of digital China
Source: CCTV News
First Revision of the Cybersecurity Law Came into Force
Source: National People's Congress Standing Committee
http://www.npc.gov.cn/npc/c2/c30834/202510/t20251028_449048.html
The Ministry of Industry and Information Technology publicly solicited opinions on the Guidelines for the Construction of Computing Power Standard System (2025 Edition) (Draft for Comments)
Source: Ministry of Industry and Information Technology
https://wap.miit.gov.cn/gzcy/yjzj/art/2025/art_3ffe91a29e20440d8933c9097bee6a9a.html
Chongqing issued the Measures for Implementing the Benchmark of Administrative Discretion in the Field of Economy and Informatization in Chongqing
Source: Chongqing Economic and Information Commission
https://jjxxw.cq.gov.cn/zwgk_213/zcwj/xzgfxwj/202510/t20251022_15102638.html?sessionid=346038648
The Internet Society of China issued the Convention on Self-Discipline for Promoting Interoperability of Internet Platforms
Source: Internet Society of China
The Ministry of Public Security has approved the release of 19 public security industry standards, including the Security Management Requirements for Internet Interactive Services Part 12: Webcast Services
Source: Ministry of Public Security
https://www.mps.gov.cn:8080/n6557558/c10268041/content.html
Beijing Municipal Supervision Bureau issued four local standards in the field of automatic driving
Source: Beijing Municipal Bureau of Supervision
https://www.samr.gov.cn/xw/df/art/2025/art_a243c1f23e324f5188bcdd5ef73f75fa.html
National Network Security Standards Committee solicits opinions on Data Security Technology and Data Security Protection Requirements
Source: TC 260
https://www.tc260.org.cn/front/bzzqyjDetail.html?id=20251031084754&norm_id=20231220163350&recode_id=59812
Questions and Answers on Outbound Security Management Policy of Cyberspace Administration Release Data (October 2025)
Source: National Cyberspace Administration
INDUSTRY TRENDS
The Ministry of Industry and Information Technology reported that 20 smart terminals infringed on users' rights and interests
Source: Ministry of Industry and Information Technology
The Ministry of Industry and Information Technology released the list of national green data centers in 2025
Source: Ministry of Industry and Information Technology
https://www.miit.gov.cn/xwfb/gxdt/sjdt/art/2025/art_cd7df6de34354b1e86934ce2409dd2bb.html
APPs (SDKs) Infringing on Users' Rights and Interests Notified by the Ministry of Industry and Information Technology (Batch 6 in 2025, Total Batch 51)
Source: Ministry of Industry and Information Technology
https://www.miit.gov.cn/zwgk/wjgs/art/2025/art_d22708d6b84b42f491942f0a02510162.html
The Supreme People's Procuratorate released the overall situation of crimes against citizens' personal information
Source: Supreme People's Procuratorate
https://www.spp.gov.cn/xwfbh/wsfbh/202510/t20251020_708967.shtml?sessionid=177679730
The Municipal Administration of Supervision Published the International Initiative for the Protection of Trade Secrets
Source: Municipal Administration of Supervision
Shanghai Launches Special Action to Rectify Network Chaos in Automobile Industry
Source: Shanghai Cyberspace Administration
Shanghai Communications Management Bureau issued a circular on the infringement of users' rights and interests (the eighth batch in 2025)
Source: Shanghai Communications Management Bureau
Shanghai Releases Information Announcement on Filing Generative Artificial Intelligence Services (October 23)
Source: Shanghai Cyberspace Administration
The Cyberspace Administration of Xiangtan City, Hunan Province, focused on interviewing a group of people's livelihood application leaders
Source: Hunan Cyberspace Administration
The Municipal General Administration of Supervision held an international seminar on the protection of trade secrets in Guangzhou and issued an international initiative on the protection of trade secrets
Source: General Administration of Municipal Supervision
https://www.samr.gov.cn/xw/zj/art/2025/art_4945eabe62ed46ad96cd60aeaf2e2f01.html
Cyberspace Administration Announced the Special Action of "Clear and Clear, Rectify the Chaos of Network Live Broadcasting and Reward"
Source: National Cyberspace Administration
https://www.cac.gov.cn/2025-10/28/c_1763287168200174.htm
Market supervision departments use the "Internet special clause" of the Anti-Unfair Competition Law to investigate and punish illegal jumping behavior
Source: China Market Regulation News
http://pc.cmrnn.com.cn/shtml/zggsb/20251022/133900.html
Cyberspace Administration in Beijing have severely punished a number of "self-media" accounts that destroy the network's military-related ecology
Source: Cyberspace Administration of Beijing
The National Network Security Notification Center notified 70 mobile applications that collect and use personal information in violation of laws and regulations
Source: National Network Security Notification Center
The Fourth Intermediate People's Court of Beijing reported the trial of personal information protection cases and typical cases
Source: Beijing Fourth Intermediate People's Court
OVERSEAS
EU:
European Parliament adopts the final text of the General Data Protection Regulation regulating cross-border procedures
Source: European Parliament
https://www.europarl.europa.eu/doceo/document/TA-10-2025-0238_EN.html
The Artificial Intelligence Committee met to discuss the implementation of the Applied Artificial Intelligence Strategy and the Artificial Intelligence Act
Source: European Commission
https://digital-strategy.ec.europa.eu/en/news/ai-board-meets-discuss-apply-ai-strategy-and-implementation-ai-act
EDPB issues relevant opinion on UK adequacy decision
Source: EDPB
https://www.edpb.europa.eu/news/news/2025/draft-uk-adequacy-decisions-edpb-adopts-opinions_en
The Court of Justice of the European Union (CJEU) issues an opinion of the Attorney-General on the right to personal data protection and the need for authorization of competition investigations
Source: CJEU
https://curia.europa.eu/jcms/upload/docs/application/pdf/2025-10/cp250135en.pdf
The European Commission initially found that TikTok and Meta were in breach of their transparency obligations under the Digital Services Act
Source: European Commission
https://ec.europa.eu/commission/presscorner/api/files/document/print/en/ip_25_2503/IP_25_2503_EN.pdf
IAB Europe responds to the European Commission's public consultation on the Digital Fairness Act
Source: IAB Europe
https://iabeurope.eu/iab-europe-submits-response-to-the-european-commissions-public-consultation-on-the-digital-fairness-act/#:~:text=Brussels%2C%2027th%20October%202025%20%E2%80%93%20On%2023rd%20October%2C,impact%20assessment%20and%20inform%20a%20future%20legislative%20proposal
EU: EDPS issues revised guidelines for generative AI
Source: EDPS
https://www.edps.europa.eu/system/files/2025-10/25-10_28_revised_genai_orientations_en.pdf
US:
CARU Releases AI and Child Data Safeguards
Source: CARU
https://bbbprograms.org/media/newsroom/press/generative-ai-kids
New York: NYDFS publishes guidance on managing third-party network security risk
Source: NYDFS
https://www.dfs.ny.gov/industry-guidance/industry-letters/il20251021-guidance-managing-risks-third-party
The California Department of Justice will seek public comment on somebody 976 ( "Protecting Our Children from Social Media Addiction Act")
Source: California Attorney General
https://oag.ca.gov/news/press-releases/california-department-justice-solicit-public-comment-sb-976-protecting-our-kids
Reddit, Inc. sues SerpApi LLC, Oxylabs UAB, AWMProxy, and Perplexity AI, Inc. for data scraping.
Source: AP news
https://apnews.com/article/reddit-perplexity-ai-copyright-scraping-lawsuit-3ad8968550dd7e11bcd285a74fb6e2ff
UK:
CMA Identifies Apple and Google as Strategic Market Positions for Their Mobile Platforms
Source: CMA
https://www.gov.uk/government/news/cma-confirms-apple-and-google-have-strategic-market-status-in-mobile-platforms
Ofcom publishes guidance on the Video Games Industry Online Safety Act
Source: Ofcom
https://www.ofcom.org.uk/online-safety/the-online-safety-act-and-gaming-know-the-risks-know-the-rules-know-how-to-comply
DSIT Announces AI Regulatory Blueprint
Source: DSIT
https://www.gov.uk/government/news/new-blueprint-for-ai-regulation-could-speed-up-planning-approvals-slash-nhs-waiting-times-and-drive-growth-and-public-trust
Apple Loses App Store Commission Lawsuit in UK
Source: Reuters
https://www.reuters.com/world/apple-loses-uk-lawsuit-over-app-store-commissions-2025-10-23/?utm_source=braze&utm_medium=notifications&utm_campaign=2025_engagement
German:
DSK Releases AI System Guide for RAG
Source: DSK
https://datenschutzarchiv.org/detailansicht/Dokumente/2025/LL_DSK_20251017_RAGs_de.pdf
Germany to promote simplified AI ACT with delayed entry into force
Source: MLex
https://www.mlex.com/mlex/articles/2405099/german-digital-ministry-asks-for-significant-softening-delays-of-eu-ai-act
BSI updates technical guidance on the Cyber Resilience Act
Source: BSI
https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/Technische-Richtlinien/TR-nach-Thema-sortiert/tr03183/TR-03183_node.html#:~:text=The%20Technical%20Guideline%20BSI%20TR%20-03183%20describes%20the,for%20requirements%20of%20the%20Cyber%20Resilience%20Act%20(CRA)
France:
CNIL published an article discussing the pay or consent model
Source: CNIL
https://www.cnil.fr/fr/les-francais-sont-ils-prets-payer-pour-des-services-en-ligne-sans-publicite-ciblee
French parliamentarians plan to appeal against the judgment of the European Court of Justice on the validity of the EU data protection framework
Source: Heise
https://www.heise.de/news/Datentransfer-in-die-USA-Klage-gegen-EU-Datenschutzrahmen-geht-vor-den-EuGH-10965140.html
Poland: UODO launches AI usage and data protection needs survey
Source: UODO
https://uodo.gov.pl/pl/138/3929
Denmark: Digitaliseringssty relsen publishes guidelines on banning the use of artificial intelligence
Source: Digitaliseringsstyrelsen
https://digst.dk/media/03kdcicv/hovedvejledning-om-de-forbudte-former-for-ai-praksis-efter-ai-forordningens-artikel-5.pdf
Ontario: IPC Update De-Marking Guidelines
Source: IPC
https://www.ipc.on.ca/en/media-centre/news-releases/ipc-updates-its-de-identification-guidelines-setting-new-standard-responsible-data-use
Australia:
The National Center for Artificial Intelligence issued guidelines and templates for AI policies
Source: National Center for Artificial Intelligence
https://www.industry.gov.au/publications/guidance-for-ai-adoption
ACCC sues Microsoft over misleading subscription settings
Source: ACCC
https://www.accc.gov.au/media-release/microsoft-in-court-for-allegedly-misleading-millions-of-australians-over-microsoft-365-subscriptions
India: Meity Proposes Draft Amendments to IT Rules Relating to Synthetically Generated Content
Source: Meity
https://www.meity.gov.in/static/uploads/2025/10/38be31bac9d39bbe22f24fc42442d5d1.pdf
Sri Lanka :Amendments to the Personal Data Protection Act to be adopted by Parliament
Source: news. LK.
https://www.news.lk/news/parliament-to-adopt-amendments-to-the-personal-data-protection-act
Austria: noyb filed a criminal complaint against Clearview AI in Austria, alleging that its facial recognition technology violates GDPR
Source: noyb
https://noyb.eu/en/criminal-complaint-against-facial-recognition-company-clearview-ai
Taiwan: Legislative yuan Passes Amendment to Personal Data Protection Act
Source: pdpc
https://www.pdpc.gov.tw/News_Content/20/1001/
HK:
PCPD Publishes 2024-2025 Annual Report
Source: PCPD
https://www.pcpd.org.hk/tc_chi/resources_centre/publications/annual_report/files/anreport25_full.pdf
PCPD issues compliance guidelines for UAVs, in-vehicle cameras and indoor cameras
Source: PCPD
https://www.pcpd.org.hk/sc_chi/news_events/media_statements/press_20251027.html?sessionid=
Singapore: CSA Seeks Comments on Addendum to AI Safety Guidelines
Source: CSA
https://www.csa.gov.sg/resources/publications/addendum-on-securing-ai-systems/
Netherlands: Data Protection Authority warns of bias in voting advice provided by chatbots
Source: Dutch Data Protection Authority
https://www.autoriteitpersoonsgegevens.nl/en/current/ap-warns-chatbots-give-biased-voting-advice
Switzerland: NCSC issues guidelines for cyber incident response
Source: NCSC
https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2025/federal-incident-response.html
International:
ISO/IEC publishes Information Technology Smart City Data Utilization Part 2: Use Case Analysis and Common Considerations
Source: TC 609
https://www.tc609.org.cn/tc609/tzgg/202510/34e74a3f04634631ba9984682c29ca32.shtml
Singapore joins UK's Product Safety and Telecommunications Infrastructure (PSTI) regime
Source: UK Government
https://www.gov.uk/government/news/uk-setting-global-benchmark-on-cyber-standards-boosting-growth-and-protecting-consumers
The United States signed an agreement with Malaysia on reciprocal trade, which deals with the transfer of data between the two countries
Source: United States Government
https://www.whitehouse.gov/briefings-statements/2025/10/agreement-between-the-united-states-of-america-and-malaysia-on-reciprocal-trade/
Note
本文由Gen AI翻译,仅供参考。
Translated by Gen AI service. For reference only.
本期编辑:吴佳蔚 陈煜烺 林婉琪 陈曦宇 张丽