Network Data Security Regulation Overview

Independent editorial reference. This page is based on official Chinese source links for general informational purposes only. It is not legal advice, and the official Chinese text prevails.

Key Takeaways

The Network Data Security Regulation was issued as State Council Order No. 790 and takes effect on 2025-01-01.
It should be read with the CSL, DSL, and PIPL rather than as a standalone compliance checklist.
It is relevant to network data processing governance, personal information, and important data research.

The Regulation on Network Data Security Management is a State Council regulation in China’s network data governance framework. It is relevant to research on cybersecurity, data security, personal information protection, important data, and network data processing. This page provides a source-tracked overview for general reference only.

The regulation matters because it connects several strands of China’s data governance system. Network data processing can raise cybersecurity issues, data security issues, personal information issues, and important data questions at the same time. A useful reading therefore starts with the regulation but does not isolate it from the CSL, DSL, and PIPL.

This page explains the regulation as a reference map. It does not decide whether a particular entity is subject to a specific obligation, whether a dataset is important data, or whether a processing activity satisfies the law.

What This Page Covers

What the regulation is and when it takes effect.
How it relates to the Cybersecurity Law, Data Security Law, and Personal Information Protection Law.
Why it matters for network data processing governance.
What this overview cannot determine without case-specific review.

Research Inputs to Collect

Before using this page as a research map, collect:

whether the activity involves network data processing, personal information, important data, or mixed datasets;
the system, platform, application, or network environment involved;
the data handler or processor role and any entrusted processing or sharing arrangement;
whether cross-border provision, remote access, or overseas recipient access may be relevant;
whether a CIIO issue, sectoral rule, local rule, or large-scale processing issue may be relevant;
existing security management, incident response, rights request, or data governance records.

These inputs help connect the regulation with the CSL, DSL, PIPL, and related rules. They do not decide the legal outcome.

What This Page Can and Cannot Do

This page can locate the regulation within China’s broader data governance framework and identify related source areas for research.

This page cannot classify a dataset, decide whether an entity is subject to a specific obligation, or determine whether an activity satisfies network data security requirements.

Official Source Basis

Official document	Chinese title	Authority	Date	Official source
Network Data Security Regulation	网络数据安全管理条例	State Council, Order No. 790	Published 2024-09-30; effective 2025-01-01	https://www.cac.gov.cn/2024-09/30/c_1729384452307680.htm
PIPL	中华人民共和国个人信息保护法	Standing Committee of the National People’s Congress	Effective 2021-11-01	https://www.cac.gov.cn/2021-08/20/c_1631050028355286.htm
Cybersecurity Law	中华人民共和国网络安全法	Standing Committee of the National People’s Congress	Effective 2017-06-01; amended version effective 2026-01-01 in site registry	https://www.cac.gov.cn/2025-12/29/c_1768735112911946.htm
Data Security Law	中华人民共和国数据安全法	Standing Committee of the National People’s Congress	Effective 2021-09-01	https://www.npc.gov.cn/npc/c2/c30834/202106/t20210610_311888.html

Source status: the Network Data Security Regulation source is the official CAC publication of State Council Order No. 790. CSL, DSL, and PIPL links are existing official source links tracked in this site registry.

What the Regulation Is

The Regulation on Network Data Security Management is an administrative regulation issued by the State Council. Public metadata identifies State Council Order No. 790, publication on 2024-09-30, and effectiveness from 2025-01-01. It sits within the broader Chinese data governance system rather than replacing the Cybersecurity Law, Data Security Law, or PIPL.

The regulation is relevant for network data processing governance because it addresses the management of network data security obligations under the broader legal system. A complete analysis requires reading the regulation together with the core laws and any applicable sectoral or local rules.

Relationship to CSL, DSL, and PIPL

The Cybersecurity Law is the foundation for network security and network operator obligations. The Data Security Law provides the broader data security governance framework. The PIPL governs personal information processing. The Network Data Security Regulation should be read against that background.

For personal information, PIPL rules still matter. For important data, Data Security Law concepts and implementing documents may be relevant. For network operations, Cybersecurity Law obligations may also shape the compliance context.

Relationship Table

Topic	Relationship to CSL / DSL / PIPL	Practical relevance	Source basis	Requires review?
Network data processing	Connects to cybersecurity and network operation governance under the broader legal system.	Helps readers place network data obligations within the CSL context.	Network Data Security Regulation; CSL.	Yes, for entity role and activity scope.
Personal information	Personal information processing remains connected to PIPL rules.	A network data activity may also be a personal information processing activity.	Network Data Security Regulation; PIPL.	Yes, for personal information category, purpose, consent/other basis, and related obligations.
Important data	Important data questions connect to data security governance.	The classification of data can affect risk review and governance questions.	Network Data Security Regulation; DSL.	Yes, because classification and implementation details require source and fact review.
Cross-border context	Network data governance may interact with cross-border transfer rules where data is provided outside China.	Readers should connect this regulation with PIPL Article 38 and CAC cross-border rules where personal information or other regulated data is involved.	Network Data Security Regulation; PIPL; CAC cross-border rules where applicable.	Yes, for route and source analysis.

Why It Matters

The regulation matters because network data processing often crosses multiple categories: personal information, business data, operational data, and potentially important data. It also matters because many organizations that handle data do so through network systems, platforms, applications, or online services.

This overview does not decide whether a particular entity is subject to a specific obligation. It is a reading map for public source research.

Common Misunderstandings

The regulation is not merely a news update. It is a State Council regulation with an effective date tracked in the official source.
It should not be read as replacing the CSL, DSL, or PIPL. It should be read with them.
A network data issue may also involve personal information or important data, but this page does not classify any specific dataset.
The existence of the regulation does not by itself determine whether a specific organization has a particular filing, reporting, or assessment obligation.
Sectoral rules, local rules, and later official guidance may still matter for specific activities.

Practical Reading Notes

Research question	Source-grounded reason to ask it
Is personal information involved?	PIPL obligations may apply in addition to network data security rules.
Could important data be involved?	Important data concepts may trigger additional data security governance questions.
Is the activity tied to network operations?	Cybersecurity Law and network data security obligations may be relevant.
Are sectoral or local rules involved?	Some industries and regions may have additional data rules or pilot policies.

Use this page to orient the source map before reading the regulation article by article. For operational decisions, the reader should identify the entity role, the activity, the data category, the sector, and any cross-border element before comparing the facts with official source text.

Source and Review Note

This page is based on official Chinese source documents listed above. It is an independent editorial reference for general information only. It does not constitute legal advice, and the official Chinese text prevails.