Chapter VI Legal Liability

Article 61

Permalink

Translation Notice

This is an unofficial English translation prepared for general informational purposes only. It does not constitute legal advice. In case of any discrepancy, the official Chinese text published by the competent authority shall prevail.

本文为非官方英文翻译,仅供一般信息参考,不构成法律意见。如与主管机关发布的中文正式文本不一致,以中文正式文本为准。

Chinese Original

第六十一条 网络运营者不履行本法第二十三条、第二十七条规定的网络安全保护义务的,由有关主管部门责令改正,给予警告,可以处一万元以上五万元以下罚款;拒不改正或者导致危害网络安全等后果的,处五万元以上五十万元以下罚款,对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。 关键信息基础设施的运营者不履行本法第三十五条、第三十六条、第三十八条、第四十条规定的网络安全保护义务的,由有关主管部门责令改正,给予警告,可以处五万元以上十万元以下罚款;拒不改正或者导致危害网络安全等后果的,处十万元以上一百万元以下罚款,对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。 有前两款行为,造成大量数据泄露、关键信息基础设施丧失局部功能等严重危害网络安全后果的,由有关主管部门处五十万元以上二百万元以下罚款,对直接负责的主管人员和其他直接责任人员处五万元以上二十万元以下罚款;造成关键信息基础设施丧失主要功能等特别严重危害网络安全后果的,处二百万元以上一千万元以下罚款,对直接负责的主管人员和其他直接责任人员处二十万元以上一百万元以下罚款。

English Translation

Where a network operator fails to perform the cybersecurity protection obligations provided in Articles 23 and 27 of this Law, the relevant competent department shall order correction, give a warning, and may impose a fine of not less than RMB 10,000 and not more than RMB 50,000. Where correction is refused or consequences endangering cybersecurity are caused, a fine of not less than RMB 50,000 and not more than RMB 500,000 shall be imposed, and the directly responsible person in charge and other directly responsible personnel shall be fined not less than RMB 10,000 and not more than RMB 100,000. Where an operator of critical information infrastructure fails to perform the cybersecurity protection obligations provided in Articles 35, 36, 38, and 40 of this Law, the relevant competent department shall order correction, give a warning, and may impose a fine of not less than RMB 50,000 and not more than RMB 100,000. Where correction is refused or consequences endangering cybersecurity are caused, a fine of not less than RMB 100,000 and not more than RMB 1,000,000 shall be imposed, and the directly responsible person in charge and other directly responsible personnel shall be fined not less than RMB 10,000 and not more than RMB 100,000. Where conduct described in the preceding two paragraphs causes serious cybersecurity consequences such as a large amount of data leakage or partial loss of function of critical information infrastructure, the relevant competent department shall impose a fine of not less than RMB 500,000 and not more than RMB 2,000,000, and the directly responsible person in charge and other directly responsible personnel shall be fined not less than RMB 50,000 and not more than RMB 200,000. Where especially serious cybersecurity consequences such as loss of main functions of critical information infrastructure are caused, a fine of not less than RMB 2,000,000 and not more than RMB 10,000,000 shall be imposed, and the directly responsible person in charge and other directly responsible personnel shall be fined not less than RMB 200,000 and not more than RMB 1,000,000.

Free web reference version. Editable bilingual Word/PDF/Excel packages may be provided separately after editorial review.

  • cybersecurity
  • network operator
  • critical information infrastructure

Source reference: CSL Article 61. Source authority: Cyberspace Administration of China publication; source text from the Standing Committee of the National People's Congress. Effective version: 2026-01-01 amended effective version. Amendment status: amended by 2025-10-28 amendment decision; current official text uses article-number gaps. Last verified: 2026-05-20. Last updated: 2026-05-25. Official source.

Source Reference

Official source

Last updated: 2026-05-25. Last verified: 2026-05-20. Independent reference only. Chinese text shall prevail.