China's cyber regulations: Eased compliance, yet stricter oversight in AI and data security

Although Chinese cybersecurity authorities have relaxed certain compliance requirements for businesses, 2025 has also brought a series of new regulatory measures targeting strategically important sectors like artificial intelligence and data security. The result is a complex and evolving regulatory environment that reflects both the government’s intent to restore business confidence and its continued emphasis on national security.

Published on
July 8, 2025
Attachment
Download

Eased compliance burdens since 2024

The year following the implementation of relaxed cross-border data transfer rules marked a significant shift for companies operating in China. By March 2025, security assessments had dropped by approximately 60%, and standard contract filings decreased by around 50%. These changes eased the compliance workload for many businesses and signaled a shift toward more predictable regulatory processes.

Administrative penalties for cyber and data security violations also declined sharply in 2024. This downward trend indicated a deliberate effort by authorities to create a more business-friendly environment amid ongoing economic pressures.

New regulatory push in 2025

Despite the relaxation in certain areas, early 2025 brought a new wave of regulatory activity. Chinese authorities introduced stricter rules in several critical fields, particularly those involving personal data and emerging digital technologies.

Key measures include:

  •     Enhanced requirements for personal data audits, aimed at improving transparency and accountability.
  •     Tighter security standards for facial recognition technology, reflecting growing concerns over biometric data misuse.
  •     A mandatory labeling system for AI-generated content, designed to increase traceability and mitigate potential risks from synthetic media.


These new regulations are scheduled to take effect in the second and third quarters of 2025, giving companies limited time to adapt to the changing requirements.

Sinolytics Radar 176: China's cyber regulations: Eased compliance, yet stricter oversight in AI & data security

Continued scrutiny for high-risk sectors

While some regulatory relief has been granted, companies dealing with large volumes of personal data or operating in sensitive digital sectors—such as AI—remain under close scrutiny. The overarching objective of Chinese authorities remains consistent: balancing technological innovation and economic growth with national security concerns.

Firms in these high-risk areas must continue to navigate a regulatory landscape that is not only complex but also subject to frequent changes. Compliance efforts will need to be both proactive and responsive as the oversight framework continues to evolve.

Conclusion

China’s cyber and data security regulations in 2025 reflect a dual approach: lowering compliance burdens to support business on one hand, while tightening oversight in strategically sensitive sectors on the other. For companies operating in China, the challenge lies in understanding and adapting to both currents—capitalizing on regulatory relief while staying ahead of new, sector-specific obligations.

Download

Curious about other topics?

All Insights & News
Timely analysis, strategic foresight, and expert perspectives on China's evolving position in the global economy.

You may also be interested in the following topics

Geopolitics
Technology
China Policy
China Business
Regulatory Strategy
Geolytics
More in Geopolitics
More in Geolytics