China Tightens Cybersecurity Incident Reporting

China’s top internet regulator has announced new rules requiring network operators to report “especially serious” cybersecurity incidents to the relevant state authorities within one hour. The regulations will take effect on November 1.

“Especially serious” incidents are defined as cases that disrupt provincial- or higher-level government portals, as well as nationally important information websites, for extended periods.

The new regulation includes an incident classification guide, outlining four categories of severity and the corresponding response steps.

This decision comes after Chinese cyber watchdogs fined a Dior subsidiary in Shanghai for illegally transferring customer data abroad.

The new rules highlight China’s efforts to strengthen the protection of critical information infrastructure and to implement a rapid response system to prevent large-scale disruptions or severe damage to government systems and public services.