🇨🇳 Live Privacy & Data Protection

China Cybersecurity Law (CSL)

Requires network operators and data processors in China to safeguard cybersecurity and critical data.

View official source document

8

Rules extracted

201

Obligations decomposed

25.1x

Avg obligations per rule

🇨🇳 China

Jurisdiction

About this regulation

China's foundational cybersecurity framework. Adopted November 7, 2016, effective June 1, 2017. The CSL establishes network operators' obligations, critical information infrastructure (CII) protection requirements, data localization mandates, security review mechanisms, personal information protection (pre-PIPL), network product/service requirements, real-name registration, incident response procedures, monitoring and early warning systems, and legal liability. 79 articles in 7 chapters.

What AuditDSS covers

Source

1

Regulation

Extracted

8

Rules

Decomposed

201

Obligations

25.1x

Decomposition ratio

Each rule is decomposed into an average of 25.1 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 201 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in CSL is scored across independent risk dimensions:

W

Obligation Weight

How critical within the regulatory framework

L

Violation Likelihood

How often breached in practice

E

Enforcement Evidence

Regulator enforcement history and penalties

C

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title
China Cybersecurity Law (CSL)
Regulatory body
Cyberspace Administration of China
Jurisdiction
🇨🇳 China
Document type
law
Effective date
June 1, 2017
Issuing authority
Standing Committee of the National People's Congress
Industry
Privacy & Data Protection
Official source
View source document ↗

Who this applies to

network operatorscritical information infrastructure operatorsnetwork product providersnetwork service providersindividuals and organizations

Key requirements

  • multi-level cybersecurity protection
  • network operation security obligations
  • critical information infrastructure protection
  • data localization for CII operators
  • national security review
  • real-name registration
  • personal information protection
  • incident response and reporting
  • network product certification

Frequently asked questions about CSL

What is CSL?
China's foundational cybersecurity framework. Adopted November 7, 2016, effective June 1, 2017. The CSL establishes network operators' obligations, critical information infrastructure (CII) protection requirements, data localization mandates, security review mechanisms, personal information protection (pre-PIPL), network product/service requirements, real-name registration, incident response procedures, monitoring and early warning systems, and legal liability. 79 articles in 7 chapters.

Who does CSL apply to?
CSL applies to network operators, critical information infrastructure operators, network product providers, network service providers, individuals and organizations.

How many obligations does CSL contain?
AuditDSS has decomposed CSL into 201 atomic obligations from 8 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of CSL?
The key requirements include: multi-level cybersecurity protection, network operation security obligations, critical information infrastructure protection, data localization for CII operators, national security review, real-name registration, personal information protection, incident response and reporting, network product certification.

How can I assess my CSL compliance?
Upload your compliance policy to AuditDSS. The platform maps your document against all 201 CSL obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces CSL?
CSL is enforced in China by Cyberspace Administration of China.

When did CSL come into effect?
CSL became effective on June 1, 2017.

What industry does CSL apply to?
CSL is primarily relevant to the Privacy & Data Protection industry. AuditDSS covers 71 regulations in this industry sector.

Build a CSL compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for CSL — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering CSL requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine CSL with other regulations into a single unified compliance pack for your business.

Build CSL compliance pack

Already have a policy? Assess it against CSL

1

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

2

AI maps against 201 obligations

Your document is scored against every obligation in CSL. Each claim is mapped to the obligation tree and evaluated for coverage.

3

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.

Related regulations in Privacy & Data Protection

🇦🇺 Live

Fair Work Act 2009

16 rules, 260 obligations
🇦🇺 Live

Modern Slavery Act 2018

9 rules, 135 obligations
🇦🇺 Live

Privacy Act 1988

29 rules, 203 obligations
🇦🇺 Live

SOCI Act 2018

10 rules, 32 obligations
🇦🇺 Live

Model WHS Act

10 rules, 41 obligations
🇧🇷 Live

LGPD

19 rules, 200 obligations
🇺🇸 Live

CCPA/CPRA

46 rules, 572 obligations
🇨🇳 Live

PIPL

15 rules, 203 obligations

Assess your CSL compliance

Upload your document and get a risk-scored gap analysis against 201 CSL obligations in under 5 minutes.

Start assessment Browse all regulations