Author: Zhang Jian (Professor and Doctoral Supervisor at Renmin University of China Law School?) "If the law is in line with the times, then it can be treated; if the treatment is in line with the times, then it can be effective. The revised Cybersecurity Law of the People's Republic of China, passed by the Standing Committee of the National People's Congress on October 28, 2025, will officially come into effect on January 1, 2026. As the fundamental law in the field of cybersecurity, the Cybersecurity Law has played a significant role in safeguarding China's sovereignty in cyberspace, national security, and social public interests since its implementation. After eight years, the technological revolution is surging, and new technologies such as cloud computing, the Internet of Things, and artificial intelligence are constantly expanding the connotation and extension of cyberspace. Legislation on data security, personal information security, and other issues is being enacted one after another, and great power competition and geopolitical games are extending to cyberspace. A comprehensive and systematic revision of the Cybersecurity Law has become an urgent task in the technological era. The main content of the new revision can be summarized as four enhancements and one linkage. One is to strengthen political guidance and increase the Party's leadership over cybersecurity work and the guiding position of the overall national security concept; Secondly, we will strengthen forward-looking regulations on the security of artificial intelligence, add new provisions to encourage technological innovation, and establish a risk monitoring and ethical framework; The third is to strengthen legal responsibility and punishment, systematically adjust the penalty system, and deepen the main responsibility of network operators; The fourth is to strengthen the extraterritorial jurisdiction of cyber sovereignty and expand the scope of accountability for acts that endanger China's cyber security abroad. A linkage refers to the systematic collaboration with the Data Security Law and the Personal Information Protection Law to create a legal collaborative system for network security governance. However, as a pioneering law, it inherently has certain principles and framework. Adhering to the leadership of the Party and the overall national security concept is clearly written into the law, which is the biggest highlight of the new amendment and points out the fundamental guidance and strategic direction of cybersecurity work. If in 2017, legislative tasks focused on safeguarding cybersecurity and maintaining order in cyberspace. The guiding ideology of the new revision is more familiar with the way of cyberspace. Cyberspace is holistic, systematic, and cross cutting, involving multiple fields such as politics, economy, culture, society, and military. It spans physical and virtual spaces, different countries, and individual departments or regions. It is difficult to effectively respond to complex and changing cyber threats. Therefore, cybersecurity should not be regarded as an isolated technical or management issue, but should be placed under the framework of overall national security, highlighting the coordinated promotion of development and security, and fundamentally enhancing the political position and legal status of cybersecurity work. Since 2023, intelligent technologies represented by generative artificial intelligence have experienced explosive development, empowering various industries while also bringing unprecedented security risks. How to effectively manage risks while encouraging innovation has become a global governance challenge. The newly revised bill timely incorporates the governance of artificial intelligence security into the Cybersecurity Law. Article 20 clearly stipulates that "the state supports the research and development of key technologies such as basic theories and algorithms of artificial intelligence", "improves ethical norms for artificial intelligence, strengthens risk monitoring and assessment, and security supervision". This provision establishes the guiding principle of balancing the development of artificial intelligence with safety, providing a higher-level legal basis for the subsequent formulation of specialized artificial intelligence laws, safety regulations, standards, and policies. The legislative support for basic theories and key technology research and development aims to encourage and guide the industry to embed security throughout the entire process of AI technology innovation, rather than post remediation. Strengthening risk monitoring, assessment, and safety supervision means establishing a full lifecycle safety supervision mechanism for AI products and services. It can be said that the addition of artificial intelligence clauses is a strategic move by China to seize the high ground of governance and prevent and resolve major risks in the competition among major powers. Network operators are the first responsible persons for network security. The new revision does not adjust the definition of network operators, but in order to enhance their awareness of security responsibilities, a refined "hierarchical classification governance" model has been introduced. Based on the type of operator - specifically distinguishing between general network operators and critical information infrastructure operators, the scale and risk level of data processing activities, and the severity of consequences caused by illegal behavior - differentiated and graded legal responsibilities and penalties are configured. The newly revised Article 61 and other provisions significantly increase the upper limit of fines and link it to the severity of illegal gains and consequences, forming a clear penalty gradient. For serious or particularly serious violations such as infringing on the security of critical information infrastructure, major data breaches, or personal information breaches, the new amendment introduces a high fine standard, up to a maximum of 10 million yuan. The upper limit of fines for directly responsible supervisors and other directly responsible personnel has also been significantly increased, with the aim of penetrating responsibility to individuals and preventing companies from treating fines as operating costs while ignoring individual responsibility. Article 73 has been added, which stipulates that those who violate the provisions of this Law but have circumstances of lenient, mitigated, or no punishment as stipulated by the Administrative Penalty Law may be dealt with leniently in accordance with the law. This fully reflects the principle of balancing leniency and severity, and provides compliance incentives for enterprises that actively eliminate or mitigate harmful consequences, cooperate with investigations, and make serious rectifications while cracking down on serious illegal activities. Cyberspace and data flow naturally have transnational characteristics, and cybersecurity threats often come from overseas. In response to this issue, the newly revised Article 77 has brought two major breakthroughs. Firstly, the scope of application has been expanded from endangering critical information infrastructure to endangering the network security of the People's Republic of China. This is a fundamental extension, and any behavior from overseas that poses a threat to China's cyberspace security, regardless of whether its target is critical information infrastructure, is included in the jurisdiction of the Cybersecurity Law. Secondly, the prerequisite of causing serious consequences has been removed. As long as overseas entities carry out activities that endanger China's cyber security, China can initiate legal proceedings to hold them accountable in accordance with the law, which greatly enhances the deterrent power of the law and the flexibility of law enforcement, achieving the goal of "hitting the surface" of overseas cyber threats. Of course, extraterritorial law enforcement faces many challenges in practice, but clear and explicit extraterritorial provisions themselves have a powerful declarative and deterrent effect. This amendment in our country is a reasonable measure to comply with the international legislative trend and use legal weapons to safeguard our own interests in cyberspace. Modern social governance is a complex system engineering that requires a "systems thinking" approach to respond. The laws and regulations related to network security must support and work together to form the maximum governance effectiveness. In 2021, the Data Security Law of the People's Republic of China and the Personal Information Protection Law of the People's Republic of China were successively promulgated, together with the Cybersecurity Law, forming the "three pillars" of China's cybersecurity legal system. However, due to the difference in legislative time, there are some issues such as overlapping concepts and competing responsibilities among the three laws in practice, which require a higher-level and fundamental law to coordinate and coordinate. The second paragraph of Article 42 of the newly revised draft stipulates that "network operators shall comply with the provisions of this Law, the Civil Code of the People's Republic of China, the Personal Information Protection Law of the People's Republic of China, and other laws and administrative regulations when processing personal information." Article 71 stipulates the application of the Data Security Law, and "for acts that violate the provisions of personal information protection and cross-border data flow, they shall be dealt with and punished in accordance with relevant laws and administrative regulations." In addition, in the design of the penalty system, the newly revised draft is consistent with the legislative logic of "graded punishment according to the severity of the circumstances" in the Data Security Law and the Personal Information Protection Law. It can be said that these newly revised provisions not only retain the fundamental position of the Cybersecurity Law, but also respect the particularity of specialized legislation, providing clear guidance for law enforcement practice. In summary, the revision of the Cybersecurity Law is a profound change and comprehensive improvement in the process of China's network rule of law construction. It systematically responds to the new requirements and challenges put forward in the era of digital intelligence, and weaves a more mature, refined, rigorous, and powerful network security governance network. The new amendment will not only have a far-reaching impact on all domestic network operators, especially large Internet platforms, but also send a clear signal to the international community that China firmly upholds its network sovereignty and actively participates in global cyberspace governance. Looking ahead to the future, with the deepening implementation of the new revision, China's ability to ensure network security will undoubtedly reach a new level, providing solid legal guarantees for the construction of a strong cyber nation and technological competition among major powers. (New Society)