China DSL + Cybersecurity Law
China Data Security Law (DSL, effective 1 Sep 2021) and Cybersecurity Law (CSL, effective 1 Jun 2017).
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (2)
CSL
| Code | Title |
|---|---|
| CSL-Art21 | Multi-Level Protection Scheme (MLPS 2.0) |
| CSL-Art22 | Network Products and Services Security |
| CSL-Art23 | Critical Network Equipment Certification |
| CSL-Art24 | Real-Name Registration |
| CSL-Art27 | Prohibition on Illegal Network Intrusion |
| CSL-Art31 | Critical Information Infrastructure (CII) Designation |
| CSL-Art34 | CII Operator Security Obligations |
| CSL-Art35 | CII Procurement Security Review |
| CSL-Art37 | CII Data Localization |
| CSL-Art38 | CII Annual Security Inspection |
| CSL-Art40 | Confidentiality of User Information |
| CSL-Art41 | Lawful Collection of Personal Information |
| CSL-Art42 | Personal Information Breach Notification |
| CSL-Art43 | Right to Correction and Deletion |
| CSL-Art47 | Content Monitoring and Reporting |
| CSL-Art49 | Complaints and Reporting Mechanism |
| CSL-Art51 | Cybersecurity Monitoring and Early Warning |
| CSL-Art56 | Cybersecurity Risk Talks (Interview) |
| CSL-Art59 | Penalties for Network Operator Violations |
| CSL-Art66 | Penalties for Cross-Border Violations |
DSL
| Code | Title |
|---|---|
| DSL-Art21 | Data Classification and Grading System |
| DSL-Art24 | National Security Review for Data Activities |
| DSL-Art27 | Data Security Management System |
| DSL-Art28 | Lawful and Legitimate Data Processing |
| DSL-Art29 | Risk Monitoring and Remediation |
| DSL-Art30 | Risk Assessment for Important Data Processors |
| DSL-Art31 | Cross-Border Transfer of Important Data |
| DSL-Art32 | Lawful Collection of Data |
| DSL-Art33 | Data Brokers and Intermediary Services |
| DSL-Art35 | Government Data Access Requests |
| DSL-Art36 | Foreign Authority Data Requests |
| DSL-Art45 | Penalties for Data Security Violations |
Frequently Asked Questions
What is China DSL + Cybersecurity Law?
China DSL + Cybersecurity Law is a compliance framework from China with 2 domains and 32 controls. China Data Security Law (DSL, effective 1 Sep 2021) and Cybersecurity Law (CSL, effective 1 Jun 2017). It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does China DSL + Cybersecurity Law have?
China DSL + Cybersecurity Law has 32 controls organised across 2 domains. The largest domains are CSL (20 controls), DSL (12 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does China DSL + Cybersecurity Law map to?
China DSL + Cybersecurity Law does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.
How do I get started with China DSL + Cybersecurity Law compliance?
Start your China DSL + Cybersecurity Law compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about China DSL + Cybersecurity Law requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 32 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 769 frameworks.
Get Started Free →Free forever — no credit card required