PIPL is the third of China’s new cybersecurity laws. The first was the Cybersecurity Law, which has been in effect since June 2017. This is designed to regulate the network and platform providers, and how they handle personal data.

The second is the Data Security Law (DSL), which came into effect on September 1, 2021. This looks at the protection of data more from the government’s perspective. It includes, for example, stricter regulation of ‘national core data’. And it has an extraterritorial reach for data processing outside of China that might affect ‘the national security, public interests, or lawful rights and interests of citizens and organizations in China’.