China Personal Information Protection Law

The Personal Information Protection Law (PIPL) is the foundational personal-data protection statute of the People’s Republic of China. It was adopted at the 30th Meeting of the Standing Committee of the Thirteenth National People’s Congress on 20 August 2021 and came into force on 1 November 2021 per Article 74. The Law contains 74 articles across eight chapters and is the third pillar of China’s data-governance triad alongside the Cybersecurity Law and the Data Security Law.

Per the China AI Note (Kevin Duan, Han Kun Law, February 2026), PIPL is one of the foundational binding frameworks materially shaping AI use in Mainland China. AI-specific Chinese instruments — including the Generative AI Service Regulations, the Algorithm Recommendation Regulations, and the Deep Synthesis Provisions — cross-reference PIPL for personal-data processing requirements, automated-decision-making rules, and cross-border data-transfer obligations.

Original-language title: 中华人民共和国个人信息保护法. Issuing body: Standing Committee of the National People’s Congress (NPCSC). Primary enforcer: Cyberspace Administration of China (CAC), supported by sectoral regulators including MIIT, MPS, and SAMR. Source: NPC English-language gazette · en.npc.gov.cn/2021-12/29/c_694559.htm.