国家网信办有关负责人表示，近年来，各类网络安全事件频发，影响范围和危害程度不断升级。从网络 安全事件应急处置工作实践来看，发生网络安全事件后，及时向有关部门报告，有利于及时处置网络安 全事件，防止危害扩大或产生不良社会影响。 （文章来源：人民日报） 目前，网信部门已开通12387网络安全事件报告热线、官网、微信公众号、微信小程序、邮件、传真等6 类网络安全事件报告渠道，网络运营者、社会组织和个人可通过上述渠道向网信部门报告网络安全事 件。 本报北京9月15日电为规范网络安全事件报告管理，及时控制网络安全事件造成的损失和危害，国家互 联网信息办公室发布《国家网络安全事件报告管理办法》，进一步规范和明确网络安全事件报告流程和 要求。办法将于2025年11月1日起施行。 办法共14条，主要对网络安全事件报告适用范围、监管职责、报告主体、报告流程、报告时限、报告内 容等提出规范要求。办法明确，对迟报、漏报、谎报或者瞒报网络安全事件造成重大危害后果的运营者 依法从重处罚；对采取合理必要的防护措施，有效降低网络安全事件影响和危害，并按照规定及时报告 的运营者，可视情从轻或不予追究责任。 ...

近日，国家互联网信息办公室发布《国家网络安全事件报告管理办法》（以下简称《办法》），自2025年11月1日起施行。 在中华人民共和国境内建设、运营网络或者 通过网络提供服务的网络运营者,有报告网络 安全事件的义务。 监管职责 国家网信部门负责统筹协调全国网络安全事 件报告管理工作。省级网信部门负责统筹协调 本行政区域内网络安全事件报告管理工作。 《办法》共十四条，主要对网络安全事件报告适用范围、监管职责、报告主体、报告流程、报告时限、报告内容等提出规范要求。 国家互联网信息办公室有关负责人指出，为规范网络安全事件报告管理，及时控制网络安全事件造成的损失和危害，落实《网络安全法》《关键信息基础 设施安全保护条例》等法律法规，国家互联网信息办公室制定《国家网络安全事件报告管理办法》，进一步规范和明确网络安全事件报告流程和要求。 目前，网信部门已开通12387网络安全事件报告热线、官网、微信公众号、微信小程序、邮件、传真等六类网络安全事件报告渠道，网络运营者、社会组 织和个人可通过上述渠道向网信部门报告网络安全事件。 为规范网络安全事件报告管理,及时控制网 络安全事件造成的损失和危害,国家互联网信 息办公室制定《国 ...

国家网络安全事件报告管理办法 （2025年9月11日 国家互联网信息办公室） 第一条 为规范网络安全事件报告管理，及时控制网络安全事件造成的损失和危害，根据《中华人 民共和国网络安全法》、《中华人民共和国数据安全法》、《中华人民共和国个人信息保护 法》、《关键信息基础设施安全保护条例》等法律法规，制定本办法。 网络运营者属于中央和国家机关各部门及其直属单位的，应当及时向本部门网信工作机构报告， 最迟不得超过2小时。属于重大、特别重大网络安全事件的，各部门网信工作机构在收到报告后， 应当第一时间向国家网信部门报告，最迟不得超过1小时。国家网信部门收到报告后及时向有关部 门通报。 其他网络运营者应当及时向属地省级网信部门报告，最迟不得超过4小时。属于重大、特别重大网 络安全事件的，省级网信部门在收到报告后，应当第一时间向国家网信部门报告，最迟不得超过1 小时，并同时向同级有关部门通报。 本行业领域有专门规定的，网络运营者还应当按照行业主管监管部门要求报告。 涉嫌违法犯罪的，网络运营者应当及时向公安机关报案。 第五条 网络运营者应当以合同等形式要求为其提供网络安全、系统运维等服务的组织或个人，及 时向其报告监测发现 ...

Core Viewpoint - The People's Bank of China (PBOC) has introduced a new management method for reporting cybersecurity incidents in its business areas, effective from August 1, aimed at enhancing the regulation and response to such events in the financial sector [1] Group 1: Regulatory Framework - The new management method specifies that financial institutions must report cybersecurity incidents to the PBOC or its local branches according to established guidelines [1] - It categorizes cybersecurity incidents into four levels: particularly significant, significant, relatively large, and general, with baseline standards for each category [1] - The method details specific requirements for reporting incidents at different stages: occurrence, during the event, and post-event, including the reporting process, content, timeliness, and channels [1] Group 2: Implementation Strategy - The PBOC plans to implement the new method through three main strategies: enhancing policy promotion to help financial institutions better understand the regulations, guiding institutions to refine their internal reporting responsibilities, and standardizing administrative enforcement to ensure compliance with reporting requirements [1]

Regulatory Changes Impacting Various Sectors - New regulations will officially take effect starting August 1, 2025, affecting multiple fields [4] - The "Regulations on the Application of Discretionary Power for Administrative Penalties by Cyber Information Departments" will enforce stricter penalties for severe violations that threaten network information, operation, and data security [5] - The "Regulations on Government Data Sharing" aims to establish a unified national government big data system, enhancing data security and management [6] - The "Anti-Money Laundering and Counter-Terrorism Financing Management Measures for Precious Metals and Gemstone Industries" require institutions to report cash transactions over 100,000 RMB within five working days [7] - The updated "Classification and Catalog of Occupational Diseases" expands the list from 132 to 135 diseases, adding categories for occupational musculoskeletal diseases and behavioral disorders [8][9] - The "Management Measures for Reporting Cybersecurity Incidents in the Business Sector of the People's Bank of China" mandates financial institutions to report cybersecurity incidents to the central bank [10] - The "Management Measures for Monitoring and Evaluating Cosmetic Safety Risks" focuses on monitoring harmful substances and risks to vulnerable populations such as children and pregnant women [11] - Special equipment like elevators and passenger cableways will now be included in recall management [12]

Regulatory Changes - The "Regulations on Sharing Government Data" will take effect on August 1, emphasizing unified directory management of government data and prohibiting unauthorized use or sharing of data obtained through sharing [1] - The "New Classification and Directory of Occupational Diseases" will also be implemented on August 1, expanding from 10 categories and 132 types of occupational diseases to 12 categories and 135 types, including new categories for occupational musculoskeletal diseases and occupational mental and behavioral disorders [1] - The "Administrative Penalty Discretionary Power Standards for Cybersecurity Violations" will be enforced on August 1, stipulating heavier penalties for severe violations affecting network information and data security [1] Financial Sector Regulations - The "Anti-Money Laundering and Counter-Terrorism Financing Management Measures for Precious Metals and Gemstone Practitioners" will be effective on August 1, requiring institutions to report cash purchases of gold and diamonds exceeding 100,000 yuan [2] - The "Management Measures for Reporting Cybersecurity Incidents in the Business Sector of the People's Bank of China" will also take effect on August 1, outlining reporting requirements for financial institutions in the event of cybersecurity incidents [2] Safety and Quality Regulations - The "Defective Special Equipment Recall Management Rules" will be implemented on August 1, covering special equipment such as elevators and amusement facilities, detailing the recall process [3] - The "Cosmetic Safety Risk Monitoring and Evaluation Management Measures" will take effect on August 1, focusing on monitoring five categories of risk substances that could harm health [4] - The "Labeling Management Regulations for Traditional Chinese Medicine Pieces" will be enforced starting August 1, 2025, requiring labels to include production dates and shelf life [4]

Group 1 - The new regulations effective from August include the implementation of a revised "Occupational Disease Classification and Catalog," which expands the categories from 10 to 12 and increases the total number of occupational diseases from 132 to 135, adding new categories for musculoskeletal diseases and mental disorders [3] - A new anti-money laundering regulation requires reporting of cash transactions exceeding 100,000 RMB or equivalent foreign currency, mandating institutions to submit large transaction reports within five working days [3] - The "Cybersecurity Incident Reporting Management Measures" will standardize the reporting of cybersecurity incidents in the financial sector, requiring institutions to report significant incidents to the People's Bank of China [3]

Group 1 - The "Regulations on Administrative Penalties by Cybersecurity Departments" will be implemented in August, aiming to standardize administrative penalties [1] - The "Regulations on Government Data Sharing" will take effect on August 1, focusing on the integration of a unified national government big data system, enhancing data security, and establishing a dispute resolution mechanism for data sharing [3] - The new version of the "Classification and Catalog of Occupational Diseases" will also be implemented on August 1, expanding from 10 categories and 132 types of occupational diseases to 12 categories and 135 types, including new categories for musculoskeletal diseases and mental disorders [3] Group 2 - The "Anti-Money Laundering and Counter-Terrorism Financing Management Measures for Precious Metals and Gemstone Practitioners" will require reporting of cash transactions exceeding 100,000 RMB or equivalent foreign currency starting August 1 [4] - Financial institutions must report cybersecurity incidents to the People's Bank of China according to the new "Management Measures for Reporting Cybersecurity Incidents in the Banking Sector," effective August 1 [4]

Core Points - The People's Bank of China (PBOC) has established a management approach for reporting cybersecurity incidents within its business domain [1] - The reporting requirements apply to incidents caused by human factors, cyberattacks, vulnerabilities, hardware and software defects, or force majeure that harm the PBOC's business networks or data [1] - Non-PBOC business domain cybersecurity incidents do not need to be reported under this new regulation [1] Summary by Categories - **Scope of Application** - The management approach is applicable to incidents affecting the PBOC's business areas, which include monetary credit, macro-prudential oversight, cross-border RMB transactions, interbank markets, comprehensive financial statistics, payment and settlement, RMB issuance and circulation, treasury management, credit reporting and rating, and anti-money laundering [1] - **Reporting Requirements** - Financial institutions must report incidents to the PBOC or its local branches as per the new guidelines [1] - Incidents involving state secrets must be handled according to relevant regulations [1]

Core Points - The People's Bank of China (PBOC) has released the "Management Measures for Reporting Cybersecurity Incidents in the Business Areas of the People's Bank of China" [1] - The measures consist of five chapters and thirty-three articles, outlining the framework for cybersecurity incident management [1] Group 1 - Chapter One specifies the basis for the measures, applicable scope, reporting and communication mechanisms with other departments, and social supervision mechanisms [1] - Chapter Two establishes a grading system for cybersecurity incidents, defining standards for particularly major, major, relatively large, and general incidents [1] - Chapter Three details the reporting process, content, timeliness, and methods for cybersecurity incidents [1] Group 2 - Chapter Four outlines the supervisory and management responsibilities of the PBOC and its branches, as well as penalties for financial institutions that violate regulations [1] - Chapter Five provides definitions of terms, interpretation rights, and the effective date of the measures [1]