Core Points - The National Internet Information Office has issued the "National Cybersecurity Incident Reporting Management Measures," which will take effect on November 1, 2025 [1][3] - The measures consist of 14 articles that outline the scope of cybersecurity incident reporting, regulatory responsibilities, reporting entities, reporting processes, timelines, and content requirements [1][3] Scope and Reporting Entities - The obligation to report cybersecurity incidents applies to network operators that build and operate networks or provide services through the internet within the territory of the People's Republic of China [4] Regulatory Responsibilities - The national internet information department is responsible for coordinating the management of cybersecurity incident reporting nationwide, while provincial internet information departments manage reporting within their respective regions [6] Classification of Cybersecurity Incidents - Cybersecurity incidents are categorized into four levels: particularly major, major, relatively large, and general incidents, based on the harm caused to networks and information systems [9] Reporting Process and Timeliness Requirements - Network operators must report significant cybersecurity incidents (above a certain level) within specified timeframes, such as: - Operators of critical information infrastructure must report to protection departments and public security agencies within 1 hour [10] - Major and particularly major incidents must be reported to the national internet information department within 1 hour by the protection departments [11] - Other network operators must report to provincial internet information departments within 4 hours [12] Encouragement for Reporting - Social organizations and individuals are encouraged to report significant cybersecurity incidents they become aware of [13] Reporting Channels - The internet information department has established multiple channels for reporting cybersecurity incidents, including a hotline (12387), a website, a WeChat mini-program, email, and fax [16][17][18] Penalties for Delayed Reporting - Network operators that delay, omit, falsely report, or conceal cybersecurity incidents will face severe penalties [19] - Timely reporting may result in reduced or waived penalties for the relevant units and personnel [21]