每周数据法律资讯 Data Law Weekly（20250526-20250601）

1. 网信办发布《网信部门行政处罚裁量权基准适用规定（征求意见稿）》

5月30日，国家互联网信息办公室发布了《网信部门行政处罚裁量权基准适用规定（征求意见稿）》，向社会公众征求意见。根据征求意见稿规定，网信部门行政处罚裁量权基准划分为不予处罚、减轻处罚、从轻处罚、一般处罚、从重处罚等裁量阶次。征求意见稿进一步规定了各阶次裁量权基准的适用情形。

【点击查阅征求意见稿全文：

https://mp.weixin.qq.com/s/Qqph7MDl4Y9sZf-fYicRgg】

1. The Cyberspace Administration of China (CAC) issued the “Provisions on the Application of Administrative Penalty Discretionary Benchmarks by Cyberspace Administration Departments (Draft for Public Comment)”（《网信部门行政处罚裁量权基准适用规定（征求意见稿）》）

On May 30, the Cyberspace Administration of China (CAC) released the “Provisions on the Application of Administrative Penalty Discretionary Benchmarks by Cyberspace Administration Departments (Draft for Public Comment)” for public comment. According to the draft provisions, the administrative penalty discretionary benchmarks of cyberspace administration departments are divided into the following categories: no penalty, reduced penalty, lenient penalty, general penalty, and severe penalty. The draft provisions further specify the applicable circumstances for each category of discretionary benchmarks.

[Click to view the full text of the draft for public comment:

 https://mp.weixin.qq.com/s/Qqph7MDl4Y9sZf-fYicRgg]

2. 中国人民银行发布《中国人民银行业务领域网络安全事件报告管理办法》

5月30日，中国人民银行发布《中国人民银行业务领域网络安全事件报告管理办法》，自2025年8月1日起施行。《办法》共五章三十三条：第一章明确《办法》制定依据、适用范围、向其他部门报告通报协作机制和社会监督机制；第二章对网络安全事件分级管理作出规定，明确特别重大、重大、较大、一般等级网络安全事件的分级标准底线规则；第三章对网络安全事件报告流程、内容、时效、途径等作出规定；第四章对中国人民银行或其分支机构监督和管理责任落实，以及金融从业机构违反规定行为的处罚作出规定；第五章对术语定义、解释权和施行日期作出规定。下一步，中国人民银行将组织实施好《办法》，指导金融从业机构及时、准确报告网络安全事件，降低网络安全事件造成的损失和危害，筑牢金融网络安全防线。

【点击查阅《办法》全文：

http://www.pbc.gov.cn/tiaofasi/144941/144957/5728831/index.html?sessionid=806263851】

2. The PBC issued the “Administrative Measures for the Reporting of Cybersecurity Incidents in the PBC Business Field”（《中国人民银行业务领域网络安全事件报告管理办法》）

On May 30, the People’s Bank of China（PBC）issued the “Administrative Measures for the Reporting of Cybersecurity Incidents in the PBC Business Field”（《中国人民银行业务领域网络安全事件报告管理办法》）which will take effect on August 1, 2025. The Measures consist of five chapters and 33 articles: Chapter One clarifies the basis for the formulation of the Measures, their scope of application, mechanisms for reporting, notification, and collaboration with other departments, and mechanisms for social supervision; Chapter Two establishes provisions for the graded management of cybersecurity incidents, specifying the baseline criteria for classifying cybersecurity incidents into four levels: particularly serious, serious, significant, and general; Chapter Three sets forth provisions regarding the reporting procedures, content, timelines, and channels for cybersecurity incidents; Chapter Four outlines the supervisory and management responsibilities of the People’s Bank of China or its branches, and penalties for violations by financial institutions; Chapter Five defines terms, clarifies interpretation authority, and specifies the effective date. Going forward, the People's Bank of China will implement the Measures effectively, guide financial institutions to report cybersecurity incidents promptly and accurately, minimize losses and harm caused by such incidents, and strengthen the cybersecurity defense line for the financial sector.

[Click to view the full text of the Measures:

http://www.pbc.gov.cn/tiaofasi/144941/144957/5728831/index.html?sessionid=806263851]

3. 中央网信办发布《数据出境安全管理政策问答（2025年5月）》

5月30日，中央网信办发布《数据出境安全管理政策问答（2025年5月）》。问答聚焦重要数据出境流程与合规问题。问答提到，没有发布行业、领域的数据分类分级标准规范和重要数据识别申报规则，数据处理者也没有被有关部门告知应当进行重要数据识别申报的，未识别申报重要数据，未对相关数据进行重点保护，不会被认定为违反重要数据保护相关规定，不会因此受到行政处罚。同时，未被相关部门、地区告知或者公开发布为重要数据的，数据处理者不需要作为重要数据申报数据出境安全评估，相关数据出境活动不会被认定为违法违规出境重要数据，不会因此受到行政处罚。

【参见：

https://mp.weixin.qq.com/s/2t8-e1qFan4rsZLaHYGTwg】

3. The CAC issued the “Q&A on the Security Management of Data Cross-Border Transfer (May 2025)”（《数据出境安全管理政策问答（2025年5月）》）

On May 30, the Cyberspace Administration of China (CAC) issued the “FAQ on the Security Management of Data Cross-Border Transfer (May 2025)”（《数据出境安全管理政策问答（2025年5月）》）. The Q&A focuses on the process and compliance issues related to the transfer of important data abroad. The Q&A states that if there are no industry-specific or sector-specific standards or regulations for classifying and grading data, or rules for identifying and reporting important data, and if data processors have not been informed by relevant authorities that they are required to identify and report important data, then failing to identify and report important data, or failing to implement enhanced protection measures for such data, will not be deemed a violation of important data protection regulations and will not result in administrative penalties. Similarly, if data is not designated as important data by relevant departments or regions, or publicly announced as such, data processors are not required to submit an important data declaration for cross-border data transfer security assessments. Such cross-border data transfer activities will not be deemed illegal or non-compliant cross-border transfers of important data and will not result in administrative penalties.

[Reference:

https://mp.weixin.qq.com/s/2t8-e1qFan4rsZLaHYGTwg]

4. 中央网信办发布《关于开展人脸识别技术应用备案工作的公告》

5月30日，中央网信办发布《关于开展人脸识别技术应用备案工作的公告》。公告显示，自2025年6月1日起，应用人脸识别技术处理的人脸信息存储数量达到10万人的，应当自数量达到之日起30个工作日内履行备案手续。2025年6月1日前，应用人脸识别技术处理的人脸信息存储数量已经达到10万人的，应当在2025年7月14日前履行备案手续。备案信息发生实质性变更的，应当在变更之日起30个工作日内办理备案变更手续。

【点击查看公告全文：

https://mp.weixin.qq.com/s/k2NhwjcDN-sVqDF1u5T9ig】

4. The CAC issued the “Notice on the Implementation of Registration Procedures for the Application of Facial Recognition Technology”（《关于开展人脸识别技术应用备案工作的公告》）

On May 30, the Cyberspace Administration of China (CAC) issued the “Notice on the Implementation of Registration Procedures for the Application of Facial Recognition Technology”（《关于开展人脸识别技术应用备案工作的公告》）. The notice states that starting from June 1, 2025, if the number of stored facial information processed by facial recognition technology reaches 100000 people, the filing procedures shall be completed within 30 working days from the date of reaching the number. If the number of stored facial information processed by facial recognition technology has reached 100000 people before June 1, 2025, the filing procedures should be completed before July 14, 2025. If there are any substantial changes to the filing information, the entity must complete the filing amendment procedures within 30 working days from the date of the change.

[Click to view the full announcement:

https://mp.weixin.qq.com/s/k2NhwjcDN-sVqDF1u5T9ig]

5. 工信部通报47款存在侵害用户权益行为的APP及SDK

5月29日，工业和信息化部信息通信管理局发布《关于侵害用户权益行为的APP（SDK）通报（2025年第2批，总第47批）》，其中涉及47款存在侵害用户权益行为的APP及SDK。这些APP及SDK存在的问题有信息窗口乱跳转、APP强制、频繁、过度索取权限、违规收集个人信息、超范围收集个人信息、点击误导下载、SDK信息公示不到位等，同时，这些APP及SDK的来源有APP Store、小米应用商店、快手、应用宝、三星应用商店、OPPO软件商店、360手机助手、百度手机助手、荣耀应用市场、豌豆荚、支付宝小程序、微信小程序和各软件所属公司的官网等。

【参见：

https://www.miit.gov.cn/jgsj/xgj/APPqhyhqyzxzzxd/tzgg/art/2025/art_4e47e92d592c4221a9f8ac9c91aca2e5.html】

5. The MIIT issued notice on 47 apps and SDKs found to violate user rights

On May 29, the Department of Information and Communications Technology of the Ministry of Industry and Information Technology（MIIT）issued the “Notice on Apps (SDKs) Violating User Rights (2025, Batch 2, Total Batch 47)” , which identified 47 apps and SDKs that violate user rights. The issues identified in these apps and SDKs include random redirects in information windows, forced app installations, frequent and excessive requests for permissions, illegal collection of personal information, collection of personal information beyond the scope of authorized permissions, misleading clicks leading to downloads, inadequate disclosure of SDK information, and other issues. The sources of these apps and SDKs include the App Store, Xiaomi App Store, Kuaishou, Yingyongbao, Samsung App Store, OPPO Software Store, 360 Mobile Assistant, Baidu Mobile Assistant, Honor App Market, Wandoujia, Alipay Mini Programs, WeChat Mini Programs, and the official websites of the respective software companies.

[Reference:

https://www.miit.gov.cn/jgsj/xgj/APPqhyhqyzxzzxd/tzgg/art/2025/art_4e47e92d592c4221a9f8ac9c91aca2e5.html]

6. 公安部发布《公共安全视频图像信息系统监督管理工作规定》

5月28日，公安部发布了《公共安全视频图像信息系统监督管理工作规定》。《规定》明确了公安机关依照《公共安全视频图像信息系统管理条例》开展公共安全视频系统管理单位备案工作以及对公共安全视频系统的建设、使用情况开展监督检查工作的相关具体要求。

【点击查阅《规定》全文：

https://www.mps.gov.cn/n6557558/c10093599/content.html?sessionid=813011036】

6. The Ministry of Public Security issued the “Provisions on the Supervision and Administration of Public Security Video Image Information Systems” (《公共安全视频图像信息系统监督管理工作规定》)

On May 28, the Ministry of Public Security issued the “Provisions on the Supervision and Administration of Public Security Video Image Information Systems.” The Provisions clarify the specific requirements for public security organs to conduct registration of public security video system management units in accordance with the “Regulations on the Administration of Public Security Video Image Information Systems” (《公共安全视频图像信息系统管理条例》),  as well as to carry out supervision and inspection of the construction and use of public security video systems.

[Click to view the full text of the Regulations: 

https://www.mps.gov.cn/n6557558/c10093599/content.html?sessionid=813011036]

7. 中国网络空间安全协会发布《关于发布完成个人信息收集使用优化改进App清单的公告（2025年第1批）》

5月28日，中国网络空间安全协会发布《关于发布完成个人信息收集使用优化改进App清单的公告（2025年第1批）》。公告显示，为规范App收集使用个人信息行为，保护个人信息权益，推动形成全社会共同维护个人信息安全的良好环境，中国网络空间安全协会组织指导即时通信、应用商店、用车服务共3类6款App运营方，对照《中华人民共和国网络安全法》《中华人民共和国个人信息保护法》《常见类型移动互联网应用程序必要个人信息范围规定》等法律法规，重点针对超范围收集个人信息、过度调用敏感权限、权限设置和账号注销不便等个人信息收集使用问题完成了优化改进。6款App运营方已在应用商店或者官网上架优化改进版本，并承诺升级版本持续保持合规水平。6款App分别为：微信、百度手机助手、vivo应用商店、OPPO软件商店、360手机助手、一嗨租车。

【参见：

https://mp.weixin.qq.com/s/4ufA1dpa8LM8QDGzo7L4aA】

7. China Cyberspace Security Association released the “Announcement on the Publication of the List of Apps That Have Completed Optimization and Improvement of Personal Information Collection and Use (First Batch of 2025)”（《关于发布完成个人信息收集使用优化改进App清单的公告（2025年第1批）》）

On May 28, the China Cyberspace Security Association released the “Announcement on the Publication of the List of Apps That Have Completed Optimization and Improvement of Personal Information Collection and Use (First Batch of 2025)”（《关于发布完成个人信息收集使用优化改进App清单的公告（2025年第1批）》）. The announcement states that in order to standardize the collection and use of personal information by apps, protect personal information rights and interests, and promote the formation of a favorable environment for the whole society to jointly maintain personal information security, the China Cyberspace Security Association organized and guided the operators of 6 apps in 3 categories, including instant messaging, app stores, and car-hailing services, to compare their practices with relevant laws and regulations such as the Cybersecurity Law of PRC(《中华人民共和国网络安全法》), the Personal Information Protection Law of the PRC《中华人民共和国个人信息保护法》）, and the Provisions on the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications（《常见类型移动互联网应用程序必要个人信息范围规定》）. The focus was on optimizing and improving issues such as excessive collection of personal information, excessive access to sensitive permissions, inconvenient permission settings, and account cancellation, among other issues related to the collection and use of personal information. The six app operators have already released optimized versions on app stores or their official websites, and have committed to maintaining compliance levels through future updates. The six apps are: WeChat, Baidu Mobile Assistant, Vivo App Store, OPPO Software Store, 360 Mobile Assistant, and eHi Car Services.

[Reference:

https://mp.weixin.qq.com/s/4ufA1dpa8LM8QDGzo7L4aA]

8. 国家计算机病毒应急处理中心检测发现63款违规移动应用

5月28日，国家计算机病毒应急处理中心通报63款存在违法违规收集使用个人信息情况的移动应用，涉及问题有隐私政策内容及提示方式违规、数据共享违规、未提供有效的更正或删除个人信息及注销用户账号功能、投诉或举报未在承诺时限内受理并处理、未向用户提供撤回同意收集个人信息的途径方式、自动化决策违规、处理未成年人信息违规、未采取相应的加密或去标识化等安全技术措施、无隐私政策等。

【参见：

https://mp.weixin.qq.com/s/a7MTaWxTDK-RiW0HsKF5jg】

8. The CVERC detected 63 non-compliant mobile applications

On May 28, the National Computer Virus Emergency Response Center（CVERC）reported 63 mobile applications found to be illegally collecting and using personal information. The issues identified include non-compliance with privacy policy content and notification methods, unauthorized data sharing, failure to provide effective means for users to correct or delete personal information and cancel user accounts, failure to address complaints or reports within the promised timeframe, failure to provide users with a means to withdraw consent for personal information collection, violations of automated decision-making regulations, violations of regulations regarding the processing of minors' information, failure to implement appropriate encryption or de-identification security measures, and the absence of a privacy policy.

[Reference:

https://mp.weixin.qq.com/s/a7MTaWxTDK-RiW0HsKF5jg]

9. 上海公告两项生成式人工智能服务登记信息

5月28日，上海市网信办公告两项生成式人工智能服务登记信息。根据公告信息，截至5月28日，上海市累计已完成87款生成式人工智能服务登记。已上线的生成式人工智能应用或功能，应在显著位置或产品详情页面标明所取得的上线编号。

【参见：

https://mp.weixin.qq.com/s/sdFRsT03fEpUGKil4hydpw】

9. Shanghai announced registration information for two generative AI services

On May 28, the Shanghai Cyberspace Administration announced the registration information for two generative AI services. According to the announcement, as of May 28, a total of 87 generative AI services have been registered in Shanghai. Generative AI applications or functions that have been launched must clearly display the registration number obtained upon launch in a prominent location or on the product details page.

[Reference:

https://mp.weixin.qq.com/s/sdFRsT03fEpUGKil4hydpw]

10.两项个人信息保护合规审计实践指南发布

5月26日，全国网络安全标准化技术委员会发布《网络安全标准实践指南——个人信息保护合规审计要求》和《网络安全标准实践指南——个人信息保护合规审计专业机构服务能力要求》。前者提出了个人信息保护合规审计原则，规定了个人信息保护合规审计的总体要求、实施流程、内容和方法，适用于个人信息处理者和专业机构开展个人信息保护合规审计活动；后者从基本条件、管理能力、专业能力、人员能力、场所与设备资源能力五个方面规范了专业机构提供个人信息保护合规审计服务的能力要求，可用于规范专业机构个人信息保护合规审计活动。

【点击查看相关指南全文：

《网络安全标准实践指南——个人信息保护合规审计要求》：https://www.tc260.org.cn/upload/2025-05-26/1748255158535034574.pdf

《网络安全标准实践指南——个人信息保护合规审计专业机构服务能力要求》：https://www.tc260.org.cn/upload/2025-05-26/1748244648160019892.pdf】

10. Two personal information protection compliance audit practice guidelines released

On May 26, the National Technical Committee 260 on Cybersecurity of Standardization Administration of China issued the “Cybersecurity Standard Practice Guideline — Personal Information Protection Compliance Audit Requirements”（《网络安全标准实践指南— 个人信息保护合规审计要求》）and the “Cybersecurity Standards Practice Guideline — Personal Information Protection Compliance Audit Professional Institution Service Capability Requirements”（《网络安全标准实践指南— 个人信息保护合规审计专业机构服务能力要求》）. The first guideline puts forward the principles of personal information protection compliance auditing, stipulates the general requirements, implementation process, content and methods of personal information protection compliance auditing, and applies to personal information processors and professional organizations to carry out personal information protection compliance auditing activities; the second guideline regulates the capability requirements for professional organizations to provide personal information protection compliance audit services in five aspects: basic conditions, management capability, professional capability, personnel capability, and venue and equipment resource capability, which can be used to regulate the personal information protection compliance audit activities of professional organizations.

[Click to view the full text of the guidelines:

Cybersecurity Standards Practice Guideline—Personal Information Protection Compliance Audit Requirements（《网络安全标准实践指南— 个人信息保护合规审计要求》）:

https://www.tc260.org.cn/upload/2025-05-26/1748255158535034574.pdf 

Cybersecurity Standards Practice Guideline—Personal Information Protection Compliance Audit Professional Institution Service Capability Requirements（《网络安全标准实践指南— 个人信息保护合规审计专业机构服务能力要求》）:

https://www.tc260.org.cn/upload/2025-05-26/1748244648160019892.pdf]

11. 中央网信办就《个人信息保护合规审计管理办法》实施有关事项答记者问

《个人信息保护合规审计管理办法》已于2025年5月1日起施行，近日，国家互联网信息办公室有关负责人就其实施有关事项回答了记者提问。就个人信息保护合规审计专业机构认证事宜，网信办有关负责人明确，国家网信办数据与技术保障中心、中国网络安全审查认证和市场监管大数据中心、北京赛西认证有限责任公司3家单位，已向国家认证认可监督管理委员会备案相关认证规则，将依据认证规则和《网络安全标准实践指南——个人信息保护合规审计专业机构服务能力要求》《网络安全标准实践指南——个人信息保护合规审计要求》实施认证。专业机构可向上述3家认证机构申请认证。同时，中国网络空间安全协会编制了《个人信息保护合规审计人员能力评价要点》，明确不同等级个人信息保护合规审计人员的能力评价目标、方式、要点等，将开展个人信息保护合规审计人员能力评价。

【参见：

https://mp.weixin.qq.com/s/C4wwEnO7SHVaAdtOdzzkog】

11. The CAC answered questions from journalists on the implementation of the “Personal Information Protection Compliance Audit Management Measures”（《个人信息保护合规审计管理办法》）

The “Personal Information Protection Compliance Audit Management Measures”（《个人信息保护合规审计管理办法》）came into effect on May 1, 2025. Recently, a responsible official from the Cyberspace Administration of China (CAC) answered questions from journalists regarding the implementation of the measures. Regarding the certification of professional institutions for personal information protection compliance audits, the responsible official clarified that three entities—the Data and Technology Support Center of the CAC, China Cybersecurity Review Certification and Market Regulation Big Data Center（CCRC）, and the CESI Certification Co., Ltd.—have filed relevant certification rules with the National Certification and Accreditation Administration. These entities will conduct certification in accordance with the certification rules and the “Cybersecurity Standards Practice Guideline—Personal Information Protection Compliance Audit Professional Institution Service Capability Requirements” （《网络安全标准实践指南 — 个人信息保护合规审计专业机构服务能力要求》）and the “Cybersecurity Standards Practice Guideline—Personal Information Protection Compliance Audit Requirements”（《网络安全标准实践指南 — 个人信息保护合规审计要求》）. Professional institutions may apply for certification from the aforementioned three certification bodies. Additionally, the China Cyberspace Security Association has compiled the “Key Points for Evaluating the Capabilities of Personal Information Protection Compliance Audit Personnel”（《个人信息保护合规审计人员能力评价要点》）, which clarifies the evaluation objectives, methods, and key points for assessing the capabilities of personal information protection compliance audit personnel at different levels. The association will conduct evaluations of the capabilities of personal information protection compliance audit personnel.

[Reference:

https://mp.weixin.qq.com/s/C4wwEnO7SHVaAdtOdzzkog]

12. 中央网信办部署进一步加强“开盒”问题整治工作，已处罚3家大型网站平台

近日，中央网信办专门印发通知，从阻断“开盒”信息传播、完善预警机制、加大惩治力度、优化保护措施、加强宣传引导等多个维度明确工作要求，督促各地网信部门、各网站平台进一步强化“开盒”问题整治工作。同时，召开专题部署会议，要求微博、腾讯、抖音、快手、百度、小红书、知乎、哔哩哔哩、豆瓣等多家重点网站平台，对照通知抓好各项任务落实，切实履行主体责任，以“零容忍”态度坚决打击“开盒”乱象。中央网信办有关负责同志表示，已依法按程序处罚3家大型网站平台。下一步，中央网信办将继续坚持高强度打击和高力度保护并重，着力做好“开盒”问题整治工作。一是全力阻断传播渠道、二是升级完善保护措施、三是加大打击惩治力度。

【参见：

https://mp.weixin.qq.com/s/5PW4hrxBxEoemc7tD0Z7fw】

12. The CAC deployed further measures to strengthen the rectification of “unboxing” issues and has punished three large website platforms

Recently, the Cyberspace Administration of China (CAC) issued a special notice, clarifying work requirements from multiple dimensions, including blocking the spread of “unboxing” information, improving early warning mechanisms, increasing punishment, optimizing protection measures, and strengthening publicity and guidance, to urge local cyberspace administration departments and website platforms to further strengthen the rectification of “unboxing” issues. At the same time, a special deployment meeting was convened, requiring major websites and platforms such as Weibo, Tencent, Douyin, Kuaishou, Baidu, Rednote, Zhihu, Bilibili, and Douban to implement the tasks outlined in the notice, fulfill their primary responsibilities, and resolutely combat the “unboxing” phenomenon with a “zero-tolerance” attitude. A responsible official from the CAC stated that three major website platforms have been legally penalized in accordance with procedures. Moving forward, the CAC will continue to prioritize both high-intensity crackdowns and enhanced protection measures, focusing on addressing the “unboxing” issue. The three key measures include: first, completely blocking transmission channels; second, upgrading and improving protective measures; and third, intensifying efforts to crack down on and punish violations.

[Reference:

https://mp.weixin.qq.com/s/5PW4hrxBxEoemc7tD0Z7fw]

1. 日本通过首部人工智能法案——《人工智能相关技术研发及应用推进法案》

5月28日，日本参议院通过了《人工智能相关技术研发及应用推进法案》，该法案是日本首部人工智能相关立法。法案提到，鉴于人工智能相关技术是日本经济和社会发展的基础技术，该法律旨在明确人工智能相关技术的研发及应用推进的基本理念，制定基本计划等基本事项，设立人工智能战略总部，与相关法律协同，综合且计划性地推进人工智能相关技术的研发及应用，以提升国民生活和促进国民经济发展。法案分为四个章节（总则、基础措施、人工智能基本计划、人工智能战略本部）和附则，正文二十八条、附则四条。

【点击查看法案全文：

https://www.shugiin.go.jp/internet/itdb_gian.nsf/html/gian/honbun/houan/g21709029.htm】

1. Japan passed its first artificial intelligence act— The Act on the Promotion of Research, Development, and Application of Artificial Intelligence-Related Technologies

On May 28, the Japanese Senate passed the Act on the Promotion of Research, Development, and Application of Artificial Intelligence-Related Technologies, marking Japan’s first legislation related to artificial intelligence. The Act states that, given that artificial intelligence-related technologies are foundational technologies for Japan’s economic and social development, this law aims to establish the basic principles for the research, development, and promotion of artificial intelligence-related technologies, formulate basic plans and other fundamental matters, establish an Artificial Intelligence Strategy Headquarters, coordinate with relevant laws, and comprehensively and systematically advance the research, development, and application of artificial intelligence-related technologies to enhance the quality of life for citizens and promote national economic development. The Act is divided into four chapters (General Provisions, Basic Measures, Basic Plan for Artificial Intelligence, and Artificial Intelligence Strategy Headquarters) and supplementary provisions, with 28 articles in the main text and four supplementary provisions.

[Click to view the full text of the bill:

https://www.shugiin.go.jp/internet/itdb_gian.nsf/html/gian/honbun/houan/g21709029.htm]

2. 马来西亚发布关于任命数据保护官（DPO）的常见问题解答

近日，马来西亚个人数据保护部（PDP）发布了关于任命数据保护官（DPO）的常见问题解答。PDP 强调，任命DPO的义务自2025年6月1日起生效。如果数据处理涉及超过20,000名数据主体；或超过10,000名敏感数据主体；或需要定期和系统监控的活动（例如，在线行为跟踪），则相关组织应当任命DPO。常见问答解答还规定了DPO的相关要求。

【点击查阅相关问题解答：

https://www.pdp.gov.my/ppdpv1/faq-pelantikan-pegawai-perlindungan-data-dpo/】

2. Malaysia released FAQ on appointing Data Protection Officer (DPO)

Recently, the Malaysian Department of Personal Data Protection (PDP) released a FAQ on the appointment of a Data Protection Officer (DPO). PDP emphasizes that the obligation to appoint a DPO shall take effect from June 1, 2025. If data processing involves more than 20000 data subjects; Or more than 10000 sensitive data subjects; For activities that require regular and systematic monitoring (such as online behavior tracking), the relevant organization should appoint a DPO. The FAQ also specifies the relevant requirements for DPO.

[Click to view related question answers:

https://www.pdp.gov.my/ppdpv1/faq-pelantikan-pegawai-perlindungan-data-dpo/]