Reed Smith Client Alerts

Key takeaways

  • China adopts new requirements for DPO filing, requiring qualifying companies to submit DPO information by 29 August 2025
  • B2C companies and large online platform operators fall within scope – companies processing personal data of more than one million individuals must file
  • Failure to file will trigger legal liability, with fines imposed on both the company and DPO

On 18 July 2025, the Cyberspace Administration of China (CAC) issued an official notice requiring the personal information protection officer (referred to as “DPO” in this article in sync with international practice) of qualifying businesses to complete a mandatory personal data compliance filing (DPO Filing) by a strict deadline of 29 August 2025 (DPO Filing Notice).

Failure to complete the DPO Filing may result in penalties. Companies and DPOs must act immediately to assess their obligations and meet the filing deadline.

This client alert summarises the key points of the DPO Filing Notice and outlines practical steps for qualifying companies to complete the filing.