On August 1, 2025, the PRC Supreme People’s Court issued the Interpretation II on Issues Concerning the Application of Law in the Trial of Labor Dispute Cases, which establishes uniform legal standards in several employment situations that have raised questions in recent years, including the employment relationship in affiliation arrangements, foreign employees, double wages, and two consecutive fixed-term contracts. U.S. institutions with an RO or WFOE in the PRC should revi

On September 11, 2025, the Cyberspace Administration of China released the Measures for Cybersecurity Incident Reporting, which clarify the specific requirements for network operators regarding cybersecurity incident reporting. The Measures require network operators to report certain incidents within one to four hours, depending on the type of entity involved.   On September 11, 2025, the Cyberspace Administration of China (“ CAC ”) released the Measures for Cybersecurity Inc

Following a December 29, 2025 notice published by the Cyberspace Administration of China, institutions that handle personal information of children in China must report on their handling activities by January 31 each year (starting January 31, 2026); Several recently effective U.S. state comprehensive data privacy laws impact whether/how institutions may engage in targeted advertising to minors; The same U.S. state laws also impact whether/how institutions may “sell” minors’

China’s Ministry of Public Security (“MPS”) penalized Dior Shanghai for breaching personal information protection obligations, following an investigation into a data breach incident. MPS identified the following violations during the investigation: failure to implement a cross-border transfer mechanism; failure to fully inform data subjects about how their personal information would be handled by an overseas recipient; failure to obtain separate consent for cross-border trans

On October 6, 2025, the final provisions of the DOJ Sensitive Data Rule took effect, completing the framework for the DOJ’s Data Security Program.  Institutions engaging in relevant data-sharing activities should move quickly to ensure compliance.    On October 6, 2025, the last provisions of 28 C.F.R. Part 202, “ Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons ” (“DOJ Rule”) took effect, completing the regulatory

On April 25, 2025, TC260 issued the recommended standard Data Security Technology – Security Requirements for Handling of Sensitive...