The recent release of the Filing Notice by the Cyberspace Administration of China (CAC) marks a significant step in the protection of minors’ personal information. Announced on December 29, 2025, this notice establishes a framework requiring handlers of minors’ personal information to submit annual compliance audit results to local authorities. This initiative underscores the ongoing commitment to enforce stringent regulations as outlined in the Personal Information Protection Law (PIPL) and the Regulation on the Network Protection of Minors.
Background of the Filing Notice
The need for compliance audits concerning minors’ personal information has been acknowledged since the implementation of the PIPL in 2021. Article 54 of the PIPL mandates that all personal information handlers, regardless of their client base, undergo regular compliance audits to ensure adherence to applicable laws. This obligation extends to both domestic and international enterprises that process personal information pertaining to minors in China.
Compliance Audit Measures
The Compliance Audit Measures, established in May 2025, categorize audits into two types: self-conducted audits and mandatory audits initiated by authorities. Organizations handling personal information for over 10 million individuals must conduct audits at least biennially, while smaller enterprises face no specific frequency requirements. However, the requirement to report to authorities only arises from mandatory audits.
Special Rules for Minors
The Regulation on the Network Protection of Minors, effective January 1, 2024, introduces unique stipulations for organizations processing minors’ information. It mandates annual compliance audits and requires handlers to report audit results to relevant authorities. This regulation not only specifies audit frequency but also reinforces the necessity for oversight through obligatory reporting.
Implications of the Filing Notice
The Filing Notice has now brought clarity to the obligations concerning minors’ personal information compliance audits. It establishes definitive timelines and procedures for filing, transitioning these audits from theoretical obligations to enforceable actions. Unlike previous regulations, this notice does not hinge on the scale of the enterprise or the primary nature of its services but solely on whether it processes minors’ personal information.
Scope of Applicability
The Filing Notice applies uniformly to domestic and international entities. According to Article 3 of the PIPL, overseas organizations must comply if they process personal information within China. Consequently, any enterprise, regardless of location, that processes minors’ personal information is subject to these filing requirements.
Submission Process
Under the Filing Notice, personal information handlers are required to submit audit results to their local municipal cyberspace administration by January 31 each year. The current system emphasizes the importance of timely compliance, particularly for organizations that have not yet conducted the necessary audits.
Filing Requirements and Recommendations
To facilitate compliance, the Filing Notice mandates submission of two documents: the Annual Minors’ Personal Information Protection Compliance Audit Situation Table and a Commitment Letter. While there is no explicit threshold for the content of the audit report, organizations should focus on providing essential information that outlines their processing activities concerning minors.
Organizations should take proactive steps to prepare for compliance. This includes conducting thorough assessments of their handling of minors’ personal information, even if they believe they fall below the threshold for filing. A simplified report can be prepared and submitted promptly, satisfying the immediate requirements while allowing for potential adjustments in future submissions.
Monitoring Regulatory Changes
As the landscape of personal information compliance continues to evolve, organizations must remain vigilant. Authorities are likely to adjust regulations based on implementation experiences, making it essential for enterprises to stay informed and maintain open communication with local officials. This proactive approach can help mitigate compliance risks as oversight becomes more robust.
Conclusion
The introduction of the Filing Notice represents a crucial evolution in the landscape of minors’ personal information protection in China. Companies that process such information must act swiftly to comply with these new regulations. By prioritizing timely audits and staying informed about regulatory developments, organizations can navigate this complex compliance environment effectively.
- Key Takeaways:
- Annual compliance audits are mandatory for all personal information handlers processing minors’ data.
- The filing deadline for audit results is January 31 each year.
- Both domestic and international entities are subject to the same requirements.
- Proactive engagement with local authorities is essential for compliance.
- Simplified reporting can help organizations meet initial requirements while preparing for future standards.
Read more → www.jdsupra.com