China Enforces One-Hour Cyber Incident Reporting Rule for Enterprises
What Happened
As of November 1, 2025, China’s new cyber incident reporting regulation requires large and internet-connected enterprises — including foreign companies operating in the country — to report significant cybersecurity incidents within one hour of detection.
The rule, issued jointly by the China National Computer Virus Emergency Response Center (CVERC) and the Ministry of Industry and Information Technology (MIIT), mandates initial and follow-up reports for ongoing incidents and demands submission of technical data, impact assessments, and recovery measures.
According to Dark Reading and Reuters, the initiative aims to tighten digital-infrastructure oversight and ensure faster coordination between enterprises and government authorities in response to large-scale cyber threats.
Why It Matters
-
China remains a critical hub in global supply chains, from hardware manufacturing to cloud services.
The new rule affects thousands of international organizations, including European and Bulgarian companies working with Chinese suppliers or subsidiaries. -
A one-hour reporting window is significantly shorter than current EU (24 h under DORA) or GDPR/NIS2 (72 h) requirements — creating new challenges for incident-response automation, internal workflows, and evidence management.
-
For organizations that rely on Chinese technology, hosting, or logistics partners, this regulation introduces an additional layer of dependency and cross-border compliance, influencing response times, data sharing, and operational transparency.
DIAMATIX Perspective
“In an interconnected world, regulations no longer stop at borders.
When a supplier in China must report a breach within an hour, but its European partner learns about it a day later — the risk has already spread.”
— DIAMATIX CISO
To maintain compliance and operational continuity, organizations should:
-
Map dependencies across global vendors, partners, and infrastructure — especially those connected to Chinese ecosystems.
-
Synchronize incident-response procedures so alerts from multiple jurisdictions (EU, China, US) reach the same command center in real time.
-
Deploy centralized MDR/XDR platforms that unify detection, evidence collection, and reporting under a single compliance-ready architecture.
DIAMATIX advises multinational enterprises to refresh their incident-response playbooks to align with both EU and non-EU regulatory frameworks — ensuring proof of detection, notification, and containment within hours, not days.
Sources
-
Dark Reading – China Mandates 1-Hour Reporting Rule for Cyber Incidents (2025)
-
South China Morning Post – New MIIT Regulation on Rapid Cyber Incident Disclosure (2025)
Ready to go further?
Experience how continuous detection and response enhance compliance in action with MDR 360°.
→ Request MDR 360° Demo
