China's cybersecurity strategy: between national protection and speech control

Beijing's new strategy between cyber defense and repression of dissent

Recent moves by the Cyberspace Administration of China (CAC) reveal a two-pronged strategy to exert greater control over its digital domain: strengthening national cybersecurity defenses while simultaneously tightening its grip on online discourse. These initiatives, the "National Network Security Incident Reporting Management Measures" (Misure di gestione della segnalazione degli incidenti di sicurezza informatica a livello nazionale, 《网络安全事件报告管理办法》) and the "Clear and Bright: Rectifying the Problems of Maliciously Inciting Negative Emotions" special campaign (Chiaro e Luminoso: Rettificare i problemi di incitamento malevolo alle emozioni negative, 《清朗·整治恶意煽动负面情绪问题》专项行动), are not isolated events but rather key components of a broader geopolitical strategy. They reflect Beijing's understanding that cybersecurity is a crucial battlefield in great power competition, where national security is intrinsically linked to social stability and the ability to control the public narrative.

National Network Security Incident Reporting Management Measures

The "National Network Security Incident Reporting Management Measures," which came into effect on November 1, 2025, is a strategic move to standardize the reporting and management of cybersecurity incidents. The goal is to promptly contain losses and damages from such incidents and to safeguard national security. This initiative is a direct response to the increasingly complex and severe cybersecurity threats China faces.

A comprehensive reporting system is established based on the principles of "precise response and efficient resource management". The Measures implement requirements from China's Cybersecurity Law, Data Security Law, and Personal Information Protection Law⁶. They mandate that network operators, defined as network owners, managers, and service providers, must report any detected cybersecurity incidents. The severity of the incident is determined using the "Cybersecurity Incident Classification Guidelines" (《网络安全事件分级指南》), which categorize incidents into four levels: "Especially Major" (特别重大), "Major" (重大), "Larger" (较大), and "General" (一般).

The reporting procedures are tiered and time-sensitive:

• Critical Information Infrastructure Operators: Must report "especially serious or major" incidents to the protection department and public security organs within one hour⁹⁹⁹⁹⁹.

• Central and State Agency Operators: Must report incidents to their respective cybersecurity and informatization work agencies within two hours.

• Other Network Operators: Must report incidents to provincial cybersecurity and informatization departments within four hours.

The Measures also specify the required content for a report, which includes the basic details of the affected unit, the nature and severity of the incident, a preliminary analysis of the cause, and any measures taken. For ransomware attacks, key details such as the ransom amount and payment method must also be reported This detailed reporting mechanism provides regulatory bodies with comprehensive information to make informed decisions and prevent further damage.

"Clear and Bright: Rectifying the Problems of Maliciously Inciting Negative Emotions" Campaign

The "Clear and Bright" special campaign is a two-month operation targeting social media, short video, and live streaming platforms. This initiative, led by the CAC, aims to combat "maliciously inciting negative emotions" to create a more "civil and rational" online environment. However, a closer look at the campaign's focus areas reveals a clear intent to control and suppress any content that could lead to social instability or challenge the authority of the Chinese Communist Party (PCC).

The campaign focuses on four key problem areas:

1. Provoking extreme group conflicts: This includes targeting content that leverages topics to forcefully associate identities, regions, or genders, which can amplify intergroup conflicts. The campaign also targets fan groups and "young 'spraying' groups" that engage in malicious verbal attacks and organize mass complaints.

2. Promoting panic and anxiety: This area focuses on fabricating and spreading false information about disasters, accidents, or other emergencies. It also targets those who use "confidential information" or fake identities to spread rumors about the economy, finance, or public policy.

3. Inciting online violence and hostility: The campaign aims to remove content that glorifies violence, such as raw or gory footage, and to stop online brawls and malicious harassment.

4. Exaggerating negative and pessimistic emotions: This targets the promotion of absolutist and pessimistic sentiments, such as "working hard is useless" or "studying is pointless." It also aims to curb the malicious misinterpretation of social phenomena and the creation of popular memes or emoticons that exaggerate negative emotions.

This operation goes beyond simple content moderation. By targeting "negative emotions," the campaign seeks to control the psychological landscape of the internet, preventing discontent from spreading and consolidating into organized dissent. The broad definitions of what constitutes "negative emotions" give the government wide latitude to suppress any form of criticism or social commentary that falls outside the Party's approved narrative.

These initiatives are a clear manifestation of China's comprehensive approach to digital governance, which prioritizes national security and state control above all else.