On 20 August 2021 the Standing Committee of China’s National People’s Congress (SC-NPC, not the NPC itself) enacted the Personal Information Protection Law (PIPL), the culmination of over a decade of incremental legislative reform.(1) Businesses must adjust rapidly to the law’s starting date of 1 November 2021.

Since the first draft of the PIPL was released by the SC-NPC in October 2020, it has been revised in a succession of drafts. One purpose of this article is to detail these changes. The other purpose is to place the PIPL in the context of China’s near-complete cybersecurity laws, of which it is part.