Five Years of China’s Cybersecurity Law: Achievements, Challenges, and Ant Group’s Technical Innovations

On May 31, the China Cyberspace Security Association co‑hosted an online symposium to mark the fifth anniversary of the Cybersecurity Law, featuring speeches by senior officials, academicians, and representatives from leading internet firms such as Ant Group and 360.

Participants praised the law’s strategic role in establishing national cyberspace sovereignty and noted significant advances in legal‑driven security governance, specialized security campaigns, industry development, and talent cultivation, while also acknowledging rapid changes in the threat landscape.

Ant Group’s Vice President and Chief Security Officer Wei Tao described the company’s “strategic positioning, full‑staff participation, combat‑driven, technology‑breakthrough” approach, which embeds strict security policies, promotes innovative security and data protection technologies, and encourages open‑source collaboration.

The Ant security team introduced a next‑generation native security infrastructure called “Security Parallel Plane,” forming a multi‑layered defense architecture that decouples security capabilities from applications and infrastructure, improving response to incidents such as Log4j and Spring vulnerabilities.

In data security, Ant proposed a composite governance framework that integrates strategic, managerial, and technical measures—covering baseline setting, mindset operation, native implementation, metrics, traceability, red‑blue exercises, and certification—to achieve systematic, actionable, and long‑term data protection.

The company also unveiled next‑generation trusted privacy‑computing technologies, including “Trusted Confidential Computing” and the open‑source trusted execution environment Occlum, which combine hardware‑software trust guarantees with multi‑party computation to overcome performance, reliability, and cost limitations of traditional privacy‑preserving methods.

Ant Group announced the release of the “Security Parallel Plane Whitepaper” and the “Data Security Composite Governance Whitepaper” in partnership with national testing and information centers, and outlined plans to gradually open‑source its security platform and privacy‑computing framework “YinYu.”

Wei Tao further called for stronger multi‑party cooperation among banks, payment providers, telecom operators, device manufacturers, and internet platforms to combat cybercrime, balance personal privacy with security, and leverage privacy‑computing and blockchain technologies to curb fraudulent fund flows.