No. Sharing passwords in China violates multiple cybersecurity and data protection laws, with penalties under the 2022 Data Security Law and 2021 Personal Information Protection Law. The Cyberspace Administration of China (CAC) actively enforces these rules, particularly for unauthorized access to systems or data breaches. Corporate compliance teams must treat password sharing as a high-risk activity.
Key Regulations for Sharing Passwords in China
- 2022 Data Security Law (DSL): Prohibits unauthorized sharing of login credentials, classifying it as a data security breach under Article 27. Violations may trigger administrative fines up to ¥10 million or suspension of business operations.
- 2021 Personal Information Protection Law (PIPL): Imposes strict controls on credential sharing, as it often facilitates unauthorized access to personal data. Non-compliance risks fines up to 5% of annual revenue or ¥50 million.
- 2023 Cybersecurity Review Measures: Requires critical information infrastructure operators to implement strict access controls. Shared passwords undermine compliance, exposing entities to regulatory audits or forced rectification orders.
Enforcement has intensified ahead of the 2026 “Digital China” initiative, where the CAC and Ministry of Public Security prioritize cracking down on credential misuse. Corporate policies must explicitly ban password sharing, enforce multi-factor authentication, and document access logs to mitigate liability. Failure to comply risks not only fines but also reputational damage in a regulatory environment increasingly intolerant of lax security practices.