The document, dated Monday but picked up by state media on Wednesday, strengthens user privacy protection from hackers and data resellers but simultaneously elevates the government's powers to access, obtain records and block dissemination of private information deemed illegal under Chinese law.
The law has been under discussion in China for months.
Citing the need "to safeguard national cyberspace sovereignty, security and development," the proposed legislation is a milestone in China's effort to bolster its network against threats to the country's stability.
It will also enable the government to better regulate the flow of information in China.
Earlier in July, China's largely rubber stamp parliament passed a sweeping national security law that tightened government control in politics, culture, the military, the economy, technology and the environment.
But cyber-security has been a particularly irksome area in relations with economic partners like the United States, which sees many recently proposed rules as burdensome or unfair to Silicon Valley firms.
Under the draft law, Internet service providers must store data collected within China on Chinese territory; data stored overseas for business purposes must be government-approved. Network equipment must also be approved under testing standards issued by China's cabinet.
The government also reiterated its long-standing objective of requiring Internet users to log in with their real names to services like messaging apps - though such drives have failed in the past.
The parliament said government agencies would issue additional guidelines for network security in "critical industries" such as telecoms, energy, transport, finance, national defence and military matters, government administration and other sensitive fields.
Parliament will take feedback on the proposed legislation until August 5.
© Thomson Reuters 2015