BEIJING—China’s government has approved a broad new cybersecurity law aimed at tightening and centralizing state control over information flows and technology equipment, raising concerns among foreign companies operating in the country.

The law, passed by the standing committee of China’s rubber-stamp parliament and made public on Monday, says agencies and enterprises must improve their ability to defend against network intrusions while demanding security reviews for equipment and data in strategic sectors. The law also makes censorship a matter of cybersecurity, threatening to punish companies that allow unapproved information to circulate online.

It further requires network operators to provide “technical support” to authorities for national security and criminal investigations.

The law drew criticism from foreign business groups due to the expansive list of sectors that are defined as part of China’s “critical information infrastructure,” making sectors including telecommunications, energy, transportation, information services and finance subject to security checks. China’s lawmakers described the law as necessary to bolster its data security at a time of multiplying threats.

A spokesman for the Cybersecurity Administration of China at a press conference Monday dismissed concerns among foreign companies that Chinese demands for “secure and reliable” or “secure and controllable” technologies could exclude their products.