Skip to content

China consults on security assessments for cross-border transfer of data

Related people
Ho Victor
Victor Ho

Registered Foreign Lawyer, Cal

Hong Kong

View profile →

Jiang Jane
Jane Jiang

Partner

Shanghai

View profile →

Ng Susana
Susana Ng

Of Counsel

Hong Kong

View profile →

Richard Wagner

Registered Foreign Lawyer, WI

Hong Kong

View profile →

Eugene Chen

Registered Foreign Lawyer

Hong Kong

View profile →

03 November 2021

On October 29, 2021, the Cyberspace Administration of China (CAC) issued draft Measures on Security Assessments for the Cross-border Transfer of Data (a consultation draft for public comment) (Draft Measures).

These are designed to address the situation where there is a need for the transfer of data outside Mainland China primarily in connection with day-to-day business activities. Notably, the measures do not directly address the issue of cross-border data export in connection with overseas proceedings or investigations, or with the provisions in the PRC Data Security Law (DSL) (Article 36) and Personal Information Protection Law (PIPL) (Article 41), which has been getting a lot of attention from commentators.

The Draft Measures should be read in conjunction with the PRC Cybersecurity Law (CSL), the DSL and the PIPL. Terms used in these laws, notably the concepts of Important Data and Personal Information, are also used in the Draft Measures. The consultation period will last until November 28, 2021.