The enactment of China’s Cybersecurity Law (CSL), Data Security Law (DSL), and Personal Information Protection Law (PIPL, together with the CSL and the DSL, “Data Security Laws”) has significantly reshaped the landscape of...more
On March 22, 2024, the Cyberspace Administration of China (“CAC”) promulgated the final version of the Provisions on the Promotion and Regulation of Cross-Border Data Flows (the “Final Provisions”), bringing to conclusion the...more
3/27/2024
/ China ,
Compliance ,
Consultation ,
Corporate Counsel ,
Cybersecurity ,
Exemptions ,
Filing Requirements ,
Free Trade Zone ,
International Data Transfers ,
Multinationals ,
Personal Information ,
Security Risk Assessments ,
Standard Contractual Clauses ,
Threshold Requirements
The Cyberspace Administration of China (“CAC”) on September 28, 2023 issued the draft Provisions on the Regulation and Promotion of Cross-Border Data Flows (“draft Provisions”), just one year after China’s data export...more
10/13/2023
/ China ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
International Data Transfers ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Popular ,
Standard Contractual Clauses
The Cyberspace Administration of China (“CAC”) promulgated the Procedures for Administrative Law Enforcement by the Cyberspace Administration Departments (网信部门行政执法程序规定, “Enforcement Procedures”) on March 18, 2023, effective...more
The Cyberspace Administration of China (“CAC”) in a brief statement on March 31, 2023 stated that it has launched a cybersecurity review of Micron’s products sold in China pursuant to the National Security Law (2015),...more
On February 24, 2023, the Cyberspace Administration of China (“CAC”) officially promulgated the Standard Contract Measures for the Export of Personal Information (the “SCC Measures”), which will come into effect on June 1,...more
Article 38 of China’s Personal Information Protection Law (“PIPL”) enacted in 2021, which is more demanding than GDPR in Europe, provides three channels to conduct the outbound transfer or export of personal information...more
2/24/2023
/ Certification Requirements ,
China ,
Cybersecurity ,
Data Privacy ,
Data Processors ,
Data Security ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Standard Contractual Clauses
On December 16, 2022 – less than six months after the initial version (“V1.0”) was released in June 2022, and within six weeks after the draft revision was issued on November 8 – the National Information Security...more
Outbound Data Transfer Security Review Measures -
On July 7, 2022, the Cybersecurity Administration of China (“CAC”) issued the Outbound Data Transfer Security Assessment Measures (“Security Assessment Measures”) effective...more
7/27/2022
/ China ,
Contract Terms ,
Cybersecurity ,
Data Protection ,
Data Security ,
International Data Transfers ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Popular ,
Public Comment ,
Sensitive Personal Information ,
Standard Contractual Clauses
The Cyberspace Administration of China (“CAC”) on November 14, 2021 published the draft Regulations on the Administration of Network Data Security (“Draft Regulations”) for comment through December 13, 2021.1 The Draft...more
12/7/2021
/ China ,
Cybersecurity ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Extraterritoriality Rules ,
International Data Transfers ,
National Security ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Proposed Regulation ,
Regulatory Requirements
The Cyberspace Administration of China (“CAC”) on October 29, 2021 published the draft Measures on Security Assessment of Cross-Border Data Transfer (“Draft Measures”) for comment through November 28, 2021. The Draft Measures...more
11/3/2021
/ China ,
Cross-Border ,
Cybersecurity ,
Data Security ,
Data Transfers ,
International Data Transfers ,
Personal Information ,
PIPA ,
Popular ,
Proposed Regulation ,
Regulatory Authority
China’s State Council on August 17 released the Critical Information Infrastructure Security Protection Regulations (“Regulations”) effective September 1, a key administrative regulation in the implementation of the 2016...more
The Standing Committee of China's National People’s Congress (NPC) on June 10 enacted the Data Security Law (DSL) which will come into effect on September 1. The NPC reviewed two earlier drafts of the DSL in July 2020 and...more
6/16/2021
/ Blocking Statutes ,
China ,
Countermeasures ,
Cybersecurity ,
Data Security ,
Extraterritoriality Rules ,
International Data Transfers ,
Multinationals ,
National Security ,
New Legislation ,
Personal Information ,
Proposed Legislation
The Cyberspace Administration of China (CAC) on May 12 issued the Draft Provisions on the Management of Automobile Data Security (Draft Provisions) for public comment through June 11. The Draft Provisions aim to regulate the...more
On July 3, 2020, the Standing Committee of the National People’s Congress (NPC) published the draft Data Security Law (Draft Law) for public comment through August 16, 2020. The Draft Law constitutes a further step in the...more
On April 27, 2020, twelve Chinese government departments led by the Cyberspace Administration of China (CAC) jointly promulgated the Measures for Cybersecurity Review (the “Measures”) effective June 1, 2020 under the joint...more
The Cyberspace Administration of China (CAC) on June 13 published the draft Measures on Security Assessment of Personal Information (PI) Cross-Border Transfers (draft “Measures”) for comments due by July 13, apparently...more
The Chinese government has recently issued a flurry of regulations and standards, several in draft form for public comment, to implement the Cybersecurity Law. These mostly reflect a lengthy policy development process...more
6/4/2019
/ China ,
Cloud Computing ,
Comment Period ,
Controlled Foreign Corporations ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Financial Services Industry ,
Healthcare ,
Information Technology ,
New Regulations ,
Popular ,
Proposed Regulation
China has issued a new regulation which imposes potentially severe restrictions on the export of scientific data while at the same time calling for wider access to such data within the country.
The General Office of the...more
China has issued for public comment draft standard-like guidelines to govern cross-border data flows to further implement China's heightened concern over national security and cybersecurity, as embodied in the National...more
The Standing Committee of China's National People's Congress (NPC) adopted the country's Cybersecurity Law1 on November 7—the latest in a spate of national security-related measures targeting the ICT industry. Drafts of the...more