Cross-border investigations are rarely straightforward. Legal obligations vary by country, and cultural expectations can shape both access and cooperation. By the time counsel gets involved, the investigation is already...more
On December 29, 2025, the Cyberspace Administration of China ("CAC") officially released the Notice on the Filing of Compliance Audit Results for the Protection of Minors’ Personal Information ("Filing Notice")....more
On December 6 2025, the CAC released the draft Network Data Security Risk Assessment Measures (Draft for Comments) for public consultation. The measures aim to standardize network data security risk assessment activities,...more
On December 29, 2025, the Cyberspace Administration of China (CAC) issued the Announcement on the Reporting of Minors' Personal Information Protection Compliance Audit Status, which requires personal information handlers to...more
All data controllers processing personal data under the age of 14 (“minors“) must now submit an annual report to Chinese data regulator, the Cyberspace Administration of China (“CAC“). For 2025, the report must be submitted...more
This monthly report outlines key developments in China’s data protection sector for December. The following events merit special attention: On November 22, CAC and the MPS jointly released the Provisions on the Protection of...more
On 18 July 2025, the Cyberspace Administration of China (“CAC”) issued the Announcement on the Reporting of Personal Information Protection Officer Information (“CAC PIPO Reporting Announcement”), which launched a centralized...more
On September 9, 2025, Dior (Shanghai) Co., Ltd. (“Dior Shanghai”) was publicly sanctioned in China for unlawfully transferring personal information (“PI”) overseas. This marks the first administrative penalty in China for...more
On September 9, 2025, China announced the landmark administrative penalty against Dior (Shanghai) over unlawful cross-border transfers of personal information, with the primary violation being the failure to satisfy the...more
In a move to further bolster data privacy, China’s State Administration for Market Regulation and the Standardization Administration of China jointly issued a national standard, GB/T 45574-2025, Data Security Technology –...more
This monthly report outlines key developments in China’s data protection sector for August. The following events merit special attention: CAC Summons NVIDIA Over Cybersecurity Concerns Related to H20 Chip: On July 31, CAC...more
INTRODUCTION - Almost eight years after the Cybersecurity Law (“CSL”) came into force in the PRC in 2017, the Cyberspace Administration of China (“CAC”) issued draft amendments to the CSL (“2025 Draft Amendments”) on 28...more
In August 2024, China Judgements Online published a ruling issued by the Guangzhou Internet Court on September 8, 2023, in a case widely regarded as China’s first judicial decision addressing cross-border personal information...more
Chinese data regulators are intensifying their focus on the data protection compliance audit obligations under the Personal Information Protection Law (“PIPL“), with the release of the Administrative Measures for Personal...more
The Guangzhou Internet Court (the “Court”) recently issued its first judgment involving the cross-border transfer of personal data under the Personal Information Protection Law (“PIPL”).1 An international hotel group was...more
The Guangzhou Internet Court released the first ruling interpreting the requirements for cross-border transfer of personal information under the Personal Information Protection Law (PIPL). This case has significant...more
On September 30, 2024, China’s State Council released the Network Data Security Management Regulations, which will enter into force on January 1, 2025. The regulations apply to “electronic data processed and generated through...more
China published the finalized Regulation for the Administration of Network Data Security (Network Data Regulation) on September 30, 2024. This regulation was first released as a draft version dated November 2021. Throughout...more
The Personal Information Protection Law (“PIPL“) requires a data controller to conduct compliance audits of its personal data processing activities on a regular basis (“Self-supervision Audits“). Apart from such...more
The newly promulgated measures increase the threshold of data triggering security assessments and contract requirements while leaving room for Chinese authorities to heavily restrict cross-border data transfers. In...more
Multinational employers operating in China have been waiting since September 2023 for the Cyberspace Administration of China (CAC) to finalize proposed revisions to its complex and burdensome rules for cross-border data...more
Cross-border transfer of evidence in litigation or arbitration proceedings is no longer innocuous in today’s world, with countries frequently at odds with each other over data security regulations. This was unexpected a...more
Cross Border Transfers of Data. UK Data Transfers. The UK government has published a U.S. “adequacy decision” which permits U.S. organizations that have certified to the EU-US Data Privacy Framework (DPF) and UK Extension...more
China is seeking to take a significant step to relax the compliance burden on multinational corporations (MNCs) regarding data export from China by allowing: (i) certain routine data exports for daily business operation or...more
At the end of September 2023, the Cyberspace Administration of China (CAC) released draft regulations (see the unofficial English translation) regulating the cross-border flow of personal information and important data out of...more