China: Adopted CAC Guidelines for the Declaration of Security Assessment of Data Transmission

On 22 March 2024, the Cyberspace Administration of China (CAC) adopted the Guidelines for the Declaration of Security Assessment of Data Transmission. The guidelines aim to clarify responsibilities outlined in the Measures for Security Assessment of Data Exports and the Regulations on Promoting and Standardising Cross-border Data Flows. They apply to situations where data processors provide data overseas, in particular when critical information infrastructure operators (CIIOs) or other data processors handle significant volumes of data abroad. Furthermore, the guidelines define data exports as instances where data collected domestically is transferred overseas, stored within China but accessible by overseas entities, or when domestic personal information overseas is processed in compliance with relevant laws. In addition, the guidelines provide a framework for applying for a data export security assessment.