China: Closed consultation on revised Security Certification Specifications for Cross-Border Processing of Personal Information

On 15 November 2022, the consultation period closed for the revised “Practice Guidelines for Cybersecurity Standards – Technical Specification for the Certification of Cross-Border Processing of Personal Information Activities”. The revised Guidelines implement China’s Personal Information Protection Law and set out basic security principles and legal requirements for cross-border transfers. The Guidelines apply to two types of cross-border transfers, internal cross-border transfers within one multinational company or one business entity, and cross-border transfers by non-Chinese business entities that process information of individuals in Chinese territory and that are subject to the extra-territorial jurisdiction of the Personal Information Protection Law. The Guidelines also establish the basic requirements for personal information protection certifications, which is a voluntary process but recommended by the authorities.