China: Cyberspace Administration released guidelines on data outbound security management policy

On 9 April 2025, the Cyberspace Administration of China (CAC) released guidelines on data outbound security management policy. The release outlines the regulatory framework for cross-border data transfers, establishing that while general data faces no restrictions, important data and substantial personal information require security assessments before export. The guideline addresses negative list standardisation across free trade zones, criteria for identifying important data, cross-border transfer mechanisms for multinational corporations, and extension procedures for security assessment validity periods (now three years, increased from two). Statistical data indicates that 63.9% of important data items submitted for assessment received export approval by March 2025. The guideline confirms that foreign-invested enterprises may participate in technical standards development through established transparent procedures.