China: Requirements for submission of data security and personal information risk assessment reports under 2025 Internet of Vehicles action plan enters into force

Requirements for submission of data security and personal information risk assessment reports under 2025 Internet of Vehicles action plan enters into force

On 30 November 2025, enterprises covered by the 2025 Internet of Vehicles (IoV) action plan adopted by the Shanghai Municipal Communications Administration must submit two types of data protection assessments to the municipal authority. First, they …

Scope

Policy Area

Data governance

Policy Instrument

Data protection regulation

Regulated Economic Activity

cross-cutting

Implementation Level

subnational

Government Branch

executive

Government Body

other regulatory body

Complete timeline of this policy change

Hide details

2025-04-22

adopted

On 22 April 2025, the Shanghai Municipal Communications Administration adopted the “Shielding the C…

2025-07-31

in force

On 31 July 2025, enterprises subject to the 2025 Internet of Vehicles (IoV) action plan adopted by …

2025-11-30

in force

On 30 November 2025, enterprises covered by the 2025 Internet of Vehicles (IoV) action plan adopted…

Description

Requirements for submission of data security and personal information risk assessment reports under 2025 Internet of Vehicles action plan enters into force

Scope

Complete timeline of this policy change