China: People's Bank of China adopted Measures for the Administration of Data Security in the Business Field including data localisation requirements

On 1 May 2025, the People's Bank of China adopted the Measures for the Administration of Data Security in the Business Field, formalising data security obligations for financial institutions and other authorised entities operating under its jurisdiction. The Measures outline data security obligations for entities processing personal data within the business domain of the PBC, limited to operations conducted exclusively within China. The Measures specify that the entities are required to store the data within the country if collected and produced in accordance with the requirements of laws and administrative regulations.