China: Ministry of Industry and Information Technology closes consultation on Guidelines for the Security of Automobile Data Cross-Border Export

On 13 July 2025, the Ministry of Industry and Information Technology and eight other departments in China close their public consultation on the Guidelines for the Security of Automobile Data Cross-Border. The guidelines apply to automotive data processors, including manufacturers, suppliers, dealers, and service providers. They define cross-border transfer and outline compliance paths, including a mandatory security assessment for important data or large volumes of personal information (e.g., over one million individuals). They also outline alternative compliance mechanisms (standard contracts or certification) for non-critical infrastructure operators transferring smaller volumes, and exemptions. The exemptions apply to data collected overseas and processed without introducing Chinese personal information, necessary transfers for cross-border contacts, cross-border HR management for legal labour agreements, emergency transfers, and other situations. The guidelines also detail the security assessment process, standard contract requirements, certification, and technical safeguards like encryption, logging, and incident response.