China: Consultation opened on updated Measures for the Administration of Data Security in the Field of Industry and Information Technology including cybersecurity measures

On 10 February 2022, the Ministry of Industry and Information Technology of China (MIIT) opened a public consultation on the updated version of the "Measures for the Administration of Data Security in the Field of Industry and Information Technology" until 21 February 2022. The document updates the requirements regarding data management and provides a review process for cross-border data transfers. The measures outline different requirements depending on the type of data, classifying it in “general data” and “important data”. Data on Chinese politics, military, economy, nuclear security, and artificial intelligence among others, is considered to be related to national security and is classified as “important data”. With regards to “important data”, companies must conduct a risk assessment and request approval from the MIIT before such data is shared with foreign national regulatory agencies. Furthermore, the measures require data administrators to notify the agency within three months if there are 30% or more changes with regards to the category of “important data”. Finally, the measures require companies to appoint a representative responsible for data security.