Compare with different regulatory event:

Description

Implemented CAC Measures for Security Assessment of Data Exports

On 1 September 2022, the "Measures for Security Assessment of Data Exports" by the Cyberspace Administration of China (CAC) are implemented. The Measures aim to enact provisions of the "Network Security Law", "Data Security Law", and "Personal Information Protection Law" to protect personal information, safeguard national security, and promote the free flow of cross-border data. Specifically, the Measures require a data transfer security assessment to be submitted to the CAC by processors which transfer certain amounts or types of data abroad. Furthermore, the Measures stipulate the conditions and process for the security assessment, starting with a self-assessment. The actual security assessment by the responsible department focuses on potential risks to national security, public interest, and individual rights as a result of the data export activities in question. The Measures also lay out the minimum conditions to be contained in the export agreement with the overseas recipient, including purpose, scope, location, and duration of data storage, as well as cybersecurity and remedial provisions.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cross-border data transfer regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
other regulatory body

Complete timeline of this policy change

Hide details
2021-10-29
in consultation

On 29 October 2021, the Cyberspace Administration of China (CAC) published and opened a consultatio…

2021-11-28
processing consultation

On 28 November 2021, the public consultation on the draft Measures for Security Assessment of Data …

2022-07-07
adopted

On 7 July 2022, the Cyberspace Administration of China (CAC) published the Measures for Security As…

2022-09-01
in force

On 1 September 2022, the "Measures for Security Assessment of Data Exports" by the Cyberspace Admin…