Public ID: PID-BVPY4B
Restrictions on cross-border data transfer and data localisation in China
Trade barrier summary
China's Cybersecurity Law requires critical information infrastructure operators (CIIOs) to store personal information and important data collected or generated domestically in China, and cross-border data transfer is only allowed if such transfer is conducted on the ground of business necessity and has passed a cybersecurity assessment. The scope of CIIO and important data has not been clearly defined. For network operators (a wide-ranging term that applies to many businesses), there is no current requirement to localise data in China, although recent draft regulations have contained related provisions. Draft rules released in 2019 propose a requirement for network operators to perform a security assessment before transferring personal information overseas.
22 March 2019
18 December 2020