On March 22, 2024, the Cyberspace Administration of China (CAC) published the Provisions on Promoting and Regulating Cross-border Data Flows to support the implementation of the Cybersecurity Law, Digital Security Law, and Personal Information Protection Law (PIPL).
Taking effect immediately, this new policy addresses some of the key concerns on transferring data abroad that multinational corporations had raised during the public comment solicitation. It also provides six scenarios where data processors can be exempted from the stringent assessment and certification requirements, including data generated and collected in international trade or academic cooperation, and personal information in cross-border human resources management or emergency situations. It is expected to reduce the compliance burden on companies and impose less regulatory control on the cross-border transfer of non-sensitive and non-important data and personal information.
To assist members in understanding the provisions, ANSI has developed an analysis that highlights several items related to standards and conformity assessment. ANSI members can access the analysis, as well as an English translation of the text and other useful resources, here with login credentials.