What Is Cross-border Data Transfer Under China Data Law?

Key Takeaways

• China uses multiple mechanisms for cross-border data transfer, including security assessment, standard contract, and certification.
• The correct statutory translation for 数据出境 on this site is cross-border data transfer.
• Requirements depend on data type, transfer volume, recipient, sector, and whether the transfer falls within regulatory exemptions.

Cross-border data transfer refers to the provision or transfer of data collected or generated in China to an overseas recipient. It is not a single compliance step. It is a regulatory topic that can involve the PIPL, DSL, CSL, CAC measures, sectoral rules, and company-specific facts.

For personal information, the PIPL sets conditions for providing personal information outside China. Depending on the scenario, a personal information processor may need to pass a CAC security assessment, sign and file a standard contract, obtain personal information protection certification, or meet another statutory condition.

For important data, the analysis may differ because data classification, sectoral catalogues, and important data identification rules can affect whether a security assessment is triggered.

Plain English explanation should be kept separate from legal translation. The statutory text controls, and the Chinese text shall prevail.

Practical Reading Order

1. Identify whether the data includes personal information, sensitive personal information, important data, or other regulated data.
2. Identify the recipient, transfer purpose, processing volume, and transfer route.
3. Check whether the activity falls under CAC assessment, standard contract, certification, or an exemption.
4. Document notification, consent, separate consent, impact assessment, and recipient obligations where applicable.

Source Links

• Provisions on Promoting and Regulating Cross-border Data Flows: https://www.gov.cn/gongbao/2024/issue_11366/202405/content_6954192.html
• Measures for Security Assessment of Cross-border Data Transfer: https://www.gov.cn/gongbao/content/2022/content_5707283.htm
• PIPL: https://www.cac.gov.cn/2021-08/20/c_1631050028355286.htm