Cross-border Data Transfer

Read the security assessment measures, standard contract measures, and 2024 data-flow provisions together with PIPL Article 38 and the core laws.

Open the source-reading guide

Network and Cybersecurity

Connect the Network Data Security Regulation, CII protection framework, and cybersecurity review measures with the DSL and CSL.

Open the Cybersecurity Law

Algorithm and AI Governance

Compare the source roles of the algorithm recommendation, deep synthesis, and generative-AI measures without treating them as interchangeable.

Start with algorithm recommendation rules
11 source-verified public records Each entry provides an unofficial reference summary and official source metadata. Draft and source-unverified records are excluded.
effective Administrative Regulation Source: Verified

Regulation on Network Data Security Management

网络数据安全管理条例

Authority
State Council
Publication
2024-09-24
Effective
2025-01-01
Translation
Not prepared
Audience
Network data processors and platform operators

This State Council regulation provides a broad governance framework for network data processing. It addresses processing duties, personal information protection, important data, cross-border data activity, platform responsibilities, and regulatory oversight.

Why it matters: The regulation connects themes found across the PIPL, DSL, and CSL and gives readers a consolidated source for understanding how network data governance fits across those laws.

Open public summary
effective Regulatory Measure Source: Verified

Measures for Security Assessment of Cross-border Data Transfer

数据出境安全评估办法

Authority
Cyberspace Administration of China
Publication
2022-07-07
Effective
2022-09-01
Translation
Not prepared
Audience
All industries

These CAC measures establish the public regulatory framework for security assessment of certain cross-border data transfers, including application materials, assessment factors, review stages, and validity concepts.

Why it matters: Security assessment is one of the central mechanisms in China's cross-border data transfer framework and must be read alongside the PIPL, DSL, and later data-flow provisions.

Open public summary
effective Regulatory Measure Source: Verified

Measures for the Standard Contract for Cross-border Transfer of Personal Information

个人信息出境标准合同办法

Authority
Cyberspace Administration of China
Publication
2023-02-22
Effective
2023-06-01
Translation
Not prepared
Audience
All industries

These CAC measures govern the China standard contract mechanism for certain cross-border transfers of personal information. They provide the regulatory context for the contract, filing concept, impact assessment relationship, and parties' responsibilities.

Why it matters: The standard contract is one of the conditions referenced by PIPL Article 38 and forms part of a wider source chain that includes the PIPL, CAC measures, official contract text, and later data-flow provisions.

Open public summary
effective Regulatory Provision Source: Verified

Provisions on Promoting and Regulating Cross-border Data Flows

促进和规范数据跨境流动规定

Authority
Cyberspace Administration of China
Publication
2024-03-22
Effective
2024-03-22
Translation
Not prepared
Audience
All industries

These 2024 CAC provisions adjust and clarify parts of the cross-border data transfer framework. They address specified transfer scenarios and interact with the earlier security assessment and standard contract measures.

Why it matters: The provisions are a key later source for understanding how China's cross-border data transfer framework developed after the earlier CAC measures.

Open public summary
effective Regulatory Provision Source: Verified

Provisions on the Administration of Algorithmic Recommendation for Internet Information Services

互联网信息服务算法推荐管理规定

Authority
Cyberspace Administration of China; Ministry of Industry and Information Technology; Ministry of Public Security; State Administration for Market Regulation
Publication
2021-12-31
Effective
2022-03-01
Translation
Not prepared
Audience
Internet information service providers

These provisions regulate algorithmic recommendation services used by internet information service providers. They cover service governance, user rights, transparency, content management, and filing-related regulatory concepts.

Why it matters: They are an early central source in China's algorithm governance framework and provide context for later deep-synthesis and generative-AI measures.

Open public summary
effective Regulatory Provision Source: Verified

Provisions on the Administration of Deep Synthesis Internet Information Services

互联网信息服务深度合成管理规定

Authority
Cyberspace Administration of China; Ministry of Industry and Information Technology; Ministry of Public Security
Publication
2022-11-25
Effective
2023-01-10
Translation
Not prepared
Audience
Deep synthesis service providers

These provisions govern deep-synthesis internet information services, including provider responsibilities, technical support roles, content governance, security management, and labeling concepts.

Why it matters: They form a major part of the public source chain for synthetic-content governance and connect algorithm regulation with later generative-AI rules.

Open public summary
effective Regulatory Measure Source: Verified

Interim Measures for the Management of Generative Artificial Intelligence Services

生成式人工智能服务管理暂行办法

Authority
Cyberspace Administration of China and six other authorities
Publication
2023-07-10
Effective
2023-08-15
Translation
Not prepared
Audience
Generative AI service providers

These interim measures regulate generative artificial intelligence services provided to the public in China. They address service-provider responsibilities, training data, generated content, user protection, and regulatory supervision.

Why it matters: They are a central public source for understanding China's generative-AI service framework and its relationship with data, personal information, and content governance.

Open public summary
effective Administrative Regulation Source: Verified

Regulation on Security Protection of Critical Information Infrastructure

关键信息基础设施安全保护条例

Authority
State Council
Publication
2021-08-17
Effective
2021-09-01
Translation
Review pending
Audience
CII operators and sector regulators

This State Council regulation develops the protection framework for critical information infrastructure, including identification, operator responsibilities, protection measures, and coordination among competent authorities.

Why it matters: It provides important implementing context for the CSL's critical information infrastructure framework and related cybersecurity review requirements.

Open public summary
effective Departmental Rule Source: Verified

Cybersecurity Review Measures

网络安全审查办法

Authority
Cyberspace Administration of China and twelve other authorities
Publication
2021-12-28
Effective
2022-02-15
Translation
Review pending
Audience
CII operators network platform operators and relevant procurement or listing scenarios

These measures establish the cybersecurity review framework for specified network products and services and certain data processing activities, with a focus on national security risks.

Why it matters: They connect cybersecurity, critical information infrastructure, supply-chain, data processing, and national security review concepts.

Open public summary
effective Regulatory Provision Source: Verified

Several Provisions on Automotive Data Security Management (Trial)

汽车数据安全管理若干规定(试行)

Authority
Cyberspace Administration of China; National Development and Reform Commission; Ministry of Industry and Information Technology; Ministry of Public Security; Ministry of Transport
Publication
2021-08-20
Effective
2021-10-01
Translation
Review pending
Audience
Automotive data processors

These provisions address automotive data processing, including personal information and important data generated or collected in automotive activities.

Why it matters: They illustrate how China's general data and personal information rules are supplemented by sector-specific requirements.

Open public summary
effective Regulatory Provision Source: Verified

Provisions on the Administration of Mobile Internet Application Information Services

移动互联网应用程序信息服务管理规定

Authority
Cyberspace Administration of China
Publication
2022-06-14
Effective
2022-08-01
Translation
Review pending
Audience
App providers and app distribution platforms

These provisions govern mobile internet application information services and address responsibilities of application providers and application distribution platforms.

Why it matters: They provide sector-specific context for app governance, personal information protection, content management, and platform responsibilities.

Open public summary