Cyberspace Administration of China Issues Rules for Offshore Data Transfer


The Cyberspace Administration of China (CAC) has issued a new set of regulations governing the offshore transfer and handling of data collected and generated domestically.

On 7 July CAC issued the “Offshore Data Transfer Security Assessment Measures” (数据出境安全评估办法), which are scheduled to come into effect on 1 September 2022.

CAC officials said that the goal of the Measures is to advance implementation of the “Internet Security Law” (网络安全法), the “Data Security Law” (数据安全法), and the “Personal Information Protection Law” (个人信息保护法), as well as standardise activities involving the offshore transfer of data.

CAC also hopes to “protect personal information rights and interests, uphold national security and the common interests of society, and expedite the free flows and cross-border security of data.”

The Measures stipulate that they are applicable whenever “data processors provide important data or personal information collected or generated domestically to offshore [parties].”