In September 2022, the Cyberspace Administration of China (the “CAC”) officially enacted the Measures on Security Assessment for the Cross-border Transfer of Data (the “Measures”). Under the Measures, an entity (the “data processor”) shall conduct a security assessment if its cross-border data transfer activities involves any of the following scenarios:Continue Reading Companies in Beijing are Submitting Application Materials Relating to the Security Assessment for Cross-border Data Transfer 

On September 28, 2023, the Cybersecurity Administration of China (the “CAC”) published a set of draft Provisions on Regulating and Promoting Cross-border Data Transfer (the “Draft Rules”) to solicit public comments. It has not been publicly announced when the Draft Rules will come into effect. Some legal practitioners speculate that they would take effect before the expiration of the grace period for filing the standard contracts as stipulated in Measures on the Standard Contract for Cross-Border Transfer of Personal Information[i]. However, these remain speculations and are not confirmed by the authorities in any official announcement.Continue Reading China Released Draft Rules Regulating and Promoting Cross-Border Data Transfer

On July 7, 2022, the Cyberspace Administration of China (“CAC”) released the Security Assessment Measures of Cross-border Data Transfer ( the “Measures”) which will be effective from September 1, 2022. Previously on October 29, 2021, CAC has published a draft version of such Measures for public comments (which we covered in this blog post: here). In this blog post, we will present the major differences between this final version of the Measures and the prior draft version.Continue Reading China Issues Security Assessment Measures of Data Cross-border Transfer

In a previous post, we blogged about certain proposed rules issued by China Securities Regulatory Commission (the “CSRC”) on December 24, 2021. The proposed rules consist of general management rules on offshore listings of onshore companies (the “Management Rules”), as well as implementation measures related to the filing of such offshore listings (the “Filing Measures”). Those proposed rules require onshore companies to file certain reports and information with the CSRC and other competent governmental authorities prior to seeking either direct or indirect offshore listings. By including “indirect” offshore listings in the proposed rules, CSRC intends to state that the filing requirements also apply to offshore companies which are controlled by domestic companies or beneficial owners through the “VIE control documents”, also named “red chip companies” by some.Continue Reading China Securities Regulatory Commission issued Proposed Provisions Related to Offshore Listing

Cyberspace Administration of China, Ministry of Industry and Information Technology, Ministry of Public Security, and State Administration for Market Regulation jointly promulgated, on December 31, 2021, the Provisions on Administration of Algorithmic Recommendation in the Internet Information Service (互联网信息服务算法推荐管理规定) (the “Provisions”), which became effective as of March 1, 2022.
Continue Reading Provisions on Administration of Algorithmic Recommendation Took Effect on March 1

On August 20, 2021, the Standing Committee of the National People’s Congress adopted the Personal Information Protection Law of the People’s Republic of China (the “Personal Information Protection Law”).  The Personal Information Protection Law will become effective on November 1, 2021, and will then, together with  the Cybersecurity Law of the People’s Republic of China (the “Cybersecurity Law”) and the Data Security Law of the People’s Republic of China (which will become effective on September 1, 2021, the “Data Security Law”), form the foundation of the data security legal regime of China.
Continue Reading Highlights of China’s Recently Adopted Personal Information Protection Law