The Cyberspace Administration of China (CAC) released an important Q&A on cross-border data transfer requirements and policies in early April, providing clarification on a number of issues of concern to companies in China....more
4/22/2025
/ China ,
Cross-Border ,
Data Security ,
Data Transfers ,
International Data Transfers ,
National Security ,
New Guidance ,
Personal Data ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Standard Contractual Clauses
On 14 March 2025, the Measures for the Labelling of Artificial Intelligence-Generated and Synthetic Content (Measures) was jointly released by four Chinese government agencies, namely the Cyberspace Administration of China,...more
Recently, the Cyberspace Administration of China (CAC), which is the primary data regulator in China, published a newsletter about the government authorities’ enforcement of Apps and websites that violated personal data...more
Chinese data regulators are intensifying their focus on the data protection compliance audit obligations under the Personal Information Protection Law (“PIPL“), with the release of the Administrative Measures for Personal...more
2/20/2025
/ China ,
Compliance ,
Data Privacy ,
Data Protection ,
Incident Response Plans ,
Personal Data ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management
On 3 January 2025, the Cyberspace Administration of China (“CAC“) released for public consultation the draft Measures for Certification of Personal Information Protection for Cross-Border Transfer of Personal Information...more
Additional and clarified data compliance obligations will soon come into force under the long-awaited Network Data Security Management Regulation (“Regulation“), which was released on 30 September 2024. The Regulation is...more
We previously wrote about proposed changes to the definition of sensitive personal information under a June 2024 draft of the Guide for Sensitive Personal Information Identification (“Guide“). The Guide has now (September...more
On September 9, 2024, China’s National Technical Committee 260 on Cybersecurity released the first version of its AI Safety Governance Framework (the Framework), which was formulated to implement the Global AI Governance...more
9/13/2024
/ Artificial Intelligence ,
China ,
Cybersecurity ,
Data Collection ,
Ethics ,
Innovative Technology ,
Machine Learning ,
Regulatory Oversight ,
Risk Assessment ,
Risk Mitigation ,
Technology Sector ,
Transparency
The Personal Information Protection Law (“PIPL“) requires a data controller to conduct compliance audits of its personal data processing activities on a regular basis (“Self-supervision Audits“). Apart from such...more
9/3/2024
/ Audits ,
China ,
Compliance ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
International Data Transfers ,
Personal Data ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Regulatory Requirements
While the definition of sensitive personal information in China has always been different to other jurisdictions, with a focus on risk of harm at its heart, new draft guidance should make it easier for organisations to map...more