As 2025 comes to a close, China’s personal information protection enforcement continues to demonstrate sustained intensity and increasing sophistication. Regulatory activity over the past year confirms that personal data protection compliance has become a long-term supervisory priority, characterized by frequent enforcement actions, expanding coverage, and closer scrutiny of actual implementation. In March 2025, the Cyberspace […]
Cyberspace Administration of China
China‘s Latest Updates on PIPL and Clarifications on Sensitive Personal Information
Different legislative updates were recorded in China in the last couple of months. These concern several topics related to data protection and data security, such as the definition of sensitive personal information, appointment obligations and registration of a Data Protection Officer (DPO), reporting measures in case of data security incidents for financial services and the […]
Understanding China’s new Measures for the Certification of Personal Information Protection for Overseas Transfers
The Personal Information Protection Law and the Network Data Security Management Regulation, among other laws and regulations, stipulate the methods for transferring personal information overseas, including: a data transfer security assessment, a standard contract, and certification. Additionally, other conditions may permit the personal information overseas transfer. Recently, the Cyberspace Administration of China (“CAC”) released the […]
A new Regulation facilitates cross-border data transfers from China to a third country
China’s cross-border data transfer regulations have been relaxed for the first time after the country issued a series of cybersecurity and personal data protection laws that imposed strict conditions on cross-border data transfers, raising concerns among companies doing business in China and abroad. On 23 March 2024, the Cyberspace Administration of China („CAC“), China’s central […]
New regime for data transfers from China to third countries
February 2023 was a busy month for China’s data protection regulator and supervisory authority – the Cyberspace Administration of China (CAC). This month marks the end of the six-month grace period for the Regulation of Security Assessment for Outbound Data Transfer (hereinafter referred to as the “Regulation”). With the Regulation now fully in force, companies […]