Critical information infrastructure operators and the personal information handlers that handle personal information up to the amount prescribed by the national cyberspace department shall store domestically the personal information collected and generated within the territory of the People’s Republic of China. Where it is truly necessary to provide the information for a party outside the territory of the People’s Republic of China, the matter shall be subjected to security assessment organized by the national cyberspace department. Where laws, administrative regulations, or the provisions issued by the national cyberspace department provide that security assessment is not necessary, such provisions shall prevail.
Related provisions:
Relevant PIPL Compliance Documents
(Subscription Services Required)
- 2021 Outbound Data Transfer Security Assessment Measures
- 2022 Guidelines for Application of Data Exit Security Evaluation (First Edition)
- 2023 Measures for the Standard Contract for the Outbound Transfer of Personal Information
- 2023 PIPL SCC Filing Guidelines
- 2017 IT Guidelines for Cross-border Data Transfer
- 2017 Cybersecurity Law
For detailed information on XL Law Subscription content, click here or email subscriptions@xllawconsulting.com.