Critical information infrastructure operators and the personal information handlers that handle personal information up to the amount prescribed by the national cyberspace department shall store domestically the personal information collected and generated within the territory of the People’s Republic of China. Where it is truly necessary to provide the information for a party outside the territory of the People’s Republic of China, the matter shall be subjected to security assessment organized by the national cyberspace department. Where laws, administrative regulations, or the provisions issued by the national cyberspace department provide that security assessment is not necessary, such provisions shall prevail.
Relevant PIPL Compliance Documents
(Subscription Services Required)
- 2021 Outbound Data Transfer Security Assessment Measures
- 2022 Guidelines for Application of Data Exit Security Evaluation (First Edition)
- 2017 IT Guidelines for Cross-border Data Transfer