Article 40 – Security Assessment for Cross-Border Transfers

Critical information infrastructure operators and the personal information handlers that handle personal information up to the amount prescribed by the national cyberspace department shall store domestically the personal information collected and generated within the territory of the People’s Republic of China. Where it is truly necessary to provide the information for a party outside the territory of the People’s Republic of China, the matter shall be subjected to security assessment organized by the national cyberspace department. Where laws, administrative regulations, or the provisions issued by the national cyberspace department provide that security assessment is not necessary, such provisions shall prevail.

Related provisions:

Relevant PIPL Compliance Documents
(Subscription Services Required)

For detailed information on XL Law Subscription content, click here or email