South China Morning Post
Advertisement
Advertisement
Cybersecurity
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
China has eased some rules governing the international transfer of data. Photo: Shutterstock
China

China eases security checks for cross-border data transfers as it tries to boost economy

  • Various categories of outbound data will not have to be reviewed under rules that came into effect on Friday
  • The regulations are to promote the lawful, orderly, and free flow of data, cyberspace authority says
Cybersecurity
Sylvie Zhuang
Sylvie Zhuangin Beijing
Why you can trust SCMP
China has eased rules on cross-border data flows, carving out security review exemptions for some information leaving the country.
The exemptions address one of the big concerns of foreign businesses in China as Beijing struggles to revive its economy a year after it abandoned its pandemic restrictions.

Under the new rules, which came into effect on Friday, businesses do not have to submit information related to cross-border shopping, shipping, payments or visa processing to official security checks.

This also applies to data involved in opening bank accounts, booking flights and hotels, and testing services.

In addition, businesses will not have to have reviews for personal employee information sent overseas as part of collective contracts or labour rules.

But data will still have to go through a security assessment if it relates to critical information infrastructure, or if in one year the transfers amount to the non-sensitive personal information of more than a million people, or involve the “sensitive information” of more than 10,000 people.

The Cyberspace Administration of China said cross-border data flows were the foundation for global exchanges and the sharing of capital, information, technology, talent, goods and other resources.

“In order to promote the lawful, orderly, and free flow of data, unleash the value of data elements, [we should] expand high-level opening-up to the outside world, and optimise and adjust the data export system,” state news agency Xinhua quoted the administration as saying.

“Regulations concerning security assessments for data export, standard contracts for personal information export, and certification for personal information protection will be stipulated.”

“Adjustments have been made to optimise the system for outbound data.”

07:30

Why China is tightening control over cybersecurity

Why China is tightening control over cybersecurity
China proposed tough data security requirements in 2021 under its Security Assessment Measures on Cross-border Transfers of Data.
The measures came into effect the following year and ordered mandatory government reviews for most business data transfers.

The rules prompted widespread concern among foreign businesses about the cost and nature of compliance.

Draft exemptions, Regulations on Promoting and Regulating Cross-Border Data Flows, were proposed last year before being announced on Friday.

China to enforce strict new cross-border data transfer regulation from September

The relaxed data rules come as Beijing is in an all-out effort to revive foreign direct investment and boost its economy following a year of sluggish post-pandemic recovery.

Foreign direct investment in China declined 13.7 per cent in 2023 from the year before, reaching US$163.3 billion.

Chinese Premier Li Qiang highlighted the concern in his maiden government work report delivered to the annual legislative session earlier this month.

Vowing to open up further to foreign businesses, Li referred to barriers to such investment, including those relating to “cross-border data flow”.

Besides stringent rules in sharing data overseas, ambiguities in Beijing’s newly revamped anti-espionage law and guarding the state secrets law, both issued last year, have profoundly worried foreign business communities.

9