Skip to main content

Legal Update

China Expands the Scope of the Data Localisation Requirement under its Cybersecurity Law

21 April 2017
Mayer Brown Legal Update
On 11 April 2017, the Cybersecurity Administration of China (CAC) released the draft Security Assessment Measures for Cross-Border Transfer of Personal Information and Important Data ("Draft Measures"). Draft measures and guidelines relating to the Cybersecurity Law (CSL) which was released in November last year, have been expected for a while. The hope has been that such guidelines and measures would shed light on the more opaque terms in the CSL and offer some clarity on the interpretation of broad definitions and concepts. The Draft Measures address the data localisation requirement but instead of narrowing down the concept, they appear to have further expanded the scope of this requirement, thus creating more uncertainty. The data localisation requirement was originally applicable to critical information infrastructures (CIIs) only. The Draft Measures indicate that it should cover both CIIs and network operators. If adopted, the Draft Measures will impose data localisation requirements on multinational companies (MNCs) which previously believed they were not CIIs thus not subject to these rules. The consultation period for the Draft Measures will end on 11 May, shortly before the 1 June effective date of the CSL.
The Build a Report feature requires the use of cookies to function properly. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently. If you do not accept cookies, this function will not work. For more information please see our Privacy Policy

You have no pages selected. Please select pages to email then resubmit.