China’s cybersecurity regulator Friday issued a set of rules governing cross-border data transfer, easing some requirements to address a key concern of foreign businesses, reports Caixin. The rules relaxed curbs on outbound data flow and narrowed the scope of information that requires security review. They also clarified how security evaluation and filing for data export will be implemented, according to the Cyberspace Administration of China (CAC).
The changes take effect immediately and are designed to facilitate cross-border data flow and reduce compliance costs for businesses, while at the same time ensuring national data security and promoting greater openness to international engagement, said the CAC.
China has built up a regulatory framework to govern data export since 2021 under the Cybersecurity Law, Data Security Law, the Personal Information Protection Law and related industry regulations.