Provisions on Facilitating and Regulating Cross-border Data Flow
Effective
region
Promulgation 2024-03-22
date
Document Order of the Cyberspace Administration
number
of China No. 16
Effective
2024-03-22
date
Promulgator Cyberspace Administration of China
Effectiveness
Taxonomy
Industry
category
NATIONAL
Effective
Computer & Internet ( Science & Technology Law->Computer & Internet )
Software & Information Technology
Provisions on Facilitating and Regulating Cross-border Data Flow
Order of the Cyberspace Administration of China No. 16
March 22, 2024
The Provisions on Facilitating and Regulating Cross-border Data Flow, which have been deliberated and
adopted at the 26th executive meeting of the Cyberspace Administration of China in 2023 on November 28,
2023, are hereby promulgated and shall become effective from the date of promulgation.
Zhuang Rongwen, Director of the Cyberspace Administration of China
Provisions on Facilitating and Regulating Cross-border Data Flow
Article 1 These Provisions are formulated in accordance with the Cybersecurity Law of the People's Republic
of China, the Data Security Law of the People's Republic of China, the Personal Information Protection Law of
the People's Republic of China, and other laws and regulations for the implementation of relevant
cross-border data transfer systems, such as those for security assessment of outbound data transfer,
standard contract for outbound cross-border transfer of personal information, and personal information
protection certification, with a view to safeguarding data security, protecting the rights and interests in
personal information, and facilitating the lawful, orderly, and free flow of data.
Article 2 Data processors shall identify and declare important data pursuant to relevant regulations. If any
data is not announced or published by relevant department or locality as important data, data processors are
not required to apply for the security assessment for such data.
Article 3 For the outbound transfer of the data generated during international trade, cross-border
transportation, academic cooperation, and transnational production, manufacturing, and marketing
activities, the declaration for the security assessment of outbound data transfer (the "security assessment"),
the conclusion of a standard contract for outbound cross-border transfer of personal information (the
"standard contract"), and the personal information protection certification are exempted, provided that such
data does not include personal information or important data.
Article 4 For the outbound transfer of the personal information collected and generated overseas by data
1