The Cyberspace Administration of China (CAC) has announced new regulation for data imports and exports. 

In its notice, the CAC has asked for public feedback on the drafted regulations. 

The draft regulations state that any data, including data which is generated in trade, academia and transnational manufacturing, that does not include personal data can be exported without the need for a security assessment. 

Personal data, which is not collected in China, does not need to pass a personal information protection certificate to be sent abroad. 

China’s free trade zone will have its own “negative list” of data which, if transported, would require security assessments to be completed and sent to China’s National Cybersecurity Affairs Commission for approval. 

In an email addressed to Reuters regarding the drafted amendments to China’s data export laws, the European Union Chamber of Commerce stated that the potential changes are a “signal” that China is listening to businesses after previous regulations and data security deadlines were considered unachievable. 

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

The same email also stated that the European Chamber intends to provide China feedback on its draft regulations. 

Whilst these drafted regulations could be seen as a positive for international business within China, balancing data privacy could be a concern as these regulations await clarification. 

Principle analyst at research firm, GlobalData, Steve Schuchart, recently wrote on the current state of cybersecurity. 

“The story of enterprises putting security first or emphasising security in their IT solutions is happening, and it’s happening now,” Schuchart wrote in an industry update on 27 September. 

Schuchart credits several recent high-profile break-ins, such as the Microsoft email hacks, as catalysts for increasing focus on cybersecurity and privacy. 

Because of this, Schuchart writes that vendors such as data centres will need to “change themselves organisationally” and reflect upon how they sell to customers.  

“At some organisations,” writes Schuchart, “security is so offset from other products and services, it ends up looking like getting pitched an extended warranty at the end of sale.” 

Whilst China’s new regulations may ease the flow of data in and out of the country, businesses will need to ensure that security remains a priority within the structure of their organisation. 

According to the CAC’s notice, the deadline for feedback on the drafted regulations is 15 October 2023.