Compliance Briefing — China passes Data Security Law
China’s National People’s Congress adopted the Data Security Law on 10 June 2021, establishing data classification, localization, and export review obligations effective 1 September 2021.
The Standing Committee approved the Data Security Law on 10 June 2021, introducing national- and industry-level data classification, risk assessments for "important data", and export security reviews for transfers implicating national security. Penalties include fines, business suspension, and potential criminal liability for serious violations.
Security, privacy, and operations teams with China operations should inventory datasets for “core” and “important” designations, plan for localization and transfer assessments, and coordinate with counsel on overlaps with the Cybersecurity Law and upcoming Personal Information Protection Law enforcement.
Continue in the Compliance pillar
Return to the hub for curated research and deep-dive guides.
Latest guides
-
Third-Party Risk Oversight Playbook — Zeph Tech
Operationalize OCC, Federal Reserve, EBA, and MAS outsourcing expectations with lifecycle controls, continuous monitoring, and board reporting.
-
Compliance Operations Control Room — Zeph Tech
Implement cross-border compliance operations that satisfy Sarbanes-Oxley, DOJ guidance, EU DORA, and MAS TRM requirements with verifiable evidence flows.
-
SOX Modernization Control Playbook — Zeph Tech
Modernize Sarbanes-Oxley (SOX) compliance by aligning PCAOB AS 2201, SEC management guidance, and COSO 2013 controls with data-driven testing, automation, and board reporting.