← Back to all briefings
Data Strategy 5 min read Published Updated Credibility 50/100

Data Strategy Briefing — June 10, 2021

China's Data Security Law established a tiered data-classification regime with localisation duties for critical data, compelling multinationals to inventory China operations ahead of the September 2021 effective date.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: The Standing Committee of the National People's Congress adopted the Data Security Law (DSL) on 10 June 2021, with enforcement beginning 1 September 2021. The DSL introduces national core data categories, security assessments for cross-border transfers, and localisation mandates for critical information infrastructure operators handling critical data.

Key localisation checkpoints

  • Data inventories. Classify datasets linked to China operations against DSL definitions for important and core data, capturing business ownership, storage locations, and processing purposes.
  • Cross-border assessments. Design review workflows to evaluate security, necessity, and legal basis before transmitting important data outside China, anticipating CAC security assessments.
  • Critical infrastructure scope. Determine whether Chinese subsidiaries qualify as critical information infrastructure operators and, if so, apply localisation and onshore backup requirements.

Operational priorities

  • Governance updates. Align internal data governance charters and incident response playbooks with DSL penalty structures and enforcement mechanisms.
  • Vendor management. Amend contracts with Chinese service providers to reflect DSL compliance clauses, inspection support, and security certification expectations.
  • Regulatory engagement. Establish channels with provincial regulators to monitor forthcoming implementing rules on sector-specific data catalogues.

Enablement moves

  • Integrate DSL requirements into enterprise risk registers alongside PIPL and Cybersecurity Law controls.
  • Stage tabletop exercises covering cross-border transfer approvals and breach notifications under the DSL regime.

Sources

Zeph Tech supports DSL readiness through China data mapping, localisation roadmaps, and cross-border transfer governance aligned to CAC expectations.

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Data Strategy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • Data localisation
  • China
  • Regulatory compliance
Back to curated briefings