Home / News / China Releases Regulations on Network Data Security...

China Releases Regulations on Network Data Security Management

On 30 September 2024, the State Council of China released the Regulations on Network Data Security Management (“Regulations”), which will come into effect on 1 January 2025.

1.      Background

The Regulations are the first administrative-level legal instrument in China following the establishment of the basic framework of China’s three fundamental laws in the field of data protection, i.e. the PRC Cybersecurity Law (“CSL”), the PRC Personal Information Protection Law (“PIPL”), and the PRC Data Security Law (“DSL”). After the release of the draft version for public comments in November 2021, following three years of anticipation, the Regulations have been finally published and will take effect on 1 January 2025.

The Regulations, overall, provide detailed stipulations of the three fundamental data laws, but many provisions have already been reflected and covered in previously issued laws, regulations, and national standards. Therefore, our article will focus on some new and key content from the perspective of company’s obligations.

2.      Scope of application

According to Article 2 of the Regulations, the Regulations apply to network data processing activities and their safety supervision and management within the territory of China. The activities processing personal information of Chinese natural persons, as well as the processing activities that would harm China’s national security, public interests, or the lawful rights and interests of citizens or organizations, carried out outside China, are also subject to the Regulations.

Based on the definitions in the Regulations, “network data” refers to “all kinds of electronic data processed and created through networks”, which theoretically excludes any data processed by physical means, such as on paper. The term “network data processor”1 refers to “a person or organization that decides on its own purpose and processing method in network data processing activities”.

Therefore, considering the widespread use of network processing data and the growing degree of digitization, most companies are subject to the Regulations and should attach importance to the Regulations.

Please click here to read the full newsletter.

1 The companies mentioned below are all referred to as network data processors.

Authors

Portrait ofPanpan Tang
Panpan Tang
Senior Associate
Shanghai
Portrait ofDaisy Lv
Daisy Lv
Junior Associate
Shanghai