China issues the Regulations on Network Data Security Management: What's important to know

On 30 Sept., the State Council of China released the Regulations on Network Data Security Management, following three years of discussions involving various stakeholders since the initial consultation draft was made public in 2021. The final version of the regulations will take effect 1 Jan. 2025.

The Data Security Regulations are a crucial set of national-level administrative rules to implement China's Cybersecurity Law, Data Security Law and Personal Information Protection Law. Compared to the 2021 draft, the final version provides much-needed clarity on certain pressing issues raised by businesses and introduces some relaxations to ease compliance costs and burdens. Key provisions of the regulations will have significant implications for multinational corporations operating in China.

Application scope

The Data Security Regulations apply to data handling activities within China and to certain activities outside China if: a foreign business collects personal data from China for selling products or services to the Chinese market; or for analyzing or tracking the behavior of individuals in China; or its data handling activities outside China pose a threat to national security, public interest or the legal rights of Chinese citizens or entities.

While extra-territorial application was already covered by laws like the PIPL, the Data Security Regulations make it clear that foreign data handlers must establish a designated organization or appoint a representative in China, with their names and contact information reported to the local Cyberspace Administration of China authority. This suggests China will likely intensify its scrutiny of data collection and processing activities conducted outside its borders.

Important data

As an essential set of regulations implementing the CSL, DSL and PIPL, the Data Security Regulations cover not only personal data but also nonpersonal data, such as business, financial and industry data.