With its Measures on Security Assessment of Cross-border Data Transfer (hereinafter referred to as the Measures) officially promulgated and coming into force on September 1, 2022, China is looking forward to bring highlights to the earlier draft for comment with a series of implementing amendments.  

The Measures stipulates in its twenty articles the scope, conditions and procedures of security assessment for cross-border data transfer under the specific guidelines. The Measures clarifies its application to the security assessment of data processors providing important data and personal information collected and generated during operations within the territory of the People's Republic of China, and that data outbound activities mainly include: (1) data processors store the data collected and generated in domestic operations abroad, and (2) data collected and generated by data processors are stored in China, which can be accessed or called by overseas institutions, organizations or individuals; the Measures also puts forward the specific requirements of the security assessment, stipulating that data processors should carry out self-evaluation before carrying out security assessment, and also clarifies key items for the assessment.