CHINA
Since June 2021, entry into force in September 2021
Pillar Cross-border data policies |
Sub-pillar Ban to transfer and local processing requirement
Data Security Law of the People’s Republic of China (中华人民共和国数据安全法)
Art. 31 of the Data Security Law provides that the security administration of the cross-border transfer of important data collected and generated by critical information infrastructure operators during their operation in China shall be subject to the provisions of the Cybersecurity Law of the People's Republic of China; the administrative measures for the cross-border transfer of important data collected and generated by other data processors during their operation in China shall be formulated by the national cyberspace administration authority in collabouration with relevant departments of the State Council. In addition, Art. 36 stipulates that the competent authority of China shall process the request for providing any data from a foreign judicial body and law enforcement body in accordance with relevant laws and the international treaty or agreement which China has concluded or acceded to, or under the principle of equality and mutual benefit. Any organization or individual within the territory of China shall not provide any foreign judicial body or law enforcement body with any data stored within the territory of the People's Republic of China without the approval of the competent authority of China.
Coverage Horizontal
Sources
- https://web.archive.org/web/20231205204532/https://www.gov.cn/xinwen/2021-06/11/content_5616919.htm
- https://web.archive.org/web/20231212133950/https://digichina.stanford.edu/work/translation-data-security-law-of-the-peoples-republic-of-china/
- https://web.archive.org/web/20240414062320/https://www.lexology.com/library/detail.aspx?g=70ecc077-0b68-4f67-834d-58005716c9c4
- https://web.archive.org/web/20241202145408/https://www.oecd-ilibrary.org/docserver/179f718a-en.pdf?expires=1733152121&id=id&accname=guest&checksum=22F74D818E506CC25978C57894F76298
- Show more...
CHINA
Since August 2016
Pillar Cross-border data policies |
Sub-pillar Ban to transfer and local processing requirement
Provisional Measures for Administration of Business Activities of Internet Lending Information Intermediaries (网络借贷信息中介机构业务活动管理暂行办法)
According to Art. 27 of the Provisional Measures for Administration of Business Activities of Internet Lending Information Intermediaries, the lender and borrower information collected within China shall be stored, processed, and analysed in China. Unless otherwise provided by laws and regulations, online lending information intermediaries shall not provide information on domestic lenders and borrowers overseas.
Coverage Online lending information intermediaries
CHINA
Since January 2013
Pillar Cross-border data policies |
Sub-pillar Ban to transfer and local processing requirement
Regulation on the Administration of Credit Investigation Industry (征信业管理条例)
According to Art. 24 of the Regulation on the Administration of Credit Investigation Industry, credit reporting agencies must organise, preserve, and process consumer or commercial data within China.
Coverage Credit reporting agencies
Sources
- https://web.archive.org/web/20230312014445/http://www.gov.cn/zwgk/2013-01/29/content_2322231.htm
- https://web.archive.org/web/20231028144242/https://itif.org/publications/2021/07/19/how-barriers-cross-border-data-flows-are-spreading-globally-what-they-cost/
- https://www.dataguidance.com/notes/china-data-transfers
- https://web.archive.org/web/20241009022229/http://www.pbc.gov.cn/english/130733/3858830/index.html
- Show more...
CHINA
Since May 2019, entry into force in July 2019
Since June 2023, entry into force in July 2023
Since June 2023, entry into force in July 2023
Pillar Cross-border data policies |
Sub-pillar Ban to transfer and local processing requirement
P.R.C Regulation on the Management of Human Genetic Resources (中华人民共和国人类遗传资源管理条例)
Implementation Rules for the Regulations on the Management of Human Genetic Resources (人类遗传资源管理条例实施细则)
Implementation Rules for the Regulations on the Management of Human Genetic Resources (人类遗传资源管理条例实施细则)
According to the Regulation on the Management of Human Genetic Resources, the export of human genetic resources information from China is prohibited unless explicitly approved in accordance with this Regulation. Under Arts. 7, 8, 9, and 10, the provision of human genetic resources to foreign entities must comply with ethical principles, undergo corresponding ethical reviews, and meet the technical standards established by the scientific administrative departments of the State Council. Such actions must not compromise public health, national security, or public interests. The sale of human genetic resources is strictly forbidden. Foreign organisations and individuals, as well as entities directly controlled by them, are prohibited from transferring China’s human genetic resources abroad.
Art. 28 stipulates that, in addition to a record filing, any provision of data to foreign parties or the permission for its use by foreign parties requires submission of a copy of the relevant data to the Office of Human Genetic Resource Administration within the Ministry of Science and Technology. A “security assessment” may also be required if the provision or use of such data could potentially affect China's public health, national security, or public interest. Art. 37 of the Implementation Rules details the categories of human genetic resources information that must undergo a national security review before being transferred or made accessible to foreign parties. Particular attention must be given to the export of genetic resources information, including that related to significant genetic families or populations from specific geographic regions, or exome sequencing and genome sequencing data involving more than 500 human subjects.
Art. 28 stipulates that, in addition to a record filing, any provision of data to foreign parties or the permission for its use by foreign parties requires submission of a copy of the relevant data to the Office of Human Genetic Resource Administration within the Ministry of Science and Technology. A “security assessment” may also be required if the provision or use of such data could potentially affect China's public health, national security, or public interest. Art. 37 of the Implementation Rules details the categories of human genetic resources information that must undergo a national security review before being transferred or made accessible to foreign parties. Particular attention must be given to the export of genetic resources information, including that related to significant genetic families or populations from specific geographic regions, or exome sequencing and genome sequencing data involving more than 500 human subjects.
Coverage Horizontal
Sources
- https://web.archive.org/web/20230315001241/https://www.gov.cn/zhengce/content/2019-06/10/content_5398829.htm
- https://web.archive.org/web/20231003231012/https://www.chinalawtranslate.com/en/p-r-c-regulation-on-the-management-of-human-genetic-resources/
- https://web.archive.org/web/20230827000427/https://www.most.gov.cn/xxgk/xinxifenlei/fdzdgknr/fgzc/bmgz/202306/t20230601_186416.html
- https://web.archive.org/web/20240506151618/https://www.chinalawtranslate.com/en/Implementation-Rules-for-the-Regulations-on-the-Management-of-Human-Genetic-Resources/
- https://www.dataguidance.com/notes/china-data-transfers
- https://www.lexology.com/library/detail.aspx?g=5a4e9c9a-789a-4a6c-9daa-96bd74d0dc84
- https://web.archive.org/web/20240525172404/https://www.cov.com/-/media/files/corporate/publications/2019/06/key_takeaways_from_chinas_regulation_on_the_administration_of_human_genetic_resources.pdf
- https://web.archive.org/web/20240309222447/http://english.www.gov.cn/policies/latest_releases/2019/06/10/content_281476708945462.htm
- Show more...
CHINA
Since April 2010, entry into force in October 2010
Since September 1988, entry into force in May 1989, until 2010
Since September 1988, entry into force in May 1989, until 2010
Pillar Cross-border data policies |
Sub-pillar Ban to transfer and local processing requirement
Law of the People's Republic of China on Guarding State Secrets - Order of the President of the People's Republic of China No. 28 (中华人民共和国保守国家秘密法 - 中华人民共和国主席令. 第二十八 号)
Law of the People's Republic of China on Guarding State Secrets - Order of the President of the People's Republic of China No. 6 (中华人民共和国保守国家秘密法 - 中华人民共和国主席令 第六号)
Law of the People's Republic of China on Guarding State Secrets - Order of the President of the People's Republic of China No. 6 (中华人民共和国保守国家秘密法 - 中华人民共和国主席令 第六号)
Art. 25 of the Law on Guarding State Secrets prohibits the export of carriers containing state secrets. According to Art. 17, such carriers include paper, optical, and electromagnetic media that bear state secrets. This law revises legislation of the same name from 1988, in which Art. 26 prohibited the cross-border transfer of any data containing state secrets.
Coverage Horizontal
Sources
- https://web.archive.org/web/20231208103925/https://www.gov.cn/flfg/2010-04/30/content_1596420.htm
- https://web.archive.org/web/20230322131955/http://www.lawinfochina.com/display.aspx?lib=law&id=1191
- https://www.dataguidance.com/advisories/data-transfers
- https://web.archive.org/web/20231028144242/https://itif.org/publications/2021/07/19/how-barriers-cross-border-data-flows-are-spreading-globally-what-they-cost/
- Show more...
CHINA
Since August 2021, entry into force in October 2021
Pillar Cross-border data policies |
Sub-pillar Ban to transfer and local processing requirement
Provisions on Management of Automotive Data Security (Trial) (汽车数据安全管理若干规定(试行))
According to Arts. 11 and 12 of the Provisions on Management of Automotive Data Security (Trial), important data must be stored domestically in compliance with legal requirements. If cross-border data transfer is necessary, security assessments must be conducted in coordination with the Cyberspace Administration of China and other relevant governmental authorities. Furthermore, the Management Provisions stipulate that vehicle data processors who provide important data to foreign entities must adhere strictly to the purpose, scope, method, type, and scale of data as specified in the security assessment. Data categorized as important includes video and image data captured outside of vehicles that contain facial information and personal information pertaining to 100,000 or more identified or identifiable vehicle owners, drivers, passengers, and individuals outside the vehicles.
Coverage Automotive sector
Sources
CHINA
Since July 2016, entry into force in November 2016, last amended in November 2022
Pillar Cross-border data policies |
Sub-pillar Infrastructure requirement
Interim Measures for the Administration of Online Taxi Booking Business Operations and Services (网络预约出租汽车经营服务管理暂行办法)
Art. 5 of the Interim Measures mandates that online taxi reservation platforms must maintain their servers within the territorial boundaries of China.
Coverage Online taxi reservation platforms
Sources
- https://web.archive.org/web/20230515080417/https://www.gov.cn/zhengce/2022-12/06/content_5730384.htm
- http://lawinfochina.com/display.aspx?id=32714&lib=law&EncodingName=big5
- https://web.archive.org/web/20241202143618/https://uk.practicallaw.thomsonreuters.com/6-631-7405?transitionType=Default&contextData=(sc.Default)&firstPage=true
- https://web.archive.org/web/20241202143045/https://digitalpolicyalert.org/event/12163-adopted-interim-measures-for-administration-of-online-taxi-booking-business-operations-including-data-localisation...
- Show more...
CHINA
Since August 2017
Pillar Cross-border data policies |
Sub-pillar Infrastructure requirement
Guiding Opinions on Encouraging and Regulating the Development of Internet Rental Bicycles (交通运输部等10部门关于鼓励和规范互联网 租赁自行车发展的指导意见)
According to Section 13 of the Guiding Opinions on Encouraging and Regulating the Development of Internet Rental Bicycles, companies offering internet-based bicycle rental services are required to establish domestic servers and store operational data collected within China.
Coverage Internet rental bicycle services
Sources
- https://web.archive.org/web/20220819131018/http://www.gov.cn/xinwen/2017-08/03/content_5215640.htm
- https://web.archive.org/web/20241202143415/https://digitalpolicyalert.org/event/12168-adopted-guiding-opinions-on-encouraging-and-regulating-the-development-of-internet-rental-bicycles
- https://web.archive.org/web/20231204231748/https://ecipe.org/blog/didi-what-brussels-learns-from-chinas-crackdown-on-ride-hailing-apps/#_ftn30
- Show more...
CHINA
Since February 2016
Pillar Cross-border data policies |
Sub-pillar Infrastructure requirement
Online Publishing Service Management Rules (网络出版服务管理规定)
Arts. 8 and 9 of the Online Publishing Service Management Rules mandate that the servers and storage equipment of online publishers must be situated within the borders of China.
Coverage Online publishers
Sources
- https://web.archive.org/web/20230419080201/http://www.gov.cn/zhengce/2022-11/09/content_5724634.htm
- https://web.archive.org/web/20231128184822/https://digichina.stanford.edu/work/online-publishing-service-management-rules/
- https://web.archive.org/web/20210410200350/https://www.lexology.com/library/detail.aspx?g=ae42b04f-2289-44ac-8b07-1f3ec03bc1aa
- Show more...
CHINA
Since June 2021
Pillar Intellectual Property Rights (IPRs) |
Sub-pillar Practical or legal restrictions related to the application process for patents
Patent Law of the People's Republic of China (Amended in 2020) (中华人民共和国专利法 (2020年修订))
Art. 18 of the amended Chinese Patent Law establishes that non-resident foreigners or organisations without business establishments in China shall entrust the patent agency established by law to handle patent applications or other patent-related matters in China. Moreover, according to Art. 19, any entity or individual intending to file a patent application in a foreign country for an invention or utility model completed in China shall submit a request for confidential examination to the patent administration department under the State Council in advance. The patent administration department of the State Council shall handle international patent applications in accordance with the relevant international treaties to which the People's Republic of China is a party, this Law and the relevant provisions of the State Council.
Coverage Horizontal
CHINA
N/A
Pillar Telecom infrastructure & competition |
Sub-pillar Presence of an independent telecom authority
Lack of independent telecom authority
The Ministry of Industry and Information Technology (MIIT) acts as the telecommunications authority in the country, and therefore, there is no independence from the government in its decision-making process.
Coverage Telecommunications sector
CHINA
Reported in 2022, last reported in 2024
Pillar Intellectual Property Rights (IPRs) |
Sub-pillar Practical or legal restrictions related to the enforcement of patents
Reported obstacles to patent enforcement
It has been reported that the obstacles to patent enforcement include prolonged delays within the judicial system, a perceived reluctance of the courts to grant preliminary injunctions, burdensome invalidity proceedings, stringent evidentiary requirements, and uncertainty regarding whether a patentee's right to exclude encompasses manufacturing for export.
Coverage Horizontal
CHINA
Since January 2011, entry into force in May 2011
Since February 2020
Since February 2020
Pillar Cross-border data policies |
Sub-pillar Ban to transfer and local processing requirement
Yinfa No. 17/2011, Notice of the People's Bank of China on Protecting Personal Financial Information by Banking Financial Institutions (人民银行关于银行业金融机构做好个人金融信息保护工作的通知)
Personal Financial Information Protection Technical Specification (个人金融信息保护技术规范)
Personal Financial Information Protection Technical Specification (个人金融信息保护技术规范)
The "Notice of the People's Bank of China on Protecting Personal Financial Information by Banking Financial Institutions" states that the processing of personal information collected by commercial banks must be stored, handled and analysed within the territory of China, and such personal information is not allowed to be transferred overseas (paragraph 6).
The Personal Financial Information Protection Technical Specification (PFI Specification) regulates “any personal information collected, processed and stored by Financial Institutions during the provision of financial products and services" (PFI). The PFI specification requires that PFI collected or generated in mainland China is stored, processed and analysed within the territory. Further, under the PFI Specification, where there is a business need for cross-border transfer of personal financial information (PFI) and the financial institution obtains explicit consent to the transfer from the personal financial information subjects (i.e. the persons under the PFI Specification providing the data), conducts a security assessment and then supervises the offshore recipient to ensure responsible processing, storage and deletion of PFI (Section 7.1.3).
The Personal Financial Information Protection Technical Specification (PFI Specification) regulates “any personal information collected, processed and stored by Financial Institutions during the provision of financial products and services" (PFI). The PFI specification requires that PFI collected or generated in mainland China is stored, processed and analysed within the territory. Further, under the PFI Specification, where there is a business need for cross-border transfer of personal financial information (PFI) and the financial institution obtains explicit consent to the transfer from the personal financial information subjects (i.e. the persons under the PFI Specification providing the data), conducts a security assessment and then supervises the offshore recipient to ensure responsible processing, storage and deletion of PFI (Section 7.1.3).
Coverage Financial sector
Sources
- https://web.archive.org/web/20241009025357/http://www.pbc.gov.cn/english/130733/3911512/index.html
- https://web.archive.org/web/20220224002514/http://www.gov.cn/gongbao/content/2011/content_1918924.htm
- https://www.shengjingbank.com.cn/upload/Attach/mrbj/2830664356.pdf
- https://web.archive.org/web/20220526214829/https://www.globaltradealert.org/state-act/7735/china-notice-on-financial-institutions-protection-over-personal-financial-information
- https://web.archive.org/web/20220303131123/https://e.linklaters.com/67/921/downloads/20200304-pboc-publishes-new-data-protection-guidelines-for-financial-institutions.pdf
- https://web.archive.org/web/20160508041800/http://uk.practicallaw.com/4-519-9017
- Show more...
CHINA
Since January 1994
Pillar Intellectual Property Rights (IPRs) |
Sub-pillar Participation in the Patent Cooperation Treaty (PCT)
Patent Cooperation Treaty (PCT)
China is a party to the Patent Cooperation Treaty (PCT).
Coverage Horizontal
CHINA
Since May 2014
Pillar Cross-border data policies |
Sub-pillar Ban to transfer and local processing requirement
Administrative Measures for Population Health Information (For Trial Implementation) (人口健康信息的管理措施(试行))
Population health information needs to be stored and processed within China. In addition, storage is not allowed overseas (Art. 10).
Coverage Health sector
Sources
- https://web.archive.org/web/20220122174909/https://www.cov.com/~/media/files/corporate/publications/2014/07/new_chinese_requirements_on_management_of_health_information.pdf
- https://web.archive.org/web/20220121023514/https://www.ft.com/content/e11024f4-e281-11e4-aa1d-00144feab7de
- https://web.archive.org/web/20160508041800/http://uk.practicallaw.com/4-519-9017
- https://web.archive.org/web/20230126220918/http://www.cac.gov.cn/2014-08/20/c_1112064075.htm
- Show more...