An overview of the Chinese regulatory framework on data transfers from China to other jurisdictions. This Note discusses the data export regime under China's Cybersecurity Law, Data Security Law and the PI Protection Law. It also addresses the specific requirements governing state secrets and archives, data localisation for specific types of information for different industries, and local placement of operating systems and servers for specific services.
The Note guides businesses operating in China on how to prepare for and implement data outflows and how these rules may affect information system architecture decisions.