Restrictions on cross-border data transfer and data localisation in China
Trade barrier summary
China's Cybersecurity Law requires critical information infrastructure operators (CIIOs) to store personal information and important data collected or generated domestically in China, and cross-border data transfer is only allowed if such transfer is conducted on the ground of business necessity and has passed a cybersecurity assessment. The scope of CIIO and important data has not been clearly defined. For network operators (a wide-ranging term that applies to many businesses), there is no current requirement to localise data in China, although recent draft regulations have contained related provisions. Draft rules released in 2019 propose a requirement for network operators to perform a security assessment before transferring personal information overseas.
Sectors affected
- All sectors
Resolved
No
Date reported
22 March 2019
Last updated
18 December 2020
Public ID
PID-BVPY4B
If a trade barrier is affecting your exports or investment from the UK, please let us know on report a trade barrier .
If you export goods you can check duties and customs procedures for your chosen market.