On March 25, the Cyberspace Administration of China (CAC) released the Provisions on Facilitating and Regulating Cross-border Data Flow (the "Provisions"), effective from the date of release.

The Provisions mainly involve: (1) clarifying the declaration standards for security assessment of cross-border transfer of important data; (2) clarifying the conditions under which outbound data transfer activities are exempt from the declaration for the security assessment, the conclusion of the standard contract, and the personal information protection certification; (3) establishing a negative list system for pilot free trade zones; (4) adjusting the conditions under which outbound data transfer activities shall be subject to the declaration for the security assessment, the conclusion of the standard contract, and the personal information protection certification; (5) extending the validity period of the security assessment results and adding the provisions enable data processors to apply for extending the validity period. According to the Provisions, six categories of outbound data transfer activities are exempted from the declaration for the security assessment, the conclusion of the standard contract, and the personal information protection certification, including "where it is truly necessary to transfer any personal information overseas in emergency for the purpose of protecting the health, life, and property safety of a natural person".

(Source: Cyberspace Administration of China)