On October 8, the State Council published the Regulations on Network Data Security Management (the "Regulations"), with effect from January 1, 2025.

The Regulations aim to regulate network data processing activities, ensure the security of network data, promote the lawful, reasonable, and effective use of network data, protect the legitimate rights and interests of individuals and organizations, and safeguard national security and public interest. Consisting of 64 articles in nine chapters, the Regulations mainly involve: (1) introducing the overall requirements and general provisions on network data security management; (2) detailing the provisions in personal information protection; (3) improving the rules for important data security protection; (4) optimizing the management rules for cross-border security of network data; and (5) clarifying the obligations to be assumed by network platform service providers. Notably, the Regulations specify the conditions where network data processors may transfer personal information to overseas parties, clarifying that outbound transfer of personal information may be allowed in accordance with the international agreements or treaties that China has concluded or acceded to. If any data is not identified or announced by relevant regions or departments to be important data, it is not required to declare for security assessment of outbound data transfer as important data.

(Source: www.gov.cn)