On May 5, the Secretariate of the National Information Security Standardization Technical Committee (NISSTC) issued the Practical Guide to Cybersecurity Standards - Specification on Authentication Technologies for Cross-border Personal Information Processing Activities (Draft for Comment) (the "Draft for Comment") to seek public opinions.

The Draft for Comment represents the basic requirements for the authentication institutions to carry out personal information protection authentication for cross-border personal information processing activities, which shall be applicable in two circumstances, including "where the activity of cross-border personal information processing is carried out within a multination company or the same economic or business entity". In such circumstance, as specified in the Draft for Comment, the party within the territory of China may apply for authentication and shall assume the corresponding legal liability. The basic requirements involve four aspects, namely, legal constraints, organization and management, rules for cross-border personal information processing, and personal information protection impact assessment. The Draft for Comment also sets out the provisions on protection of rights and interests of the personal information subjects.

(Source: China National Information Security Standardization Technical Committee)