By subject.
15 domains link laws and briefs across topic boundaries.
-
Cross-Border Data
数据跨境
Rules governing the transfer of personal information and important data outside mainland China — including the security assessment, standard contract, and certification pathways.
-
Personal Information
个人信息保护
Core personal-information protection regime under PIPL — consent, lawful bases, sensitive personal information, and the rights of individuals.
-
Data Security
数据安全
Data classification and grading, important data, core data, and the broader data security regime under DSL.
-
AI Governance
人工智能治理
Rules and standards for generative AI services, deep synthesis, content labeling, and AI ethics in China.
-
Algorithmic Recommendation
算法推荐
Regulation of recommendation algorithms, user profiling, and the filing regime for algorithmic services.
-
Cybersecurity Review
网络安全审查
The cybersecurity review regime for critical information infrastructure operators and large data processors — including overseas listings.
-
Critical Information Infrastructure
关键信息基础设施
Identification and protection obligations for CII operators (CIIO) under CSL and the CII Protection Regulations.
-
App Compliance
App 合规
Mobile app personal-information collection rules, the necessary-information catalogue, SDK compliance, and app store removal.
-
Health & Medical Data
医疗健康数据
China's health- and medical-sector data regime — the sector-specific overlay on PIPL, the Data Security Law, and the Network Data Security Regulation governing how healthcare institutions, life-sciences companies, and digital-health providers handle patient and population data.
-
Enforcement
执法与处罚
Public enforcement actions by Chinese data regulators — MIIT's batched APP / SDK public-naming bulletins, CAC administrative penalties, MPS criminal-tier enforcement, regulatory interviews (约谈), app-store removals, and other published actions. DCC tracks these as the operational edge of the regime: they show what the regulator actually polices, in what cadence, against what targets, citing which legal bases.
-
Minors Protection
未成年人保护
Personal information of children and minors, gaming time limits, age-verification requirements, and the Minors Online Protection Regulations.
-
Data Economy
数据要素与数据产权
China's emerging regulatory framework for treating data as an economic factor of production — public-data resources, data-property rights, data-asset registration, and the rules governing how data can be authorized for operation, traded, and circulated. Distinct from data security and personal-information protection, this domain tracks the rules that turn data into a tradeable asset.
-
Industrial Internet & IoV
工业互联网与车联网
The sector-specific data regime for industry and connected vehicles — MIIT's industrial-data classification, risk-assessment, and incident-response rules, the automotive data-security and data-export regime, internet data centers, and live-streaming commerce — layered on top of the Data Security Law and PIPL.
-
Financial Data
金融数据
The financial-sector data regime — the People's Bank of China's data-security measures for the banking and payments system, and the National Financial Regulatory Administration's data-security rules for banking and insurance institutions — stacked on top of the Data Security Law and PIPL.
-
Energy, Aviation & Resources
能源·航空·自然资源
The sector-specific data regimes for energy, civil aviation, and natural resources — the National Energy Administration's energy-industry data-security measures, the Ministry of Natural Resources' data-security measures, and the CAAC's civil-aviation data-security monitoring requirements — built on the Data Security Law.