Skip to content
DCC · DATA COMPLIANCE CHINA China data law, for overseas counsel.
§ DOMAIN · FINANCIAL DATA

Financial Data.

金融数据

The financial-sector data regime — the People's Bank of China's data-security measures for the banking and payments system, and the National Financial Regulatory Administration's data-security rules for banking and insurance institutions — stacked on top of the Data Security Law and PIPL.

The financial sector sits under a dedicated supervisory layer built by China’s two principal financial regulators on top of the general data regime. This domain collects the instruments that banks, insurers, payment institutions, and their technology vendors must layer onto the Data Security Law, the Cybersecurity Law, and PIPL: the People’s Bank of China (PBOC) Measures for Data Security Management in the Business Areas of the People’s Bank, and the National Financial Regulatory Administration (NFRA) Measures for Data Security Management of Banking and Insurance Institutions, together with the legacy CBIRC regulatory-data-security measures.

What distinguishes the financial regime is its own data-classification scheme keyed to the sensitivity of financial information, a heightened full-lifecycle security baseline, mandatory security assessments before outsourcing or sharing, and incident-reporting lines that run to the financial regulators in parallel with the general cybersecurity-incident channel. These rules operationalize the Data Security Law’s call for sector regulators to govern “important data” within their own remit.

§ LAWS IN THIS DOMAIN

The legal corpus.

6 laws.

§ BRIEFS

In this domain.

1 brief.

§ SUBSCRIBE

The Monday brief.

One short email every Monday. New briefs on Chinese data-compliance rules from the previous week, with the source law cited.

Opt-in only. Unsubscribe anytime by replying "unsubscribe" to any issue.

SUPPORT DCC

Keep the publication free to read. Suggested support is $19.99, or choose your own amount.

Support →