# Data Compliance China > Editorial translation and analysis of Chinese data-protection law, for overseas counsel and compliance teams. Primary sources translated carefully; editorial context on how the rules actually operate. DCC is human-curated. Each brief summarizes a single piece of Chinese-language commentary, court ruling, regulatory bulletin, or official policy interpretation — with DCC framing for overseas counsel. Laws are translated from official Chinese with cross-references. **For LLM ingestion:** every brief and every law has a `.md` companion URL with the raw markdown source (e.g. `/posts/.md`, `/laws/.md`). Full corpus dump at `/llms-full.txt`. Structured catalog at `/manifest.json`. ## Overview - [Overview](https://datacompliancechina.com/overview/): 5-minute visual intro to China's data-compliance regime — foundation laws, regulators, the Subject × Object framework, cross-border paths. - [About DCC](https://datacompliancechina.com/about/): editorial mission and audience. - [Translation policy](https://datacompliancechina.com/translation-policy/): how DCC translates and summarizes. - [Glossary](https://datacompliancechina.com/glossary/): bilingual ZH-EN terminology, 12 sections (JSON at `/glossary.json`). ## Laws and regulations Index page: https://datacompliancechina.com/laws/ — 133 entries across handbooks, laws, administrative regulations, departmental rules, national standards, judicial interpretations, and drafts in consultation. ### Reference Handbook - [China–Singapore Joint Data Compliance Guide: Practical Handbook — China Chapter (CN-SG Joint Guide)](https://datacompliancechina.com/laws/cs-joint-data-compliance-guide/) · ZH: 中国—新加坡联合数据合规指引:实务手册(中国篇) · Markdown: https://datacompliancechina.com/laws/cs-joint-data-compliance-guide.md · A 110-page bilingual practitioner handbook on Chinese data compliance, jointly compiled by the Shenzhen Data Exchange and Singapore's Asian Business Law Institute under the guidance of the Qianhai Authority. ### Law (NPC) - [Personal Information Protection Law of the People's Republic of China (PIPL)](https://datacompliancechina.com/laws/pipl/) · ZH: 中华人民共和国个人信息保护法 · Markdown: https://datacompliancechina.com/laws/pipl.md · PIPL is China's comprehensive personal-information protection regime. - [Basic Medical and Health Care and Health Promotion Law of the People's Republic of China (Basic Health Care Law)](https://datacompliancechina.com/laws/basic-medical-health-care-promotion-law/) · ZH: 中华人民共和国基本医疗卫生与健康促进法 · Markdown: https://datacompliancechina.com/laws/basic-medical-health-care-promotion-law.md · China's foundational health-sector statute, enacted by the NPCSC on 28 December 2019 and effective from 1 June 2020, establishes the architecture of the national health-care system across 10 chapters and 110 articles — covering basic medica… - [Data Security Law of the People's Republic of China (DSL)](https://datacompliancechina.com/laws/dsl/) · ZH: 中华人民共和国数据安全法 · Markdown: https://datacompliancechina.com/laws/dsl.md · The Data Security Law is the second of China's three foundational data statutes (alongside CSL and PIPL). - [Drug Administration Law of the People's Republic of China (2019 Revision) (Drug Administration Law)](https://datacompliancechina.com/laws/drug-administration-law/) · ZH: 中华人民共和国药品管理法(2019修订) · Markdown: https://datacompliancechina.com/laws/drug-administration-law.md · The Drug Administration Law is China's foundational statute governing the research, manufacture, distribution, and use of drugs. - [Cybersecurity Law of the People's Republic of China (2025 Amendment) (CSL)](https://datacompliancechina.com/laws/csl/) — amended · ZH: 中华人民共和国网络安全法(2025 修正) · Markdown: https://datacompliancechina.com/laws/csl.md · The Cybersecurity Law is the earliest of the three foundational data-protection statutes. - [Civil Code — Personality Rights Book, Chapter on Privacy and Protection of Personal Information (Civil Code (PI Chapter))](https://datacompliancechina.com/laws/civil-code-personal-info/) · ZH: 中华人民共和国民法典 · 人格权编 · 隐私权和个人信息保护章 · Markdown: https://datacompliancechina.com/laws/civil-code-personal-info.md · Articles 1032–1039 of the Civil Code's Personality Rights Book establish the civil-law foundation for privacy and personal-information protection in China. - [Anti-Unfair Competition Law of the People's Republic of China (AUCL)](https://datacompliancechina.com/laws/anti-unfair-competition-law/) · ZH: 中华人民共和国反不正当竞争法 · Markdown: https://datacompliancechina.com/laws/anti-unfair-competition-law.md - [Anti-Telecom and Online Fraud Law of the People's Republic of China (ATFL)](https://datacompliancechina.com/laws/anti-telecom-fraud-law/) · ZH: 中华人民共和国反电信网络诈骗法 · Markdown: https://datacompliancechina.com/laws/anti-telecom-fraud-law.md - [Law on the Protection of Minors (Minors Protection Law)](https://datacompliancechina.com/laws/minors-protection-law/) · ZH: 中华人民共和国未成年人保护法 · Markdown: https://datacompliancechina.com/laws/minors-protection-law.md · The umbrella statute for the protection of minors in China. ### Administrative Regulation (State Council) - [Security Protection Regulations for Critical Information Infrastructure (CII Regulations)](https://datacompliancechina.com/laws/cii-protection-regulations/) · ZH: 关键信息基础设施安全保护条例 · Markdown: https://datacompliancechina.com/laws/cii-protection-regulations.md · These Regulations operationalize the Critical Information Infrastructure (CII) regime under CSL Articles 31–39. - [Opinions of the CPC Central Committee and the State Council on Building a Basic Data System to Better Play the Role of Data Elements (Data Twenty Opinions)](https://datacompliancechina.com/laws/data-foundation-system-opinions/) · ZH: 中共中央 国务院关于构建数据基础制度更好发挥数据要素作用的意见 · Markdown: https://datacompliancechina.com/laws/data-foundation-system-opinions.md · The foundational 20-article policy directive jointly issued by the CPC Central Committee and the State Council laying out China's national data basic system: data property rights structural subdivision (holding right / processing right / op… - [Regulation on Network Data Security Management](https://datacompliancechina.com/laws/network-data-security-regulations/) · ZH: 网络数据安全管理条例 · Markdown: https://datacompliancechina.com/laws/network-data-security-regulations.md · The Network Data Security Management Regulation is the State Council's overarching implementing regulation for the three foundational data-protection statutes (CSL, DSL, PIPL). - [Regulations on the Protection of Minors in Cyberspace](https://datacompliancechina.com/laws/minors-online-protection-regulations/) · ZH: 未成年人网络保护条例 · Markdown: https://datacompliancechina.com/laws/minors-online-protection-regulations.md · Implementing regulation for the protection of minors under PIPL and CSL. - [Regulation on the Supervision and Administration of Medical Devices (2024 Revision) (Medical Devices Regulation)](https://datacompliancechina.com/laws/medical-devices-supervision-regulation/) · ZH: 医疗器械监督管理条例(2024修订) · Markdown: https://datacompliancechina.com/laws/medical-devices-supervision-regulation.md · The Regulation on the Supervision and Administration of Medical Devices is the State Council's foundational administrative regulation governing the research, manufacture, distribution, and use of medical devices on a risk-based, full-lifecy… - [Regulations on the Sharing of Government Data](https://datacompliancechina.com/laws/government-data-sharing-regulations/) · ZH: 政务数据共享条例 · Markdown: https://datacompliancechina.com/laws/government-data-sharing-regulations.md · The first comprehensive State Council regulation specifically governing the sharing of government data across agencies. - [Regulation of the People's Republic of China on the Administration of Human Genetic Resources (HGR Regulation)](https://datacompliancechina.com/laws/hgr-regulation/) · ZH: 中华人民共和国人类遗传资源管理条例 · Markdown: https://datacompliancechina.com/laws/hgr-regulation.md · China's primary instrument governing the collection, preservation, utilization, and cross-border provision of human genetic resources (HGR), including both physical materials (organs, tissues, cells) and the data and information derived fro… - [Regulation on the Administration of Medical Institutions (Medical Institutions Regulation)](https://datacompliancechina.com/laws/medical-institutions-regulation/) — amended · ZH: 医疗机构管理条例 · Markdown: https://datacompliancechina.com/laws/medical-institutions-regulation.md · A State Council administrative regulation first promulgated in 1994 that establishes the licensing, registration, and supervision framework for all medical institutions operating in China. - [Administrative Measures for Internet Information Services (2024 Revision)](https://datacompliancechina.com/laws/internet-information-services-measures/) · ZH: 互联网信息服务管理办法(2024 修订) · Markdown: https://datacompliancechina.com/laws/internet-information-services-measures.md · The foundational regulation of Internet Information Services (ICP) in China — the regulatory baseline beneath nearly every later data-protection rule. - [Administrative Regulation for Public Security Video Image Information Systems (PVISR)](https://datacompliancechina.com/laws/public-security-video-image-system-regulations/) · ZH: 公共安全视频图像信息系统管理条例 · Markdown: https://datacompliancechina.com/laws/public-security-video-image-system-regulations.md · The State Council's overarching regulation for public security video image information systems (公共安全视频系统) in public places. - [Shenzhen Special Economic Zone Data Regulations (Shenzhen Data Regulations)](https://datacompliancechina.com/laws/shenzhen-sez-data-regulations/) · ZH: 深圳经济特区数据条例 · Markdown: https://datacompliancechina.com/laws/shenzhen-sez-data-regulations.md · China's first comprehensive local data law, adopted by the Standing Committee of the Shenzhen Municipal People's Congress on 29 June 2021 and effective 1 January 2022. ### Departmental Rule - [Measures for the Security Assessment of Data Export](https://datacompliancechina.com/laws/data-export-security-assessment-measures/) · ZH: 数据出境安全评估办法 · Markdown: https://datacompliancechina.com/laws/data-export-security-assessment-measures.md · The first of CAC's three cross-border transfer pathways. - [Data Property Rights Registration Work Guide (Trial)](https://datacompliancechina.com/laws/data-property-rights-registration-guide-draft/) · ZH: 数据产权登记工作指引(试行) · Markdown: https://datacompliancechina.com/laws/data-property-rights-registration-guide-draft.md · NDA's first national framework for the registration of Data Property Rights — the rights to hold, use, and operate data established under the Data 20 Articles policy. - [Measures on the Standard Contract for the Outbound Transfer of Personal Information (SCC Measures)](https://datacompliancechina.com/laws/personal-info-standard-contract-measures/) · ZH: 个人信息出境标准合同办法 · Markdown: https://datacompliancechina.com/laws/personal-info-standard-contract-measures.md · The second of CAC's three cross-border transfer pathways: signing a CAC-prescribed Standard Contract with the overseas recipient and filing it with the provincial CAC. - [Provisions on Promoting and Regulating Cross-border Data Flows](https://datacompliancechina.com/laws/cross-border-data-flows-provisions/) · ZH: 促进和规范数据跨境流动规定 · Markdown: https://datacompliancechina.com/laws/cross-border-data-flows-provisions.md · The 2024 Cross-border Data Flow Provisions are CAC's relaxation package on outbound data transfer. - [Measures for Network Data Security Risk Assessment (Network Data Risk Assessment Measures)](https://datacompliancechina.com/laws/network-data-security-risk-assessment-measures/) · ZH: 网络数据安全风险评估办法 · Markdown: https://datacompliancechina.com/laws/network-data-security-risk-assessment-measures.md · The first dedicated, cross-sector implementing rule for the annual network-data risk-assessment obligation created by the Network Data Security Management Regulation (State Council Decree No. - [Guide to the Filing of the Standard Contract for Outbound Transfer of Personal Information (First Edition)](https://datacompliancechina.com/laws/personal-info-standard-contract-filing-guide/) · ZH: 个人信息出境标准合同备案指南(第一版) · Markdown: https://datacompliancechina.com/laws/personal-info-standard-contract-filing-guide.md · CAC's procedural guide accompanying the SCC Measures. - [Explanation of Common Terms in the Field of Data (First Batch) (Data Terms Batch 1)](https://datacompliancechina.com/laws/common-data-terms-batch-1/) · ZH: 数据领域常用名词解释(第一批) · Markdown: https://datacompliancechina.com/laws/common-data-terms-batch-1.md · The first installment of official terminology explanations issued by the National Data Administration. - [Explanation of Common Terms in the Field of Data (Second Batch) (Data Terms Batch 2)](https://datacompliancechina.com/laws/common-data-terms-batch-2/) · ZH: 数据领域常用名词解释(第二批) · Markdown: https://datacompliancechina.com/laws/common-data-terms-batch-2.md · The second installment of official terminology explanations issued by the National Data Administration, continuing the consensus-building effort that began with the First Batch in December 2024. - [Measures for the Certification of the Cross-border Provision of Personal Information](https://datacompliancechina.com/laws/cross-border-pi-certification-measures/) · ZH: 个人信息出境认证办法 · Markdown: https://datacompliancechina.com/laws/cross-border-pi-certification-measures.md · The third of CAC's three cross-border transfer pathways — PI Protection Certification — finally given its own dedicated rules effective January 1, 2026. - [Administrative Measures for Personal Information Protection Compliance Audits](https://datacompliancechina.com/laws/personal-info-audit-measures/) · ZH: 个人信息保护合规审计管理办法 · Markdown: https://datacompliancechina.com/laws/personal-info-audit-measures.md · These Measures implement the compliance-audit obligation in PIPL Article 54. - [Cybersecurity Review Measures](https://datacompliancechina.com/laws/cybersecurity-review-measures/) · ZH: 网络安全审查办法 · Markdown: https://datacompliancechina.com/laws/cybersecurity-review-measures.md · The 2021 update to the cybersecurity review regime, expanded after the Didi enforcement action. - [Measures for the Administration of National Cybersecurity Incident Reporting (Incident Reporting Measures)](https://datacompliancechina.com/laws/cybersecurity-incident-reporting-measures/) · ZH: 国家网络安全事件报告管理办法 · Markdown: https://datacompliancechina.com/laws/cybersecurity-incident-reporting-measures.md · Issued by the CAC on September 11, 2025 and effective November 1, 2025, these Measures establish a unified national workflow for cybersecurity incident reporting, triggered whenever an incident is graded 'relatively significant' or above un… - [Interim Measures for the Management of Generative Artificial Intelligence Services](https://datacompliancechina.com/laws/genai-services-interim-measures/) · ZH: 生成式人工智能服务管理暂行办法 · Markdown: https://datacompliancechina.com/laws/genai-services-interim-measures.md · China's flagship generative-AI regulation — the first comprehensive national regulation of GenAI services anywhere in the world. - [Measures for the Administration of Data Security and Personal Information Protection of Healthcare Institutions (Trial) (Healthcare Data Security & PI Measures)](https://datacompliancechina.com/laws/healthcare-institutions-data-security-pi-measures/) · ZH: 医疗卫生机构数据安全和个人信息保护管理办法(试行) · Markdown: https://datacompliancechina.com/laws/healthcare-institutions-data-security-pi-measures.md · Issued jointly in February 2026 by five agencies — the National Health Commission, Ministry of Public Security, Cyberspace Administration of China, National Administration of Traditional Chinese Medicine, and National Disease Control and Pr… - [Measures for the Administration of National Health and Medical Big Data Standards, Security and Services (Trial) (Health & Medical Big Data Measures)](https://datacompliancechina.com/laws/national-health-medical-big-data-measures/) · ZH: 国家健康医疗大数据标准、安全和服务管理办法(试行) · Markdown: https://datacompliancechina.com/laws/national-health-medical-big-data-measures.md · Issued by the National Health Commission on 12 July 2018 (document no. - [Measures for the Cybersecurity Management of Healthcare Institutions (Healthcare Cybersecurity Measures)](https://datacompliancechina.com/laws/healthcare-institutions-cybersecurity-measures/) · ZH: 医疗卫生机构网络安全管理办法 · Markdown: https://datacompliancechina.com/laws/healthcare-institutions-cybersecurity-measures.md · Issued jointly in August 2022 by the National Health Commission (NHC), the National Administration of Traditional Chinese Medicine (NATCM), and the National Disease Control and Prevention Administration (NDCPA), these Measures translate the… - [Measures for the Administration of Population Health Information (Trial) (Population Health Information Measures)](https://datacompliancechina.com/laws/population-health-information-measures/) · ZH: 人口健康信息管理办法(试行) · Markdown: https://datacompliancechina.com/laws/population-health-information-measures.md · Issued by the National Health and Family Planning Commission in May 2014 under Document No. - [Shenzhen Health Data Management Measures (Shenzhen Health Data Measures)](https://datacompliancechina.com/laws/shenzhen-health-data-management-measures/) · ZH: 深圳市卫生健康数据管理办法 · Markdown: https://datacompliancechina.com/laws/shenzhen-health-data-management-measures.md · Shenzhen's 2023 local rule operationalizes the Shenzhen Special Economic Zone Data Regulations specifically for the health sector, establishing a unified municipal health data platform (the Shenzhen Municipal Health Data Center) and a 'one-… - [Administrative Measures for Data Security in the Field of Industry and Information Technology (Trial) (Industrial Data Security Measures)](https://datacompliancechina.com/laws/miit-industrial-data-security-measures/) · ZH: 工业和信息化领域数据安全管理办法(试行) · Markdown: https://datacompliancechina.com/laws/miit-industrial-data-security-measures.md · These Measures are the principal sector-specific framework implementing the Data Security Law within the industry, telecommunications and radio-spectrum fields administered by MIIT. - [Measures for the Administration of Data Security in the Business Fields of the People's Bank of China (PBOC Data Security Measures)](https://datacompliancechina.com/laws/pboc-data-security-measures/) · ZH: 中国人民银行业务领域数据安全管理办法 · Markdown: https://datacompliancechina.com/laws/pboc-data-security-measures.md · Promulgated as PBOC Order [2025] No. - [Measures for the Administration of Data Security in the Energy Industry (Trial)](https://datacompliancechina.com/laws/energy-industry-data-security-measures/) · ZH: 能源行业数据安全管理办法(试行) · Markdown: https://datacompliancechina.com/laws/energy-industry-data-security-measures.md · Issued by the National Energy Administration as a departmental normative document (Doc. - [Provisions on the Administration of Algorithmic Recommendation Services for Internet Information Services](https://datacompliancechina.com/laws/algorithmic-recommendation-provisions/) · ZH: 互联网信息服务算法推荐管理规定 · Markdown: https://datacompliancechina.com/laws/algorithmic-recommendation-provisions.md · The first comprehensive Chinese regulation of recommendation algorithms. - [Provisions on the Administration of Medical Records of Medical Institutions (2013) (Medical Records Provisions)](https://datacompliancechina.com/laws/medical-records-administration-provisions/) · ZH: 医疗机构病历管理规定(2013年版) · Markdown: https://datacompliancechina.com/laws/medical-records-administration-provisions.md · These Provisions, jointly issued by the National Health and Family Planning Commission and the State Administration of Traditional Chinese Medicine in November 2013 and effective from 1 January 2014, govern the creation, custody, access, co… - [Guide to the Classification and Grading of Energy Industry Data (2026 Edition)](https://datacompliancechina.com/laws/energy-industry-data-classification-grading-guide/) · ZH: 能源行业数据分类分级指南(2026年版) · Markdown: https://datacompliancechina.com/laws/energy-industry-data-classification-grading-guide.md · Issued by the National Energy Administration on June 30, 2026 and effective July 1, 2026 — the same day as the companion Measures for the Administration of Data Security in the Energy Industry (Trial) — this Guide (4 chapters, 15 articles)… - [Implementing Rules for Data Security Risk Assessment in the Field of Industry and Information Technology (Trial)](https://datacompliancechina.com/laws/industrial-data-security-risk-assessment-rules/) · ZH: 工业和信息化领域数据安全风险评估实施细则(试行) · Markdown: https://datacompliancechina.com/laws/industrial-data-security-risk-assessment-rules.md · These Implementing Rules operationalize the annual risk-assessment obligation imposed on processors of important data and core data by the MIIT Industrial Data Security Measures. - [Measures for the Administration of Data Security in the Field of Natural Resources](https://datacompliancechina.com/laws/natural-resources-data-security-measures/) · ZH: 自然资源领域数据安全管理办法 · Markdown: https://datacompliancechina.com/laws/natural-resources-data-security-measures.md · Issued by the Ministry of Natural Resources as a departmental normative document (Doc. - [Measures for the Administration of Data Security of Banking and Insurance Institutions (NFRA Banking & Insurance Data Security Measures)](https://datacompliancechina.com/laws/nfra-banking-insurance-data-security-measures/) · ZH: 银行保险机构数据安全管理办法 · Markdown: https://datacompliancechina.com/laws/nfra-banking-insurance-data-security-measures.md · Issued by the National Financial Regulatory Administration (NFRA) as Jin Gui [2024] No. - [Notice on Further Strengthening the Administration of the Use of Electronic Medical Record Information by Medical Institutions (EMR Information Use Notice)](https://datacompliancechina.com/laws/emr-information-use-management-notice/) · ZH: 关于进一步加强医疗机构电子病历信息使用管理的通知 · Markdown: https://datacompliancechina.com/laws/emr-information-use-management-notice.md · Issued jointly on 23 June 2025 by the General Offices of the NHC, NATCM, and NDCPA (Document No. - [Emergency Response Plan for Data Security Incidents in the Field of Industry and Information Technology (Trial)](https://datacompliancechina.com/laws/industrial-data-security-incident-emergency-plan/) · ZH: 工业和信息化领域数据安全事件应急预案(试行) · Markdown: https://datacompliancechina.com/laws/industrial-data-security-incident-emergency-plan.md · This Emergency Response Plan, issued as MIIT Cyber Security [2024] No. - [Measures for the Administration of the Security of Regulatory Data of the China Banking and Insurance Regulatory Commission (Trial)](https://datacompliancechina.com/laws/cbirc-regulatory-data-security-measures/) · ZH: 中国银保监会监管数据安全管理办法(试行) · Markdown: https://datacompliancechina.com/laws/cbirc-regulatory-data-security-measures.md · Issued by the China Banking and Insurance Regulatory Commission (CBIRC) on September 23, 2020, these trial measures govern the security of regulatory data — the figures, indicators, reports and other information that the CBIRC lawfully coll… - [Implementing Rules for the Regulation on the Administration of Human Genetic Resources (HGR Implementing Rules)](https://datacompliancechina.com/laws/hgr-implementing-rules/) · ZH: 人类遗传资源管理条例实施细则 · Markdown: https://datacompliancechina.com/laws/hgr-implementing-rules.md · MOST's 2023 implementing rules operationalize the 2019 State Council Regulation on the Administration of Human Genetic Resources, providing granular definitions, the step-by-step approval and filing system for collection, preservation, inte… - [Provisions on the Online Protection of Children's Personal Information (Children's PI Provisions)](https://datacompliancechina.com/laws/children-pi-online-protection-provisions/) · ZH: 儿童个人信息网络保护规定 · Markdown: https://datacompliancechina.com/laws/children-pi-online-protection-provisions.md · China's first dedicated rule for children's personal information online, issued by the CAC in 2019 and effective October 1, 2019. - [Notice of the Ministry of Industry and Information Technology on Strengthening the Cybersecurity and Data Security of the Internet of Vehicles](https://datacompliancechina.com/laws/iov-cybersecurity-data-security-notice/) · ZH: 工业和信息化部关于加强车联网网络安全和数据安全工作的通知 · Markdown: https://datacompliancechina.com/laws/iov-cybersecurity-data-security-notice.md · This Notice sets out MIIT's consolidated cybersecurity and data security requirements for the Internet of Vehicles (IoV) ecosystem, covering intelligent connected vehicle manufacturers, IoV service-platform operators and related parties. - [Notice Issuing the Measures for the Administration of Internet Diagnosis and Treatment (Trial) and Two Related Documents (Internet Diagnosis & Treatment Measures)](https://datacompliancechina.com/laws/internet-diagnosis-treatment-measures/) · ZH: 关于印发《互联网诊疗管理办法(试行)》等3个文件的通知 · Markdown: https://datacompliancechina.com/laws/internet-diagnosis-treatment-measures.md · Issued jointly by the National Health Commission and the National Administration of Traditional Chinese Medicine in July 2018, Document No. - [Several Provisions on Automotive Data Security Management (Trial) (Automotive Data Provisions)](https://datacompliancechina.com/laws/automotive-data-security-provisions/) · ZH: 汽车数据安全管理若干规定(试行) · Markdown: https://datacompliancechina.com/laws/automotive-data-security-provisions.md · These Provisions are the foundational rule governing the processing of automotive data — both personal information and important data arising in the design, production, sale, use and maintenance of vehicles. - [Provisions on Strengthening the Administration of Prescription-Volume Statistics (Tongfang) in Healthcare Institutions (Tongfang Management Provisions)](https://datacompliancechina.com/laws/tongfang-management-provisions/) · ZH: 关于加强医疗卫生机构统方管理的规定 · Markdown: https://datacompliancechina.com/laws/tongfang-management-provisions.md · Issued jointly by the National Health and Family Planning Commission and the State Administration of Traditional Chinese Medicine in November 2014 (Document No. - [Administrative Measures for the Supervision of Live-Streaming E-Commerce](https://datacompliancechina.com/laws/live-streaming-ecommerce-measures/) · ZH: 直播电商监督管理办法 · Markdown: https://datacompliancechina.com/laws/live-streaming-ecommerce-measures.md · These Measures establish the supervisory framework for live-streaming e-commerce in China, allocating obligations among platform operators, live-streaming-room operators, live-streaming marketing personnel and their service agencies. - [Method for Identifying the Unlawful Collection and Use of Personal Information by Apps (App PI Identification Method)](https://datacompliancechina.com/laws/app-illegal-pi-collection-identification-method/) · ZH: App违法违规收集使用个人信息行为认定方法 · Markdown: https://datacompliancechina.com/laws/app-illegal-pi-collection-identification-method.md · Issued jointly in November 2019 by the CAC Secretariat, MIIT, MPS, and SAMR under Document No. - [Provisions on the Administration of Deep Synthesis of Internet Information Services](https://datacompliancechina.com/laws/deep-synthesis-provisions/) · ZH: 互联网信息服务深度合成管理规定 · Markdown: https://datacompliancechina.com/laws/deep-synthesis-provisions.md · Regulates deepfakes and AI-driven content synthesis — the precursor to the GenAI Measures and the AI Content Labeling Measures. - [Measures for the Supervision and Administration of Online Trading Platform Rules (Platform Rules Measures)](https://datacompliancechina.com/laws/online-trading-platform-rules-measures/) · ZH: 网络交易平台规则监督管理办法 · Markdown: https://datacompliancechina.com/laws/online-trading-platform-rules-measures.md · Departmental rule (SAMR/CAC Order No. - [Provisions on the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications (Necessary PI Scope Provisions)](https://datacompliancechina.com/laws/app-necessary-pi-scope-provisions/) · ZH: 常见类型移动互联网应用程序必要个人信息范围规定 · Markdown: https://datacompliancechina.com/laws/app-necessary-pi-scope-provisions.md · These Provisions, issued jointly by the CAC, MIIT, MPS, and SAMR in March 2021 and effective May 1, 2021, define 'necessary personal information' as the minimum data indispensable for an app's basic functional service to operate — and expre… - [Implementation Rules for Personal Information Protection Certification (PI Certification Rules)](https://datacompliancechina.com/laws/pi-protection-certification-implementation-rules/) · ZH: 个人信息保护认证实施规则 · Markdown: https://datacompliancechina.com/laws/pi-protection-certification-implementation-rules.md · The Implementation Rules for Personal Information Protection Certification, issued as the annex to SAMR and CAC Joint Announcement No. - [Provisions on the Administration of the Use of Commercial Cryptography in Critical Information Infrastructure (CII Commercial Cryptography Provisions)](https://datacompliancechina.com/laws/cii-commercial-cryptography-provisions/) · ZH: 关键信息基础设施商用密码使用管理规定 · Markdown: https://datacompliancechina.com/laws/cii-commercial-cryptography-provisions.md · Departmental rule (State Cryptography Administration / CAC / Ministry of Public Security Order No. - [Announcement on the Implementation of Personal Information Protection Certification (PI Certification Announcement)](https://datacompliancechina.com/laws/pi-protection-certification-announcement/) · ZH: 关于实施个人信息保护认证的公告 · Markdown: https://datacompliancechina.com/laws/pi-protection-certification-announcement.md · The November 2022 joint announcement by SAMR and CAC (Announcement No. - [Measures for Artificial Intelligence Meteorological Application Services (AI Meteorological Services Measures)](https://datacompliancechina.com/laws/ai-meteorological-services-measures/) · ZH: 人工智能气象应用服务办法 · Markdown: https://datacompliancechina.com/laws/ai-meteorological-services-measures.md · Departmental rule (China Meteorological Administration / CAC Order No. - [Interim Measures for the Data Security Management of Accounting Firms (Accounting Firms Data Security Measures)](https://datacompliancechina.com/laws/accounting-firms-data-security-measures/) · ZH: 会计师事务所数据安全管理暂行办法 · Markdown: https://datacompliancechina.com/laws/accounting-firms-data-security-measures.md · Departmental normative document (Cai Kuai [2024] No. - [Provisions on Protecting the Personal Information of Telecommunications and Internet Users (Telecom & Internet User PI Provisions)](https://datacompliancechina.com/laws/telecom-internet-user-pi-protection-provisions/) · ZH: 电信和互联网用户个人信息保护规定 · Markdown: https://datacompliancechina.com/laws/telecom-internet-user-pi-protection-provisions.md · Issued by the Ministry of Industry and Information Technology (MIIT) in July 2013 and effective 1 September 2013, these Provisions are the principal sector-specific rule governing the collection and use of users' personal information by tel… - [Measures for the Labeling of AI-Generated and Composed Content](https://datacompliancechina.com/laws/ai-content-labeling-measures/) · ZH: 人工智能生成合成内容标识办法 · Markdown: https://datacompliancechina.com/laws/ai-content-labeling-measures.md · The newest of China's AI rules — mandatory labeling for AI-generated and AI-composed content, including text, images, audio, video, and virtual scenes. - [Provisions on the Administration of Mobile Internet Application Information Services (2022 Revision) (Mobile App Information Services Provisions)](https://datacompliancechina.com/laws/mobile-app-information-services-provisions/) · ZH: 移动互联网应用程序信息服务管理规定(2022 修订) · Markdown: https://datacompliancechina.com/laws/mobile-app-information-services-provisions.md · The 2022 revision of the CAC's flagship app-governance rule, effective 1 August 2022, imposes dual-track obligations on app providers and app distribution platforms (including app stores, mini-program platforms, and browser plug-in platform… - [Working Measures for the Protection of the Personal Information of Children in Distress (Children in Distress PI Measures)](https://datacompliancechina.com/laws/children-in-distress-pi-protection-measures/) · ZH: 困境儿童个人信息保护工作办法 · Markdown: https://datacompliancechina.com/laws/children-in-distress-pi-protection-measures.md · Working measures (Min Fa [2024] No. - [Provisions on the Protection of Minors by Schools (School Protection Provisions)](https://datacompliancechina.com/laws/minors-school-protection-provisions/) · ZH: 未成年人学校保护规定 · Markdown: https://datacompliancechina.com/laws/minors-school-protection-provisions.md · MOE Order No. - [Announcement of the State Administration for Market Regulation and the Cyberspace Administration of China on Carrying Out Data Security Management Certification (Data Security Certification Announcement)](https://datacompliancechina.com/laws/data-security-management-certification-announcement/) · ZH: 国家市场监督管理总局、国家互联网信息办公室关于开展数据安全管理认证工作的公告 · Markdown: https://datacompliancechina.com/laws/data-security-management-certification-announcement.md · Announcement (SAMR/CAC Announcement No. - [Guidelines for the Declaration of Data Export Security Assessment (Third Edition) (Data Export Declaration Guide (v3))](https://datacompliancechina.com/laws/data-export-assessment-declaration-guide-v3/) · ZH: 数据出境安全评估申报指南(第三版) · Markdown: https://datacompliancechina.com/laws/data-export-assessment-declaration-guide-v3.md · The CAC's third-edition procedural guide — issued and effective 27 June 2025 — sets out in detail who must file a Data Export Security Assessment declaration, the step-by-step filing process through the online declaration system (sjcj.cac.g… - [Implementation Guidelines for the Standard Contract for the Cross-Border Flow of Personal Information within the Guangdong-Hong Kong-Macao Greater Bay Area (Mainland, Macao) (GBA (Mainland-Macao) SCC Guidelines)](https://datacompliancechina.com/laws/gba-macao-cross-border-pi-standard-contract-guidelines/) · ZH: 粤港澳大湾区(内地、澳门)个人信息跨境流动标准合同实施指引 · Markdown: https://datacompliancechina.com/laws/gba-macao-cross-border-pi-standard-contract-guidelines.md · Jointly issued on 10 September 2024 by the CAC, the Economic and Technological Development Bureau of the Macao SAR, and the Personal Data Protection Bureau of the Macao SAR, these Implementation Guidelines establish a bilateral facilitation… - [Interim Measures for the Administration of Medical Institutions as Designated Medical Insurance Institutions](https://datacompliancechina.com/laws/medical-insurance-designated-institutions-measures/) · ZH: 医疗机构医疗保障定点管理暂行办法 · Markdown: https://datacompliancechina.com/laws/medical-insurance-designated-institutions-measures.md · Issued as Order No. - [Implementation Guidelines for the Standard Contract for the Cross-Border Flow of Personal Information within the Guangdong-Hong Kong-Macao Greater Bay Area (Mainland, Hong Kong) (GBA (Mainland-Hong Kong) SCC Guidelines)](https://datacompliancechina.com/laws/gba-hongkong-cross-border-pi-standard-contract-guidelines/) · ZH: 粤港澳大湾区(内地、香港)个人信息跨境流动标准合同实施指引 · Markdown: https://datacompliancechina.com/laws/gba-hongkong-cross-border-pi-standard-contract-guidelines.md · The 2023 GBA Mainland-Hong Kong facilitation arrangement jointly issued by the CAC and Hong Kong's Innovation, Technology and Industry Bureau on 10 December 2023, implementing the bilateral Memorandum of Cooperation on Promoting Cross-Borde… - [Announcement on Carrying Out the Reporting of Personal Information Protection Officer Information (PIPO Reporting Announcement)](https://datacompliancechina.com/laws/pi-protection-officer-reporting-announcement/) · ZH: 关于开展个人信息保护负责人信息报送工作的公告 · Markdown: https://datacompliancechina.com/laws/pi-protection-officer-reporting-announcement.md · The July 2025 CAC announcement operationalises the person-in-charge-of-personal-information-protection (PIPO) designation and filing requirement under PIPL Article 52 and Article 12 of the Administrative Measures for Personal Information Pr… - [Measures for the Supervision and Administration of the Quality of Medical Device Use](https://datacompliancechina.com/laws/medical-device-use-quality-measures/) · ZH: 医疗器械使用质量监督管理办法 · Markdown: https://datacompliancechina.com/laws/medical-device-use-quality-measures.md · This CFDA rule (Order No. - [Announcement on Carrying Out the Filing of Facial Recognition Technology Applications (FRT Filing Announcement)](https://datacompliancechina.com/laws/facial-recognition-application-filing-announcement/) · ZH: 关于开展人脸识别技术应用备案工作的公告 · Markdown: https://datacompliancechina.com/laws/facial-recognition-application-filing-announcement.md · This May 2025 CAC announcement operationalizes the filing duty established under Article 15 of the Facial Recognition Technology Application Security Measures (CAC and MPS Order No. - [Announcement on Submitting Reports on the Compliance Audit of Minors' Personal Information Protection (Minors PI Audit Reporting Announcement)](https://datacompliancechina.com/laws/minors-pi-compliance-audit-reporting-announcement/) · ZH: 关于报送未成年人个人信息保护合规审计情况的公告 · Markdown: https://datacompliancechina.com/laws/minors-pi-compliance-audit-reporting-announcement.md · Issued by the CAC on 29 December 2025, this short announcement operationalizes the annual compliance-audit-and-report obligation that Article 37 of the Regulations on the Protection of Minors in Cyberspace imposes on every personal informat… - [Measures for the Administration of Medical Device Recall](https://datacompliancechina.com/laws/medical-device-recall-measures/) · ZH: 医疗器械召回管理办法 · Markdown: https://datacompliancechina.com/laws/medical-device-recall-measures.md · This CFDA rule (Order No. - [Interim Measures for the Management of AI Anthropomorphic Interaction Services](https://datacompliancechina.com/laws/ai-anthropomorphic-interaction-measures/) · ZH: 人工智能拟人化互动服务管理暂行办法 · Markdown: https://datacompliancechina.com/laws/ai-anthropomorphic-interaction-measures.md · China's first regulation specifically targeting AI 'anthropomorphic interaction' — services where users converse with AI personas (virtual companions, chatbot relationships, character AI). - [Measures for the Administration of the Configuration and Use of Large Medical Equipment (Trial) (Large Medical Equipment Measures)](https://datacompliancechina.com/laws/large-medical-equipment-management-measures/) · ZH: 大型医用设备配置与使用管理办法(试行) · Markdown: https://datacompliancechina.com/laws/large-medical-equipment-management-measures.md · Issued jointly on 22 May 2018 by the National Health Commission and the National Medical Products Administration (document no. - [Measures for the Security Review of Foreign Investments (FISR Measures)](https://datacompliancechina.com/laws/foreign-investment-security-review-measures/) · ZH: 外商投资安全审查办法 · Markdown: https://datacompliancechina.com/laws/foreign-investment-security-review-measures.md · The Foreign Investment Security Review (FISR) Measures govern review of foreign investment in China that affects or may affect national security. - [Administrative Measures for the Application Security of Facial Recognition Technology (FRT Measures)](https://datacompliancechina.com/laws/facial-recognition-technology-application-measures/) · ZH: 人脸识别技术应用安全管理办法 · Markdown: https://datacompliancechina.com/laws/facial-recognition-technology-application-measures.md · The dedicated CAC + MPS rule for facial-recognition technology applications, implementing PIPL Articles 26 and 28–32 and the Civil Code privacy chapter. - [Interim Measures for the Registration and Administration of Public Data Resources](https://datacompliancechina.com/laws/public-data-registration-interim-measures/) · ZH: 公共数据资源登记管理暂行办法 · Markdown: https://datacompliancechina.com/laws/public-data-registration-interim-measures.md · The Interim Measures establish a nationally unified registration system for public data resources — data collections produced by Party and government organs and public institutions in the course of performing statutory duties or providing p… - [Implementation Specifications for Authorized Operation of Public Data Resources (Trial)](https://datacompliancechina.com/laws/public-data-authorized-operation-specifications/) · ZH: 公共数据资源授权运营实施规范(试行) · Markdown: https://datacompliancechina.com/laws/public-data-authorized-operation-specifications.md · Companion rule to the Public Data Registration Interim Measures (also NDRC + NDA, January 2025). - [Measures for the Administration of Cybersecurity Labels (Cybersecurity Label Measures)](https://datacompliancechina.com/laws/cybersecurity-label-management-measures/) · ZH: 网络安全标识管理办法 · Markdown: https://datacompliancechina.com/laws/cybersecurity-label-management-measures.md · A joint CAC–MIIT–MPS rule establishing a voluntary product-certification scheme — the 'China Cybersecurity Label' — for internet-connected products, layered into one/two/three-star tiers (basic, enhanced, and leading cybersecurity capabilit… - [Measures for the Ethics Review of and Services for Artificial Intelligence Science and Technology (Trial) (AI Ethics Review Measures (Trial))](https://datacompliancechina.com/laws/ai-ethics-review-service-measures/) · ZH: 人工智能科技伦理审查与服务办法(试行) · Markdown: https://datacompliancechina.com/laws/ai-ethics-review-service-measures.md · China's first dedicated departmental rule on AI-specific science-and-technology ethics review, issued jointly by MIIT, NDRC, MOE, MOST, NHC, PBOC, the CAC, and three other bodies. - [Rules on Pricing Conduct by Internet Platforms (Platform Pricing Rules)](https://datacompliancechina.com/laws/internet-platform-pricing-rules/) · ZH: 互联网平台价格行为规则 · Markdown: https://datacompliancechina.com/laws/internet-platform-pricing-rules.md · A joint NDRC/SAMR/CAC rule (29 articles, five-year mandate) that regulates how e-commerce and service platforms set, display, and compete on price. - [Provisions on the Protection of Trade Secrets (Trade Secret Protection Provisions)](https://datacompliancechina.com/laws/trade-secret-protection-provisions/) · ZH: 商业秘密保护规定 · Markdown: https://datacompliancechina.com/laws/trade-secret-protection-provisions.md · SAMR's rewrite of China's 1995 trade-secret enforcement rules — issued as Order No. - [Implementation Opinions on the Standardized Application and Innovative Development of AI Agents (AI Agent Implementation Opinions)](https://datacompliancechina.com/laws/ai-agent-standardization-innovation-opinion/) · ZH: 智能体规范应用与创新发展实施意见 · Markdown: https://datacompliancechina.com/laws/ai-agent-standardization-innovation-opinion.md · CAC, NDRC, and MIIT's joint policy blueprint for AI agents (智能体) — autonomous systems that perceive, remember, decide, and act — sets 38 initiatives to grow the industry while keeping it 'safe and controllable.' Most of the document is indu… - [Measures for the Classification of Online Information That May Affect the Physical and Mental Health of Minors (Minors Harmful-Info Classification Measures)](https://datacompliancechina.com/laws/minors-harmful-info-classification-measures/) · ZH: 可能影响未成年人身心健康的网络信息分类办法 · Markdown: https://datacompliancechina.com/laws/minors-harmful-info-classification-measures.md · A short but operationally important CAC-led rule that, for the first time, defines and catalogues a middle tier of online content: material that falls short of outright illegal content but may still harm minors' physical or mental health. ### National Standard - [GB/T 44297—2024 Data Items of Video and Image Information for Public Security (GB/T 44297—2024)](https://datacompliancechina.com/laws/gbt-44297-public-security-video-data-items/) · ZH: GB/T 44297—2024 公共安全视频图像信息数据项 · Markdown: https://datacompliancechina.com/laws/gbt-44297-public-security-video-data-items.md · GB/T 44297—2024 is the national recommended standard that specifies the data items used in public-security video image information systems — the underlying field-level schema that camera systems, video platforms, and analysis tools use to d… - [Cybersecurity Standards Practice Guide — Sensitive Personal Information Identification Guide (v1.0, September 2024) (TC260 Sensitive PI Guide)](https://datacompliancechina.com/laws/tc260-sensitive-pi-identification-guide/) · ZH: 网络安全标准实践指南 — 敏感个人信息识别指南 (v1.0-202409) · Markdown: https://datacompliancechina.com/laws/tc260-sensitive-pi-identification-guide.md · TC260's September 2024 practice guide for identifying sensitive personal information under PIPL Article 28. - [Specification for the Application and Administration of Electronic Medical Records (Trial) (EMR Application Specification)](https://datacompliancechina.com/laws/electronic-medical-records-application-specification/) · ZH: 电子病历应用管理规范(试行) · Markdown: https://datacompliancechina.com/laws/electronic-medical-records-application-specification.md · Issued jointly by the National Health and Family Planning Commission and the State Administration of Traditional Chinese Medicine in February 2017, this Specification sets out binding requirements for how healthcare institutions create, rec… - [Guiding Principles for Real-World Data Used to Generate Real-World Evidence (Trial) (RWD Guiding Principles)](https://datacompliancechina.com/laws/rwd-guiding-principles/) · ZH: 用于产生真实世界证据的真实世界数据指导原则(试行) · Markdown: https://datacompliancechina.com/laws/rwd-guiding-principles.md · Issued by NMPA-CDE on 13 April 2021, these guiding principles establish the technical framework for assessing whether real-world data is fit for use in generating real-world evidence to support drug regulatory decisions in China. - [Guidelines for the Security of Automotive Data Export (2026 Edition)](https://datacompliancechina.com/laws/automotive-data-export-security-guidelines/) · ZH: 汽车数据出境安全指引(2026版) · Markdown: https://datacompliancechina.com/laws/automotive-data-export-security-guidelines.md · These Guidelines give automotive data processors a practical, scenario-based roadmap for lawfully exporting automotive data under the Data Security Law, PIPL and the Network Data Security Management Regulation. - [Technical Requirements for Monitoring and Warning of Data Security in Civil Aviation (MH/T 3038—2025) (MH/T 3038—2025)](https://datacompliancechina.com/laws/civil-aviation-data-security-monitoring-requirements/) · ZH: 民用航空数据安全监测预警技术要求(MH/T 3038—2025) · Markdown: https://datacompliancechina.com/laws/civil-aviation-data-security-monitoring-requirements.md · MH/T 3038—2025 is a civil-aviation industry standard issued by the Civil Aviation Administration of China (CAAC), released July 18, 2025 and effective August 1, 2025. - [Implementing Guidelines for the Protection of Customer Data Security in Internet Data Centers](https://datacompliancechina.com/laws/idc-customer-data-security-guidelines/) · ZH: 互联网数据中心客户数据安全保护实施指引 · Markdown: https://datacompliancechina.com/laws/idc-customer-data-security-guidelines.md · Issued as MIIT General Office Cyber Security [2025] No. - [National Standards and Norms for Hospital Informatization Construction (Trial) (Hospital Informatization Standards)](https://datacompliancechina.com/laws/hospital-informatization-standards/) · ZH: 全国医院信息化建设标准与规范(试行) · Markdown: https://datacompliancechina.com/laws/hospital-informatization-standards.md · Issued on 2 April 2018 by the General Office of the National Health Commission (document no. - [Good Clinical Practice for Medical Devices (Device GCP)](https://datacompliancechina.com/laws/medical-device-clinical-trial-qms/) · ZH: 医疗器械临床试验质量管理规范 · Markdown: https://datacompliancechina.com/laws/medical-device-clinical-trial-qms.md · Issued jointly by the NMPA and the National Health Commission (Announcement No. - [Good Clinical Practice for Drugs (2020 Revision) (Drug GCP)](https://datacompliancechina.com/laws/drug-clinical-trial-qms/) · ZH: 药物临床试验质量管理规范(2020修订) · Markdown: https://datacompliancechina.com/laws/drug-clinical-trial-qms.md · Issued jointly by the NMPA and the National Health Commission (Announcement No. - [Data Security Technology — Rules for Data Classification and Grading (GB/T 43697-2024) (GB/T 43697)](https://datacompliancechina.com/laws/data-classification-grading-rules/) · ZH: 数据安全技术 数据分类分级规则 (GB/T 43697-2024) · Markdown: https://datacompliancechina.com/laws/data-classification-grading-rules.md · GB/T 43697-2024 is the foundational national standard operationalizing the data classification and grading protection system mandated by DSL Article 21. - [Information Security Technology — Personal Information Security Specification (GB/T 35273-2020) (GB/T 35273)](https://datacompliancechina.com/laws/gbt-35273-pi-security-specification/) · ZH: 信息安全技术 个人信息安全规范 (GB/T 35273-2020) · Markdown: https://datacompliancechina.com/laws/gbt-35273-pi-security-specification.md · GB/T 35273-2020 is China's foundational recommended national standard on personal information protection. - [Technical Guide for the Construction of Telemedicine Information Systems (2014 Edition) (Telemedicine System Technical Guide)](https://datacompliancechina.com/laws/telemedicine-information-system-technical-guide/) · ZH: 远程医疗信息系统建设技术指南(2014年版) · Markdown: https://datacompliancechina.com/laws/telemedicine-information-system-technical-guide.md · Issued in November 2014 by the National Health and Family Planning Commission, this technical guide is the normative reference document for designing, procuring, deploying, and accepting telemedicine information systems in China. - [Information Security Technology — Guide for Personal Information Security Impact Assessment (GB/T 39335-2020) (GB/T 39335)](https://datacompliancechina.com/laws/gbt-39335-pi-impact-assessment-guide/) · ZH: 信息安全技术 个人信息安全影响评估指南 (GB/T 39335-2020) · Markdown: https://datacompliancechina.com/laws/gbt-39335-pi-impact-assessment-guide.md · GB/T 39335-2020 is the recommended national standard that operationalizes the personal-information security impact assessment (PIA / 个人信息安全影响评估). - [Information Security Technology — Security Requirements for Network Data Processing (GB/T 41479-2022) (GB/T 41479)](https://datacompliancechina.com/laws/gbt-41479-network-data-processing-security/) · ZH: 信息安全技术 网络数据处理安全要求 (GB/T 41479-2022) · Markdown: https://datacompliancechina.com/laws/gbt-41479-network-data-processing-security.md · GB/T 41479-2022 is the recommended national standard specifying security requirements for the processing of network data — data collected, stored, transmitted, used, provided, disclosed and deleted through networks. - [Information Security Technology — Guide for Evaluation of Personal Information De-identification Effect (GB/T 42460-2023) (GB/T 42460)](https://datacompliancechina.com/laws/gbt-42460-deidentification-evaluation-guide/) · ZH: 信息安全技术 个人信息去标识化效果评估指南 (GB/T 42460-2023) · Markdown: https://datacompliancechina.com/laws/gbt-42460-deidentification-evaluation-guide.md · GB/T 42460-2023 is the recommended national standard for evaluating whether a personal-information de-identification process has actually worked. - [Information Security Technology — Implementation Guide for Notification and Consent in Personal Information Processing (GB/T 42574-2023) (GB/T 42574)](https://datacompliancechina.com/laws/gbt-42574-notification-consent-guide/) · ZH: 信息安全技术 个人信息处理中告知和同意的实施指南 (GB/T 42574-2023) · Markdown: https://datacompliancechina.com/laws/gbt-42574-notification-consent-guide.md · GB/T 42574-2023 is the recommended national standard that operationalizes PIPL's notification (告知) and consent (同意) obligations. - [Data Security Technology — Personal Information Processing Rules for Internet Platforms and Products/Services (GB/T 44588-2024) (GB/T 44588)](https://datacompliancechina.com/laws/gbt-44588-platform-pi-processing-rules/) · ZH: 数据安全技术 互联网平台及产品服务个人信息处理规则 (GB/T 44588-2024) · Markdown: https://datacompliancechina.com/laws/gbt-44588-platform-pi-processing-rules.md · GB/T 44588-2024 is a recommended national standard setting personal-information processing rules tailored to internet platforms and their products and services. - [Data Security Technology — Security Requirements for Automated Decision-Making Based on Personal Information (GB/T 45392-2025) (GB/T 45392)](https://datacompliancechina.com/laws/gbt-45392-automated-decision-security/) · ZH: 数据安全技术 基于个人信息的自动化决策安全要求 (GB/T 45392-2025) · Markdown: https://datacompliancechina.com/laws/gbt-45392-automated-decision-security.md · GB/T 45392-2025 is a recommended national standard setting security requirements for automated decision-making (自动化决策) that is based on personal information. - [Data Security Technology — Security Requirements for Processing Sensitive Personal Information (GB/T 45574-2025) (GB/T 45574)](https://datacompliancechina.com/laws/gbt-45574-sensitive-pi-processing-security/) · ZH: 数据安全技术 敏感个人信息处理安全要求 (GB/T 45574-2025) · Markdown: https://datacompliancechina.com/laws/gbt-45574-sensitive-pi-processing-security.md · GB/T 45574-2025 is a recommended national standard setting security requirements for processing sensitive personal information (敏感个人信息) as defined by PIPL Article 28. - [Data Security Technology — Data Security Risk Assessment Method (GB/T 45577-2025) (GB/T 45577)](https://datacompliancechina.com/laws/gbt-45577-data-security-risk-assessment/) · ZH: 数据安全技术 数据安全风险评估方法 (GB/T 45577-2025) · Markdown: https://datacompliancechina.com/laws/gbt-45577-data-security-risk-assessment.md · GB/T 45577-2025 is a recommended national standard specifying a method for assessing data security risk. - [Data Security Technology — Security Certification Requirements for Cross-Border Processing of Personal Information (GB/T 46068-2025) (GB/T 46068)](https://datacompliancechina.com/laws/gbt-46068-cross-border-pi-certification-requirements/) · ZH: 数据安全技术 个人信息跨境处理活动安全认证要求 (GB/T 46068-2025) · Markdown: https://datacompliancechina.com/laws/gbt-46068-cross-border-pi-certification-requirements.md · GB/T 46068-2025 is a recommended national standard setting the security requirements for certifying cross-border processing of personal information — the personal-information protection certification route that PIPL Article 38 offers as one… - [Data Security Technology — Guide to Social Responsibility for Data Security and Personal Information Protection (GB/T 46071-2025) (GB/T 46071)](https://datacompliancechina.com/laws/gbt-46071-data-protection-social-responsibility/) · ZH: 数据安全技术 数据安全和个人信息保护社会责任指南 (GB/T 46071-2025) · Markdown: https://datacompliancechina.com/laws/gbt-46071-data-protection-social-responsibility.md · GB/T 46071-2025 is a recommended national standard offering guidance on social responsibility in data security and personal information protection. - [Cybersecurity Standards Practice Guide — Personal Information Protection Compliance Audit Requirements (TC260 PI Audit Guide)](https://datacompliancechina.com/laws/tc260-pi-audit-practice-guide/) · ZH: 网络安全标准实践指南 — 个人信息保护合规审计要求 · Markdown: https://datacompliancechina.com/laws/tc260-pi-audit-practice-guide.md · This TC260 practice guide sets out requirements for conducting the personal-information-protection compliance audit that PIPL Article 54 requires handlers to perform periodically. - [Cybersecurity Standards Practice Guide — Personal Information Security Protection Requirements for Facial-Recognition Payment Scenarios (TC260 FRT Payment Guide)](https://datacompliancechina.com/laws/tc260-frt-payment-pi-guide/) · ZH: 网络安全标准实践指南 — 人脸识别支付场景个人信息安全保护要求 · Markdown: https://datacompliancechina.com/laws/tc260-frt-payment-pi-guide.md · This TC260 practice guide sets personal-information security protection requirements specific to facial-recognition payment (人脸识别支付) scenarios. - [Cybersecurity Standards Practice Guide — Personal Information Protection Requirements for QR-Code Ordering (TC260 QR Ordering Guide)](https://datacompliancechina.com/laws/tc260-qr-ordering-pi-guide/) · ZH: 网络安全标准实践指南 — 扫码点餐个人信息保护要求 · Markdown: https://datacompliancechina.com/laws/tc260-qr-ordering-pi-guide.md · This TC260 practice guide sets personal-information protection requirements for QR-code ordering (扫码点餐) in restaurants and similar settings — a response to the common practice of forcing customers to follow accounts, register, or hand over… - [Cybersecurity Standards Practice Guide — Implementation Guidelines for Network Data Security Risk Assessment (TC260 Data Risk Assessment Guide)](https://datacompliancechina.com/laws/tc260-data-security-risk-assessment-guide/) · ZH: 网络安全标准实践指南 — 网络数据安全风险评估实施指引 · Markdown: https://datacompliancechina.com/laws/tc260-data-security-risk-assessment-guide.md · This TC260 practice guide gives step-by-step implementation guidelines for conducting a network data security risk assessment. - [Data Security Technology — Requirements for Personal Information Transfer Based on Individual Requests (GB/T 46901—2025) (GB/T 46901-2025 (PI Portability))](https://datacompliancechina.com/laws/gbt-46901-pi-transfer-requirements/) · ZH: 数据安全技术 基于个人请求的个人信息转移要求(GB/T 46901—2025) · Markdown: https://datacompliancechina.com/laws/gbt-46901-pi-transfer-requirements.md · The first national standard implementing the personal-information-portability right in PIPL Article 45, effective July 1, 2026. ### Judicial Interpretation - [Provisions of the Supreme People's Court on Several Issues Concerning the Application of Law in the Trial of Civil Cases Involving the Use of Facial Recognition Technology to Process Personal Information (FRT Judicial Interpretation)](https://datacompliancechina.com/laws/facial-recognition-judicial-interpretation/) · ZH: 最高人民法院关于审理使用人脸识别技术处理个人信息相关民事案件适用法律若干问题的规定 · Markdown: https://datacompliancechina.com/laws/facial-recognition-judicial-interpretation.md · The Supreme People's Court's interpretation of how civil courts should apply law in cases involving facial recognition. - [Interpretation of the Supreme People's Court and the Supreme People's Procuratorate on Several Issues Concerning the Application of Law in Handling Criminal Cases of Infringing upon Citizens' Personal Information (PI Criminal Interpretation)](https://datacompliancechina.com/laws/pi-infringement-criminal-interpretation/) · ZH: 最高人民法院、最高人民检察院关于办理侵犯公民个人信息刑事案件适用法律若干问题的解释 · Markdown: https://datacompliancechina.com/laws/pi-infringement-criminal-interpretation.md · The principal judicial interpretation governing the crime of infringing upon citizens' personal information under Article 253a of the Criminal Law. - [Reply of the Research Office of the Supreme People's Procuratorate on the Solicitation of Opinions Concerning the Application of Law in the Crime of Infringing upon Citizens' Personal Information (SPP PI Crime Reply)](https://datacompliancechina.com/laws/spp-pi-crime-reply-letter/) · ZH: 最高人民检察院法律政策研究室关于侵犯公民个人信息罪有关法律适用问题征求意见的复函 · Markdown: https://datacompliancechina.com/laws/spp-pi-crime-reply-letter.md · A short reply letter (Fa Yan [2018] No. ### Draft for Consultation - [Measures for Cybersecurity Management in the Financial Sector (Draft for Comment) (Financial Sector Cybersecurity Measures (Draft))](https://datacompliancechina.com/laws/financial-sector-cybersecurity-management-measures-draft/) — draft · ZH: 金融业网络安全管理办法(征求意见稿) · Markdown: https://datacompliancechina.com/laws/financial-sector-cybersecurity-management-measures-draft.md · A July 3, 2026 public-consultation draft that would create a cross-financial-sector cybersecurity rulebook for financial institutions and other entities approved or recognized by China's State Council financial management departments. - [Data Security Technology — Personal Information Security Specification (2026 Draft for Comment) (GB/T 35273 (2026 draft))](https://datacompliancechina.com/laws/gbt-35273-2026-draft-pi-security-specification/) — draft · ZH: 数据安全技术 个人信息安全规范(征求意见稿) · Markdown: https://datacompliancechina.com/laws/gbt-35273-2026-draft-pi-security-specification.md · The 2026 draft revision of GB/T 35273 — released by TC260 for public comment on June 17, 2026 (project No. - [Implementing Rules for the Credit-Compliance Certification and Assessment of Pharmaceutical-Data Supplier Entities (Shenzhen Data Exchange — Draft / Redline) (Pharma-Data Supplier Credit-Compliance Rules (Draft))](https://datacompliancechina.com/laws/pharma-data-supplier-credit-compliance-rules-draft/) — draft · ZH: 医药数据供方主体信用合规认证评估实施细则(深圳数据交易所·征求意见/红线稿) · Markdown: https://datacompliancechina.com/laws/pharma-data-supplier-credit-compliance-rules-draft.md · A DRAFT, self-regulatory certification rule from the Shenzhen Data Exchange (深圳数据交易所) — not a government regulation. - [Provisions on the Collection and Use of Personal Information by Internet Applications (Draft for Public Consultation) (App PI Collection and Use Provisions (Draft))](https://datacompliancechina.com/laws/app-pi-collection-use-provisions-draft/) — draft · ZH: 互联网应用程序个人信息收集使用规定(征求意见稿) · Markdown: https://datacompliancechina.com/laws/app-pi-collection-use-provisions-draft.md · A 39-article CAC draft, opened for comment on January 10, 2026, that consolidates app-privacy regulation into a single instrument covering four classes of actors for the first time: app operators, SDK operators, distribution platforms (app… - [Cybercrime Prevention Law (Draft for Public Consultation) (Cybercrime Prevention Law (Draft))](https://datacompliancechina.com/laws/cybercrime-prevention-law-draft/) — draft · ZH: 网络犯罪防治法(征求意见稿) · Markdown: https://datacompliancechina.com/laws/cybercrime-prevention-law-draft.md · China's first standalone, comprehensive cybercrime statute, drafted by the Ministry of Public Security with a comment period that closed March 2, 2026. - [Measures for the Administration of Digital Virtual Human Information Services (Draft for Public Consultation) (Digital Virtual Human Measures (Draft))](https://datacompliancechina.com/laws/digital-virtual-human-info-service-measures-draft/) — draft · ZH: 数字虚拟人信息服务管理办法(征求意见稿) · Markdown: https://datacompliancechina.com/laws/digital-virtual-human-info-service-measures-draft.md · CAC's first dedicated regime for 'digital virtual humans' — human-driven or computation-driven digital avatars used to deliver Internet information services. - [Data Security Technology — Guide for Personal Information Protection by Small Personal Information Processors (Draft for Public Consultation) (Small PI Processor Protection Guide (Draft))](https://datacompliancechina.com/laws/small-pi-processor-protection-guide-draft/) — draft · ZH: 数据安全技术 小型个人信息处理者个人信息保护指南(征求意见稿) · Markdown: https://datacompliancechina.com/laws/small-pi-processor-protection-guide-draft.md · A TC260 draft national standard implementing PIPL Article 62's mandate to write simplified personal-information rules for small processors — those handling fewer than 100,000 people's personal information, such as small merchants, sole prop… - [Measures for the Administration of Cybersecurity in the Banking and Insurance Sectors (Draft for Public Consultation) (Banking & Insurance Cybersecurity Measures (Draft))](https://datacompliancechina.com/laws/banking-insurance-cybersecurity-measures-draft/) — draft · ZH: 银行业保险业网络安全管理办法(征求意见稿) · Markdown: https://datacompliancechina.com/laws/banking-insurance-cybersecurity-measures-draft.md · A July 10, 2026 public-consultation draft in which the National Financial Regulatory Administration (NFRA) would consolidate cybersecurity supervision of banking financial institutions, insurance financial institutions, and financial holdin… ## Featured briefings DCC briefings translate and frame Chinese-language commentary, regulatory bulletins, and policy interpretations for overseas counsel. - [China's Data Property Rights Registration Guide Is Final: The Draft-to-Trial Diff](https://datacompliancechina.com/posts/data-property-registration-guide-final-draft-diff/) — 2026-07-04 · Markdown: https://datacompliancechina.com/posts/data-property-registration-guide-final-draft-diff.md · On 1 July 2026, the National Data Administration issued the Data Property Rights Registration Work Guide (Trial), converting its April 2026 consultation draft into China's first national framework for registering the Right to Hold Data, Rig… - [China's AI-Companion Rule Takes Effect July 15 — A Clause-by-Clause Field Guide to What Actually Changed](https://datacompliancechina.com/posts/anthropomorphic-ai-measures-take-effect-field-guide/) — 2026-07-03 · Markdown: https://datacompliancechina.com/posts/anthropomorphic-ai-measures-take-effect-field-guide.md · China's Interim Measures for AI Anthropomorphic Interaction Services (人工智能拟人化互动服务管理暂行办法) — the world's first dedicated rule on 'companion'-style AI — take effect on 15 July 2026. - [Are You Caught by the Annual Assessment? TRIMPS's Self-Identification Guide for 'Important-Data Handlers'](https://datacompliancechina.com/posts/important-data-handler-self-identification-annual-assessment/) — 2026-06-25 · Markdown: https://datacompliancechina.com/posts/important-data-handler-self-identification-annual-assessment.md · With the Network Data Security Risk Assessment Measures (Order No. - [Li Yang: Why 'Data Rights-Confirmation' Is a Category Error — Dynamic Data Can't Be a Registration Object, and AUCL Article 13 Is the Better Path](https://datacompliancechina.com/posts/li-yang-against-data-rights-confirmation/) — 2026-06-24 · Markdown: https://datacompliancechina.com/posts/li-yang-against-data-rights-confirmation.md · DCC's summary of an opinion piece by Li Yang (李扬), professor at China University of Political Science and Law, arguing that the whole project of 'data rights-confirmation' (数据确权) — and the data-IP registration pilots run under it — rests on… - [How the Beijing Internet Court Found a Platform 'Lawfully Held' Its Data Under the New AUCL Article 13 — and Where It Meets the 'Right to Hold Data'](https://datacompliancechina.com/posts/aucl-data-clause-first-case-platform-scraping/) — 2026-06-24 · Markdown: https://datacompliancechina.com/posts/aucl-data-clause-first-case-platform-scraping.md · The Beijing Internet Court's 30 April 2026 judgment — the first published application of the data clause (Article 13) of the 2025-revised Anti-Unfair Competition Law, effective 15 October 2025 — turns on one threshold question: did the plai… - [Ctrip's ¥10 Million Fine: China's First Publicly Disclosed Cross-Border Data Penalty — and the 'Necessity' Doctrine Behind Four Cases](https://datacompliancechina.com/posts/ctrip-cross-border-data-fine-necessity-doctrine/) — 2026-06-15 · Markdown: https://datacompliancechina.com/posts/ctrip-cross-border-data-fine-necessity-doctrine.md · In June 2026 Shanghai's cyberspace authority fined Shanghai Ctrip Commerce ¥10 million for unlawfully exporting personal information without implementing data-export security-assessment requirements — the first time a Chinese cross-border d… - [CAC Names 30 Apps and Mini-Programs for PI Violations — Nearly Half for Ineffective Account Cancellation](https://datacompliancechina.com/posts/cac-2026-30-app-pi-notification-account-cancellation/) — 2026-06-12 · Markdown: https://datacompliancechina.com/posts/cac-2026-30-app-pi-notification-account-cancellation.md · On June 11, 2026 the Office of the Central Cyberspace Affairs Commission published a notification naming 30 apps and mini-programs for personal-information collection and use violations, found in testing organized under the 2026 CAC + MIIT… - [Data 'Parallel Property Rights' — They Can Confer Status, but Can't Secure Control](https://datacompliancechina.com/posts/data-parallel-property-rights/) — 2026-06-09 · Markdown: https://datacompliancechina.com/posts/data-parallel-property-rights.md · Part four — and the synthesis — of Hong Yanqing's (洪延青, 网安寻路人) study notes on China's 'separation of three rights' data-property framework takes up 'parallel property rights' (数据平行财产权): how to allocate rights when the *same* data is held, u… - [China's First AI-Ghostwritten 'Seeding Post' Case — a Duty of Care for Generative-AI Providers](https://datacompliancechina.com/posts/ai-seeding-post-unfair-competition-case/) — 2026-06-08 · Markdown: https://datacompliancechina.com/posts/ai-seeding-post-unfair-competition-case.md · China's first unfair-competition case over AI batch-ghostwritten 'seeding posts' (种草笔记 — the staged, first-person product-recommendation notes that drive discovery commerce on Xiaohongshu/RED). - [Why Upstream Won't Operate Its Data — Control Degradation, Derivative Data, and Irreducible Uncertainty](https://datacompliancechina.com/posts/data-operation-right-why-upstream-wont-share/) — 2026-06-08 · Markdown: https://datacompliancechina.com/posts/data-operation-right-why-upstream-wont-share.md · Part three of Hong Yanqing's (洪延青, 网安寻路人) study notes on China's 'separation of three rights' framework turns to the Right to Operate Data (数据经营权) — the right to provide data externally by transfer, licence, capital contribution, or pledge… - [When the 'Right to Use Data' Goes External — Provision, Derivative Data, and the Erosion of Upstream Control](https://datacompliancechina.com/posts/data-use-right-externalization/) — 2026-06-08 · Markdown: https://datacompliancechina.com/posts/data-use-right-externalization.md · Part two of Hong Yanqing's (洪延青, 网安寻路人) study notes on China's 'separation of three rights' data-property framework turns to the Right to Use Data (数据使用权). - [China Halts Data-Asset ABS: Exchanges Pull the Handbrake on a ¥200 Billion Pipeline](https://datacompliancechina.com/posts/data-asset-abs-suspended-window-guidance/) — 2026-06-05 · Markdown: https://datacompliancechina.com/posts/data-asset-abs-suspended-window-guidance.md · According to reporting by Caixin (财新) and 财联社 circulated on 3–5 June 2026, the Shanghai and Shenzhen stock exchanges issued window guidance bringing the entire data-asset ABS (数据资产ABS) business chain to a stop — new filings turned away, app… ## Recent briefings Full index at https://datacompliancechina.com/posts/ — 84 entries. - [The School Is Not a Bystander: Three Model Cases on Schools' Duties in Minors' Online Protection](https://datacompliancechina.com/posts/schools-role-minors-online-protection/) — 2026-07-15 · Markdown: https://datacompliancechina.com/posts/schools-role-minors-online-protection.md - [One Company, Four Reviews: JunHe Maps China's Security-Review 'Matrix' in the Security-First Era](https://datacompliancechina.com/posts/china-four-security-review-matrices/) — 2026-07-15 · Markdown: https://datacompliancechina.com/posts/china-four-security-review-matrices.md - [Doubao, Qwen, and NetEase Pull AI Companions Ahead of July 15 — Is Delisting to 'Stay Safe' the Right Move?](https://datacompliancechina.com/posts/ai-companion-delisting-anthropomorphic-rules/) — 2026-07-13 · Markdown: https://datacompliancechina.com/posts/ai-companion-delisting-anthropomorphic-rules.md - [Ten Questions Before July 15: A Compliance Q&A on China's AI Anthropomorphic Interaction Measures](https://datacompliancechina.com/posts/ai-anthropomorphic-services-compliance-qa/) — 2026-07-13 · Markdown: https://datacompliancechina.com/posts/ai-anthropomorphic-services-compliance-qa.md - [NFRA Opens Consultation on Banking and Insurance Cybersecurity Measures: 72 Articles, a Four-Tier Incident Scale, and a Hard CII Chapter](https://datacompliancechina.com/posts/nfra-banking-insurance-cybersecurity-measures-draft/) — 2026-07-13 · Markdown: https://datacompliancechina.com/posts/nfra-banking-insurance-cybersecurity-measures-draft.md - [The Negative-List Map, Region by Region: Ten Zones, Two Models, and the Year Data Export Went Province-Wide](https://datacompliancechina.com/posts/data-export-negative-lists-2026-national-registry/) — 2026-07-09 · Markdown: https://datacompliancechina.com/posts/data-export-negative-lists-2026-national-registry.md - [China's 2026 Draft E-Commerce Law Amendment: From Marketplace Transactions to Platform-Economy Governance](https://datacompliancechina.com/posts/ecommerce-law-2026-amendment-draft-platform-governance/) — 2026-07-04 · Markdown: https://datacompliancechina.com/posts/ecommerce-law-2026-amendment-draft-platform-governance.md - [China's Data Property Rights Registration Guide Is Final: The Draft-to-Trial Diff](https://datacompliancechina.com/posts/data-property-registration-guide-final-draft-diff/) — 2026-07-04 · Markdown: https://datacompliancechina.com/posts/data-property-registration-guide-final-draft-diff.md - [China's AI-Companion Rule Takes Effect July 15 — A Clause-by-Clause Field Guide to What Actually Changed](https://datacompliancechina.com/posts/anthropomorphic-ai-measures-take-effect-field-guide/) — 2026-07-03 · Markdown: https://datacompliancechina.com/posts/anthropomorphic-ai-measures-take-effect-field-guide.md - [MIIT Public-Naming Bulletin 2026 Batch 4 (Total Batch 57): 32 Apps and SDKs Cited for PI Violations, Excessive Permission Demands, and SDK Disclosure Failures](https://datacompliancechina.com/posts/miit-2026-batch-4-32-app-public-naming/) — 2026-07-02 · Markdown: https://datacompliancechina.com/posts/miit-2026-batch-4-32-app-public-naming.md - [TC260's Practice Guide on AI-Agent Deployment: A Five-Stage Lifecycle Checklist, Read Against PIPL, DSL, and CSL Obligations](https://datacompliancechina.com/posts/tc260-ai-agent-deployment-security-guidelines/) — 2026-07-02 · Markdown: https://datacompliancechina.com/posts/tc260-ai-agent-deployment-security-guidelines.md - [When Is a Business Partner a 'Joint Handler'? A Shanghai Insurance-Policy Leak Works Through PIPL Article 20](https://datacompliancechina.com/posts/joint-pi-processing-liability-insurance-policy-leak/) — 2026-07-02 · Markdown: https://datacompliancechina.com/posts/joint-pi-processing-liability-insurance-policy-leak.md - [First Filing Under Shanghai's Citywide Data-Export Negative List: Inditex's China Arm Drops from Security Assessment to Standard-Contract Filing](https://datacompliancechina.com/posts/shanghai-data-export-negative-list-first-filing/) — 2026-07-02 · Markdown: https://datacompliancechina.com/posts/shanghai-data-export-negative-list-first-filing.md - [From Naming to Takedown: Shanghai Pulls 46 Apps That Missed the Rectification Window](https://datacompliancechina.com/posts/shanghai-46-app-takedown-failure-to-rectify/) — 2026-06-25 · Markdown: https://datacompliancechina.com/posts/shanghai-46-app-takedown-failure-to-rectify.md - [Are You Caught by the Annual Assessment? TRIMPS's Self-Identification Guide for 'Important-Data Handlers'](https://datacompliancechina.com/posts/important-data-handler-self-identification-annual-assessment/) — 2026-06-25 · Markdown: https://datacompliancechina.com/posts/important-data-handler-self-identification-annual-assessment.md - [Li Yang: Why 'Data Rights-Confirmation' Is a Category Error — Dynamic Data Can't Be a Registration Object, and AUCL Article 13 Is the Better Path](https://datacompliancechina.com/posts/li-yang-against-data-rights-confirmation/) — 2026-06-24 · Markdown: https://datacompliancechina.com/posts/li-yang-against-data-rights-confirmation.md - [How the Beijing Internet Court Found a Platform 'Lawfully Held' Its Data Under the New AUCL Article 13 — and Where It Meets the 'Right to Hold Data'](https://datacompliancechina.com/posts/aucl-data-clause-first-case-platform-scraping/) — 2026-06-24 · Markdown: https://datacompliancechina.com/posts/aucl-data-clause-first-case-platform-scraping.md - [From Consent to Governance: What the 2026 Draft Revision of GB/T 35273 Changes Against the 2020 Standard](https://datacompliancechina.com/posts/gbt-35273-2026-revision-from-consent-to-governance/) — 2026-06-23 · Markdown: https://datacompliancechina.com/posts/gbt-35273-2026-revision-from-consent-to-governance.md - [From Principle to Running System: How the Network Data Security Risk Assessment Measures Operationalize the Data Security Law](https://datacompliancechina.com/posts/network-data-risk-assessment-measures-operationalizing-the-dsl/) — 2026-06-18 · Markdown: https://datacompliancechina.com/posts/network-data-risk-assessment-measures-operationalizing-the-dsl.md - [Guangdong Prices the Public-Data Operator Like a Utility: Inside the Province's Authorized-Operation Price-Management Measures](https://datacompliancechina.com/posts/guangdong-public-data-operation-pricing-measures/) — 2026-06-17 · Markdown: https://datacompliancechina.com/posts/guangdong-public-data-operation-pricing-measures.md ## Enforcement tracker - [Enforcement tracker](https://datacompliancechina.com/enforcement/): chronicle of public enforcement actions by MIIT, CAC, MPS, SAMR, and sector regulators. ## Optional - [RSS feed](https://datacompliancechina.com/rss.xml): structured feed of all briefings. - [Sitemap](https://datacompliancechina.com/sitemap-index.xml): full URL inventory. - [Manifest](https://datacompliancechina.com/manifest.json): JSON catalog of all briefs, laws, and glossary entries with metadata and markdown URLs. - [Subscribe](https://datacompliancechina.com/): weekly Monday digest of new briefings (Resend).