Skip to content
DCC · DATA COMPLIANCE CHINA China data law, for overseas counsel.
§ TAG · DSL

Filed under dsl

Every brief tagged "dsl".

  • § 01 · RISK-ASSESSMENT

    From Principle to Running System: How the Network Data Security Risk Assessment Measures Operationalize the Data Security Law

    On June 18, 2026 the CAC, MIIT and the Ministry of Public Security jointly issued the Measures for Network Data Security Risk Assessment as Order No. 24, effective August 20, 2026. The 25-article rule adds no new substantive duty; it turns the Data Security Law's open-ended 'conduct risk assessment' obligation into an executable, verifiable, trigger-able governance system. DCC reads it as a three-tier standing model plus an event-driven escalation layer: important-data handlers must assess every year (general-data handlers are encouraged to every three), retain the report for three years and submit it within 20 working days; sectoral competent authorities run annual inspection plans filed by end-January; the national cyberspace administration consolidates and cross-shares reports with telecom, public-security and state-security departments; and where a high-risk finding or a breach of important data or large-scale personal information appears, regulators can compel assessment by a certified institution and order the operator to cease processing important data. The four institutional increments over the DSL: an annual mandatory action, networked multi-department supervision, a three-track assessment structure, and dynamic event-triggered oversight.

    risk-assessment · network-data · data-security
  • § 02 · IMPORTANT-DATA

    'Important Data' Is a Category, Not a Tier

    Hong Yanqing argues the mainstream reading of Article 21 of the Data Security Law confuses enterprise asset-inventory language with state-level legal-interest protection — with real consequences for cross-border transfers, enforcement, and how PIPL and DSL stack.

    important-data · dsl · commentary
  • § 03 · IMPORTANT-DATA

    How to Identify 'Important Data' — A Plain-Language Method from Wang Qinglan

    Wang Qinglan, head of compliance at a Chinese data exchange, walks through China's unique 'important data' concept in plain language: where it came from, why no other major jurisdiction has anything quite like it, how the U.S., EU, Japan and Korea solve the same problem differently, and — most useful for compliance teams — three methods to identify whether a dataset is 'important' in practice. Her own 'unorthodox' shortcut: ask whether a hostile foreign actor could use this data to cause trouble. If yes, treat it as important data.

    important-data · data-classification · cross-border
§ SUBSCRIBE

The Monday brief.

One short email every Monday. New briefs on Chinese data-compliance rules from the previous week, with the source law cited.

Opt-in only. Unsubscribe anytime by replying "unsubscribe" to any issue.

SUPPORT DCC

Keep the publication free to read. Suggested support is $19.99, or choose your own amount.

Support →