Despite being brought into force over two years ago, uncertainty remains regarding the application of China’s Cybersecurity Law (CSL). This largely stems from the fact that many of the supplemental measures and guidelines issued by the Chinese authorities still remain in draft format.
On 28 May 2019 and 13 June 2019, respectively, the new draft Measures for Data Security Management (New Draft Security Management Measures) and the new draft Measures on Security Assessment of the Cross-Border Transfer of Personal Information (New Draft Cross-Border PI Measures) were issued for public consultation. These recent drafts appear to depart significantly from the draft Security Assessment Measures for the Cross-Border Transfer of Personal Information and Important Data, which were issued in 2017. More stringent and detailed requirements now appear to be the norm, particularly regarding the cross-border transfer of personal information and important data.