On the eve of the “Golden Week” in China, the Cyberspace Administration of China (CAC) published the draft Provisions on Regulating and Promoting Cross-Border Data Transfers (the “Draft Provisions”) on 28 September 2023.1
The Draft Provisions provide a welcome rollback of some of the onerous cross-border data transfer regime, first introduced by the Personal Information Protection Law (PIPL) in November 2021,2 and seem to address some of the concerns raised by many companies operating in the People’s Republic of China (PRC) that compliance with the cross-border data transfer requirements was very difficult to achieve.