China Laws Portal - CJO

Find China's laws and official public documents in English

EnglishArabicChinese (Simplified)DutchFrenchGermanHindiItalianJapaneseKoreanPortugueseRussianSpanishSwedishHebrewIndonesianVietnameseThaiTurkishMalay

Data Security Law of China (2021)

数据安全法

Type of laws Law

Issuing body Standing Committee of the National People's Congress

Promulgating date Jun 10, 2021

Effective date Sep 01, 2021

Validity status Valid

Scope of application Nationwide

Topic(s) Personal Data Protection

Editor(s) C. J. Observer

Data Security Law was promulgated on 10 June 2021, and entered into force on 1 Sept. 2021.

There are 55 articles in total. The Law aims to regulate data processing activities, ensure data security, promote the development and utilization of data, protect the legitimate rights and interests of individuals and organizations, and safeguard the sovereignty, security and development interests of the State.

The key points are as follows:

  1. This Law shall apply to the data processing activities and the security supervision thereof within the territory of the People’s Republic of China. Anyone engaging in data processing activities outside the territory of the People’s Republic of China that jeopardize the national security, public interests or the legitimate rights and interests of citizens or organizations will be held legally liable in accordance with the law.

  2. The State shall establish a system for categorized and hierarchical data protection, which protects data by category and hierarchy according to the importance of data in economic and social development, and the damage caused to national security, public interests or legitimate rights and interests of individuals and organizations in the event of tampering, destruction, leakage, or illegal access or use of data.

  3. The State shall establish a data security review system to review data processing activities that affect or may affect national security. The State shall implement export control over the data which falls under controlled items and is related to the safeguarding of national security and interests and the fulfillment of international obligations in accordance with the law.

  4. The competent authorities of the People’s Republic of China shall, in accordance with the relevant laws and the international treaties and agreements concluded or acceded to by the People’s Republic of China, or under the principles of equality and reciprocity, handle requests from foreign judicial or law enforcement authorities for the provision of data. In the absence of the approval of the competent authorities of the People’s Republic of China, no domestic organization or individual may provide foreign judicial or law enforcement authorities with data stored within the territory of the People’s Republic of China.

This English translation comes from the PRC National People’s Congress Official Website. In the near future, a more accurate English version translated by us will be available on China Laws Portal.