China Releases Official Regulations on Network Data Security

by Richard Ma, Joanna Jiang, Chris Beall, and Dimitri Phillips

On 30 September 2024, the finalized, binding version of the Regulations on Network Data Security (“NDS Regulations”) was released by China’s State Council; it will be implemented from 1 January 2025. Nearly three years since the draft was first released to widespread attention, the finalized NDS Regulations now officially reiterate the data protection obligations imposed under China’s existing cybersecurity framework, including the Cybersecurity Law (“CSL”), the Data Security Law (“DSL”), the Personal Information Protection Law (“PIPL”), and various implementing rules and regulations regarding cross-border data transfers. The NDS Regulations also provide some additional forms of specific guidance, detailed requirements, and clarifications on China’s existing cybersecurity framework. This Newsletter focuses on such additional content, and how the NDS Regulations supplement and clarify China’s existing cybersecurity/data regime.

To read the full Newsletter, please click the download link below.