On March 21, 2024, The National Information Security Standardization Technical Committee of China (TC260) released the Data Security Technology - Rules for Data Classification and Grading,set to take effect on October 1, 2024. This document lays the groundwork for a comprehensive framework, providing definitive guidance for data classification and grading.
Following closely on March 22, the Cyberspace administration of China (CAC) released the final version of the Regulations on Promoting and Regulating Cross-border Data Flows(CBDF). Alongside, updates to the Guidelines for the Declaration of Data Transfer Security Assessment (Ver. 2) and the Guidelines for the Filing of Standard Contracts for the Transfer of Personal Information (Ver. 2) were also published.
The Regulations on CBDF build upon the essence of the previous draft, refining areas of previous debate and delivering greater clarity on the legal obligations and responsibilities associated with CBDF. The updated guidelines resonate with these regulations, reflecting the insights gleaned from the CAC's initial review processes and showcasing enhancements to the efficiency and simplification of the procedures for application of SA and recordal of SCCs.
With the consecutive implementation of these data related documents in recent days, China's regulatory framework for data flows and standardizations is progressively evolving into a more comprehensive and coherent system.