Skip to content

China’s New Regulation: Security Assessment Required for Sending Important Auto Data Overseas

China’s car sharing company Didi Chunxing was subject to a state security audit after its Initial Public Offering (IPO) in the United States in late June. Recently, Beijing issued new regulations requiring that important car data be stored within the country and that a security assessment be implemented before any data leaves China.

According to China’s state media such as Xinhua News Agency, the “automobile data security management regulations (for trial implementation),” effective October 1, 2021, were jointly promulgated by the State Internet Information Office of China, the National Development and Reform Commission, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the Ministry of Transportation.

The regulations state that, if there is a need to provide important data outside the country for business purposes, the auto data operator should implement a security assessment and should not let the data leave the country in violation of the security assessment. The operators are required to report such data activities in their annual report.

The regulations point out that the auto data carrier, when conducting important data processing activities, should follow the provisions of the risk assessment, and submit the security risk assessment report to local authorities. The national cyber authorities will spot-check the security assessment. Car data processors are supposed to cooperate.

Source: Central News Agency, August 20, 2021