Important-Data

China’s Data Security Law of 2021 complements the Cybersecurity Law with comprehensive data governance. It establishes a classification system: ‘core data’ relating to national security receives the highest protection; ‘important data’ in regulated catalogs requires security assessments before cross-border transfer; ‘general data’ faces fewer restrictions. All data processing must serve China’s national security and development interests. Organizations must cooperate with government data requests and maintain security measures. The law has extraterritorial reach: activities outside China harming Chinese national security or citizens’ interests can be penalized. For international organizations, the Data Security Law complicates cross-border data flows—transferring data from China to headquarters may require government approval and security assessments.