Measures for the Security Assessment of Outbound Data Transfer

Measures for the Security Assessment of Outbound Data Transfer [Effective]

数据出境安全评估办法 [现行有效]

【法宝引证码】

Issuing authority： Other Institutions of the Central Government,Others,All Offices (others),All Other Centers
Document Number： Order No. 11 of the Cyberspace Administration of China
Date issued： 07-07-2022
Effective date: 09-01-2022
Level of Authority: Departmental Rules
Area of Law:Public Security


Order of the Cyberspace Administration of China		国家互联网信息办公室令
(No. 11)		（第11号）
The Measures for the Security Assessment of Outbound Data Transfer, as deliberated and adopted at the 10th executive meeting of the Cyberspace Administration of China in 2022 on May 19, 2022, are hereby issued and shall come into force on September 1, 2022.		《数据出境安全评估办法》已经2022年5月19日国家互联网信息办公室2022年第10次室务会议审议通过，现予公布，自2022年9月1日起施行。
Zhuang Rongwen, Director of the Cyberspace Administration of China		国家互联网信息办公室主任庄荣文
July 7, 2022		2022年7月7日
Measures for the Security Assessment of Outbound Data Transfer		数据出境安全评估办法
Article 1 These Measures are developed in accordance with the Cybersecurity Law of the People's Republic of China, the Data Security Law of the People's Republic of China, the Personal Information Protection Law of the People's Republic of China, and other applicable laws and regulations for the purposes of regulating outbound data transfer activities, protecting personal information rights and interests, safeguarding national security and public interest, and promoting the safe and free cross-border flow of data.		第一条　为了规范数据出境活动，保护个人信息权益，维护国家安全和社会公共利益，促进数据跨境安全、自由流动，根据《中华人民共和国网络安全法》、《中华人民共和国数据安全法》、《中华人民共和国个人信息保护法》等法律法规，制定本办法。
Article 2 These Measures shall apply to the security assessment of data processors' provision of important data and personal information collected and generated in their operations within the territory of the People's Republic of China to overseas recipients. If it is otherwise provided for in any law or administrative regulation, such provisions shall prevail.		第二条　数据处理者向境外提供在中华人民共和国境内运营中收集和产生的重要数据和个人信息的安全评估，适用本办法。法律、行政法规另有规定的，依照其规定。
Article 3 The security assessment of outbound data transfer shall adhere to the integration of prior assessment and continuous supervision and the integration of risk self-assessment and security assessment, so as to prevent security risks arising from outbound data transfer and ensure the orderly and free flow of data in accordance with the law.		第三条　数据出境安全评估坚持事前评估和持续监督相结合、风险自评估与安全评估相结合，防范数据出境安全风险，保障数据依法有序自由流动。
Article 4 To provide data abroad under any of the following circumstances, a data processor shall apply to the national cyberspace administration for the security assessment of the outbound data transfer through the local provincial cyberspace administration:		第四条　数据处理者向境外提供数据，有下列情形之一的，应当通过所在地省级网信部门向国家网信部门申报数据出境安全评估：
(1) The data processor provides important data abroad.		（一）数据处理者向境外提供重要数据；
(2) The critical information infrastructure operator or the data processor that has processed the personal information of over one million people provides personal information abroad.		（二）关键信息基础设施运营者和处理100万人以上个人信息的数据处理者向境外提供个人信息；
(3) The data processor that has provided the personal information of over 100,000 people or the sensitive personal information of over 10,000 people cumulatively since January 1 of the previous year provides personal information abroad.		（三）自上年1月1日起累计向境外提供10万人个人信息或者1万人敏感个人信息的数据处理者向境外提供个人信息；
(4) Any other circumstance where an application for the security assessment of outbound data transfer is required by the national cyberspace administration.		（四）国家网信部门规定的其他需要申报数据出境安全评估的情形。
Article 5 A data processor shall, before applying for the security assessment of outbound data transfer, conduct a self-assessment of the risks in the outbound data transfer with a focus on the assessment of the following matters:		第五条　数据处理者在申报数据出境安全评估前，应当开展数据出境风险自评估，重点评估以下事项：
(1) The legality, legitimacy, and necessity of the purpose, scope, and method, among others, of the outbound data transfer and data processing by the overseas recipient.		（一）数据出境和境外接收方处理数据的目的、范围、方式等的合法性、正当性、必要性；
(2) The size, scope, type, and sensitivity of the data to be transferred abroad, and the risks that the outbound data transfer may endanger national security, public interest, or the lawful rights and interests of individuals or organizations.		（二）出境数据的规模、范围、种类、敏感程度，数据出境可能对国家安全、公共利益、个人或者组织合法权益带来的风险；
(3) The responsibilities and obligations that the overseas recipient undertakes to assume, and whether the overseas recipient's management and technical measures and capabilities, among others, to perform its responsibilities and obligations can ensure the security of the data to be transferred abroad.		（三）境外接收方承诺承担的责任义务，以及履行责任义务的管理和技术措施、能力等能否保障出境数据的安全；
(4) The risk that the data may be tampered with, destroyed, divulged, lost, transferred, illegally obtained, or illegally used, among others, during and after the outbound data transfer;and whether the channels for the protection of personal information rights and interests are smooth, among others.		（四）数据出境中和出境后遭到篡改、破坏、泄露、丢失、转移或者被非法获取、非法利用等的风险，个人信息权益维护的渠道是否通畅等；
(5) Whether data security protection responsibilities and obligations are fully agreed upon in the contract to be concluded with the overseas recipient in relation to the outbound data transfer or any other legally binding document, among others (hereinafter collectively referred to as the “legal documents”).		（五）与境外接收方拟订立的数据出境相关合同或者其他具有法律效力的文件等（以下统称法律文件）是否充分约定了数据安全保护责任义务；
(6) Other matters that may affect the security of the outbound data transfer.		（六）其他可能影响数据出境安全的事项。
Article 6 To apply for the security assessment of outbound data transfer, the following materials shall be submitted:		第六条　申报数据出境安全评估，应当提交以下材料：
(1) A written application.		（一）申报书；
(2) A report on the self-assessment of the risks in the outbound data transfer.		（二）数据出境风险自评估报告；
(3) The legal documents to be concluded between the data processor and the overseas recipient.		（三）数据处理者与境外接收方拟订立的法律文件；
．．．．．．		．．．．．．
Dear visitor,you are attempting to view a subscription-based section of lawinfochina.com. If you are already a subscriber, please login to enjoy access to our databases . If you are not a subscriber, please subscribe . Should you have any questions, please contact us at: +86 (10) 8268-9699 or +86 (10) 8266-8266 (ext. 153) Mobile: +86 133-1157-0713 Fax: +86 (10) 8266-8268 database@chinalawinfo.com		您好：您现在要进入的是北大法律英文网会员专区，如您是我们英文用户可直接登录，进入会员专区查询您所需要的信息；如您还不是我们的英文用户，请注册并交纳相应费用成为我们的英文会员。如有问题请来电咨询； Tel: +86 (10) 82689699, +86 (10) 82668266 ext. 153 Mobile: +86 13311570713 Fax: +86 (10) 82668268 E-mail: database@chinalawinfo.com

【法宝引证码】北大法宝www.lawinfochina.com

Message: Please kindly comment on the present translation.

Confirmation Code:

Click image to reset code!

Translations are by lawinfochina.com, and we retain exclusive copyright over content found on our website except for content we publish as authorized by respective copyright owners or content that is publicly available from government sources.

Due to differences in language, legal systems, and culture, English translations of Chinese law are for reference purposes only. Please use the official Chinese-language versions as the final authority. lawinfochina.com and its staff will not be directly or indirectly liable for use of materials found on this website.

We welcome your comments and suggestions, which assist us in continuing to improve the quality of our materials.