On May 27, 2017, the National Standardization Technical Committee for Information Security (“Technical Committee”) promulgated a draft for comment of the Information Security Technology – Guidelines for Data Cross-Border Transfer Security Assessment (Draft) (the “Guidelines”), in order to supplement the personal information and important data export assessment requirements stipulated under Cybersecurity Law, which came into force on June 1, 2017.
The Technical Committee, which is subordinate to the National Standardization Management Committee, is in charge of state information security standardization work under the guidance of the Office of the Central Leading Group for Cyberspace Affairs. Although the assessment standards referred in the Guidelines are not mandatory and are intended only for reference purposes, we believe these standards may reflect the attitude of regulators to some extent and therefore may provide practical guidance related to data export security assessments, particularly since the Cybersecurity Law and the forthcoming Measures on Security Assessments for Personal Information and Important Data to be Transmitted Abroad (Draft) (the “Measures”) leave open questions as to personal information and important data export security assessments.