Regulation Active Policy

Cross-Border Data Transfer Regulations (Updated 2025)

Published: September 15, 2025

Executive Summary

China relaxed its cross-border data transfer rules in September 2025, exempting many routine business data transfers from security assessments. The updated framework simplifies compliance for foreign companies handling HR, procurement, and non-sensitive operational data.

Key Points

1

Routine HR, procurement, and non-sensitive operational data transfers exempted from security assessment requirements

2

Data that does not contain "important data" or personal information of more than 100,000 individuals is exempt

3

Free trade zones granted additional flexibility for data exports in pilot programs

4

Negative list approach adopted: data categories requiring assessment are specified, everything else is permitted

5

Foreign companies still need to classify their data and maintain transfer records for compliance

6

Significant improvement from the strict 2022 framework — estimated 80% of routine business transfers now exempt