The document was jointly issued by the Cyberspace Administration of China and the State Administration for Market Regulation.
These regulations require relevant entities to fulfill obligations, including notifying individuals, obtaining their separate consent and conducting a personal information protection assessment, before applying for certification to transfer personal information abroad.
It also specifies details such as the certification application process, certificate validity period, obligations of professional certification bodies and relevant supervision requirements.
The regulations will take effect on Jan. 1, 2026.
Source: english.www.gov.cn
