- China’s Cross-Border Data Transfer (CBDT) rules have generated significant uncertainty for international companies reliant on cross-border data flows, raising the compliance costs of data governance.
- Attempting to address these concerns, China’s government recently started to relax some CBDT rules, especially for global data flows of foreign companies.
- Following the summit between the EU and China in December 2023, EU Commission President Ursula von der Leyen highlighted China’s promise to provide clarity on CBDTs.
- Although CBDT compliance mechanisms are already in place, only a small number of companies obtained CBDT approvals so far. By the end of 2023, five foreign auto companies were known to have passed the complicated process of the necessary security assessment by the Cyberspace Administration of China.
- The automotive industry is currently a focal point for enforcing data security rules. For example, MIIT recently requested BMW Brilliance to explain the overall design and implementation of its data security systems.
- In other key industries, such as aviation and pharmaceuticals, no foreign-invested enterprises are known to have passed the security assessment.
- In 2024, further regulations to ease CBDT restrictions are expected. Within the currently emerging adjusted CBDT framework, companies’ operational data, like HR data, may be freely transferred across borders without requiring regulatory approval.
Sinolytics is a research-based business consultancy entirely focused on China. It advises European companies on their strategic orientation and specific business activities in the People’s Republic.