Just one week following the release of the draft Rules concerning the Standard Contract for Cross-Border Transfers of Personal Information, the Cyberspace Administration of China finalized and issued the long-awaited Measures for the Security Assessment of Transfers of Data Abroad on 7 July 2022. The Measures provide the implementation rules and guidelines concerning the security assessment mechanism for cross-border data transfers outside of China, as established in China’s three overarching data protection laws, the Cybersecurity Law, the Data Security Law and the Personal Information Protection Law. The Measures will take effect and will be implemented from 1 September 2022. Companies will have a grace period of six months to comply with the Measures.
On 30 June 2022, the Cyberspace Administration of China released the draft Rules concerning the Standard Contract for Cross-Border Transfer of Personal Information together with the draft Standard Contractual Clauses (China SCCs) for public consultation. The China SCCs for cross-border transfer of personal information are one of the three mechanisms for transferring personal information outside of China as stipulated in the Personal Information Protection Law of China.