Hunton Andrews Kurth writes:
On April 29, 2022, the National Information Security Standardization Technical Committee of China issued a draft version of the Cybersecurity Standard Practice Guidelines – Technical Specification on Certification of Personal Information Cross-border Transfer Activities (the “Guidelines”). The public comment period for the Guidelines closed May 13, 2022. The Guidelines establish the basic requirements for personal information protection certifications, which are one of four cross-border transfer mechanisms permitted under Article 38 of China’s Personal Information Protection Law (“PIPL”).
Certifications for personal information cross-border processing are voluntary, as there are other means by which cross-border processing can occur. However, the Chinese government nonetheless recommends that parties seek certification by qualified entities, which will be named at a later date. The key provisions of the Guidelines are listed below.
Read more at Privacy & Information Security Law Blog.