On January 1, 2025, the Network Data Security Management Regulations came into force in China, introducing a stricter framework for handling personal information, managing cross-border data flows, and holding platform operators accountable. These changes will have a significant impact on businesses operating in or with China, particularly in industries that rely on data-driven processes and international data transfers.
In this article, we highlight the key aspects of the upcoming regulations and what they mean for companies that need to stay compliant in a fast-evolving legal landscape.
In diesem Blogbeitrag fassen wir die wesentlichen Aspekte der neuen Vorschriften zusammen und erklären, welche Maßnahmen global tätige Unternehmen ergreifen sollten, um in der dynamischen Vuca Welt rechtssicher zu handeln.
1. Strengthening the protection of personal information
The new regulations place a strong focus on the protection of personal information. The need for transparency, consent, and safeguarding individual rights is outlined. Companies are required to inform individuals about data processing activities, obtain explicit consent for data collection, and provide mechanisms for users to access, modify, or delete their data.
For businesses, this means a more structured and transparent approach to handling personal data. Failure to comply could result in penalties, reputational damage, and restrictions on operations in China.
2. Cross-border data transfers under strict scrutiny
The regulations also introduce new rules for the cross-border transfer of personal data. Companies must undergo a security assessment before transferring data outside of China and ensure compliance with data protection standards even after the data leaves the country.
These changes are particularly relevant for multinational companies and international supply chains, which often require data to flow across borders. Businesses must ensure they have the appropriate safeguards and contracts in place to manage these data flows in line with the new regulations.
3. New obligations for digital platform providers
The new regulations also focus on the responsibilities of digital platform operators, particularly large platforms that play a gatekeeping role in managing data. The duty to protect user data, manage personalized recommendations, and mitigate risks related to data security breaches are integral parts of the regulation.
In addition, “gatekeeper” obligations are introduced, inspired by international regulatory trends. These provisions require large platforms to implement enhanced data security measures and regular assessments of their risk management processes.
For companies that operate large digital platforms or offer personalized services, this represents a significant regulatory shift. These businesses will need to adjust their security protocols and data governance structures to ensure compliance.
Why acting now is crucial:
The Network Data Security Management Regulations will have significant implications for businesses operating in or with China. Companies must ensure that their compliance frameworks are capable of handling these new obligations. From managing personal information and cross-border data transfers to meeting the specific requirements for digital platforms, companies need to take action to minimize legal risks and ensure continuous compliance.
Businesses should start step by step: