Description

Updated national standards governing cross-border data transfers take effect on March 1, 2026. Data processors in China must satisfy at least one compliance pathway: passing CAC security assessment or obtaining personal information protection certification.

Requirements

Determine applicable cross-border data transfer pathway
Complete CAC security assessment or obtain PI protection certification
Update data transfer impact assessments
Review Standard Contractual Clauses for compliance
Document cross-border data flows and compliance pathway

Applicable To

Organizations transferring personal data out of ChinaMultinational companies with China operations

Penalty Information

⚠Subject to China CSL penalties including fines up to RMB 10 million and potential data transfer suspension.

days remaining

March 1, 2026

Share:X in @

Framework

NIST CSF

National Institute of Standards and Technology Cybersecurity Framework

Related NIST CSF Deadlines

China Amended Cybersecurity Law - In Effect
January 1, 2026
NAIC Insurance Data Security Model Law - Alaska
January 1, 2026
NIST Quarterly Vulnerability Scanning Q1
March 31, 2026
NYDFS Part 500 - Annual Certification Filing
April 15, 2026

China Cross-Border Data Transfer Certification Rules