Processor Obligations in the Chinese Network and Data Security System

Abstract

On 30 August 2024, the Chinese State Council passed the “Regulation on the Administration of Network Data Security”, which has been in effect since 1 January 2025. This regulation consolidates and supplements existing rules on digital security. This article first provides an overview of the key legal sources related to networks and data, along with their shared conceptual foundation. It then explains fundamental terms and outlines the obligations for data processors based on the type of data processed and the processing circumstances. Additionally, it addresses the enforcement of these obligations. The article offers a systematic guide designed to facilitate the identification of relevant legal provisions and the obligations contained within them.