China
Beijing introduces Negative List to streamline Data Export in Free Trade Zone
Beijing has released a data negative list for its Free Trade Zone to facilitate cross-border data transfer for companies operating in the area. The list outlines types of data and personal information needing compliance procedures for export, aiming to ease administrative burdens and improve the business environment.
Beijing is the latest free trade zone to publish a data negative list to facilitate the export of important industry data and personal information out of the country. The data negative list outlines types of data and personal information across five industries which require certain additional compliance procedures in order to be exported. Data not included in the list can be freely exported by companies based in the free trade zone, thus facilitating cross-border data transfer. We explain how the data negative list works and discuss the potential impact on companies operating in the zone.
Beijing has released its first data negative list for implementation in the Beijing Free Trade Zone (FTZ) in an effort to ease cross-border data transfer (CBDT) for companies operating in the area. The negative list was released along with a set of trial implementation measures — the Measures for the Management of Negative List for Cross-Border Data Transfer in the China (Beijing) Pilot Free Trade Zone (for Trial Implementation). These measures outline the rules for companies located in the Beijing FTZ to export “important data” and certain volumes and types of personal information out of the country.
The 2024 data negative list — the Management List (Negative List) for Cross-border Data Transfer in the China (Beijing) Pilot Free Trade Zone (2024 Edition) — catalogs specific types and volumes of data in five different industries that require certain compliance procedures to be exported. Data not included in the data negative list can be freely exported by companies located in the Beijing FTZ.
Under China’s Personal Information Protection Law (PIPL) and related regulations, companies that wish to export certain volumes or types of data outside of China are required to undergo certain compliance procedures. This adds a significant administrative burden on companies, particularly those handling large volumes of data or those with overseas operations, such as foreign companies.
There are currently three different compliance procedures for CBDT:
The first of the three compliance procedures is the most stringent and applies to critical information infrastructure operators (CIIOs) and companies that export important data overseas. The latter two require a lower compliance burden and apply to companies that provide a certain volume of personal information or “sensitive personal information” overseas.
In an effort to improve the business environment and ease restrictions on CBDT, in March 2024 the CAC released a set of regulations to facilitate data export, which, among other measures, allowed China’s FTZs to implement their own data governance rules. This includes formulating data negative lists to manage data export from the zones.
This article is republished from China Briefing. Read the rest of the original article.
China Briefing is written and produced by Dezan Shira & Associates. The practice assists foreign investors into China and has done since 1992 through offices in Beijing, Tianjin, Dalian, Qingdao, Shanghai, Hangzhou, Ningbo, Suzhou, Guangzhou, Dongguan, Zhongshan, Shenzhen, and Hong Kong. Please contact the firm for assistance in China at china@dezshira.com.



