Skip to content
DCC · DATA COMPLIANCE CHINA China data law, for overseas counsel.
§ DOMAINS

By subject.

15 domains link laws and briefs across topic boundaries.

  • Cross-Border Data

    数据跨境

    Rules governing the transfer of personal information and important data outside mainland China — including the security assessment, standard contract, and certification pathways.

    22 laws 13 briefs
  • Personal Information

    个人信息保护

    Core personal-information protection regime under PIPL — consent, lawful bases, sensitive personal information, and the rights of individuals.

    72 laws 43 briefs
  • Data Security

    数据安全

    Data classification and grading, important data, core data, and the broader data security regime under DSL.

    58 laws 34 briefs
  • AI Governance

    人工智能治理

    Rules and standards for generative AI services, deep synthesis, content labeling, and AI ethics in China.

    12 laws 18 briefs
  • Algorithmic Recommendation

    算法推荐

    Regulation of recommendation algorithms, user profiling, and the filing regime for algorithmic services.

    4 laws 0 briefs
  • Cybersecurity Review

    网络安全审查

    The cybersecurity review regime for critical information infrastructure operators and large data processors — including overseas listings.

    6 laws 3 briefs
  • Critical Information Infrastructure

    关键信息基础设施

    Identification and protection obligations for CII operators (CIIO) under CSL and the CII Protection Regulations.

    7 laws 3 briefs
  • App Compliance

    App 合规

    Mobile app personal-information collection rules, the necessary-information catalogue, SDK compliance, and app store removal.

    9 laws 8 briefs
  • Health & Medical Data

    医疗健康数据

    China's health- and medical-sector data regime — the sector-specific overlay on PIPL, the Data Security Law, and the Network Data Security Regulation governing how healthcare institutions, life-sciences companies, and digital-health providers handle patient and population data.

    26 laws 1 brief
  • Enforcement

    执法与处罚

    Public enforcement actions by Chinese data regulators — MIIT's batched APP / SDK public-naming bulletins, CAC administrative penalties, MPS criminal-tier enforcement, regulatory interviews (约谈), app-store removals, and other published actions. DCC tracks these as the operational edge of the regime: they show what the regulator actually polices, in what cadence, against what targets, citing which legal bases.

    11 laws 22 briefs
  • Minors Protection

    未成年人保护

    Personal information of children and minors, gaming time limits, age-verification requirements, and the Minors Online Protection Regulations.

    7 laws 4 briefs
  • Data Economy

    数据要素与数据产权

    China's emerging regulatory framework for treating data as an economic factor of production — public-data resources, data-property rights, data-asset registration, and the rules governing how data can be authorized for operation, traded, and circulated. Distinct from data security and personal-information protection, this domain tracks the rules that turn data into a tradeable asset.

    13 laws 41 briefs
  • Industrial Internet & IoV

    工业互联网与车联网

    The sector-specific data regime for industry and connected vehicles — MIIT's industrial-data classification, risk-assessment, and incident-response rules, the automotive data-security and data-export regime, internet data centers, and live-streaming commerce — layered on top of the Data Security Law and PIPL.

    8 laws 0 briefs
  • Financial Data

    金融数据

    The financial-sector data regime — the People's Bank of China's data-security measures for the banking and payments system, and the National Financial Regulatory Administration's data-security rules for banking and insurance institutions — stacked on top of the Data Security Law and PIPL.

    6 laws 1 brief
  • Energy, Aviation & Resources

    能源·航空·自然资源

    The sector-specific data regimes for energy, civil aviation, and natural resources — the National Energy Administration's energy-industry data-security measures, the Ministry of Natural Resources' data-security measures, and the CAAC's civil-aviation data-security monitoring requirements — built on the Data Security Law.

    4 laws 0 briefs
§ SUBSCRIBE

The Monday brief.

One short email every Monday. New briefs on Chinese data-compliance rules from the previous week, with the source law cited.

Opt-in only. Unsubscribe anytime by replying "unsubscribe" to any issue.

SUPPORT DCC

Keep the publication free to read. Suggested support is $19.99, or choose your own amount.

Support →