Mapping the Red Lines: Compliance Assessment for Surveying and Geographic-Information Data Products on a Chinese Data Exchange

Editor’s Note — DCC.

This brief summarises 《DEXC+专栏｜测绘地理信息数据产品上市交易合规评估要点及经验总结》, published on the Shenzhen Data Exchange’s DEXC+ column. The authors are Wu Jinxi (吴锦熤), a certified DEXCO (data-exchange compliance officer, 数据交易合规师) and partner at Sichuan Rui Li Heng Law Firm (四川瑞利恒律师事务所), and Chen Qiulian (陈秋连), a legal assistant at the same firm. The piece arises from a live mandate: the firm acted for Yi Li Shu Ke (易利数科), a subsidiary of Sichuan Province state-owned tourism-and-data enterprise Lv Tou Shu Chan (旅投数产), in listing what became the first surveying and geographic-information (测绘地理信息) data product ever listed on the Shenzhen Data Exchange (深数所). The authors describe their compliance-assessment methodology and the practical lessons they took from it. DCC is running this piece because it is a rare published account of how sector-specific data-trading compliance works at ground level — the kind of practitioner granularity that general data-law commentary rarely provides. The source is a DEXCA member-firm practitioner article, written as a reference guide for others assessing similar products; it reflects the authors’ professional judgement in one completed engagement, not an official DEXC+ or Shenzhen Data Exchange policy document.

What makes surveying and geographic-information data a special case

Surveying and geographic-information data (测绘地理信息数据) sits at the intersection of two regulatory regimes that do not normally overlap on a data-exchange listing form: the general data-trading compliance framework (applied by the exchange itself) and the surveying-and-mapping (测绘) sector regime, which has its own specialist statutes, its own regulator, and its own qualification and security architecture.

The sector is centred on what Chinese law calls surveying (测绘) — defined in the Surveying and Mapping Law (测绘法, Article 2) as the measurement, collection, description, and processing of information about natural geographic features or man-made surface facilities, including their shape, size, spatial position, and attributes. The resulting data products span a wide range: national geodetic survey data (国家大地测量成果数据), remote-sensing imagery (遥感影像数据), digital line graphs (矢量地图数据, DLG), digital elevation models (数字高程模型, DEM), digital raster graphics (数字珊格地图, DRG), and others. A given commercial product may draw on several of these types.

The sector regulator at national level is the Ministry of Natural Resources (自然资源部), which absorbed the former National Administration of Surveying, Mapping and Geoinformation in the 2018 institutional reform. At the local level, provincial and sub-provincial surveying-and-mapping bureaus or Natural Resources Ministry field offices exercise oversight. This regulatory architecture means that the compliance assessment for a surveying-data product must reach regulators that a generalist data-law team may not ordinarily engage with.

Building the knowledge base: industry-specific groundwork first

The authors’ first recommendation is methodological: before applying any compliance checklist, an assessor working on an unfamiliar industry sector should invest in understanding that sector’s regulatory landscape — its governing statutes, basic concepts, licensing requirements, and supervisory bodies. For surveying and geographic-information data, this means consulting the official websites of the Ministry of Natural Resources and the relevant local surveying-and-mapping bureaus (which publish industry circulars, regulatory updates, approval records, and enforcement notifications), as well as sector-specific industry reports, such as the Chinese Society of Surveying and Mapping’s annual report on innovation and industrial development.

The mapping exercise the authors performed for their Sichuan mandate covered both national-level rules and Sichuan Province local rules. The source article reproduces the resulting regulatory table. Notably, the authors also flag that some superseded instruments remain relevant as interpretive context — in particular, the transition from a regime permitting licensed use of foundational surveying results generally, to the current regime that restricts licensed use specifically to classified (涉密) foundational surveying results (涉密基础测绘成果). Understanding that policy trajectory helps assessors spot what the current rules are trying to prevent.

The seven-point assessment framework

The article sets out a seven-point framework specifically for surveying and geographic-information data products. These are additive to, not substitutes for, the Shenzhen Data Exchange’s own standard “3×4” compliance review (which covers subject-entity compliance, data-product compliance, and transaction-flow compliance across twelve sub-items).

1. Definitional characterisation. The first step is to confirm that the product actually qualifies as a surveying and geographic-information data product — because the specialist regulatory requirements only bite if it does. The test is conjunctive: the underlying data must constitute geographic-information data (地理信息数据, i.e., data about the nature, characteristics, and movement of geographic entities, covering their position, shape, size, and spatial relationships) and the process of obtaining that data must involve surveying as defined by the Surveying and Mapping Law. If a product uses geographically-referenced information but that information was not produced through surveying activities, the specialist overlay may not apply.

2. Surveying qualification (测绘资质) of the data subject. The Surveying and Mapping Law (Article 27, as cited in the source) provides that entities engaged in surveying activities are subject to a qualification management system: they must hold a surveying qualification certificate (测绘资质证书) of the appropriate grade before they can lawfully conduct surveying activities. The assessor must therefore verify that the data supplier holds the required qualification — and the inquiry does not stop there. The certificate has a five-year validity period; the assessor must check it is current. More importantly, the assessor must verify that the data in question was collected within the scope of the supplier’s qualification at the time of collection — not merely that the supplier now holds an appropriate certificate. If the supplier held only a Grade B certificate when the data was gathered but now holds Grade A, any data collected under the lower grade must be assessed against the Grade B scope. The authors also flag that the Surveying and Mapping Law separately requires individual surveying technicians to hold appropriate professional qualifications; this personnel-level check should be part of the review.

Practically, the authors note that the Ministry of Natural Resources has put a national surveying qualification management information system (全国测绘资质管理信息系统, currently in trial operation) online, allowing assessors to verify the authenticity, legality, and current validity of a presented certificate.

3. Classified surveying results (涉密测绘成果) screen. This is the highest-stakes element of the assessment. The Surveying Results Management Regulations (测绘成果管理条例, Articles 16–18, as cited in the source) require administrative approval from the relevant-level surveying authority before classified surveying results (涉密测绘成果) can be used to develop commercial products or provided to third parties. Classified surveying-and-mapping state secrets (according to the rules on non-classified surveying results cited by the authors) are divided into top-secret (绝密), confidential (机密), and secret (秘密) levels, each with different geographic scopes and access restrictions. Data products involving national security and interests at this level cannot be listed for trading without going through the required approval process.

The authors make an important practical point: the screen must be applied at three stages of the product’s lifecycle, not just to the final dataset. The assessor must check (a) whether the final data product contains classified surveying results; (b) whether the source or raw data used to generate the product contains classified surveying results; and (c) whether classified surveying results were used at any point in the processing chain, including as inputs to derivation, analysis, or data-fusion operations, even if the results themselves do not appear in the final product.

There is an additional dimension: who financed the underlying surveying activities. The Measures on Provision and Use of Classified Foundational Surveying Results (涉密基础测绘成果提供使用管理办法) and the Sichuan Province equivalent draw a distinction between national-level classified foundational surveying results (produced with central-government fiscal investment) and local-level equivalents (produced with local-government fiscal investment). Assessors therefore need to investigate whether fiscal investment — and from which level — was involved in producing the data.

4. Important geographic-information data (重要地理信息数据) check. The Surveying Results Management Regulations (Article 22, as cited) establish a unified review-and-publication regime for important geographic-information data (重要地理信息数据), under which such data may not be published — which the authors treat as including being listed for exchange trading — by the data holder unilaterally. The identification exercise must cover both national-level and local-level surveying-results management rules. The practical effect is that certain data, even if not classified, may be non-tradable because it falls within this category and has not been through the approval process.

5. Data-origin due diligence: self-collected, purchased, or project-derived. The compliance obligations differ materially depending on how the product data was obtained:

• Self-collected (自采): verify qualification, lawful processing, and the classified/important-data screens.
• Externally purchased or otherwise acquired (外购或其他途径): additionally verify that the data subject has obtained valid authorisation or licence from the original rights-holder to use the data for the purpose of developing and trading a data product.
• Project-derived (其他项目中产生): where the data arose in the course of a third-party project, the assessor must investigate whether the project involved third-party counterparties, whether the project agreement addressed ownership or use rights over the resulting data, whether the data subject has authority to process the data for product development, and whether it has the right to commercialise it.

The authors add a practical warning: cross-verify data origin through document review and on-site interviews to guard against “data misappropriation” (数据冒用) — the risk that a product is presented as self-collected when it is in fact licensed or third-party data, or that rights to commercialise it are overstated.

6. Foreign involvement and cross-border considerations. The Interim Measures for the Administration of Surveying Activities by Foreign Organisations or Individuals in China (外国的组织或者个人来华测绘管理暂行办法, as cited in the source) restrict foreign organisations and individuals from conducting surveying activities in Chinese territory to joint-venture or cooperative arrangements with Chinese counterparties, or activities for which separate approval has been obtained, and impose scope limitations on what surveying activities foreign parties may conduct. The assessor must therefore check whether the data subject’s surveying activities involved any foreign party. Separately, if a proposed transaction involves an overseas counterparty, or if the data itself is to be transmitted across the border, the cross-border data rules apply — and the data product may require approval before it can flow out of China. This connects directly to the cross-border transfer framework under the Network Data Security Management Regulations, which applies a tiered approval mechanism to outbound data transfers depending on data volume, data type, and whether important data is involved.

7. Exchange-specific and dual-jurisdiction compliance. Finally, listing on the Shenzhen Data Exchange requires compliance with the exchange’s own rules and the relevant Shenzhen municipal data-transaction regulations (the authors cite the Shenzhen Interim Measures on Data Transaction Administration, 深圳市数据交易管理暂行办法; the Shenzhen Data Exchange Trading Rules (Trial), 深圳数据交易所交易规则（试行）; and the Shenzhen Data Exchange Compliance Review Guidelines for Listed Transactions (Trial), 深圳数据交易所交易标的上市合规审核指引（试行）). Where the data product originates from another province — as in the Sichuan mandate — the assessor must simultaneously apply both the origin jurisdiction’s data rules and Shenzhen’s rules. In this case, the Sichuan Province Data Regulations (四川省数据条例) and the Shenzhen Special Economic Zone Data Regulations (深圳经济特区数据条例) both applied.

State-owned enterprise complications

The data supplier in this case was a subsidiary of a Sichuan provincial state-owned enterprise (国企). The authors note two additional compliance considerations that arise specifically in this context and are worth isolating as a separate item for any assessor working on similar deals.

First, the listing of a state-owned data product as a tradable asset is subject to state-asset management rules — both the general statutory framework and internal SOE governance documents. The assessor must verify that the listing is consistent with applicable state-asset management rules at both national and local level.

Second, the specific transaction may require internal and external approval procedures: internal board or management approvals under the SOE’s articles of association, and potentially external approvals from the relevant state-asset supervision authority. These procedural requirements are a compliance gate that exists entirely outside the data-law regime and can be overlooked by teams focused narrowly on data-specific rules.

The broader question of how a state-owned data product acquires tradable asset status connects to questions about data ownership, registration, and value recognition that are illustrated by the Datatang v. Yinmu data-IP registration case, which shows how courts and administrative bodies are working through the relationship between data rights, asset status, and commercialisation.

Practical verification methods

The authors add a set of field-level notes on how the above assessments are conducted in practice.

On qualification verification: the Ministry of Natural Resources has put a national surveying qualification management information system (全国测绘资质管理信息系统, currently in trial operation) online for certificate verification. Local bureau disclosure pages may also show the data subject’s approval history and any administrative-violation records — a useful cross-check on both qualification status and regulatory-compliance history.

On classified and important-data screening: keyword searches across the dataset are the baseline method. Where the dataset is large, sampling is acceptable but sampling methodology must be documented carefully — including selection rationale, proportion covered, and the inference being drawn. When classification judgements are genuinely difficult, the assessor can consult the local surveying authority directly — specifically the geographic-information management division (地理信息管理处, 地信处) or the industry management and legal-affairs division (行业管理处, 法规处). Informal regulator consultation on definitional questions is a recognised practice in this sector.

On data-security management: the review must go beyond confirming that policies exist. The assessor should verify that policies are comprehensive, address the specific data product, and are actually implemented. On-site inspection — including live demonstration by the data subject where necessary — is the recommended verification method.

Why overseas counsel should care

• Sector-specific overlays are not optional. For a surveying and geographic-information data product, general data-compliance due diligence is necessary but not sufficient. A surveying-qualification screen, a classified-data screen at all three processing stages, and an important-geographic-data check are required on top of the exchange’s standard “3×4” review — not instead of it.

• Data origin determines the rights question. The distinction between self-collected, purchased, and project-derived data materially changes the authorisation analysis and chain-of-title due diligence. This is acute for surveying data because the underlying collection requires a qualification the data holder may not have held at the time.

• Cross-border and foreign-involvement flags. Foreign involvement in the underlying surveying activities, or transactions routing data offshore, triggers the cross-border transfer regime — including the tiered approvals under the Network Data Security Management Regulations. Surveying data carries a higher-than-average risk of qualifying as important data (重要数据) given its national-security adjacency, making those controls especially relevant.

• SOE sellers add a procedural layer. A significant share of Chinese data products on exchanges will be offered by SOE subsidiaries. State-asset approval requirements for listing are a genuine transaction gate that sits entirely outside the data-law framework overseas counsel ordinarily applies.

DCC sources

• Original: 吴锦熤 (Wu Jinxi) and 陈秋连 (Chen Qiulian), 《DEXC+专栏｜ 测绘地理信息数据产品上市交易合规评估要点及经验总结》, 深圳数据交易所 DEXC+ 专栏 WeChat Official Account (source).
• Network Data Security Management Regulations (网络数据安全管理条例).
• Data Foundation System Opinions (数据基础制度意见, “Data Twenty”).

This is an editorial summary, not a translation of Wu Jinxi and Chen Qiulian’s piece. Quotations and statutory references are attributed to the source; any simplification, error of emphasis, or operational extrapolation is DCC’s. Not legal advice.