Filed under negative-list
Every brief tagged "negative-list".
- § 01 · CROSS-BORDER
The Negative-List Map, Region by Region: Ten Zones, Two Models, and the Year Data Export Went Province-Wide
As of July 2026, ten Chinese regions — nine free-trade zones plus the Hainan Free Trade Port — have published data-export negative lists under Article 6 of the 2024 Cross-border Data Flows Provisions, and this year Beijing and Shanghai took the mechanism province- and city-wide, off the FTZ footprint entirely. DCC's roundup maps the full set: which sectors each zone lists (from Tianjin's 13 commodity categories to Guangdong's smart-manufacturing and personal-credit fields, Chongqing's intelligent-connected-vehicle chain, and Jiangsu's biopharma-only list), the two management models that have crystallized — pre-export filing versus Shanghai and Guangdong's 'transfer-first, report-after' — and how an overseas team should read the map. Compiled from the CAC's national negative-list index and each region's official notice, and paired with DCC's new downloadable negative-list registry.
- § 02 · CROSS-BORDER
First Filing Under Shanghai's Citywide Data-Export Negative List: Inditex's China Arm Drops from Security Assessment to Standard-Contract Filing
On June 26, 2026, ITX Asia Pacific Enterprise Management Co., Ltd. (爱特思亚太企业管理有限公司) — the Inditex group entity behind ZARA and Pull&Bear in China — received Shanghai's first data-export negative-list filing result notice (数据出境负面清单备案结果通知书) issued under the Shanghai Data-Export Negative List Administrative Measures, cleared jointly by the Shanghai CAC and the Shanghai Data Bureau after same-day district-level initial review at the Jing'an District Cross-Border Data Service Center. The practical effect: member-information exports that previously sat in Data Export Security Assessment territory now clear on a Personal Information Standard Contract filing. DCC reads the case as the first operational proof of Shanghai's two policy moves — negative-list eligibility extended citywide beyond Pudong-registered enterprises, and volume thresholds inside listed scenarios (retail member management) raised so that non-sensitive member data between 1 and 10 million individuals falls to the standard-contract/certification tier. For overseas retail groups running membership programs out of China, this is the template case.