Site Search Site Search

Loading Results

Chinese standard contractual clauses for cross-border personal information transfer – an update

February 2023

According to the China Personal Information Protection Law (‘PIPL’) and related regulations, standard contractual clauses (‘Chinese SCCs’) prescribed by the Chinese government can be used as a mechanism for cross-border data transfers from China if Chinese government approval (called ‘security assessment’) is not required. On 22 February 2023, the Chinese cybersecurity regulator Cyberspace Administration of China (‘CAC’) issued the Chinese SCCs. The Chinese SCCs are effective 1 June 2023, but companies have a six-month grace period (to 1 December 2023) to comply.

The Chinese SCCs are provisions to be entered into by the companies (data controllers) and the overseas recipients, governing the rights and liabilities of the companies, the overseas recipients and the individuals when the companies transfer personal data of the individuals to the overseas recipients. Contracts between the companies and the overseas recipients concerning the cross-border transfer of personal information may not conflict with the Chinese SCCs.

This article discusses the key aspects of final SCCs and highlights some of the key implications for businesses.

Contact us

nicholas cook

Chiang Ling Li
Partner
Tel: +[852] 2833 4938
Email

Our services
Banking and finance Capital markets (equity and debt) Competition law Corporate Compliance and regulatory Data privacy and cybersecurity Digital and technology
Employment Funds Intellectual property International business reorganisations Public and private M&A Tax Other legal services
Our people
Contact us
About us
News and publications

© 2017 - 2025 PwC. Tiang & Partners.
This site is provided by Tiang & Partners, whose principal place of business is Room 2010, 20/F Edinburgh Tower, The Landmark, 15 Queen’s Road Central, Hong Kong. Telephone: +852 2833 4900.