China's Data Security Law (English Translation)

[Press "Enter" to skip to content](https://www.chinalawtranslate.com/en/datasecuritylaw/#main)

![](<Base64-Image-Removed>)

# Data Security Law of the PRC

By China Law Translate on 2021/06/10

**Data Security Law of the PRC**

**（2021** **年6** **月10** **日第十三届全国人民代表大会常务委员会第二十九次会议通过）**

**Contents**

**Chapter I: General Provisions**

**Chapter II: Data Security and Development**

**Chapter III: Data Security Systems**

**Chapter IV: Obligations of Data Security Protection**

**Chapter V: Security and Openness in Government Affairs Data**

**Chapter VI: Legal Liability**

**Chapter VII: Supplementary Provisions**

**Chapter I: General Provisions**

**Article 1:** This Law is formulated so as to regulate the handling of data, ensure data security, promote the development and exploitation of data, protect citizens' and organizations' lawful rights and interests, and preserve state sovereignty, security, and development interests.

**Article 2:** This law applies to data handling activities and security regulation carried out within the \[mainland\] territory of the People’s Republic of China.

Data handling activities carried out outside the \[mainland\] territory of the P.R.C. that harm the national security of the P.R.C., the public interest, or the lawful rights and interests of citizens and organizations, are to be pursued for legal responsibility in accordance with law.

**Article 3:**"Data" as used in this Law, refers to any record of information in electronic or other forms.

Data handling includes the collection, storage, use, processing, transmission, provision, disclosure, etc., of data.

Data security refers to employing necessary measures to ensure that data is effectively protected and legally used, as well as possessing the capacity to ensure a sustained state of security.

**Article 4:** The preservation of data security shall adhere to the overall national security perspective, establish and complete data security governance systems, and increase capacity to ensure data security.

**Article 5:** The Central Leading Institution on National Security is responsible for major decision-making, deliberating and coordinating the nation's data security work; researching, drafting, and guiding the implementation of the national data security strategy and related major policy directives; planning and coordinating major matters and efforts in national data security, and establishing a coordination mechanism for national data security work.

**Article 6:** Each region and department is responsible for the data collected and produced by that region or department's work and for data security.

Regulatory departments such as for industry, telecommunications, transportation, finance, natural resources, health, education, science and technology are to undertake data security regulatory duties in the corresponding sector.

Public security organs, state security organs, and so forth are to undertake data security regulation duties within the scope of 

... (truncated, 40 KB total)