Sectoral/Regional Privacy Laws and Regulations
Implementing Regulations of Personal Information Protection Law, Cyber Security Law, and Data Security Law
Cybersecurity Review Measures
Regulations on the Security Protection of Critical Information Infrastructure
Regulations for the Online Protection of Children’s Personal Information
Regulations on the Protection of Minors Online
Provisions on Facilitating and Regulating Cross-Border Data Flows
Data Export Security Assessment Measures
Guide to Applications for Data Export Security Assessment (Second Edition)
Measures on the Standard Contract for the Export of Personal Information
Guide to Filing of the Standard Contract for the Export of Personal Information (Second Edition)
Implementing Rules for Personal Information Protection Certification
Implementation Guidelines on the Standard Contract for the Cross-boundary Flow of Personal Information within the Guangdong-Hong Kong-Macau Greater Bay Area (Mainland, Hong Kong)
Filing Guidelines on the Standard Contract for the Cross-boundary Flow of Personal Information within the Guangdong-Hong Kong-Macao Greater Bay Area (Mainland, Hong Kong) (Applicable to the Hong Kong Special Administrative Region)
Filing Guidelines on the Standard Contract for the Cross-boundary Flow of Personal Information within the Guangdong-Hong Kong-Macao Greater Bay Area (Mainland, Hong Kong) (Applicable to the nine cities in Guangdong Province)
Implementation Guidelines on the Standard Contract for the Cross-boundary Flow of Personal Information within the Guangdong-Hong Kong-Macau Greater Bay Area (Mainland, Macau)
Filing Guidelines on the Standard Contract for the Cross-boundary Flow of Personal Information within the Guangdong-Hong Kong-Macao Greater Bay Area (Mainland, Macau) (Applicable to the nine cities in Guangdong Province)
Interim Administrative Measures for Generative AI Services
Administrative Regulations on the Security of Network Data
Specifications for Security Certification of the Cross-Border Handling of Personal Information, Version 2.0 (recommended in effect)
GB/T 35273-2020 Information Security Technology – Personal Information Security Specification (recommended in effect)
GB/T 42574 Information Security Technology – Implementation Guidelines for Notices and Consent in Personal Information Processing (recommended in effect)
GB/T 43697-2024 Data Security Technology – Rules for Data Classification and Grading (recommended in effect)
TC260-PG-20244A Guidelines for Identification of Sensitive Personal Information (recommended in effect)
Mobile Applications
Methods for Identifying Unlawful Acts of Collection and Use of Personal Information via App
Rules on the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications
Administrative Provisions for Information Services of Mobile Internet Applications
Finance
PBOC Implementing Measures for Protecting Financial Consumers’ Rights and Interests
Administrative Measures for Protecting Consumers’ Rights and Interests by Banking and Insurance Institutions
PBOC Measures for the Administration of Online Payment Business of Non-Bank Payment Institutions
PBOC Notice to Enhance Protection Work of Personal Financial Information by Banking Financial Institutions
Healthcare
Administrative Measures on Standards, Security and Services for National Healthcare and Medical Big Data (Trial)
Administrative Measures on Management of Population Health Information (Trial)
Administrative Regulations for Medical Records by Medical Institutions
Administrative Regulations on Human Genetic Resources
Automobile
Several Provisions on Management of Automobile Data Security (for Trial Implementation)
Postal Service
Administrative Measures on Real Name Collection and Delivery of Postal and Courier Items