Skip to content

Looking Back in 2023 :China’s Data and Artificial Intelligence Legislations

Cross-border Data Transfer
On February 22, 2023, the Cyberspace Administration of China released the “Standard Contract Measures for the Transfer of Personal Information Abroad” and the template “Standard Contract for the Transfer of Personal Information Abroad”. The standard contract for the transfer of personal information abroad has since been refined.

On May 30, in order to facilitate and guide the filing of standard contracts for the data transfer, the Cyberspace Administration of China compiled the “Guidelines for the Filing of Standard Contracts for the Transfer of Personal Information Abroad (First Edition)”. , filing procedures, filing materials and other specific requirements are explained.

On March 16, the “Information Security Technology – Authentication Requirements for Cross-border Transfer of Personal Information” draft was released for comments. In the draft, there is no threshold requirement for cross-border certification, and companies can choose whether to conduct cross-border certification.

On September 28, the Cyberspace Administration of China released the “Regulations on Regulating and Promoting Cross border Data Flows (Draft for Comment)”. The draft for comments was issued to solve the challenges that many companies have encountered in the practice of data export due to complex procedures or high compliance costs. On the other hand, it also reflects that the country has combined the latest domestic and foreign situations to adapt to the current situation. The system framework for the cross-border flow of data in China has been adjusted accordingly, eliminating high-cost “barriers” that may hinder economic circulation, fully opening up the development pattern of digital trade, and improving the level of openness to the outside world .

On December 10, the Cyberspace Administration of China and the Hong Kong Innovation, Technology and Industry Bureau organized and implemented the cross-border standard contract for personal information in the Guangdong-Hong Kong-Macao Greater Bay Area in order to implement the Memorandum of Cooperation on Promoting the Cross-border Data Flow in the Guangdong-Hong Kong-Macao Greater Bay Area. requirements, jointly formulated the “Implementation Guidelines for the Standard Contract for Cross-border Flow of Personal Information in the Guangdong-Hong Kong-Macao Greater Bay Area (Mainland, Hong Kong)” and provided the “Standard Contract for Cross-border Flow of Personal Information” and the “Letter of Commitment (Template) ” in the form of attachments for the use of relevant entities.

Cyber Security
On December 8, the “Measures for the Management of Cyber Security Incident Reporting (Draft for Comment)” was released, aiming to make clear and specific provisions on the reporting procedures for cyber security incidents from an overall standard level. The regulatory content mainly involves reporting entities, regulatory authorities, Trigger mechanism, reporting time limit, report content, legal liability and due diligence exemption , etc.

Artificial Intelligence
On July 13, the “Interim Measures for the Management of Generative Artificial Intelligence Services” was announced. The regulatory approach to the management of generative artificial intelligence has shifted from strong supervision to promotion of development, clarifying that the country adheres to the principle of attaching equal importance to development and safety, and combines the promotion of innovation with legal governance. , take effective measures to encourage the innovative development of generative artificial intelligence, implement inclusive, prudent, classified and hierarchical supervision of generative artificial intelligence services, and clarify the overall requirements for the provision and use of generative artificial intelligence services.

On October 11 , the “Basic Security Requirements for Generative Artificial Intelligence Services (Draft for Comments)” was released, detailing the basic security requirements for generative artificial intelligence services, including corpus security, model security, security measures, security assessment, etc.

Data Market
Link to the guideline
On August 18, the “Interim Provisions on Accounting Treatment Related to Enterprise Data Resources” was released, providing detailed guidance for enterprises to implement accounting standards from a practical perspective. The practical path of entering data resources into the table has since been traced. From data resources to data assets, the value attributes of data are affirmed and directly linked to economic interests to promote the explicitness of data value.

On October 25, the National Data Administration was officially established. It is mainly responsible for coordinating and promoting the construction of data infrastructure systems, coordinating the integration, sharing and development and utilization of data resources, effectively implementing and coordinating the promotion of the construction of Digital China, coordinating the development of the digital economy, and promoting the development of data elements. Market-oriented and value-oriented responsibilities.

On December 15, the National Data Administration announced the “Data Elements x” Three-Year Action Plan (2024-2026)”. Requirements are made in five aspects, including support and organization and implementation, and 12 “data element ×” tasks are clarified in key actions, aiming to give full play to the amplification, superposition, and multiplication of data elements and build a digital economy with data as the key element