Overview & Analysis
The Regulation on Network Data Security Management is China's unified implementing regulation for network data processing activities, operationalizing the Cybersecurity Law, Data Security Law, and Personal Information Protection Law into a single, detailed governance framework. It covers all network data processors — individuals and organizations that independently determine the purpose and method of data processing — and imposes a layered set of obligations structured around three data tiers: core data, important data, and ordinary personal information. Key requirements include multi-level technical protection, incident response and 24-hour reporting for national security incidents, risk assessment before sharing important data, annual risk assessment reports from important-data processors, mandatory important-data security officer appointments, security background checks for key personnel, data portability rights for individuals, and an annual social responsibility report on personal information protection from large-scale platforms. The Regulation introduces a significant threshold rule: processors of more than 10 million individuals' personal information are treated as important-data processors and must comply with the full set of important-data obligations.
This Regulation is particularly significant for AI because AI projects are inherently data-intensive. AI projects typically rely on large datasets for model training and inference, especially in cross-border scenarios, where the protection of personal and sensitive data is critical. For multinational companies, the Regulation provides a comprehensive compliance framework covering training data security (Article 19 expressly addresses generative AI service providers), cross-border transfer rules incorporating all three transfer pathways from prior instruments, platform obligations for algorithmic recommendation opt-out, and automated decision-making transparency. Because it consolidates previously scattered rules into a single State Council regulation, legal commentary has consistently treated it as an authoritative reference point for data governance across all AI scenarios in China.
Core Data
Highest protection level. Governed by separate national provisions. Specific rules outside the scope of this Regulation (Article 63).
Important Data
Data in specific fields, concerning specific groups, or specific regions, where leakage/tampering could directly endanger national security, economic operation, social stability, or public health. Designated by catalog; triggers full operator obligations (Chapter IV).
Personal Information & Ordinary Data
Covered by Chapter III (personal information) and Chapter II (general rules). Processors of ≥10M individuals' PI also subject to important-data obligations (Article 28).
| Article | Violation Type | Base Penalty | Serious Cases |
|---|---|---|---|
| Art. 55 | General non-compliance (data sharing, GenAI training, platform rules, etc.) | Warning + confiscation; order to correct | Up to RMB 1M entity; RMB 10K–100K responsible person; possible business suspension/licence revocation |
| Art. 56 | Failure to conduct national security review (Art. 13) | Warning + RMB 100K–1M; RMB 10K–100K person | RMB 1M–10M entity; RMB 100K–1M person; possible suspension/revocation |
| Art. 57 | Important-data violations (catalog, security body, risk assessment, corporate changes) | Warning + RMB 50K–500K; RMB 10K–100K person | Up to RMB 2M entity (large-scale leakage); RMB 50K–200K person; possible suspension/revocation |
In the AI context, this Regulation applies in all scenarios involving large-scale data processing, cross-border data flows, training data management, generative AI, platform-level automated decisions, and important-data handling. Article 19 expressly targets generative AI service providers.
1. Training AI Models Using Personal Information or Sensitive Data
AI projects, especially facial recognition, natural language processing, and behavioral analytics, typically require personal or sensitive data. Article 19 expressly requires generative AI service providers to strengthen the security management of training data and training data processing activities, and to adopt effective measures to prevent and handle network data security risks. Beyond generative AI, all processors must implement encryption, backup, access control, and security authentication, and conduct risk assessments before sharing data with other processors.
2. Cross-Border Data Transfers for Global AI Operations
Chapter V of this Regulation consolidates the cross-border data transfer pathways — security assessment, certification, standard contract, and exemptions — into a single State Council regulation, referencing the three pathway instruments. This makes this Regulation the authoritative legal basis for cross-border data transfer compliance in AI projects. All outbound transfers of personal information must satisfy one of the eight conditions in Article 35, and outbound important data requires security assessment (Article 37).
3. AI Projects Processing Important Data in Regulated Sectors
If an AI project involves data classified as important data under sector-specific catalogs — particularly in finance, healthcare, transport, industrial operations, or public services — the full Chapter IV obligations apply: designated data security officer, dedicated management body, security background checks for key personnel, risk assessment before sharing, annual risk assessment reports, and enhanced requirements on corporate change events. Processors of 10 million or more individuals' PI must also comply with these obligations under Article 28.
4. AI-Driven Personalization, Recommendation Algorithms & Automated Decisions
Article 42 requires network platform service providers using automated decision-making to provide easily accessible options to turn off personalized recommendations, and to allow users to refuse information push and delete user tags. This is directly relevant to AI-powered recommendation engines, content personalization, targeted advertising, and behavioral profiling. Application distribution platforms must also verify data security compliance of apps before listing (Article 41).
5. Providing AI Services to Government, CII Operators, or Public Infrastructure
Article 16 imposes strict obligations on processors providing services to state organs, CII operators, or public infrastructure projects: security and data protection obligations must be fulfilled per law, regulation, and contract; without consent, processors may not access, retain, use, disclose, or provide data to others, and may not conduct correlation analysis. This is directly applicable to government AI projects, smart city platforms, AI-enabled public services, and AI solutions deployed by or in critical infrastructure environments.
This Regulation provides a comprehensive compliance framework for all network data processing activities. By introducing data security compliance requirements early in AI project design, ensuring cross-border data compliance, strengthening data protection and emergency response, maintaining transparency in personal information processing, and auditing partners, multinational companies can meet China's legal requirements while enabling AI technology to develop healthily.
Introduce Data Security Compliance at Project Intake — Not Pre-Launch
At the early stages of AI projects, require teams to classify all data involved: ordinary personal information, sensitive PI, important data, or core data. Determine whether the project involves processing 10M+ individuals' PI (triggering important-data obligations) or serving a large-scale platform. This classification should be completed before architecture design, vendor selection, or training data assembly — because the obligations, processes, and technical controls differ significantly depending on the tier.
Apply Article 19's GenAI Training Data Rules to All AI Training, Not Just Generative AI
Article 19 expressly applies to generative AI service providers, but the broader training data security obligations in Chapter II apply to all processors. Require AI teams to document training data sources, lawful basis, privacy consent, bias controls, and data quality governance at the outset of every training project. For sensitive or important data used in training, pre-training risk assessment under Article 31 is also required before the data is shared with any training pipeline, model vendor, or cloud environment.
Implement 24-Hour Reporting Readiness for National Security Incidents
Article 10 requires reporting to relevant competent authorities within 24 hours where product or service defects or incidents endanger national security or public interest. AI teams must have pre-defined escalation paths that can activate a 24-hour reporting window immediately. This applies not only to data breaches — it applies to any discovered security defect or vulnerability in a network product or service that has national security or public interest implications. Build this into launch checklists and product security processes.
Design for Data Portability and Individual Rights from Day One
Articles 23–25 require processors to provide accessible methods for individuals to access, copy, correct, supplement, delete, restrict processing, cancel accounts, withdraw consent, and transfer their personal information to another designated processor where technically feasible. For AI platforms, this means user data architecture must support export, deletion, and portability functions — not just as compliance features added post-launch but as first-class product requirements built into the data model and user interface from the start.
Build Annual Assessment, Reporting, and Audit Cycles into AI Operations
Important-data processors must conduct annual risk assessments and submit reports to provincial-level or above competent authorities (Article 33). All processors must conduct periodic compliance audits of personal information processing (Article 27). Large-scale platform providers must publish annual social responsibility reports on PI protection (Article 44). Build these into the annual compliance calendar — not as ad hoc requests when regulators ask, but as standing operational requirements with defined owners, templates, and review cycles.
By establishing strict data compliance mechanisms aligned with this Regulation — covering data classification, training data governance, individual rights, important-data obligations, cross-border compliance, incident response, and platform transparency — multinational companies can ensure the successful implementation of AI projects in China while fully meeting the country's legal requirements. This Regulation, issued three years after the CII Regulation and six months before taking effect, signals a maturing and increasingly codified data governance environment that AI projects must be designed around from the outset.
Complete Regulatory Text
Table of Contents
- Chapter I — General Provisions (Articles 1–7)
- Chapter II — General Rules (Articles 8–20)
- Chapter III — Protection of Personal Information (Articles 21–28)
- Chapter IV — Security of Important Data (Articles 29–33)
- Chapter V — Cross-Border Security Administration (Articles 34–39)
- Chapter VI — Obligations of Network Platform Service Providers (Articles 40–46)
- Chapter VII — Supervision and Administration (Articles 47–54)
- Chapter VIII — Legal Liability (Articles 55–61)
- Chapter IX — Supplementary Provisions (Articles 62–64)
Activities conducted outside the territory of the PRC that process the personal information of natural persons within the territory, where they fall under Article 3(2) of the PIPL, shall also be subject to this Regulation.
Where network data processing activities conducted outside the PRC harm the national security, public interest, or the lawful rights and interests of citizens or organizations of the PRC, legal liability shall be pursued.
No individual or organization may provide programs or tools specifically used to carry out such illegal activities; where a person knows that another is engaging in such activities, they may not provide technical support or assistance.
Where an incident causes harm to individuals or organizations, the processor shall promptly notify affected parties by telephone, text message, instant messaging, email, or public announcement — setting out the incident and risk circumstances, harmful consequences, and remedial measures taken. Where clues of suspected illegal or criminal activity are discovered, the processor shall report to the public security or state security organ and cooperate with investigations.
The recipient shall perform obligations for network data security protection and process data in accordance with the agreed purpose, method, and scope.
Where two or more processors jointly determine the purpose and method of processing, they shall agree on their respective rights and obligations.
Without the consent of the entrusting party, the processor may not access, obtain, retain, use, disclose, or provide network data to others, and may not conduct correlation analysis of network data.
For minors under fourteen, a special processing rule shall also be formulated.
(1) Collection must be necessary for products or services; personal information may not be collected beyond necessary scope;
(2) Processing sensitive personal information (biometrics, religious beliefs, specific identity, medical health, financial accounts, whereabouts) requires separate consent;
(3) Processing minors under fourteen requires consent of parents or guardians;
(4) Processing may not exceed the consented purpose, method, category, or retention period;
(5) After an individual explicitly refuses consent, consent may not be solicited frequently;
(6) Changes to purpose, method, or category require re-obtaining consent.
Network data processors shall identify and declare important data in accordance with relevant State provisions. Where data is confirmed as important data, the relevant regions and departments shall promptly notify the processors or publicly release such information.
(Note: consistent with the cross-border data provisions, data not notified or publicly designated as important data does not need to be declared as such for outbound security assessment.)
The person in charge shall possess professional knowledge and relevant management experience, be a member of the processor's management, and have the authority to directly report data security matters to relevant competent authorities.
For processors with important data of specific types or scales as prescribed by relevant authorities, security background checks shall be conducted on the person in charge and key-position personnel.
Reports shall include: processor basic information, security management body info, and security officer contact; purpose, category, quantity, method, scope, storage period, and location of important data processed; security management systems, technical measures, and their effectiveness; discovered risks and incidents; circumstances of sharing, entrusting, and jointly processing important data; circumstances of data leaving the country; and other report contents required by competent authorities.
Large-scale online platform providers handling important data shall also fully explain key businesses and supply chain network data security.
Where a processor's important data activities may endanger national security, competent authorities at or above the provincial level shall order rectification or cessation of important data processing.
(1) It has passed the data export security assessment organized by the national CAC;
(2) It has undergone personal information protection certification by a professional institution;
(3) It complies with the standard contract for the export of personal information;
(4) Where truly necessary for contract performance to which the individual is a party;
(5) Where truly necessary for cross-border HR management under lawfully formulated labor rules;
(6) Where truly necessary for the performance of statutory duties or obligations;
(7) Where, in emergency circumstances, truly necessary to protect the life, health, or property safety of natural persons;
(8) Other conditions prescribed by laws, administrative regulations, or the national CAC.
Where a processor has identified and declared important data per relevant State provisions but has not been notified or publicly informed that it is important data, it does not need to declare such data as important data for the purposes of a data export security assessment.
Producers of devices such as smart terminals with pre-installed applications shall be subject to the same requirements.
Where a third-party provider violates laws, platform rules, or contractual agreements and causes harm to users, the platform provider, third-party provider, and device producer shall bear corresponding liability in accordance with the law.
(1) Process user data through misleading, fraud, or coercion;
(2) Without justified reason, restrict users' access to or use of network data generated by them;
(3) Implement unreasonable differential treatment toward users and harm their lawful rights and interests;
(4) Engage in other activities prohibited by laws or administrative regulations.
"Network data processor": an individual or organization that independently determines the purpose and method of processing.
"Important data": data in specific fields, concerning specific groups, in specific regions, or reaching a certain precision and scale, which, once tampered with, destroyed, leaked, illegally obtained, or illegally used, may directly endanger national security, economic operation, social stability, public health, and public safety.
"Separate consent": specific and explicit consent separately given by an individual for specific processing of their personal information.
"Large-scale online platform": an online platform with more than 50 million registered users or more than 10 million monthly active users, with complex business types, and whose network data processing activities have an important impact on national security, economic operation, and the national economy and people's livelihood.
网络数据安全管理条例
(国务院令第790号,2024年9月24日公布,自2025年1月1日起施行)
来源:中国政府网
目 录
在中华人民共和国境外处理中华人民共和国境内自然人个人信息的活动,符合《中华人民共和国个人信息保护法》第三条第二款规定情形的,也适用本条例。
在中华人民共和国境外开展网络数据处理活动,损害中华人民共和国国家安全、公共利益或者公民、组织合法权益的,依法追究法律责任。
任何个人、组织不得提供专门用于从事前款非法活动的程序、工具;明知他人从事前款非法活动的,不得为其提供互联网接入、服务器托管、网络存储、通讯传输等技术支持,或者提供广告推广、支付结算等帮助。
网络数据安全事件对个人、组织合法权益造成危害的,网络数据处理者应当及时将安全事件和风险情况、危害后果、已经采取的补救措施等,以电话、短信、即时通信工具、电子邮件或者公告等方式通知利害关系人。网络数据处理者在处置网络数据安全事件过程中发现涉嫌违法犯罪线索的,应当按照规定向公安机关、国家安全机关报案,并配合开展侦查、调查和处置工作。
网络数据接收方应当履行网络数据安全保护义务,并按照约定的目的、方式、范围等处理个人信息和重要数据。
两个以上的网络数据处理者共同决定个人信息和重要数据的处理目的和处理方式的,应当约定各自的权利和义务。
前款规定的网络数据处理者未经委托方同意,不得访问、获取、留存、使用、泄露或者向他人提供网络数据,不得对网络数据进行关联分析。
网络数据处理者处理不满十四周岁未成年人个人信息的,还应当制定专门的个人信息处理规则。
(一)收集个人信息为提供产品或者服务所必需,不得超范围收集个人信息,不得通过误导、欺诈、胁迫等方式取得个人同意;
(二)处理生物识别、宗教信仰、特定身份、医疗健康、金融账户、行踪轨迹等敏感个人信息的,应当取得个人的单独同意;
(三)处理不满十四周岁未成年人个人信息的,应当取得未成年人的父母或者其他监护人的同意;
(四)不得超出个人同意的个人信息处理目的、方式、种类、保存期限处理个人信息;
(五)不得在个人明确表示不同意处理其个人信息后,频繁征求同意;
(六)个人信息的处理目的、方式、种类发生变更的,应当重新取得个人同意。
网络数据处理者应当按照国家有关规定识别、申报重要数据。对确认为重要数据的,相关地区、部门应当及时向网络数据处理者告知或者公开发布。网络数据处理者应当履行网络数据安全保护责任。
网络数据安全负责人应当具备网络数据安全专业知识和相关管理工作经历,由网络数据处理者管理层成员担任,有权直接向有关主管部门报告网络数据安全情况。
掌握有关主管部门规定的特定种类、规模的重要数据的网络数据处理者,应当对网络数据安全负责人和关键岗位的人员进行安全背景审查,加强相关人员培训。
风险评估应当重点评估:目的、方式、范围的合法性、正当性、必要性;遭到篡改、破坏、泄露等风险以及对国家安全、公共利益等的风险;接收方的诚信、守法情况;合同中的安全要求能否有效约束接收方;技术和管理措施能否有效防范风险;有关主管部门规定的其他评估内容。
重要数据的处理者应当每年度开展风险评估,并向省级以上有关主管部门报送风险评估报告(第三十三条)。报告应当包括:处理者基本信息和管理机构、安全负责人信息;处理重要数据的目的、种类、数量、方式、范围、存储期限和地点;安全管理制度及实施情况、技术措施及有效性;发现的风险和发生的事件;提供、委托处理、共同处理重要数据的风险评估情况;网络数据出境情况;其他内容。处理重要数据的大型网络平台服务提供者还应充分说明关键业务和供应链网络数据安全等情况。
网络数据处理者向境外提供个人信息,须符合以下条件之一:通过安全评估;通过认证;符合标准合同规定;订立履行合同所必需;跨境人力资源管理所必需;履行法定职责或义务所必需;紧急情况下保护人身安全所必需;法律法规规定的其他条件(第三十五条)。
境内运营中收集和产生的重要数据确需向境外提供的,应通过数据出境安全评估(第三十七条)。通过评估后,不得超出评估时明确的目的、方式、范围和种类、规模(第三十八条)。
核心数据处理按国家有关规定执行。自然人个人或家庭事务不适用本条例。涉及国家秘密的适用保密法(第六十三条)。本条例自2025年1月1日起施行(第六十四条)。
