Data Security Law of the People's Republic of China
09/08/2022, 06:44
and safeguarding the sovereignty, security, and development interests of the
state.
Article 2 This Law shall apply to data processing activities and security
supervision and regulation of such activities within the territory of the People’s
Republic of China.
Where data processing outside the territory of People’s Republic of China
harms the national security, public interests, or the lawful rights and interests of
individuals or organizations of the People’s Republic of China, legal liability
shall be investigated in accordance with the law.
Article 3 For the purpose of this Law, the term “data” refers to any record
of information in electronic or any other form.
“Data processing” includes the collection, storage, use, processing,
transmission, provision, and disclosure of data, among others.
“Data security” refers to ensuring that data is effectively protected and
lawfully used through adopting necessary measures, and to possessing the
capacity to guarantee the continuous security of data.
Article 4 In preserving data security, the holistic approach to national
security shall be adopted, sound data security governance systems shall be
established, and data security and protection capabilities shall be improved.
Article 5 The central leading authority for national security shall be
responsible for the decision-making, deliberation and coordination of the
national data security work; researching, formulating, and guiding the
implementation of the national data security strategy and related major
guidelines and policies; coordinating major matters and important work in
respect of national data security; and establishing a coordination mechanism for
national data security.
Article 6 All localities and departments shall bear responsibility for the
management of the data collected or generated in their work as well as for the
data security thereof.
The competent departments of industry, telecommunications, transport,
finance, natural resources, health, education, technology and other relevant
competent departments shall assume the responsibilities of supervising and
regulating data security in their respective trades and sectors.
Public security organs and national security organs, etc. shall assume the
responsibilities of supervising and regulating data security within the scopes of
http://www.npc.gov.cn/englishnpc/c23934/202112/1abd8829788946ecab270e469b13c39c.shtml
Page 2 of 13