On 25 September 2017, the United States communicated its concerns with certain measures that China has adopted in relation to the PRC Cybersecurity Law and the relevant implementing measures that are under development (the “Law”).

The US’s main concern is the data localisation and cross-border transfer assessment requirements under the Law, as well as the requirement for obtaining data subjects’ consent in the context of cross-border transfer. The US claims that the Law would discourage cross-border data transfers and would promote domestic processing and storage. The impact would disproportionately affect foreign service suppliers operating in China, as pursuant to the Law, these suppliers must routinely transfer data back to headquarters and other affiliates. The US requests that China refrain from issuing or implementing final measures until such concerns are addressed.

Please click here to read the full text of the US’s communication.