On February 24, 2023, the Cyberspace Administration of China (“CAC”) released the final version of the Measures on the Standard Contract for the Cross-border Transfer of Personal Information (“Measures”) (only available in Chinese here), including a template contract (“Standard Contract”) accompanying the Measures. The Measures will take effect on June 1, 2023, but are subject to a 6-month grace period to allow companies time to bring their activities into compliance.
The finalization of the Measures marks another important step forward in the establishment of China’s cross-border data transfer framework. With implementing rules for all three lawful transfer mechanisms now in place, China appears to be entering into a new phase where cross-border transfer activities will be more closely regulated and enforcement actions are more likely to arise for non-compliance.