Blog / What is data localization in China?

What is data localization in China?

Disclaimer: This guide is intended for informational purposes only and does not constitute legal advice. Chinafy is not a legal or corporate advisory entity. Given that legal obligations vary by business type and context, we recommend consulting with qualified legal counsel for advice specific to your organization. If needed, Chinafy can connect you with one of our experienced legal partners.

What is data localization?

Data localization, or data residency, refers to the practice of storing data within a specific country or region. In China, this means certain data categories (e.g., personal data, financial data, health data) must be stored on servers physically located within the country's borders.

In practice, this means for businesses operating within mainland China, any data collected, processed, and stored must remain within China’s geographical boundaries before any transfer overseas.

Why is data localization necessary in China?

Some of the reasons data localization has been deemed necessary by the government in China include:

Protecting the data privacy of Chinese residents

National strategic objectives like long-term economic and technological development

Strengthening law enforcement capabilities within mainland China by ensuring data remains accessible to domestic authorities

In general, China uses data localization policies to secure national information and assert control over its digital domain.

Data localization laws in China

The primary legal framework driving data localization in China is made of three pillars:

The Cybersecurity Law (CSL) (2017) governs how businesses operate networks and manage data in China.

The Data Security Law (DSL) (2021) regulates how data is processed, classified, and protected within and outside China.

The Personal Information Protection Law (PIPL), (2021) is similar to the EU’s GDPR, laying out the rules for personal data processing and cross-border data transfers.

Who has to follow China’s data localization laws?

China’s data laws apply to any business that collects, stores, uses, sells, or shares personal data from individuals in mainland China, regardless of whether they have a physical presence in China. This includes both data owners and data processors. The regulations are stricter if businesses are Critical Information Infrastructure Operators (CIIOs) or if they process "important" data.

Which types of data are subject to data localization requirements?

Specific requirements may vary by law or regulation, but here are some of the types of data generally subject to localization:

Personal data

Financial data

Health data

Intellectual property

Customer and e-Commerce data

Education data

Employee data

Critical infrastructure data

Government data

Vehicle data

Non-personal and non-sensitive data, data that is publicly available, stored abroad, or has been anonymized, or is part of international agreements/treaties or specific exemptions, are typically not subject to these requirements.

Potential exemptions for low-volume data exports

Recent CAC rules (the Provisions on Promoting and Regulating Cross-Border Data Flows, effective 22 March 2024) give certain businesses a lighter compliance path. If you are not classified as a Critical Information Infrastructure Operator (CIIO) and the cumulative amount of personal information you export from China since 1 January of the current year:

involves fewer than 100 000 individuals’ non-sensitive personal data, and

does not contain “important data” or any sensitive personal information,

then you may not need to conduct a CAC security assessment, file the Standard Contract, or obtain a certification. For sensitive personal information, the more stringent security assessment trigger still starts at 10,000 individuals. 

These thresholds are cumulative, sector-specific catalogues can raise or lower them, and regulators may adjust the numbers over time, so every business should map its data flows and confirm the latest position before relying on an exemption.

What do businesses need to do with their data in China?

The key requirements for data storage in China include:

Local storage: Store personal and important data collected in China on servers located within mainland China.

Server location: Store the specified data on servers physically located within China's territory.

Data security standards: Implement strict data security measures, including encryption, access controls, and regular security assessments. Report data breaches or leaks to authorities.

Data impact assessments: Conduct data impact assessments to evaluate potential risks associated with data collection and processing. (PIPL Article 55)

Government inspections: Prepare for regulatory inspections as authorities have the right to inspect businesses to ensure compliance.

Read more about cross-border data transfer


Chinafy collaborates with specialized partners, such as Lianwei Pancloud and MS Advisory, who can offer insight into specifics related to your company, regulatory trends and compliance considerations.

Get in touch with Chinafy today to better understand the next steps for your company’s website and data in China.

Don't get left behind.
Optimize your website for the world's fastest-growing consumer market. Start today, cancel anytime.
Make your website work in China
Fill out the form and one of our Chinafy team members will reach out to you within 1 business day to book an initial call or with a plan for next steps.
check30%-40% faster compared to using a CDN alone.
checkVerifiable results in just 2 weeks, instead of 1-2 years.
checkLittle to no action required from your IT teams.
"Chinafy has made it possible for us to be sure that our web visitors in China have the same good experience as all our other visitors in the rest of the world."
Michela Nalin Francek, Marketing Manager for Nolato
"Over 1 million engineers use SnapEDA each year all over the world. We were attracted to Chinafy's service because of how easy they made it to support the Chinese market."
Natasha Baker, CEO & Founder of SnapEDA
We are very happy with working with Chinafy. They went above and beyond to ensure we help MIT Professional Education deliver world-class online education in China.
Ignacio Cerro, CFO, Global Alumni for MIT Professional Education
"Consistency is crucial for us.
Chinafy fits the bill of what we were looking for."
Jonathan Rhodes, Marketing Technology Manager of Registrar Corp
"The process was super easy and I'm really glad we selected your team. The experience has been beyond my expectations."
Nicolas Duchesne-Lafoest, Product Marketing Manager 
"Chinafy went above and beyond to help me produce my event. I'm not sure I would have been successful without them. The client was elated that we managed to fulfill the request to live-stream into China so quickly."
Kevin Denham, Technical Director at ADM Productions
To start, please share a bit more about you.
Which website do you want to Chinafy?
Tell us your name?
What best describes your company role?
What's your Work Email Address?
What would you like to discuss?
Have a discount code?
By clicking 'Get Started', I also agree to Chinafy's Terms of Service & Privacy Policy.
close
Thanks for getting in touch!
One of our China experts will be in touch with you via email within the next 24 hours with

1 - Expected post-Chinafy results
2 - Your Custom Plan
3 - Next steps.

P.S. Make sure to check your promotions inbox in case our message lands there.

Please feel free to check out our case studies or blog in the meantime.
[[embed: get started form inline type]]

Related Stories

Load More
×

Notey will use the information you provide on this form to be in touch with you and to provide updates and marketing. Please let us know all the ways you would like to hear from us:

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at community@notey.com. We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here.