The enactment of the Personal Information Protection Law (“PIPL”) in 2021 establishes a legal framework regulating foreign and domestic companies alike in collecting personal information (“PI”) in China and its cross-border transfer (or export, using interchangeably below). PIPL has extra-territorial effect. Foreign companies processing Chinese PI remotely from their home countries are subject to PIPL’s scrutiny, necessitating the establishment of an entity in China or the designation of a Chinese representative. This local entity or representative must comply with PIPL requirements and register with the Cyberspace Administration of China (“CAC”).

According to Article 38 of PIPL, companies exporting PI, regardless of that of Chinese or foreign nationals, must fulfil one of the following options:

a) pass a security assessment by CAC;

b) sign a standard contract with the overseas PI recipient and file it, along with PI Protection Impact Assessment, with the provincial level CAC; or

c) obtain certification from an accredited institution.

Under the Measures for Security Assessment of Data Cross-border Transfer, data processors who:

  • transfer important data;
  • are key information infrastructure operators or PI processors handling PI of over 1 million people; or
  • export PI of over 100,000 subjects or Sensitive PI of over 10,000 subjects since January 1st of the previous year

must apply for security assessments (Option (a)). Options (b) and (c) are not available for them.

PIPL empowers CAC to stipulate rules about Options (a)-(c). CAC has since issued the following regulations to set out deadlines for PI processors:

ConditionDeadlineRelevant regulations
Security AssessmentMarch 1, 2023Measures for Security Assessment of Data Cross-border Transfer
Standard ContractDecember 1, 2023Measures for Personal Information Cross-border Transfer Standard Contract
CertificationNo set deadlineImplementation Rules for Personal Information Protection Certification

Facing these deadlines, foreign enterprises in China have largely taken two approaches: proactive preparation for security assessment or standard contract, or awaiting further clarification or guidance from CAC.

On September 28, 2023, CAC issued the Draft Provisions on Regulating and Promoting Cross-border Data Transfers (“Draft Provisions”), providing exemptions under certain conditions. If a PI processor exports PI of fewer than 10,000 subjects, it may be exempted from fulfilling any of the three options. The consultation period of the Draft Provisions ended on October 15.

Once the Draft Provisions become law, this is good news for foreign companies collecting a small amount of PI in China and export it as part of their business operations. For instance, they may export a Chinese employee’s PI to manage global HR, or collect Chinese consumer’s PI to enrich their worldwide membership database. However, the PI amount and its business value, along with the business benefit derived from such PI export, do not justify disproportionate spending on legal compliance. Leveraging the Draft Provisions, they can claim exemptions from filing with CAC.

But as the second deadline of 1 December for filing the standard contract is now overdue and the final version of the Draft Provisions has not yet been released, these foreign companies which have previously taken a wait-and-see approach are now anxious about compliance issues. The first question popping into their head would be:

What is the legal consequence if we fail to file with CAC before the deadlines?

This article aims at answering the question, applicable even when the Draft Provisions become law. Preparing a precise response is challenging, as the laws are new and the deadlines not yet long overdue. Precedents are scant. No penalty has yet been issued for missing the deadlines. Given these restrictions, this article tries to offer insights from both a legal interpretation and practical perspective.

Legal interpretation

Chapter 7 of PIPL, titled “Legal Responsibility”, stipulates consequence for non-compliance by a PI processor.

Legal responsibility under PIPL includes administrative and civil liability. For criminal liability, Article 71 of PIPL defers to the Criminal Law of the People’s Republic of China. Article 286 of the Criminal Law stipulates certain criminal liabilities in extreme cases of non-compliance under the Crime of Refusing to Fulfill Information Network Security Management Obligations.

For administrative liability, Article 66 of PIPL provides directives for different violation levels, ranging from rectification orders and warnings to fines and business shutdowns. Article 67 records violations in the credit rating of the violating entity.

Article 66 (1) of PIPL subdivides violation into three levels, depending on the seriousness of the breach. For the first level, petty violation, CAC can issue the following decisions:

  • Rectification order,
  • Warning,
  • Confiscation of illegal gain, and
  • Order for suspension or termination of service.

If the violator fails to comply with the rectification order, it is subject to the second level liability, which includes:

  • A fine of below RMB 1 million yuan (approx. US$143,000) imposed on the PI processing entity, and
  • A fine of RMB 10,000-100,000 yuan (approx. US$1,430-14,300) for responsible person(s).

For more aggrieved circumstances, the highest-level administrative penalty is stipulated in Article 66 (2), which empowers provincial level CAC to issue the following decisions:

  • Rectification order,
  • Confiscation of illegal gains,
  • A fine of not more than RMB 50 million yuan (approx. US$7.15 million) or less than 5% of the previous year’s turnover,
  • Business suspension,
  • Business shutdown for rectification,
  • Notification to relevant authorities to revoke business license,
  • A fine of RMB 100,000 – 1 million yuan (approx. US$14,300 – US$143,000) for responsible person(s), and
  • Prohibition of that person(s) serving as a director and other responsible position in a company.

Civil liability is briefly mentioned in Articles 69-70 without going into detail about how damages are measured. Article 69 introduces a reversed burden of proof. If a PI processor infringes upon PI rights and causes damage, but cannot prove that it is not at fault, it shall bear the liability for infringement such as compensation for damages.

Article 70 introduces the concept of class action. The People’s Procuratorate, consumer organizations and organizations determined by CAC may file a lawsuit with the People’s Court on behalf of a group of affected individuals.

In practice

Without precedent cases for reference, foreign companies may find it challenging to gauge the actual risk level for not meeting the deadlines. The risk level would definitely increase over time.

CAC is aware of business justifications for foreign companies to export certain PI back to their headquarters in home countries. In practice, there is no technical means to detect all PI export activities in China and penalize all violators in one go. Unavoidably, CAC may focus enforcement actions on cases which possess higher risk to the Chinese PI subjects, society and national security as a whole.

Depending on certain factors, foreign enterprises may experience different challenges in conducting their compliance activities in China. Companies may consider the following non-exclusive list of factors in their risk assessment and preparing an appropriate level of compliance activities that they find fitting:

PI SensitivityPIPL affords a stronger protection to Sensitive PI, as defined by the law and National Standard. Priority should be given to PI considered particularly sensitive in the Chinese context, for example biometric data, credit ratings, medical records, PI of minors and financial data. A foreign company exporting a substantial amount of Sensitive PI, should plan ahead in their compliance activities.  
Industry sectorsCAC may consider certain business sectors as strategic, under which any PI collected and exported would likely invite more scrutiny from the authority. While not explicitly stated in the law, foreign PI processors in areas such as finance, education, medical, telecom, transportation, energy, and advanced technology (e.g. AI, electric vehicle, microchips, robotic, life science) are advised to pay more attention to PI compliance issue.  
Scale of PI exportDestination – Chinese PI being exported to a country lacking legal and technical protection for PI would certainly raise eyebrows at the Chinese authority. Even if the recipient country has a sophisticated legal framework on PI protection, inconsistencies with PIPL or discriminatory measures against Chinese PI may prompt CAC intervention.   PI Amount – The higher the amount of PI export, the riskier the exporter is for being accused of non-compliance.   PI Scope – To calculate whether the amount of PI export has reached a certain threshold, all PI belonging to the same PI individual would be considered as one count only. A foreign company exporting a smaller amount of PI may not reach the threshold of a security assessment. However, if it exports a large scope of PI for the same person that goes beyond usual items like name, sex, date of birth, telephone number, etc., its risk level may increase.   Duration – PIPL requires PI processors to delete PI upon completion of the stated processing purpose. If a piece of PI stays overseas for too long without a proper retention and deletion process, CAC may challenge the entire PI export activity.
Location of foreign companies in China  Exporting PI from a major Chinese city (Beijing, Shanghai, Shenzhen, etc.) is a double-edged sword. On one hand, that invites scrutiny from a more proactive provincial CAC bureau that is eager to enforce PIPL. These local bureaus are, however, also more experience in resolving PI exporting issues faced by a foreign company and more ready to provide guidance. Foreign companies setting up a branch office in China are advised to stay closely in touch with their local CAC.
Origin of foreign companies  A foreign investor from a more PI law-advanced country may be more reputed in its PI export activities. But if China’s relationship with this country turns sour, any activity of this investor would be in the limelight.
Other factorsOther dynamic factors such as government attitude, public and media opinion, and PI leakage incidents, may change from time to time but are crucial for foreign companies to measure their risk level in Chinese PI compliance.


While the factors above affect the likelihood of CAC’s accusations, violation occurrence remains a fact. A time bomb is ticking. It is advised for even low-risk foreign companies to engage third-party assessors for PI export compliance activities. These activities may include:

  • PI Protection Impact Assessment: even if they are not prepared to file an application with CAC, organizations are required under Article 55 of PIPL to conduct an impact assessment for any cross-border PI transfer.
  • Consent Management: Organizations must obtain explicit consent from individuals before transferring their PI across borders. The consent process should be transparent, and individuals should be informed about the purpose, scope, and destination of the PI transfer.
  • Data Localization: PIPL emphasizes PI localization requirements, meaning that certain types of PI must be stored within the borders of mainland China. Organizations should assess the types of PI they are collecting and ensure compliance with localization requirements.
  • Security Measures: Implementing appropriate security measures to protect PI during its export is crucial. This includes encryption, access controls, and other safeguards to prevent unauthorized access, disclosure, alteration, and destruction of PI
  • Contractual Obligations: Organizations engaging in PI export should establish clear contractual agreements with overseas PI recipients, outlining the responsibilities and obligations of each party in ensuring the protection and lawful use of the transferred PI.
  • Notification and Transparency: Individuals should be informed about the cross-border transfer of their PI, and organizations should be transparent about their PI processing practices. Notification may be required before or after the transfer.
  • Recordkeeping: Maintaining records of cross-border PI transfers is essential for compliance. Organizations should be able to demonstrate to regulatory authorities that they are handling PI in accordance with the law.
  • PI Subject Rights: Ensure that individuals have the right to access, correct, and delete their PI even when it is transferred across borders. Organizations should establish mechanisms for individuals to exercise their PI subject rights.
  • Compliance Audits: Regularly conduct internal audits to assess compliance with PIPL and related regulations. Audits can help identify areas for improvement and ensure that the organization’s practices align with legal requirements.

Businesses operating in China or dealing with Chinese citizens’ PI should stay informed about the latest regulations and non-legal updates, such as PI news in China and China’s diplomatic relationship with other countries. The regulatory and other PI landscape can evolve, and companies should regularly review their PI protection policies and practices to align with the current circumstances.

For the most up-to-date and accurate information, it is recommended to consult CAC directly or other legal professionals in China.

Guiding Cases 199-201 Issued by the PRC Supreme People’s Court – Further Steps Toward a Pro-Arbitration Regime

On December 30, 2022, the Supreme People’s Court of the People’s Republic of China (“SPC”) released its 36th batch of six guiding cases, all of which relate to the judicial review of arbitration awards. Our previous article focused on the first three guiding cases (Guiding Cases 196, 197, and 198) which addressed several critical issues related to arbitration agreements. This article elaborates on the context and pivotal holdings of the three remaining cases—Guiding Case 199, 200 and 201.

Guiding Case 199: Public Interest Related to Cryptocurrency

Guiding Case 199 (Gao Zheyu v. Shenzhen YunSilk Road Innovation Development Co. Ltd and Li Bin) – recognized[1] as the first Chinese case concerning setting aside of an arbitral award involving bitcoins – is one of the rare cases in recent years where Chinese courts have invoked the concept of “public interest” to annul an award.

China’s strict regulatory stance towards cryptocurrency stands in contrast to the broader recognition of cryptocurrency in a few neighboring jurisdictions (e.g., Hong Kong[2] and Singapore [3] ). Back in 2017, seven Chinese authorities (including the People’s Bank of China and the China Securities Regulatory Commission) jointly issued the Announcement on Preventing the Financing Risks on Initial Coin Offerings[4]. Article 3 of the Announcement strictly prohibits any financial institution operating in China from offering cryptocurrency-related services, including pricing, intermediation or engaging in the buying or selling of cryptocurrency.

The arbitral award, which was set aside by the court, mandated that the respondent compensate the claimant a certain amount of Chinese Yuan equivalent to the bitcoins owed by the respondent to the claimant. In determining the value of the bitcoins, the tribunal referred to the bitcoin price provided on the Okcoin[5] website. This award, which sparked intense debate, was eventually set aside by the Shenzhen Intermediate People’s Court on the ground that it, in effect, facilitated the exchange between the bitcoin and fiat currency, resulting in the violation of the stability and integrity of the Chinese financial market and public interest.

This guiding case, without doubt, conveys a clear message of Chinese courts’ stance on implementing stringent supervision over cryptocurrencies. However, taking a step back, if the award merely required the respondent to compensate the claimant with a certain number of bitcoins or allowed the value of the bitcoins to be determined through parties’ negotiation instead of by reference to the price from a third-party website, would such award be enforceable? In the authors’ view, that remains an open question. As a case in point, in Sun Dingshang v. Xie Zuozheng[6], the court confirmed the validity of directly returning the bitcoins; and in a case shared by the Shanghai High Court[7], the plaintiff, through negotiations between the parties, waived the request for the defendant to return one bitcoin and instead agreed to receive a certain amount of Chinese Yuan as compensation.

Thus, while the guiding case is consistent with China’s regulatory bottom line for cryptocurrency-related issues, the extent to which courts will tolerate similar arbitral awards remains to be elucidated through future cases.

Guiding Case 200: Proactive Attitude in Harmonizing Expedited Arbitration and Ad Hoc Arbitration

Guiding case 200 (SvenskHonungsfora–dlingAB v. Nanjing Changli Bees Product Co. Ltd) reflects Chinese court’s consistent pro-enforcement stance towards foreign arbitration awards adjudicated in the way of ad hoc arbitrations.

As a general matter, ad hoc arbitrations are not recognized under the PRC Arbitration Law, which requires that an effective arbitration clause must designate a specific arbitration commission. The key issue before the Nanjing Intermediate People’s Court was whether, notwithstanding this provision, a foreign ad hoc arbitration initiated by the parties was in conformity with the parties’ dispute resolution clause that “in case of disputes governed by Swedish law and that disputes should be settled by Expedited Arbitration in Sweden.” The court found that ad hoc arbitration and expedited arbitration share the features of efficiency, convenience and economy, and are both focused on simplifying arbitration procedures, shortening arbitration time and reducing arbitration costs. Based on the above reasons, the court held that the term of expedited arbitration in the dispute resolution clause does not exclude resorting to ad hoc arbitration to solve the parties’ dispute.

It is noteworthy to consider, alongside Guiding Case 200, the development of ad hoc arbitration in China. Early in 2016, the SPC has officially opened the door for companies registered in free trade zones (“FTZs”) to submit their disputes to ad hoc arbitrations.[8] However, it was not until 30 June 2023 that the first ad hoc arbitration award in China was adjudicated based on the ad hoc arbitration rules of China Maritime Law Association[9], with the institutional assistance of the China Maritime Arbitration Commission. Another significant milestone in the development of ad hoc arbitration in China was the release of the Notice Regarding Requesting Public Comments on the Bills to Revise the Arbitration Law (Exposure Draft)[10] in 2021. According to Article 91 of the Exposure Draft, parties are entitled to refer foreign-related commercial disputes to an ad hoc arbitral tribunal. Whilst not applicable to domestic cases and confined to commercial disputes, this proposed change is a step forward for China to further align with the international arbitration practice.

In sum, the pro-enforcement attitude towards foreign awards issued in ad hoc arbitrations, positive attempts of applying ad hoc arbitrations in FTZs, and the latest amendments in the Exposure Draft all signify China’s readiness to take steady steps to modify its arbitration laws and regime to align with international practice. Whether ad hoc arbitration, as a relatively new concept in China, can effectively serve its function and flourish in China remains to be observed.

Guiding Case 201: Clarifying the Concept of “Sports Arbitration”

in China

Guiding Case 201 arose out of a Professional Coach Contract signed between a Serbian coach and a Chinese football club. The Chinese football club was required to pay the outstanding wages to the coach pursuant to an award rendered by FIFA Players’ Status Committee (“FPSC”)—an internal dispute resolution body in the football field. Due to respondent’s non-fulfillment of the award, claimant brought this award to Chinese local court for enforcement based on the New York Convention.

During the trial, the Shanghai First Intermediate People’s Court was faced with two major issues—(1) whether the award rendered by FPSC counts as an arbitral award under New York Convention; and (2) whether the arbitration clause—“In the case of disputes over which FIFA does not have jurisdiction, the parties shall submit such disputes to the CAS”—excludes the court’s jurisdiction over the current case.

Regarding the first issue, the court held that because FPSC is a self-governing internal dispute resolution body with the enforcement of the award primarily relying on the self-governing mechanism within the football industry—instead of an independent arbitral institution—the award does not possess binding force. Moreover, the award issued by FPSC is not final because such award does not preclude the parties from seeking recourse to the local court or CAS. In light of the above reasons, the court ruled that the award rendered by FPSC does not fall within the definition of an “arbitral award” under the New York Convention. From the court’s reasoning, it can be observed that Chinese courts typically place significant weight on the criteria of “Independence,” “Binding Force,” and “Finality” when interpreting the term “arbitral award” in the context of the New York Convention.

Regarding the effect of the arbitration clause in the contract, the court took a two-step approach. After confirming the validity of the arbitration clause, the court elaborated that as the pre-condition of initiating CAS arbitration was not satisfied, i.e., because FIFA had exercised its jurisdiction over the dispute, the clause was rendered unenforceable. Based on this, the court ruled that an unenforceable arbitration clause could not exclude the court’s jurisdiction.

An interesting hypothetical question arising from this case is whether, in the event that the dispute is submitted to CAS and an award is rendered by a CAS tribunal, such award would be recognized as an “arbitral award” under the New York Convention. Given that CAS, as a sports arbitral institution, deals with a wide range of disputes covering not only commercial issues but also areas like sponsorship and doping, the authors’ opinion is that Chinese court’s stance regarding CAS awards would remain ambiguous. And this ambiguity is further compounded by China’s declaration of “Commercial Reservation” when ratifying the New York Convention.

Concluding Thoughts

The 36th batch of six guiding cases clarifies multiple significant issues concerning both domestic and international arbitration in China. At the same time, considering the ongoing substantial revision of the PRC Arbitration Law, there is much anticipation for the future arbitration practice within this regime.



[2] For example, in the landmark decision of Re Gatecoin Limited (In Liquidation) [2023] HKCFI 914 issued this year, the Court of First Instance of Hong Kong, for the first time. held that cryptocurrency constitutes property under Hong Kong Law.

[3] For example, under the Payment Services Act 2019 of Singapore, cryptocurrencies are considered digital payment tokens regulated by the Monetary Authority of Singapore. The Monetary Authority of Singapore states that the Payment Services Act 2019 “provides for regulatory certainty and consumer safeguards, while encouraging innovation and growth of payment services and FinTech.”








The Basic Requirements for the Security of Generative Artificial Intelligence Services

Recently, the National Information Security Standardization Technical Committee (“TC260“) issued the Basic Requirements for Security of Generative Artificial Intelligence Services (Draft for Soliciting Opinions) (“Draft Requirements“).[1]This is China’s first national standard that specifically puts forward specific security requirements for generative artificial intelligence (“GAI“), and also assists the implementation of the Interim Measures for the Management of Generative Artificial Intelligence Services (“GAI Measures“) in practice.

The Draft Requirements provide basic guidance on the security issues facing GAI services regarding training data security, model security, security measures, security evaluation, filing applications, security assessments, and other matters, which we explore in more detail below based on China’s existing artificial intelligence governance framework, judicial practice in related fields, and our practical experience.

Outline of the Existing Legal Framework

China has not promulgated a dedicated artificial intelligence (“AI“) law. Applicable rules governing AI-related fields are spread across a patchwork of laws (such as the Personal Information Protection Law (“PIPL“), the Data Security Law and the Cybersecurity Law (“CSL“)), regulations, policies, and standards, coming from different legislative bodies at different levels of the government.

The National Cyberspace Administration (“CAC“) and other departments have issued the following 3 overlapping administrative regulations to implement laws and regulate AI:

  • Administrative Provisions on Algorithmic Recommendation in Internet-Based Information Services 2021
  • Administrative Provisions on Deep Synthesis in Internet-Based Information Services 2022
  • Interim Measures for the Management of Generative Artificial Intelligence Services 2023

In addition, other regulations in different fields are deeply influencing the regulation of China’s AI industry, such as:

  • Opinions on Strengthening the Governance of Scientific and Technological Ethics
  • Measures for the Review of Science and Technology Ethics
  • Provisions on the Security Assessment for Internet-based Information Services Capable of Creating Public Opinions or Social Mobilisation.

Scope of the Draft Requirements

The Draft Requirements outline the basic security requirements for GAI services and cover aspects such as data sources (语料安全), model security (模型安全), security measures (安全措施), security assessments (安全评估), and more.

It applies to organisations and individuals providing GAI services to the public within China, and its purpose is to enhance the security level of these services.

The Draft Requirements allow for self-assessments by GAI service providers or assessments conducted by third parties. It can also serve as a reference for relevant regulatory authorities to evaluate the security of GAI services.

Normative References

The Draft Requirements reference the following standards:

  • GB/T35273 Information Security Technology Personal Information Security Specification: This standard was released earlier than the PIPL. It puts forward detailed requirements for the principles of personal information processing and full life cycle processing activities. It is an important reference for regulatory authorities when enforcing the law. While some of its requirements are inconsistent with PIPL, it remains an important reference source.
  • The CSL: The CSL can be considered one of the cornerstones of the Chinese legal framework regulating online activities, including providing GAI services. The security requirements of the Draft Requirements generally align with those in the CSL.
  • Provisions on Ecological Governance of Network Information Content 2019 (“Content Provisions“): The Content Provisions regulate online content in China. The prohibitions in Appendix A of the Draft Requirements generally align with those in the Content Provisions and, in some cases, provide more detail and specification. However, the list of prohibitions in Appendix A does not fully replicate that found in the Content Provisions.
  • TC260-PG-20233A Cybersecurity Standard Practice Guide – Generative Artificial Intelligence Service Content Identification Methodology: This contains content labelling guidelines.
  • Interim Measures for the Administration of Generative Artificial Intelligence Services 2023: The Interim Measures are regulations that directly govern GAI services. The Draft Requirements and the previously released TC260-PG-20233A are supporting documents for the GAI Measures, which provide more specific and practical requirements. The correspondence between the three is as follows:

Basic Security RequirementsRelevant Laws & Regulations
Training Data SecuritySource SecurityArticle 7 (1) of GAI Measures
Content SecurityArticles 4 & 7 of GAI Measures
Label SecurityArticle 8 of GAI Measures
Model SecurityModel Source ComplianceArticle 7 (1) of GAI Measures
Generate Content SecurityArticle 14  of GAI Measures
Transparency, accuracy, and reliabilityArticle 4 (5) & 10  of GAI Measures
Security MeasuresSpecial population protectionArticle 10  of GAI Measures
Personal Information ProtectionArticle 9 of GAI Measures
Input Information ProtectionArticle 11 of GAI Measures
Content identificationTC260-PG-20233A
User complaint reporting channelsArticle 15 of GAI Measures

Terms and Definitions

The Draft Requirements provide several key terms and definitions that are essential to understanding their content:

  • Generative Artificial Intelligence Service: This is defined as “Artificial intelligence services based on data, algorithms, models, and rules that are capable of generating text, images, audio, video, and other content based on user prompts.” It would perhaps be more helpful to readers if AI were also defined within the Draft Requirements. A more general definition for AI systems can be found in GB/T 41867-2022, Information Technology – Artificial Intelligence – Terminology, which defines AI systems as “a class of engineering systems that are designed with specific goals defined by humans, generating outputs such as content, predictions, recommendations, or decisions…” We suspect that several technologies could fall within the scope of this definition that people would not normally consider AI, such as pocket calculators.
  • Provider: A provider is defined as “Organisations or individuals that provide generative artificial intelligence services to the public in China in the form of interactive interfaces, programmable interfaces, etc.” This definition restricts providers to those providing GAI services to the public in China while leaving the form of services open.
  • Training Data: This is defined as all “data directly used as input for model training, including input data during pre-training and optimisation training.”
  • Illegal and Unhealthy Information: This is a collective term for following 11 types of illegal information and 9 types of undesirable information noted in Content Provisions:
Illegal InformationUndesirable Information
Content opposing the basic principles established by the Constitution.Content using exaggerated titles, with serious inconsistency between content and title.
Content endangering national security, disclosing state secrets, subverting state power or undermining national unity.Hyped gossip, scandals, misdeeds, etc.
Content harming the honour or interests of the State.Improper comment on natural disasters, major accidents and other disasters.
Content distorting, vilifying, desecrating or denying the deeds and spirit of heroic martyrs, or infringing upon their names, portraits, reputation or honour by insulting them, slandering them or other means.Content making sexual suggestions, sexual provocations, etc., which is prone to cause association with sex.
Content propagating terrorism or extremism or inciting the implementation of terrorist or extremist activities.Content showing blood, horror, cruelty, etc., which causes physical and mental discomfort.
Content inciting national hatred or discrimination or undermining national unity.Content inciting mass discrimination, regional discrimination, etc.
Content undermining the State’s religious policies or propagating heresy or feudal superstition.Propagation of vulgar, obscene, and kitsch content.
Content spreading rumours or disturbing the economic and social order.Content that is likely to cause minors to imitate unsafe behaviour, violate social morality or induce minors to form bad habits, etc.
Content spreading obscenity, pornography, gambling, violence, murder or terror, or abetting crimes.Other content that has adverse effects on the network ecology.
Content insulting or slandering others, infringing upon others’ reputation, privacy or other legitimate rights and interests. 
Other content prohibited by laws and administrative regulations. 

It can sometimes be difficult to delineate the boundaries of illegal and undesirable information precisely. This could make some GAI service providers overly cautious or relaxed when categorising information.

  • Sampling Qualified Rate: In the context of security assessments, the proportion of a sample that does not include any of the 31 security risks listed in Appendix A of the Draft Requirements. It is perhaps more helpful to express it as follows:

× 100


The Draft Requirements not only specify specific requirements for GAI services in terms of training data security, model security, security measures, and the like. They also provide additional specifications and details on the procedures and content of security assessments for GAI services. According to Article 17 of the GAI Measures, those who provide GAI services with attributes of public opinion or social mobilisation shall conduct a security assessment in accordance with relevant national regulations and fulfil algorithm filing procedures. On 31 August 2023, 11 major model service providers became the first batch of enterprises to pass the GAI service filing. [1]

The Draft Requirements explicitly state that GAI service providers should conduct a security assessment before submitting a filing application to begin providing services with the relevant regulatory authorities, and they should submit their internal assessment results and supporting materials at the time of filing. Service providers can conduct security assessments themselves or entrust third parties for the assessment. The content of the security assessment should cover all the provisions of the Draft Requirements, and each provision should form a separate assessment conclusion, which, along with relevant evidence and supporting materials, forms the final assessment report.

In recent years, assessments conducted by companies themselves or by third-party service providers have gradually become an important compliance obligation in various fields, such as the risk assessment required when handling important data by automotive data processors or the ethical assessment required for technology activities. This current legal framework sometimes also stipulates that security assessments are a prerequisite for filing, such as personal information protection impact assessment reports, which must be submitted when filing the standard contract issued by the CAC for personal information outflows.

It is worth noting that although companies themselves conduct these assessments, regulatory authorities may provide feedback or request modifications to the assessment report. Therefore, we recommend that companies communicate with relevant departments before conducting a security assessment for GAI services or when complications arise during such an assessment to ensure that the assessment meets both the form and substance of regulatory requirements.

Training Data Security Requirements

As discussed above, in the Draft Requirements, the term training data (“语料”) refers to all data directly used as input for model training, including data used in pre-training and fine-tuning processes. While the Draft Requirements appear to be introducing a new concept, from its definition and the English translation provided in the draft (“Training Data”), it appears that “语料” in the Draft Requirements and “训练数据” in the GAI Measures should both refer to training data. Therefore, the necessity of creating a new concept in the Draft Requirements in this context is subject to debate.

When using training data to train artificial intelligence, service providers should avoid using illegal or harmful information and refrain from infringing upon the legitimate rights and interests of third parties, including but not limited to data rights, intellectual property rights, and personal information rights.

For example, in the past, PenShen ZuoWen publicly accused its partner Xue Er Si of unlawfully scraping data from servers without consent and using that data for training an upcoming large AI model.[1] Similarly, in foreign countries, companies like OpenAI, Google, and Stability AI Inc. have faced lawsuits for using training data suspected of copyright infringement. [2]


Keywords are referred to in Sections 5.2 and 8.2 of the Draft Requirements. Section 9.1 of the Draft Requirements specifies what a comprehensive keyword library should contain. Keywords should generally not exceed 10 Chinese characters or 5 words in any other language. The library needs to be extensive, containing no fewer than 10,000 keywords. Furthermore, to ensure inclusivity, the library must include at least 17 types of security risks, as listed in Appendices A.1 and A.2. Each of the security risks in Appendix A.1 should have no fewer than 200 associated keywords, while those in Appendix A.2 should have no fewer than 100.

Data Rights Protection

The Draft Requirements stipulate that service providers must refrain from using data with conflicting rights or unclear origins. They must also possess proof of the legality of the data source, such as authorised agreements, transaction contracts, or legally binding documents.

In addition to the requirements listed in the Draft Requirements, service providers must also comply with other legal regulations regarding data rights. Data rights can be protected in China through the Anti-Unfair Competition Law and its implementing regulations. While no direct legal provisions exist, a mature set of rules have evolved through judicial rulings. For example, the Chinese courts have determined the scope of lawful use by assessing whether using web scraping technology “violates the principles of honesty and commercial ethics.” The following behaviours may violate business ethics and principles of honesty and credit:

  • Violating a target website’s Robots.txt file and user agreements;
  • Excessively or inappropriately using the scraped data;
  • Failing to protect consumer rights adequately;
  • Obstructing or disrupting the normal operation of other legitimate online products or services operators provide.

Intellectual Property Protection

The Draft Requirements mandate that service providers establish an intellectual property management strategy and designate an intellectual property manager for the corpus and generated content. Before using the corpus for training, individuals responsible for intellectual property matters should identify cases of intellectual property infringement within the corpus, including but not limited to copyright, trademark, patent, and trade secret infringements.

Additionally, service providers should take measures to enhance the transparency of intellectual property protection for GAI services:

  1. Establish channels for complaints and reports related to intellectual property issues and allow third parties to inquire about the usage of the corpus and associated intellectual property situations.
  2. Disclose summary information about the intellectual property aspects within the training corpus.

Protection of Personal Information Rights

There should be an appropriate legal basis when using data containing personal information. Article 13 of the PIPL stipulates seven legal bases, including consent, necessity for contract performance, and statutory obligations. However, in practice, most GAI services still rely on the consent of data subjects to meet the legal requirements for personal information processing.

In Section 5.2(c) of the Draft Requirements, service providers are specifically required to obtain written authorisation and consent from the corresponding data subjects when using data containing biometric information such as facial features. Written consent is a more stringent form of consent. In situations where laws and regulations require the written consent of individuals, personal information processors must express what is being consented to in a tangible form, such as paper or digital documents, and obtain the individual’s consent through active signing, sealing, or other forms.

According to the upcoming national standard, Information Security Technology – Guidelines for Notification and Consent in Personal Information Processing, which takes effect in December 2023, written consent must be explicitly expressed in text and cannot be obtained through methods like clicks to confirm, click to agree, upload submission, login use, or photography.

Currently, Chinese law does not require personal information processors to obtain written consent for processing biometric information like facial features. Article 14 of the PIPL clearly states that only laws and administrative regulations can establish provisions for written consent. Therefore, the specific requirements in Draft Requirements Section 5.2(c) do not have a clear legal basis.

Model Security Requirements

As AI continues to evolve and play an increasingly integral role in our lives, the need for model safety and reliability has become paramount. As such, the Draft Requirements contain a section dedicated to content security, transparency, accuracy, and reliability.

Content Security

A fundamental concern in AI development is generating safe and reliable content. The Draft Requirements address this issue with several crucial points:

  • Use of Registered Base Models: AI service providers are instructed not to use base models not registered with the relevant regulatory authorities.
  • Content Safety Throughout the Development Process: Content needs to be considered throughout an AI model’s lifecycle. During the training process, it is essential to evaluate content safety as a primary indicator of model quality. The goal is to ensure that the model generates safe and appropriate content. We believe that Regulators would consider a model with a high Sampling Qualified Rate to be comparatively safer.
  • Real-time Content Safety Checks: AI models should incorporate real-time security checks during user interactions. Any security issues identified during service provision or regular monitoring should prompt targeted adjustments, including fine-tuning and reinforcement through methods like machine learning.
  • Defining Model-Generated Content: Model-generated content refers to the unprocessed, direct output of the AI model. It is essential to clarify this definition to ensure consistent understanding and adherence to content security standards.


Transparency is key to model security, providing users with information about the service and its functioning. The Draft Requirements emphasise transparency through various stipulations:

  • Public Disclosure on Websites: AI services provided through interactive interfaces, such as websites, should prominently display information about the service’s intended audience, use cases, and third-party base model usage. This transparency helps users make informed decisions regarding service usage.
  • Limitations and Technical Information: Interactive GAI services must also clarify their limitations and provide an overview of the model’s architecture, training framework, and other essential technical details that aid users in understanding how the service operates. This may not be easy for some organisations as they may not fully understand how their model(s) operate internally due to the Black Box Effect. As such, some organisations may only be able to achieve compliance on a relatively shallow basis.
  • Documentation for API Services: For services provided through programmable interfaces, essential information should be made available in documentation accessible to users.

Content Accuracy and Reliability

Content accuracy and reliability are critical to ensuring AI services provide meaningful and dependable responses. The Draft Requirements focus on these aspects with the following expectations:

  • Accurate Content Generation: AI models should generate content that accurately aligns with the user’s input intent. The content should also adhere to scientific knowledge and mainstream understanding and be free from errors or misleading information. Achieving alignment with a user’s input intent might be a challenge in many instances because of technical and linguistic limitations.
  • Effective and Reliable Responses: AI services should provide logically structured responses, contain highly valid content, and be genuinely helpful to users in addressing their queries or concerns.

Security Measures Requirements

The Draft Requirements contain seven essential security measures that AI service providers should follow to promote safety, transparency, and regulatory compliance. We discuss these requirements below.

  • Justification: Providers should thoroughly demonstrate the necessity, suitability, and safety of using GAI across various fields within their service scope. In cases where AI services are deployed in crucial contexts like critical information infrastructure, automatic control, medical information services, or psychological counselling, providers should implement protection measures appropriate to the level of risk involved.
  • Protecting Minors: When AI services cater to minors, several safeguards are required: allowing guardians to set anti-addiction measures for minors, protected with passwords; imposing limits on daily interactions and duration for minors, and requiring a management password if exceeded; requiring the consent of a guardian before content can be consumed; and filtering out content that is not suitable for minors, ensuring the display of content that promotes physical and mental well-being.
  • Personal Information Handling: The Draft Requirements stipulate that AI providers must handle personal information following China’s personal information protection requirements and explicitly references “existing national standards, such as GB/T 35273, etc.” As discussed above, while GB/T 35273 is highly regarded, it predates the PIPL and does not perfectly align with it.
  • User Data Usage for Training: Prior consent should be obtained from users for using their input for training purposes. Users should have the option to disable the use of their inputs for training. Accessing privacy options from the main interface should be user-friendly, requiring no more than four clicks. Users must be clearly informed about data collection and the method for opting out.
  • Content Labelling: Content labelling must conform to guidelines established in TC260-PG-20233A, Cybersecurity Standard Practice Guidelines – Generative Artificial Intelligence Service Content Identification Methodology. This includes clearly identifying display areas, textual prompts, hidden watermarks, metadata, and specific service scenarios. We note the watermarking technologies are relatively immature at present.
  • Complaint Reporting Mechanism: GAI service providers must establish channels for receiving complaints and reports from the public and users. This can include telephone, email, interactive windows, SMS, and more. Clear rules and defined timeframes for resolving complaints and reports should be in place.
  • Content Quality Assurance: For user queries, AI services must decline to respond to obviously radical or illegal content. Supervisors should be designated to enhance content quality in alignment with national policies and third-party feedback, with the number of supervisors reflecting the service’s scale.
  • Model Updates and Upgrades: Providers should develop a robust security management strategy for model updates and upgrades. After significant updates, a security assessment should be conducted, and models should be re-filed with the relevant authorities as required.

Security Assessment Requirements

Providers are expected to conduct comprehensive security assessments, including corpus safety, generated content safety, and question rejection, with specific criteria for each aspect to ensure responsible and safe deployment of generative AI services.

Comprehensive Security Assessments for Responsible AI Deployment

Providers should conduct security assessments either before service deployment or during significant updates and have the option to choose internal or third-party evaluators. Each clause within the Draft Requirements should be assessed to produce a distinct assessment result of either “compliant,” “non-compliant,” or “not applicable.” Assessment results should be supported with evidence. In cases where format constraints prevent certain outcomes from being included, they can be appended to the report. Self-assessments require signatures from at least three key figures, such as the legal representative, the security assessment lead, and the legality assessment lead.

Assessing Corpus Safety

Evaluating corpus safety entails a very granular review. At least 4,000 randomly selected training data items must be inspected manually, demonstrating a Sampling Qualified Rate of 96% or higher. Additionally, keyword and classification model inspections necessitate random sampling of no less than 10% of the training data, achieving a Sampling Qualified Rate of 98% or higher. The keyword library and classification model should comply with the specifications outlined in Section 9.

Evaluating Generated Content Safety

To assess generated content safety, a random sample of at least 1,000 test questions should maintain an acceptance rate of 90% or higher. The same criteria apply to keyword and classification model inspections, involving random sampling of at least 1,000 test questions with an acceptance rate of 90% or higher.

Test questions should come from a comprehensive content testing question bank designed to evaluate AI-generated content’s adherence to security standards. It should comprise no fewer than 2,000 questions. The question bank must comprehensively cover all 31 security risks in Appendix A. Each risk in Appendices A.1 and A.2 should be represented by no fewer than 50 questions, while other security risks should have at least 20 questions each. Based on the content testing question bank, standard operating procedures should be established to identify all 31 security risks.

Assessing Question Rejection

A rejection question bank should be established to prevent AI models from providing harmful or inappropriate responses. This question bank should contain no fewer than 500 questions and be representative, covering the 17 security risks in Appendices A.1 and A.2, with each risk having no fewer than 20 associated questions. In contrast, a non-rejection question bank should also be created with no fewer than 500 questions. These questions should represent various aspects of Chinese culture, beliefs, personal attributes, and more, ensuring that AI models provide suitable responses for various contexts and user profiles.

During a security assessment, at least 300 test questions from the rejection bank should exhibit a rejection rate of 95% or higher. In the case of non-rejection, no more than 5% of test questions from the non-rejection bank should be rejected.


This article outlines the basic security requirements for GAI services under the Draft Requirements. These requirements encompass language data security, model security, security measures, and security assessments. They apply to GAI service providers aimed at the public in China.

Overall, the Draft Requirements seek to strike a balance between harnessing the potential of GAI and ensuring that it operates safely and effectively, with due consideration to the diverse needs and contexts of users and the broader Chinese public.

When the Draft Requirements are finalised, they will help GAI service providers maintain a higher level of legal compliance, safety, and reliability. Given that GAI services are a relatively new phenomenon, this is a positive development for service providers because it clarifies what is generally expected of them. Additionally, the Draft Requirements may serve as a useful reference for the Courts and relevant regulatory authorities in assessing the security of GAI services and other related matters.

[1] News report:

[2] See Case 3:23-cv-03440-LB; Case 3:23-cv-03199; Case 1:23-cv-00135-UNA; Case 3:23-cv-00201.

[1]The Draft Requirements can be accessed in full at:

[2]News report:

[3] News report:

[4] See Case 3:23-cv-03440-LB; Case 3:23-cv-03199; Case 1:23-cv-00135-UNA; Case 3:23-cv-00201.

On 28 September 2023, the Cyberspace Administration of China (“CAC“) issued the Regulations for Standardising and Promoting Cross-Border Data Flows (Draft for Comments) (“Draft Regulations”) to solicit public comments. The Draft Regulations appear to overturn some of the CAC’s previous requirements in relation to cross-border data transfers.


Legal mechanisms under the PIPL

Under Article 38 of the Personal Information Protection Law (“PIPL“) issued in 2021, companies intending to export personal information to overseas recipients are required to go through one of the following legal mechanisms (“Legal Mechanisms“):

1. going through the security assessment organised by the CAC (“Security Assessment“);

2. signing the Standard Contract issued by the CAC with the overseas recipient (“Standard Contract”);

3. seeking personal information protection certification from a professional institute recognised by the CAC (“Certification“); or

4. meeting other conditions prescribed by law, administrative regulations, or the national cyberspace authority.

CAC regulations

The CAC has issued several regulations detailing the requirements for implementing the Legal Mechanisms, including:

Legal MechanismCAC Regulations
Security AssessmentMeasures for the Security Assessment of Outbound Data Transfers
Standard ContractMeasures for the Standard Contract for Outbound Cross-Border Transfer of Personal Information
Certification  Announcement on the Implementation of Personal Information Protection Certification

It is also worth noting that Item 4 of Article 38 of the PIPL grants the CAC the power to create new or supplemental rules for cross-border transfers of personal information. However, before the Draft Regulations, the CAC had never issued any rules that deviated from the three Legal Mechanisms.

Implementation of the Legal Mechanisms

Onerous compliance obligations under the Legal Mechanisms

The CAC has gradually promulgated regulations to implement the Legal Mechanisms for the Security Assessment, Standard Contract and Certification since late 2022. Companies that fall within the scope of the Legal Mechanisms have been trying to comply with them ever since. However, the compliance obligations under the Legal Mechanisms are onerous and require a significant amount of time and effort to complete tasks such as:

  • data mapping;
  • improvements to data protection and information security policies;
  • conducting assessments based on complicated parameters prescribed by the CAC and drafting long assessment reports;
  • seeking separate consent from individuals whose information is transferred out of China; and
  • assessing the local laws and policies of the countries to which the data will be exported.

It is also worth noting that the Security Assessment and Standard Contract both involve making filings with the CAC, and some companies’ data export practices have been challenged by the CAC during the filing process.

Concerns of companies and the CAC’s response

In light of the onerous compliance obligations associated with implementing the Legal Mechanisms, some multinational companies expressed their concerns to the CAC, and the CAC appears to be responsive to these concerns. For example:

  • In July 2023, the State Council issued the Opinions on Further Optimising the Environment for Foreign Investment and Increasing Efforts to Attract Foreign Investment (“Opinions“), which calls for the government to “explore a streamlined security management mechanism for cross-border data flows”, “establish green channels for qualified foreign-invested enterprises, efficiently conduct security assessments for the outbound transfer of important data and personal information”, and “promote safe and orderly flows of data”. The Opinions also encourage regions such as Beijing, Tianjin, Shanghai, and the Guangdong-Hong Kong-Macau Greater Bay Area to create, on a pilot basis, “lists of some ordinary data that is allowed to flow freely”.
  • In August 2023, the CAC is reported to have contacted and met with representatives from dozens of multinational companies to ease their concerns about the cross-border data transfer regime. For more information, see

The Draft Regulations

As a follow-up action to the government’s initiative to relax the requirements for cross-border data transfers, the CAC appears to be considering exercising its power under Article 38 of the PIPL to create some exceptions to the existing Legal Mechanisms to facilitate cross-border data transfers.

Essentially, the Draft Regulations propose exempting companies from complying with ALL three Legal Mechanisms under Article 38 of the PIPL if their data export scenarios fall under any of the following conditions:

  • the personal information to be exported is not collected or generated within China;
  • the export of personal information is necessary for the conclusion or performance of a contract to which the individual is a contracting party, such as personal information exports required for cross-border shopping, international remittances, flight and hotel reservations, visa processing, etc.;
  • the export of employees’ personal information is necessary for carrying out human resources management under an employment policy legally established or a collective contract legally concluded;
  • the export of personal information is necessary to protect the life, health, and property safety of natural persons in the case of an emergency;
  • a company intends to export the personal information of less than 10,000 individuals within a year.

The Draft Regulations also propose raising the data transfer volume thresholds for triggering a Security Assessment (a more onerous Legal Mechanism) and allowing data exporters making lower volume transfers of data to rely on the Standard Contract or Certification (two relatively less onerous Legal Mechanisms):

Data transfer volume thresholdsSecurity Assessment required?Is a Standard Contract or Certification required?
Exporting the personal information of over 10,000 but less than 1,000,000 individuals within a year.NoYes
Exporting the personal information of over 1,000,000 individualsYesNo


The Draft Regulations appear more friendly to multinational companies than previous regulations. They would, once formalised, significantly reduce their compliance obligations. However, the sudden release of the Draft Regulations has raised a number of questions, which we attempt to answer below.

When will the Draft Regulations take effect?

It is unclear when the Draft Regulations will take effect. However, the CAC may want to formalise them soon because:

  • The CAC only provided 18 days (28 September – 15 October, most of which was a national public holiday) to solicit public comment, indicating its determination to formalise the Draft Regulations promptly.
  • The statutory deadline for filing the Standard Contract will end on 30 November 2023. If the Draft Regulations are not formalised soon, companies may devote time and resources towards meeting this deadline to file signed Standard Contracts with the CAC, and the CAC would then face the burden of processing these filings. Therefore, the CAC may want to formalise the Draft Regulations sooner rather than later and, in any event, before 30 November 2023.

Can companies rely on the Draft Regulations to stop work in relation to the Legal Mechanisms now?

No, because:

  • Until a formal version of the Draft Regulations is released, they should not be treated as an effective regulation to be relied on.
  • There is a possibility that the Draft Regulations may not be formalised by 30 November 2023. In that case, companies that need to adopt the Standard Contract would still be bound by the CAC’s existing regulations, which require them to file the signed Standard Contract with their local CAC by 30 November 2023.
  • The exemptions under the Draft Regulations are broad, and how they would interact with conflicting triggers under the CAC’s previous regulations is unclear. We expect more clarification in the final version of the Draft Regulations.
  • The radical changes proposed by the Draft Regulations are unusual. It is possible the CAC may want to take a step back in the formal version. For example, instead of exempting qualified companies from all Legal Mechanisms, the CAC may still want these companies to take some less onerous compliance measures (e.g., signing the Standard Contract but not filing with the CAC) to ensure data security.
  • The Draft Regulations do not propose changing the fundamental data compliance requirements of the PIPL. Therefore, even if companies may not need to go through any of the Legal Mechanisms, they would still be obliged to take actions to comply with the PIPL, including:
    • Setting up a data protection compliance framework (Article 51 of the PIPL);
      • developing an internal management system and operating procedures;
      • managing personal information based on classification;
      • taking appropriate technical security measures such as encryption and de-identification;
      • reasonably determining authorisations to operate the processing of personal information and conducting security education and training for employees regularly;
      • developing and organising the implementation of emergency plans for personal information security incidents; and
      • taking any other measure required by law or administrative regulations.
    • Notifying the data subjects of the details of the transfers and obtaining their separate consent where required (Article 39 of the PIPL);
    • Conducting Personal Information Protection Assessments (PIPIA) for cross-border data transfers (Article 55 of the PIPL);
    • Signing data processing agreements with entrusted processors (Article 21 of the PIPL).

The compliance work needed for these Legal Mechanisms significantly overlaps with the above PIPL requirements. As such, the compliance work that companies have started with a view to implementing the Legal Mechanisms will not be wasted.

How companies should react to the Draft Regulations

At this stage, companies are advised to:

  • carry on their compliance work for the Legal Mechanisms as planned;
  • analyse whether certain data export scenarios may fall under the proposed exemptions in the Draft Regulations;
  • monitor the development of the Draft Regulations closely; and
  • seek guidance from their local CAC or wait until the Draft Regulations are formalised to identify whether any further actions are required for filings that have already been submitted.

Regulations for Standardising and Promoting Cross-Border Data Flow (Draft for Comments)


In order to safeguard national data security, protect the rights and interests of personal information, and further regulate and promote the lawful and orderly free flow of data, the following provisions are made in accordance with relevant laws regarding the implementation of data export regulations such as the Measures for the Security Assessment of Outbound Data Transfers and the Measures for the Standard Contract for Outbound Transfer of Personal Information:

  1. 国际贸易、学术合作、跨国生产制造和市场营销等活动中产生的数据出境,不包含个人信息或者重要数据的,不需要申报数据出境安全评估、订立个人信息出境标准合同、通过个人信息保护认证。

Where a Data Processor exports data (which does not contain personal information or important data) in international trade, academic cooperation, transnational manufacturing, and marketing activities, it is not required to apply for a Security Assessment of Outbound Data Transfers (“Security Assessment“), conclude the Standard Contract for Outbound Transfer of Personal Information (“Standard Contract“), or obtain a personal information protection certification (“Certification“).

  • 未被相关部门、地区告知或者公开发布为重要数据的,数据处理者不需要作为重要数据申报数据出境安全评估。

For data that is not notified to the Data Processor or publicly released by relevant departments or regions as important data, the Data Processor does not need to declare such data as important data for a Security Assessment.

  • 不是在境内收集产生的个人信息向境外提供,不需要申报数据出境安全评估、订立个人信息出境标准合同、通过个人信息保护认证。

Where the outbound personal information is not collected or generated within China, there is no need to apply for a Security Assessment, conclude the Standard Contract, or obtain a Certification.

  • 符合以下情形之一的,不需要申报数据出境安全评估、订立个人信息出境标准合同、通过个人信息保护认证:

In the following cases, there is no need to apply for a Security Assessment, conclude the Standard Contract, or obtain a Certification:

  1. 为订立、履行个人作为一方当事人的合同所必需,如跨境购物、跨境汇款、机票酒店预订、签证办理等,必须向境外提供个人信息的;

Where the export of personal information is necessary for the conclusion or performance of a contract to which the individual is a contracting party, such as cross-border shopping, international remittances, flight and hotel reservations, visa processing, etc.

  • 按照依法制定的劳动规章制度和依法签订的集体合同实施人力资源管理,必须向境外提供内部员工个人信息的;

Where the export of internal employees’ personal information is necessary for carrying out human resources management under an employment policy legally established or a collective contract legally concluded.

  • 紧急情况下为保护自然人的生命健康和财产安全等,必须向境外提供个人信息的。

Where the export of personal information is necessary to protect the life, health, and property safety of natural persons in the case of an emergency.

  • 预计一年内向境外提供不满1万人个人信息的,不需要申报数据出境安全评估、订立个人信息出境标准合同、通过个人信息保护认证。但是,基于个人同意向境外提供个人信息的,应当取得个人信息主体同意。

Where a Data Processor intends to export the personal information of less than 10,000 individuals within a year, it is not required to apply for a Security Assessment, conclude the Standard Contract, or obtain a Certification. However, where a Data Processor exports personal information based on the consent of individuals, it is required to obtain the personal information subjects’ consent.

  • 预计一年内向境外提供1万人以上、不满100万人个人信息,与境外接收方订立个人信息出境标准合同并向省级网信部门备案或者通过个人信息保护认证的,可以不申报数据出境安全评估;向境外提供100万人以上个人信息的,应当申报数据出境安全评估。但是,基于个人同意向境外提供个人信息的,应当取得个人信息主体同意。

For a Data Processor intending to export the personal information of over 10,000 but less than 1,000,000 individuals within a year, if it has concluded the Standard Contract and filed with the provincial-level cyberspace authority, or has obtained a Certification, it is not required to apply for a Security Assessment; For a Data Processor intending to export the personal information of over 1,000,000 individuals, it is required to apply for a Security Assessment. However, where a Data Processor exports personal information based on the consent of individuals, it is required to obtain the personal information subjects’ consent.

  • 自由贸易试验区可自行制定本自贸区需要纳入数据出境安全评估、个人信息出境标准合同、个人信息保护认证管理范围的数据清单(以下简称负面清单),报经省级网络安全和信息化委员会批准后,报国家网信部门备案。


Free Trade Zones may establish their own lists of data (“Negative Lists“) that shall be managed through the mechanisms of the Security Assessment, the Standard Contract, or the Certification. The Negative Lists shall be approved by the provincial-level cyberspace authority and filed with the national cyberspace authority.

It is not required to apply for the Security Assessment, conclude the Standard Contract, or obtain the Certification to export data that is not on the Negative Lists.

  • 国家机关和关键信息基础设施运营者向境外提供个人信息和重要数据的,依照有关法律、行政法规、部门规章规定执行。


The export of personal information and important data by government agencies and critical information infrastructure operators shall be subject to relevant laws, administrative regulations, and departmental rules.

The export of sensitive data and sensitive personal information that involves the Party, the government, the army, and confidential units shall be subject to relevant laws, administrative regulations, and departmental rules.

  • 数据处理者向境外提供重要数据和个人信息,应当遵守法律、行政法规的规定,履行数据安全保护义务,保障数据出境安全;发生数据出境安全事件或者发现数据出境安全风险增大的,应当采取补救措施,及时向网信部门报告。

Data Processors who export important data and personal information shall comply with the laws and administrative regulations, fulfil data security protection obligations, and ensure the security of data exports. In the event of a data export security incident or an increased risk in data exports, they shall take remedial measures and promptly report to the cyberspace authority.

  1. 各地方网信部门应当加强对数据处理者数据出境活动的指导监督,强化事前事中事后监管,发现数据出境活动存在较大风险或者发生安全事件的,要求数据处理者进行整改消除隐患;对拒不改正或者导致严重后果的,依法责令其停止数据出境活动,保障数据安全。

Local cyberspace authorities shall strengthen their guidance and regulation of data exports by Data Processors, and enhance their supervision before, during and after the data exports. If they discover significant risks in the data export or if a security incident occurs, they shall require the Data Processor to rectify and eliminate the risks. If the Data Processor refuses to rectify or if serious consequences are caused, the Data Processor shall be ordered to stop data exports in accordance with laws in order to ensure data security.

  1. 《数据出境安全评估办法》、《个人信息出境标准合同办法》等相关规定与本规定不一致的,按照本规定执行。

Where the Measures for the Security Assessment of Outbound Data Transfers, Measures for the Standard Contract for Outbound Transfer of Personal Information, or other relevant provisions are inconsistent with these regulations, these regulations shall prevail.

LI Jilong (Anjie Broad Law Firm (Xiamen Office))

LI XianglongChina University of Political Science and Law

In 2010, the Supreme People’s Court of the People’s Republic of China (the “SPC”) issued the Provisions of the Supreme People’s Court on Case Guidance (the “Provisions”). The Provisions are widely considered to establish a unique case guidance system in China, under which courts at all levels should refer to the selected guiding cases when adjudicating the similar issues.

On the last working day of 2022, and “on the eve” of a revised Chinese Arbitration Law, the SPC released its 36th batch of six guiding cases. Unprecedentedly, all of the six guiding cases are related to the judicial review of arbitration cases. This article highlights the backgrounds and key holdings of Guiding Cases 196, 197 and 198 (the first three of the six guiding cases,which focus on several pivotal issues related to the arbitration agreement) and seeks to explain the significance behind these court decisions.

Guiding Case 196: The Doctrine of Separability of Arbitration Agreement.

In Guiding Case 196 (Yunyu Co. Ltd. v. Shenzhen Zhongyuancheng Commercial Investment Holdings Co. Ltd.), the First International Commercial Court of the Supreme People’s Court (the “FICC”) was faced with an arbitration respondent’s application to confirm the non-existence of an arbitration agreement on the ground that the whole contract that contained the arbitration agreement was in the process of negotiation and never signed between the Plaintiff and the Defendant.

The FICC first affirmed its jurisdiction to review this issue. It confirmed that the issue of determining the existence of an arbitration agreement falls within the scope of assessing the validity of an arbitration agreement, which is a cause of action pursuant to Article 20 of Arbitration Law of the People’s Republic of China.

The FICC then carefully examined the parties’ negotiation history, particularly as it relates to the arbitration clause. The judges noted that in the first draft contract (“Draft Contract I”) sent by the Plaintiff, the arbitration clause listed the Beijing Arbitration Commission (“BAC”) as the arbitration institution. However, after receiving Draft Contract I from the Plaintiff, the Defendant replied to the Plaintiff and suggested changing the arbitration institution from BAC to the Shenzhen Court of International Arbitration (“SCIA”). Afterwards, the Plaintiff adopted SCIA as the arbitration institution in the revised draft contract (“Draft Contract II”) and sent the copy back to Defendant. Subsequently, the Defendant had Draft Contract II sealed and delivered back to the Plaintiff. The parties then engaged in further negotiations regarding other clauses in the contract, but the arbitration clause remained unchanged.

Based on the above conduct surrounding the negotiation of the arbitration clause, the judges held that, as far as the arbitration clause was concerned, the Plaintiff’s sending of the Draft Contract II should be regarded as an offer made by the Plaintiff in accordance with the PRC Contract Law and that the Defendant’s subsequent sealing of the Draft Contract II should be regarded as an acceptance of the arbitration clause. As a result, the judges ruled that the arbitration clause had already been concluded at the time the sealed Draft Contract II was delivered to the Plaintiff even though other clauses in the contract did not come into effect because the contract had not been signed.

In sum, Guiding Case 196, which was heard by a panel of five SPC judges, presents an opportunity for the court to meticulously apply the doctrine of separability in determining the status of the arbitration clause where the main contract has arguably not yet been concluded.

It is noteworthy that in DHL Project & Chartering Ltd v Gemini Ocean Shipping Co Ltd [2022] EWCA Civ 1555 the High Court of Justice of England and Wales reached a different conclusion facing a similar issue.  The different conclusions reached by the courts likely primarily stem from the factual differences between the English case and Guiding Case 196. In the English case, it is difficult to trace any substantial negotiations or discussions regarding the arbitration clause that were separate from negotiations of the main contract. In contrast, in Guiding Case 196, because such negotiations were quite distinct, the FICC engaged in a fact-intensive inquiry into whether the parties had a meeting of minds with respect to the arbitration clause. Therefore, it is understandable that the two cases reached opposite conclusions about the existence of the arbitration clause where the main contract was not concluded.

Guiding Case 197: Challenging the Arbitration Agreement in “the First Hearing at the Arbitration Tribunal

The issue in Guiding Case 197 (Shenzhen Shizhenggongying Investment Holdings Co. Ltd v. Shenzhen Municipal Transport Bureau) relates to Article 20(2) of the Arbitration Law of the PRC, which provides that “[a] doubt as to the effectiveness of the arbitration agreement, should be raised before the first hearing at the arbitration tribunal.”

In Guiding Case 197, the arbitration claimant did not raise any jurisdictional challenge—either before the arbitration tribunal or in the court—before the first hearing in the arbitration proceeding. After the arbitral award was issued, Claimant resisted enforcement in Shenzhen Intermediate People’s Court (“Shenzhen Intermediate Court”). The Shenzhen Intermediate Court neither refused to enforce the award nor dismissed Claimant’s application; instead, the court found it appropriate for the arbitration tribunal to make a new award and remanded the award in whole for re-arbitration according to Article 61 of the Arbitration Law of the PRC.

In the re-arbitration, Claimant, for the first time, raised a new challenge over the validity of the arbitration agreement in the Shenzhen Intermediate Court. The challenge was dismissed by the Shenzhen Intermediate Court, which dismissal was affirmed by the Shenzhen High Court. The Shenzhen High Court held that even though the underlying case went to re-arbitration, insofar as the two arbitrations relate to the same dispute, the Claimant remained bound by its conduct during the first arbitration. Claimant’s failure to challenge jurisdiction in the first arbitration thus constitutes a waiver of its right to challenge under Article 20(2) of the Arbitration Law; and the Claimant cannot have a second bite at the cherry in the re-arbitration process. The Shenzhen High Court opinion was selected as Guiding Case 197.

The Shenzhen High Court’s opinion was also in line with ensuring the efficiency of the arbitration process. If parties facing the same dispute, without newly discovered material evidence or facts, were to be entitled to challenge the validity of the arbitration agreement, it may cause undue delay in the arbitration process, and may also run afoul of the principle of res judicata. This case serves as a reminder for the parties to proactively exercise their legal rights as failure to do so may constitute a waiver even in a re-arbitration proceeding.

Guiding Case 198: Privity of the Arbitration Agreement in Construction Arbitration

Guiding Case 198 (Industrial and Commercial Bank of China Limited, Yueyang Branch v. Liu Youliang) concerns the privity of the arbitration agreement in the context of arbitration of construction work disputes. Relevant parties involved in a construction arbitration generally include the employer, the contractor, and the subcontractor(s) (or actual constructor(s)).The contractor typically signs contracts with the employer and the subcontractor(s) respectively. As such, there is generally no contractual privity between the employer and the sub-contractor(s).

In 2004, in order to protect the legitimate interests of the subcontractors (mostly migrant workers), specifically with regard to their wages, the SPC issued The Interpretation of the Supreme People’s Court on Issues Concerning the Application of Law for the Trial of Cases of Dispute over Contracts on Undertaking Construction Projects (the “2004 Interpretation”). Article 26 of the 2004 Interpretation grants the subcontractor the right to break the contract privity and to directly file a lawsuit against the employer when the employer failed to make payment of construction project costs owed to the contractor.Though controversial, this particular provision was never abrogated and remains included in the latest SPC Interpretation issued in 2020 as Article 43.

A thorny issue raised by this provision is whether the employer may rightfully contend—as many do—that the subcontractor is subject to any arbitration clause established between the employer and the contractor, as the subcontractor has in effect, substituted the contractor’s rights. Prior to the issuance of Guiding Case 198, Chinese courts were divided on this issue. In Zhongjiao Second Highway Engineering Co. Ltd v. Fu Yang[①] and Qinghai Senkeyanhua IndustryCo. Ltd v. Xiong Daohan, Chongqing Jianan Constrcution Co. Ltd[②] the SPC opined that the right granted to a subcontractor under Article 26 of the 2004 Interpretation should be defined as a subrogation right under civil law; and that a subcontractor is accordingly bound by any arbitration clause that was originally agreed upon between the contractor and the employer. However in RongSheng(BengBu) Properties Co. Ltd v. HeFei Huaxing Construction Installation Co. Ltd[③] and Cheng Jingnan v. Nantonghaizhou Construction, Nantong Branch Co. Ltd[④] the SPC and the Anhui High Court held that, insofar as Article 26 of the 2004 Interpretation is a special arrangement designed to address the issue of outstanding wages for migrant workers in a particular era and social context, the assertion of rights by the subcontractor against the employer should not be interpreted as a succession of the contractor’s rights and that, accordingly, the subcontractor should not be bound by the arbitration clause between the contractor and the employer.

Guiding Case 198 adopts the latter view. Yueyang Intermediate People’s Court, in the opinion that was selected as Guiding Case 198, expressly held that there was no “succession” of the contractual arbitration clause from the contractor to the subcontractor. Article 26 of the 2004 Interpretation only grants the subcontractor a sui generis right to initiate a lawsuit against the employer but does not serve as a legal basis to extend the scope or effect of the arbitration clause between the employer and the contractor to the subcontractor.

This author is of the view that Guiding Case 198 does not firmly shut the door to a contention that the subcontractor could, in certain circumstances, be bound by an arbitration agreement between the employer and the contractor. For example, in circumstances where the subcontractor has taken on the de facto role of the contractor and has performed the contractor’s duties and obligations during the construction process, or where the contractor-subcontractor contract clearly stipulates that its performance shall be subject to the employer-contractor contract, and the subcontractor is aware of the existence of the arbitration clause in the employer-contractor contract, then the subcontractor may arguably rely on or be bound by the arbitration clause. Such circumstances should still be diligently examined on a case-by-case basis.

These three guiding cases shed light on Chinese courts’ instance on three significant while controversial issues related to arbitration agreement. Meanwhile, with the substantial revision of the Chinese Arbitration Law, the future arbitration practice in this regime is worth expecting.

Note: The views expressed in the article are the authors’ own and do not represent the views of others.

[①] 最⾼⼈民法院(2013)民提字第148号

[②] 最⾼⼈民法院(2015)民⼀终字第170号

[③] 最高人民法院(2014)民申字第1575号

[④] 安徽省高级人民法院(2020)皖民终1334号

I. Background

With the opening of the Chinese market to the outside world, the interaction between China (excluding jurisdiction as Hong Kong, Macau and Taiwan for the purpose of this article) and the rest of the world in the insurance industry has become more frequent. China has the second largest insurance market in the world, which is very attractive to foreign insurance companies, more and more foreign insurance companies intend to explore business in the Chinese market and sell their insurance products to Chinese consumers.

Ⅱ. Regulatory Framework and Prohibited Promotional Activities in China

Insurance is a heavily regulated sector in China, which means activities of foreign insurance companies may also be regulated by Chinese authority in certain circumstances.

First of all, referring to Article 6 of the Insurance Law of the People’s Republic of China/中华人民共和国保险法, “Insurance businesses must be conducted by insurance companies established in accordance with this Law and other insurance organizations as stipulated in laws or administrative regulations. No other entity or individual may operate insurance businesses.” Although the above law does not elaborate on “insurance businesses”, in practice, insurance businesses usually include insurance sales, policy issuance, underwriting, claim assessment, claim settlement, etc.

Secondly, the National Administration of Financial Regulation (the “NAFR”, PRC insurance authority)[1] and its former body also have issued several rules concerning this aspect. According to the Reply of the China Insurance Regulatory Commission on Issues Concerning the Crackdown on Illegal Sale of Overseas Policies (Bao Jian Ting Han [2005] No. 223) /中国保险监督管理委员会关于打击非法销售境外保单工作有关问题的复函(保监厅函〔2005223号), the illegal sale of overseas insurance policies includes product introductions or promotional meetings held within China, insurance policy marketing activities carried out by people assigned to China by foreign insurance institutions, acts of arranging or organizing Chinese residents to buy insurance products outside of China, and other sales activities. Under the Notice of China Insurance Regulatory Commission on Issues Concerning the Proscription of Illegal Commercial Insurance Institutions and Illegal Business Activities of Commercial Insurance (Bao Jian Fa [2008] No. 63)/中国保险监督管理委员会关于取缔非法商业保险机构和非法商业保险业务活动有关问题的通知(保监发〔200863号), selling or facilitating the sale of insurance products for foreign insurance institutions or other institutions including but not limited to (i) arranging or organizing product exhibitions or promotional seminars in China for foreign insurance institutions; (ii) arranging or organizing foreign insurance institutions to sell insurance policies in China; and (iii) arranging or organizing Chinese residents to buy foreign insurance within/outside the territory of China, constitute illegal commercial insurance intermediary activities.

Furthermore, the Notice on Strengthening the Supervision of Illegal Sales of Overseas Insurance Products (Bao Jian Shou Xian [2016] No.46)/关于加强对非法销售境外保险产品行为监管工作的通知(保监寿险〔201646号)specifies that, in case any act of publicizing or promoting overseas insurance products within the territory of China in the name of product introduction meetings, wealth management summits, lectures on wealth management knowledge, etc. or any act of arranging consumers to purchase insurance overseas constitutes an act of carrying out publicity or soliciting for the purpose of facilitating transactions. And the regulator reverses the right to “take actions towards foreign entities through relevant channels”.

In addition, public information shows that recently the regulator has made the following penalties against the acts of promoting and selling overseas insurance products in China:

(1)  Shanghai Banking and Insurance Regulatory Bureau Fa[2019] N0.36/沪银保监保罚决字〔201936: Shanghai Fenwei Insurance Agency Co., Ltd. was punished for promoting overseas insurance products.

(2)  Guangdong Banking and Insurance Regulatory Bureau Fa[2021] N0.44/粤银保监罚决字〔202144: Guangzhou Huakang Chuanghong Investment Co., Ltd. was punished for participating in the sale of overseas insurance products.

In sum, as a foreign entity without relevant insurance licenses in China, it is not eligible to sell or promote insurance products by itself or via the foreign entities, or in cooperation with Chinese entities, otherwise, it would be deemed as illegally operating insurance business in China.

Ⅲ. The Feasibility of Promoting Band and Logo by Foreign Insurers

In practice, some foreign insurers do not promote specific insurance products, but only promote the brand and logo of foreign insurance company, so as to facilitate their influence in the PRC market.

From the insurance regulatory perspective, insurance laws and regulations do not prohibit the promotion of insurance brand and logo by foreign insurance companies in that such activity is far from operating insurance business as described above. If a foreign insurance company only display its name and logo, without involving any specific insurance products, without demonstrating the coverage and premium rate of insurance product, in this regard, we consider promoting the insurance brand name and logo is not prohibited from the perspective of insurance regulations. In practice, we have not found any precedent in which the foreign insurance company has been punished due to the promotion of its band and logo (such as naming TV programs or sponsoring sports events) in China.

In terms of advertising regulation, according to Article 2 of the Advertising Law of the People’s Republic of China/中华人民共和国广告法 (“Advertising Law”), “The Law applies to all commercial advertising activities for direct or indirect introduction of products or services promoted by product operators or service providers via a certain channel and in a certain form within the territory of the People’s Republic of China.” Therefore, if a foreign insurance company promotes its brand name and logo via certain events in China, we consider it falls into the scope of advertising activities in China.

According to Article 9 of the Advertising Law, certain elements are prohibited in advertisements.[1] Article 46 of the Advertising Law also provides that “Advertisements for medical treatment, pharmaceuticals, medical devices, agricultural pesticides, veterinary medicines and healthcare food, and other advertisements required to be reviewed by laws and administrative regulations shall be reviewed by the relevant authorities before they are published. No such advertisement may be published without being reviewed.” It can be observed that there are certain prohibitions and restrictions on advertising activities, and advertisements in certain fields are subject to review and approval by authorities before being published. If the brand name and logo of a foreign insurance company do not belong to the above prohibited items, nor do they fall into the scope of categories subject to mandatory review, then there is no substantial obstacle from the advertising regulatory perspective either.

Ⅳ. Conclusion

As analysed above, in relation to insurance and advertising regulation, we have not found prohibitive regulatory rules and precedents of penalties for the promotion of foreign insurance company’s brand and logo in China. However, given that the promotion of specific insurance products is still expressly prohibited, for foreign insurance companies intend to promote their brands and logos for the purpose of selling insurance products to Chinese consumers, the process from promotion to sale still needs to be carefully considered and designed so as to avoid touching the regulatory redline in China.

[1] The NAFR was officially established on the basis of the China Banking and Insurance Regulatory Commission (the “CBIRC”) on May 18, 2023, as the new financial regulator.

[2] Article 9 of the Advertising Law, “Advertisements shall not involve any of the following activities:

(1)    directly or indirectly using the National Flag, the National Anthem or the National Emblem, or the Army Flag, the Army Anthem or the Army Emblem of the People’s Republic of China;

(2)    directly or indirectly using names or images of state organs or their functionaries;

(3)    using “state-level”, “the highest-grade”, “the best” or other similar words;

(4)    damaging the dignity or interest of the State, or revealing state secrets;

(5)    hampering social stability or damaging social public interest;

(6)    damaging personal or property safety, or revealing personal privacy;

(7)    hampering the social public order or going against good social practice;

(8)    containing any information suggesting obscenity, pornography, gambling, superstitious, terror or violence;

(9)    containing any information of ethnic, racial, religious or sexual discrimination;

(10)  hindering the protection of the environment, natural resources or cultural heritage; or

(11)   other activities prohibited under laws and regulations.”


Facial recognition technology (“FRT”), an innovation that has garnered both praise and concern, has become increasingly prevalent in our daily lives, from unlocking smartphones to clocking in at work. While it offers numerous benefits, such as convenience and improved security, it also raises significant concerns about privacy and security. To address these concerns, the Cyberspace Administration of China has recently released the Provisions on the Security Management of FRT Application (Trial) (Draft for Soliciting Opinions) (“Draft”). This article delves into the nuances of the Draft that we found interesting and their potential implications.


Article 1 states that the purpose of the Draft is “to regulate the application of facial recognition technology, protect rights and interests in personal information [(“PI”)] and other personal and property rights and interests, maintain social order and public security.” It is notable that the Draft does not mention organisations or businesses within Article 1. Moreover, FRT is not defined anywhere within the Draft.

Territorial Scope

China’s Personal Information Protection Law (“PIPL”) has an extraterritorial effect on PI processing activities outside of China if the purposes of the overseas processing activities are to provide products and services to individuals in China or to assess their behaviours.

Article 1 of the Draft states that its provisions are formulated in accordance with the PIPL and some other laws. However, it seems that the Draft limits its own territorial scope to China only. Article 2 of the Draft states that it applies to the use of facial recognition technology to process facial information and the provision of facial recognition technology products or services within China. We understand that such a limitation will not affect the operation of the PIPL.  

General Obligations

Article 3 of the Draft contains general obligations, including generic legal compliance requirements and prohibitions. However, one notable prohibition is that FRT may not infringe upon organisations’ rights and interests. This is notable because the express purpose of the Draft does not include the protection of organisations, and no details are offered to describe what an organisation’s rights and interests might include in the context.

Purpose and Necessity

Article 4 of the Draft emphasises that the use of FRT should have a specific purpose, sufficient necessity, and strict protection measures. In context, the requirement of sufficient necessity appears to mean the specific purpose cannot be achieved by any means other than FRT. However, the meaning of a specific purpose still requires some further clarification. That being said, as the purpose of the Draft is to protect individuals and maintain social order and public security, specific purpose and sufficient necessity should, arguably, be understood from these perspectives.

Article 4 also highlights the importance of prioritising alternative non-biological feature recognition technologies when feasible that “achieve the same purpose or meet the same business requirements…” As such, it appears that when non-biological feature recognition technologies, such as passwords, 2-factor authentication, keys, etc., can adequately achieve the specific purpose, FRT should not be prioritised.

The Draft also goes as far as to suggest that for personal identity verification, “it is encouraged to give priority to using authoritative channels such as the National Population Basic Information Database and the national network identity authentication public service.”

Data Minimisation

Article 17 of the Draft provides that FRT users may not “retain original facial images, pictures, videos, except for facial information that has undergone anonymisation.” Article 18 of the Draft then states that FRT users should “try to avoid collecting facial information unrelated to the provision of services. If unavoidable, it should be promptly deleted or anonymised.”

Consent and Separate Consent

Due to the wording of Article 29 of the PIPL, whereby separate consent is needed to process any sensitive PI, it is no surprise that Article 5 of the Draft generally requires separate consent to be collected before facial recognition information is processed.

Article 13 provides that, to process the facial information of minors under the age of 14, the separate consent or written consent of the minor’s parents or other guardians needs to be obtained.

Private and Public Places

Article 6 of the Draft provides: “Hotels, public bathrooms, changing rooms, restrooms, and other places that could infringe upon the privacy of others shall not install image capture or personal identity recognition devices.” In places where facial recognition devices may be installed, “it should be necessary to maintain public safety, comply with relevant national regulations, and provide significant warning signs” (Article 7 of the Draft). Any captured images must be kept confidential and used for public safety purposes only unless separate consent is provided for other uses.

Article 8 states the requirements for “Organisations that install image capture and personal identity recognition devices for internal management purposes…” The requirements themselves are relatively generic. However, the implicit acceptance of the legitimacy of organisations using personal identity recognition devices for internal management purposes is interesting per se. While the precise limits of such purposes are unknown, some degree of employee monitoring in the workplace seems acceptable.

Article 9 provides, among other things, that “Operating venues such as hotels, banks, stations, airports, sports venues, exhibition halls, museums, art galleries, and libraries, etc., shall not forcibly, deceive, fraudulently, or coercively require individuals to undergo facial recognition technology verification for the purpose of conducting business or improving service quality…” It should be noted that Article 9 does not prohibit these operating venues from using FRT if the individual voluntarily chooses to use FRT to verify personal identity, the individual is fully informed of the circumstances, and the purpose of identity verification is conveyed to the individual in the verification process.

To conduct remote, non-sensory recognition of specific natural persons in public places or operating venues via FRT, the purpose and necessity of use is limited to that which is “…necessary for the maintenance of national security, public safety or for the protection of the life, health and property of natural persons in emergency situations, and initiated by an individual or interested party” (Article 10 of the Draft). The time, place and scope of such services must also implement the principle of data minimisation.

The Draft does not clearly define public places, though the operating venues listed in Article 9 (See above.) likely fall within this category, while those listed in Article 6 (such as “Hotels, public bathrooms, changing rooms, restrooms, and other places that could infringe upon the privacy of others”), likely fall outside this category.

In the context of access to managed buildings, FRT may not be used as the sole method of entering or exiting (Article 14 of the Draft). Management companies must provide alternative methods of access. In light of Article 4 of the Draft, it seems other access methods should be prioritised.


Article 11 restricts but does not prohibit profiling as follows: “Except where required by statutory conditions or obtaining individual consent, users of facial recognition technology shall not analyse sensitive [PI] such as race, ethnicity, religious beliefs, health conditions, and social class using facial recognition technology.”

Matters of Significant Personal Interest

In matters of significant personal interest, such as social assistance and real estate disposal, FRT may not replace manual identity verification but can be used as an auxiliary means to verify personal identity (Article 12 of the Draft). The Draft does not specify what other things would be considered matters of significant personal interest.

Personal Information Protection Impact Assessments

Personal Information Protection Impact Assessments (“PIPIA”) are mandated by the PIPL in certain situations, which includes the use of FRT (See Articles 28 and 55 of the PIPL). The PIPL provides very high-level requirements for conducting PIPIA, which Article 15 of the Draft builds upon in the context of FRT by requiring PIPIA to consider:

“(1) Compliance with the mandatory requirements of laws, administrative regulations, and national standards, and whether it conforms to ethical principles;

(2) Whether the processing of facial information has a specific purpose and sufficient necessity;

(3) Whether the processing is limited to the required accuracy, precision, and distance to achieve the purpose;

(4) Whether the protective measures taken are legal, effective, and commensurate with the level of risk;

(5) Risks of facial information leakage, tampering, loss, damage, illegal acquisition, and illegal use, and potential harm;

(6) Harm and influence on individual rights and measures to reduce adverse effects, as well as whether these measures are effective.”

Consistent with PIPL, the Draft requires a PIPIA to be stored for at least 3 years.

When the purpose and method for processing face recognition information changes or after a major security incident, FRT users must conduct a fresh PIPIA. As the PIPL does not explicitly list triggering conditions for conducting fresh PIPIA, this could be considered a special requirement in the context of FRT.

Government Registration

Article 16 of the Draft requires FRT users who hold the facial information of over 10,000 individuals to make filings with municipal-level and above CAC departments within 30 working days. Such filings should contain:

“(1) Basic information of the user of facial recognition technology and the person responsible for [PI] protection;

(2) Explanation of the necessity of processing facial information;

(3) The purpose, method, and security protection measures for processing facial information;

(4) Rules and operating procedures for processing facial information;

(5) Impact assessment report on [PI] protection;

(6) Other materials the cyberspace administration department deems necessary to provide.”

If there are substantial changes in the filed information or the use of face recognition technology is terminated, FRT users need to go through relevant procedures within a given period of time.

FRT Service Providers

Article 17, Paragraph 2 of the Draft provides that FRT service providers’ relevant technology systems need to meet the requirements of at least Level Three network security protection and use measures, such as data encryption, security auditing, access control, authorisation management, intrusion detection, and defence, to protect the security of facial information.

FRT Service Users

FRT service users need to conduct annual security and risk assessments of image capture equipment and personal identity recognition equipment, improve security strategies based on the assessment results, adjust the confidence threshold, and take effective measures to protect image capture equipment and personal identity recognition equipment from attacks, intrusions, interference, and damage (Article 19 of the Draft).


Any organisation or individual may report violations of the Draft to the government. Based on our observations of how other laws and regulations function in practice, such reports will more likely than not be made by disgruntled and former employees.


The Draft does not explicitly list punishments for violations. Instead, it refers to other laws and regulations in Article 23. Most notable among those laws and regulations is the PIPL, which allows for the confiscation of unlawful gains, fines of up to CNY 50 million of 5% of revenue in the prior year (whichever is higher), fines against the individuals responsible, business suspension and business license termination.


As technology advances, it becomes ever more crucial to establish a clear and comprehensive legal framework to safeguard individual privacy and data security. The Draft makes a significant contribution towards establishing such a framework and allows stakeholders to provide feedback and contribute toward the further refinement of the final regulations, which we hope will harness the potential of technology while respecting the rights and interests of individuals.

We note that readers have until 7 September 2023 to give regulators feedback. The full text of the Draft can be accessed at

By Jia WAN

In a recent case published by Beijing Financial Court (the “BFC”), which was represented by AnJie Broad and classified as one of the typical financial cases for the year of 2022, the BFC pierced the veil of “co-insurance”, and confirmed that reinsurance legal relationship was established between two insurers.

The dispute arose out of the “co-insurance agreement” entered by PICC and China Life where the two insurance companies had disagreement as to the amount that PICC should pay after China Life, as the leading insurer, paid the insurance indemnities to the insured. Despite that the two insurers entered into a co-insurance agreement, the BFC pierced the veil of the “co-insurance agreement”, and held that the actual legal relationship formed between the two insurers is reinsurance instead of co-insurance.

In this case, the BFC distinguished the difference between co-insurance and reinsurance under the regime of PRC insurance law from the following aspects:

First, in terms of contractual parties, the parties to co-insurance agreement are policyholder and co-insurers, while the parties to reinsurance agreement are both insurers.   

Second, in terms of contractual relationships, under co-insurance the contractual relationship is established between the policyholder and each co-insurer, while under the reinsurance, there is no direct contractual relationship between the policyholder and the reinsurer.

Third, in terms of insurance premium collection, under the co-insurance, policyholder submits its request for insurance with multiple co-insurers, and each co-insurer assumes the insurance liability and collect the insurance premium respectively. While under reinsurance, the cedant pays the reinsurance premium to the reinsurer after collecting the insurance premium from the policyholder. The reinsurer does not directly collect any premium from the policyholder. 

Lastly, in terms of liability assumption, co-insurance is a type of insurance where more than two insurance companies cover the same subject matter, assume the same insurance liability for the same insurance period with the same limit of liability by using the same insurance contract, which is a horizontal assumption of liability among the co-insurers. In a reinsurance contract, the reinsurer underwrites the liability and risk under the original insurance contract. The cedant transfers part of the liability and risk of the original insurance contract to the reinsurer through reinsurance agreement, which is a vertical assumption of liability.

By applying the above criteria in the case at bar, the BFC eventually concluded that the legal relationship formed between PICC and China Life is reinsurance instead co-insurance.

Apparently, unlike reinsurance which is clearly defined by Article 28 of the PRC Insurance Law, the concept of co-insurance is not defined by law and is rarely found in other sources in China. The above analysis made by the BFC provides a standard interpretation of co-insurance from the judicial perspective, which also echos the Notice on Strengthening the Management of Property Insurance Co-insurance Business published by China Insurance Regulatory Commission, which provides that “[a] standardized co-insurance business should meet the following requirements: 1) the insured agrees to have multiple insurers to underwrite the risk; 2) the co-insurers jointly issues the policy, or the leading insurer issues the policy accompanied by a co-insurance agreement; 3) the commission charged by the leading insurer from other co-insurers should be significantly different from the average level of reinsurance commission.” This Notice provides an important source for the BFC when discerning the difference between reinsurance and co-insurance.

In the recent 20 years, reinsurance has been introduced to China and plays an important role in the financial sector. With the development of reinsurance in China, there are more and more disputes arising out of the reinsurance business and even co-insurance business. The significance of this case published by the BFC lies in its accurate distinguishment between the co-insurance and reinsurance. The court probed into the true intentions between the parties and held that reinsurance legal relationship was found notwithstanding that the parties entered into an ostensible “co-insurance” agreement.

In this case, the BFC further confirmed the principal of utmost of good faith and “follow the fortunes” in reinsurance. It is also worth mentioning that it is one of the rare cases in PRC judicial practice that the principal of “follow the fortunes” in reinsurance was recognized by a PRC court. The principal of “follow the fortunes” has been written in the PRC regulations or guidance in insurance industry, or usually is incorporated as a clause into the reinsurance agreement. However, it is uncommon for a PRC court to recognize the principal of “follow the fortunes” without the express agreement between the parties.

This case is also a good reminder for insurance companies that they should pay more attention to the agreements to be entered and be more careful to follow the standard requirements both written in PRC Insurance Law and industry regulations before the agreements are concluded.

Jia WAN | Partner

Tel:+86 10 8567 5930

Fax:+86 10 8567 5999


Practice Areas:Dispute ResolutionGeneral Corporate and CommercialAsset ManagementCross-border Investment & M&A

Industries:Insurance & ReinsuranceBank & FinanceEnergy


Read More:

By Jia WAN, Dongqing LIU


International sanctions, imposed by governments and international organizations, are a powerful tool used to influence and punish countries, entities or individuals. The international sanctions may be imposed for various reasons, such as human rights violations, nuclear proliferation, or terrorism. The economic sectors are the primary target by these sanctions, including the insurance industry. This article explores the legal complexities surrounding the interaction between international sanctions and insurance policies, examining examples to shed light on the challenges and potential solutions for affected parties.

Challenges and issues

When a country or entity becomes subject to international sanctions, its economic activities are severely restricted, including its ability to conduct financial transactions and engage in international trade. These restrictions can create significant challenges for insurers and insureds if the insurance policies involve sanctioned territories or sanctioned entities/individuals. Key aspects of this complex issue include:

1. Underwriting and Coverage Restrictions

The first legal issue arises from the inability of the (re)insurers to provide insurance policies in sanctioned territories. Sanction measures can limit the ability of (re)insurers to underwrite risks or provide coverage for certain types of risk. For example, sanctions against Iran have restricted the ability of insurers to provide coverage for oil tankers sailing to and from Iran, resulting in a shortage of available insurance coverage and increased costs for shippers. Another example would be the sanctions packages imposed by the European Union (EU) and UK against Russia and Russian entities. These sanctions include, among other things, the closure of UK and EU airspace to Russian-operated aircraft and the prohibition to provide insurance or reinsurance services to Russian entities or for use in Russia.

With the above sanctions in place, insurers have to assess whether they can underwrite the risks in sanctioned territories at all or assess the impact of the sanctions on existing policies and decide whether they could continue providing coverage. For instance, Aviation policies normally include the AVN 111 Sanctions and Embargo Clause which provides “if, by virtue of any law or regulation …applicable to an Insurer… providing coverage to the Insured is or would be unlawful because it breaches an embargo or sanction, that Insurer shall provide no coverage…“If an insured event occurs under the Aviation policies which involve Russia, the (re)insurers might have a defence against providing coverage by virtue of AVN111 Sanctions and Embargo Clause.

It is crucial for insurers to gain a comprehensive understanding of these sanction programs to ensure informed decision-making on underwriting and compliance. For policyholders or insured parties, a thorough review of policy terms is imperative, especially those that may encompass exclusions associated with sanctions. Understanding the scope and implications of such exclusions is of paramount importance to ensure full awareness of the limitations inherent in the policy.

2. Claims Processing and Payment

The impact of sanctions on claims processing and payment within the insurance industry is significant. Sanctions often lead to policy exclusions that can result in claim denials for activities involving sanctioned entities or jurisdictions. Additionally, restrictions on funds movement, currency limitations, and the operational burden of compliance measures can lead to delays in claim settlements. Insurers must navigate these legal and logistical challenges while fulfilling their obligations to policyholders and insureds.

If the relevant insurance policies contain Sanctions Limitation and Exclusion Clause, the insurer might seek to rely on this clause to delay claims process or even decline insurance payment. The implementation of this exclusion clause should be conducted on a case-specific basis, involving a thorough assessment of the exclusion clause’s validity and the legal interpretation of its language within the framework of the relevant jurisdiction.

3. Regulatory Compliance

Insurers must ensure compliance with international sanction laws to avoid legal repercussions. Failing to adhere to sanction regulations could lead to severe penalties. According to the data published on the official website of the U.S. Office of Foreign Assets Control (OFAC), a total of sixteen U.S. entities were reported to have infringed upon OFAC sanctions programs in 2022, resulting in fines totalling approximately 42 million USD. The figures for 2023 indicate that nine U.S. entities faced claims of violating OFAC sanctions programs, with aggregate fines amounting to approximately 556 million USD. 

Considering the non-compliance risks, insurers bear a critical responsibility to meticulously adhere to international sanctions laws to safeguard against potential legal ramifications. Any failure to diligently comply with sanctions regulations exposes insurers to the risk of significant penalties.


The intersection of international sanctions and insurance policies creates a complex legal landscape, impacting policy validity, coverage, claims processing, and regulatory compliance. As geopolitical tensions continue to evolve, insurers and insureds must remain vigilant, understanding the implications of sanctions on their operations and seeking legal counsel to navigate these challenges. The lessons from previous cases underscore the necessity for proactive measures to mitigate potential risks and ensure a smooth resolution of disputes in this intricate area of law.

A recent ruling rendered by Beijing Higher People’s Court of China, on granting the enforcement of the arbitral awards, has attracted much attention and discussion of the competition law circle. Specifically, this remarkable judicial decision suggests that Chinese courts will not consider the fact of ongoing merger review procedure when determining whether to grant the enforcement of arbitral awards. Also, a very special fact involved in this case is, the key role, Simcere Pharmaceutical Group Limited (“Simcere”), filed a voluntary concentration notification in spite that the filing threshold is not reached, instead of under the mandatory filing obligation. Details of this case together with the views of the parties and the courts on the antitrust aspect, are worthy of further ponderation.

Key Fact of the Case

To simply put, a Hong Kong company, Burich Limited (“Burich”), has dishonestly committed to sell 65% equities it holds in Beijing Tobishi Pharmaceutical Co.,Ltd (“Tobishi”), simultaneously to two purchasers in 2016 and 2017 respectively, Jiangxi Puyuan Health Industry Co., Ltd.(“Puyuan”) and Simcere. As Burich failed to fulfill its contractual obligation to deliver the equities, Simcere filed an arbitration application to Shanghai International Economic and Trade Arbitration Commission (Shanghai International Arbitration Center, “SHIAC”), which supported the arbitration claims of Sincere on ordering Burich to deliver the concerned shares. Afterwards, Simcere applied to Beijing First Intermediate People’s Court to enforce the award, and during the proceeding Puyuan raised the objection as the third party. Beijng First Intermediate People’s Court rejected Puyuan’s objection and adjudicated to enforce the arbitral award. Puyuan then appealed to Beijing Higher People’s Court, which maintained the first instance ruling in the end.

The Parties’ Views on Antitrust Factor

When objecting the enforcement of arbitral award, there is one key ground that Puyuan put forward is related to the Anti-Monopoly Law of China. Puyuan asserted, enforcing the arbitral award, is virtually helping Simecre circumvent China’s merger control regulation. This is because when the merger filing obligation is triggered, the equity transfer should not be implemented before obtaining SAMR’s antitrust approval. However, Simcere did not submit the antitrust filing to and obtain the approval from SAMR yet, when Simcere applied the arbitral award enforcement to the court and even when the court implemented the enforcement. As a matter of fact, SAMR officially put on Simcere’s filing on record on November 23, 2022. Puyuan alleged that granting the enforcement will violate the mandatory provision of the Anti-Monopoly Law, to the effect of violating public interests. Consequently, Puyuan maintained that the court should reject the enforcement application of Simcere.

In response to Puyuan’s allegations, Simcere stressed that the equity acquisition of Tobishi by Simcere does not reach the filing threshold; as such, Simcere does not have the filing obligation but filed with SAMR only on a voluntary basis. In such a circumstance, the enforcement of arbitral award will not violate public interests. In addition, Simcere emphasized that the suspected antitrust violation does not in any way fall into the scope of rejecting enforcement of arbitral award in the judicial review pursuant to relevant laws.

The Court’s Stance

Beijng First Intermediate People’s Court in the first instance decided to reject Puyuan’s objection and supported Simcere’s enforcement application. The first instance court elaborated, where the third party applies to not enforce the arbitral award, it should meet three procedural conditions and four substantive conditions simultaneously. The procedural conditions include: (1) there exists evidence proving the arbitration is malicious or fake with infringement of the third party’s interests; (2) the enforcement has not been completed yet; and (3) the objection should be raised within 30 days after being or should be aware that the court adopts enforcement measures. The substantive conditions contain: (1) the third party is the subject of concerned rights or interests; (2) the rights or interests claimed by the third party are legitimate and genuine; (3) there is a fictitious legal relationship between the arbitration parties and the facts of the case are fabricated; and (4) there are partial or total errors in the main text of the arbitration award or the arbitration mediation agreement in handling the civil rights and obligations of the parties, which damages the legitimate interests of the third party. Considering the grounds that Puyuan relied on in its objection, the antitrust ground included, do not make the above-mentioned conditions be met, the first instance court declined Puyuan’s objection.

In the appeal procedure, interestingly, Puyuan applied to stay the proceeding until SAMR renders its merger review decision. Beijing Higher People’s court rejected Puyuan’s application again, on the reason that the merger review procedure and civil enforcement proceeding do not restrict each other, thereby there is no need to stay the instance proceeding. The appellate court in the end maintained the first instance ruling by recognizing the reasons illustrated in the first instance adjudication. Notably, the appellate court further pointed, the arbitration award involved in the case only has legal effect between its parties and cannot be legally binding on third parties. The fulfillment or enforcement of the obligations determined by the award does not affect the substantive rights enjoyed by the third party. It is the legal duty of the enforcement court to implement the content of the effective award through the enforcement procedure, but the enforcement court does not guarantee that the applicant for enforcement can permanently retain the enforcement benefits they have obtained. The rejection of the third party’s application for not enforcing the arbitration award in this case does not prevent them from filing a lawsuit against the relevant civil subject in accordance with the law.

Key Takeaways and Comments

Obviously, the ongoing SAMR merger review will not stop the enforcement of the arbitral awards. However, where gun-jumping is found by SAMR, SAMR theoretically has the discretion to still slap the violating party with penalties, because there is no exemption clause for the enforcement of arbitral awards. Assuming the extreme situation occurs, namely if SAMR finds competition concerns in its review, SAMR may also order the party to give back the shares it acquired through the enforcement of awards for restitution on top of the monetary fine. As the appellate court stressed in this case, the enforcement court does not guarantee that the applicant for enforcement can permanently retain the enforcement benefits they have obtained.

Of course, the favorable fact in the instant case is, assuming Simcere’s allegation is tenable, the filing was made on a voluntary basis because the equity acquisition does not reach the filing threshold. In this scenario, Simcere in principle will not receive a fine. Nonetheless, the disadvantages fact is Simcere is not an insignificant market play, but rather enjoys the dominant market position in certain active pharmaceutical ingredients (API) market. Particularly, Simcere has been fined by SAMR in 2021 due to engaged in abusing the dominant market position to refuse to supply.

Consequently, before applying for the enforcement of arbitral awards, companies are highly recommended to make a thorough and cautious assessment on the merger filing obligation in China, especially for those having a high market share in some markets, and then to decide whether to apply the enforcement and the appropriate application timing.