On 27 June, 2025, Cyberspace Administration of China published the Guidelines for Filing of Cross-border Data Security Assessment (Third Edition) to guide and assist data processors in standardizing and declaring the security assessment for cross-border data transfers. Compared to the previous edition from 2024, the new guidelines optimize and simplify the relevant materials that data processors need to submit for declaring the security assessment for cross-border data transfers, and clarify the conditions, procedures, materials, and other contents for data processors applying to extend the validity period of the security assessment results for cross-border data transfers.
If data processors need to provide important data and personal information overseas due to business requirements and fall under the applicable circumstances of the security assessment for cross-border data transfers, they shall declare the security assessment for cross-border data transfers in accordance with the Measures for Security Assessment of Data Cross-Border Transfers and the Regulations on Promoting and Standardizing Data Cross-Border Flow, following the declaration guidelines. If the validity period of the assessment results expires and the conditions for applying to extend the validity period are met, data processors may submit an application to extend the validity period of the assessment results within 60 working days before the expiration of the validity period.
Note for readers: The third edition is essentially the same as the second edition in terms of content, with the only changes being the simplification and optimization of the declaration procedures and form formats.
Chinese source: https://www.cac.gov.cn/2025-06/27/c_1752652339765002.htm
