Eight Departments Issue New Rules on Automotive Data Cross-Border Transfer

[Policy Announcement] Eight departments jointly issued the 'Guidelines for the Security of Automotive Data Cross-Border Transfer (2026 Edition)', systematically regulating the cross-border flow of automotive data.

Key Developments: Nine Scenarios Exempt from Cross-Border Management; Refined Criteria for Identifying Critical Data

The eight departments, including the Ministry of Industry and Information Technology (MIIT), clarified that automotive data cross-border transfers are subject to three management approaches: security assessment, standard contractual clauses, or certification. They also outlined nine exemption scenarios. The guidelines provide detailed criteria for identifying critical data in typical contexts such as R&D and design, manufacturing, and automated driving, thereby enhancing the efficiency and convenience of data transfers abroad.

Strategic Foundation: Building an Interactive Framework for High-Quality Development and Robust Security

The Guidelines instruct automakers to establish comprehensive, end-to-end security capabilities—covering pre-transfer, during-transfer, and post-transfer phases—from four dimensions: management systems, technical safeguards, log management, and emergency response. This ensures compliance with the requirements of the Data Security Law and the Personal Information Protection Law, advancing the automotive industry toward synergistic progress in high-quality development and high-level security.