Eight Ministries Issue New Rules on Automotive Data Cross-Border Transfer

[Policy Regulation] Eight ministries jointly released the 'Guidelines on Automotive Data Cross-Border Security (2026 Edition)', establishing a clear compliance framework for automakers' overseas data operations.

Key Developments: Three Management Approaches and Nine Exemption Scenarios Defined

On February 3, 2026, eight ministries including the Ministry of Industry and Information Technology (MIIT) issued the 'Security Guidelines', covering the entire automotive value chain—including R&D, manufacturing, intelligent driving, and OTA updates—and specifying three management pathways: security assessment for data cross-border transfer, standard contractual clauses, and certification. The guidelines also enumerate nine exemption scenarios.

Strategic Foundation: Balancing Facilitated Data Flow and Security Risks

The 'Security Guidelines' require automakers to establish mechanisms for management systems, technical safeguards, log management, and emergency response, thereby systematically regulating cross-border data activities. This move aims to implement laws such as the Data Security Law, striking a balance between promoting high-quality international expansion of the automotive industry and mitigating cross-border data risks.

Industry Impact: Setting Compliance Boundaries for Intelligent Connected Vehicle Makers

As intelligent connected vehicles accelerate their global expansion, both OEMs and component suppliers now face clearer requirements regarding data localization and cross-border transfers. While compliance costs may rise in the short term, the long-term outlook favors orderly internationalization of the industry.