China's industry ministry has passed new rules mandating that important industrial data be stored within the country, as Beijing expands its web of regulations governing data security in a drive to tighten control over domestic data.
"Important" and "core" industrial data collected and generated in mainland China should be kept within the country, while data that needs to be exported should undergo a security assessment, according to new regulations published by China's Ministry of Industry and Information Technology (MIIT) on Tuesday.
The new rules cover data produced in areas including industry, telecoms and radio waves as they fall under the purview of the MIIT. China's Data Security Law, which came into effect in September last year, requires each government body to supervise data security in their own realms.
The regulations also come at a time when data has become "the most active new factor of production" in the digital economy, and as data security risks become increasingly important in relation to national security, the MIIT said in a statement on Wednesday.
The industrial data regulation was first drafted in September last year, covering domestic data processing activities such as data collection and security risk monitoring.
Classifying data based on its importance is a concept mentioned in China's Data Security Law, even though "important data" still lacks an official definition.
Draft guidelines, published in January by the National Information Security Standardisation Technical Committee, defined "important data" as data that could harm national security and public interest if tampered with, damaged or leaked, but the document is still undergoing amendment.
Local government bodies should formulate important data catalogues for their industries, according to the new MIIT law.
In recent years China has ramped up its data security push, rolling out a network of laws and regulations that have significantly increased compliance costs for businesses.
A regulation governing cross-border data transfer came into effect in September this year, burdening a wide range of companies with a slew of paperwork that they need to submit to local offices of the Cyberspace Administration of China (CAC) if they seek to export data.
Documents needed include a self-assessment report that provides detailed information about the company seeking to export data, the recipient overseas and how they will handle the data.
Companies need to state in their application form the name of the data centre that will handle the information to be transferred, as well as the physical location and internet protocol addresses of the relevant server rooms in such a facility, according to the CAC.
