China's cybersecurity and data regulatory framework is evolving rapidly. To keep abreast of these developments and to provide guidance and recommendations to European companies, Sinolytics and VDMA have jointly published a report on "Cyber Security Use Cases in China". The second edition of the report was published in September 2023, and provides guidance on the latest changes and adjustments to China's cyber security regulations. The report is available to VDMA members on the VDMA website. For more information see also our Cybersecurity Primer.

A key change in 2023 will be the implementation and enforcement of cross-border data transfer rules, which will add to the challenges faced by foreign companies in China. As a result, international companies may be forced to consider IT and data localization as a necessary measure to continue doing business in China.

Key highlights from the report:

The Sinolytics-VDMA report provides companies with up-to-date guidance on China's cybersecurity and data security regime. Here are some key takeaways from the report:

Enforcement of Cross-Border Data Transfer: Enforcement of cross-border data transfer rules is gaining momentum, forcing foreign companies to consider data localization or go through the CAC security assessment process.

Tighter security measures for CIIO suppliers: Critical Information Infrastructure Operators (CIIOs) are now requiring stricter security measures from their suppliers, including testing, certification, and data localization.

Product Compliance: Pre-sale certification for critical network products and specific cybersecurity products is being more strictly enforced. Foreign suppliers may face higher market barriers to selling certain products in China.

IT localization trend: Geopolitical tensions and regulatory challenges are causing foreign companies to rethink their global IT strategies, with some implementing China-specific IT solutions.

Read our Cybersecurity Primer