Back to Blog
LegalTech & IA

China’s New Data Security Risk Assessment Rules: What Your Business Needs to Know (Before August 20)

NakedPact Editorial Committee
Reviewer: Carmelo G.
Comitato Editoriale NakedPact
June 23, 2026
10 min read
China’s New Data Security Risk Assessment Rules: What Your Business Needs to Know (Before August 20)

Remember When Reading Terms of Service Was the Worst?

Well, China just made it look like a walk in the park. On June 18, 2026, the Cyberspace Administration of China (CAC) published new measures for network data security risk assessments, effective August 20, 2026. If your company handles network data in China, you’re now legally required to conduct periodic risk assessments and report the results to authorities. Think of it as a mandatory health checkup for your data—except the doctor is the government, and the stakes are fines, suspension, or worse.

What’s Actually in These Measures?

The new rules establish a formal framework for conducting, supervising, and reporting network data security risk assessments. They apply to all entities that collect, store, transmit, or process network data within China—including foreign companies with local operations. The key requirements:

  • Periodic Assessments: At least once a year, or whenever a major change occurs (e.g., new data processing activity, merger, or security incident).
  • Reporting: Submit assessment reports to the local CAC office within 60 days of completion.
  • Scope: Cover data classification, security measures, third-party risks, and incident response plans.

For a deeper dive, check the official text on the CAC website (Chinese only, but your legal team will love it).

Why Should You Care? (Besides the Obvious)

Ignorance isn’t bliss—it’s a liability. Non-compliance can lead to fines up to 5% of annual revenue, data processing suspension, or even criminal liability for responsible individuals. And if you think “we don’t store data in China” is a loophole, think again: the rules apply to any network data processed within Chinese borders, including data collected from Chinese users by foreign companies.

The “Toothbrush Analogy”

Imagine you’re required to brush your teeth after every meal, but you only do it once a year. That’s basically what these assessments are—except instead of cavities, you risk regulatory action. So, set a reminder, hire a compliance officer, and treat your data hygiene like your dental hygiene: regular, thorough, and non-negotiable.

How to Prepare (Without Panicking)

Start now. Here’s a practical checklist:

  • Map your data: Identify all network data flows, storage locations, and processing activities in China.
  • Classify data: Categorize data by sensitivity (e.g., personal information, trade secrets, state secrets).
  • Review security measures: Ensure encryption, access controls, and monitoring are up to snuff.
  • Document everything: Keep records of assessments, remediation actions, and reports.
  • Train your team: Make sure employees understand the new obligations—especially those handling data.

And if you’re thinking, “We’ll just hire a consultant,” remember: the ultimate responsibility lies with your company’s legal representative. So choose wisely.

The Bottom Line (No, Really, This Is It)

These measures aren’t a suggestion—they’re the law. With the effective date fast approaching, now is the time to act. Don’t wait for a data breach or a regulatory audit to discover your compliance gaps. Start your first assessment today, and treat it like a fire drill: boring but potentially life-saving.

📋 Compliance Checklist
0% Complete
NakedPact Logo

NakedPact Editorial Committee

Article created by the NakedPact editorial team. Our mission is to analyze, simplify, and expose unfair terms and hidden risks in everyday contracts to protect citizens and consumers.

Do you own a website?

Do you own a website?

Want to communicate your data processing transparency to your users? Dynamically use our badge and showcase your platform's compliance.

🛡️ Protect your rights with one click

Don't risk signing abusive clauses. Install the free NakedPact extension for Chrome or Firefox and instantly analyze any contract on the web.

Don't trust, verify.

Now that you know the risks, don't sign blindly. Upload your contract to NakedPact and let AI find the hidden clauses for you. It's 100% free.

Analyze Your Contract Now

Rispettiamo la tua privacy

Usiamo i cookie per migliorare la tua esperienza e personalizzare gli annunci. Scopri di più.

NakedPact Logo

Estensione Chrome

Analizza i contratti e i Termini di Servizio direttamente sul tuo browser con l'estensione NakedPact.