On February 22, 2023, the Cyberspace Administration of China (“CAC”) promulgated the final version of the Measures for the Standard Contract for Cross-Border Transfer of Personal Information (the “Measures”), along with the final version of the standard contractual clauses for cross-border transfer of personal information stipulated under the Personal Information Protection Law (the “PIPL SCCs”). The Measures and the PIPL SCCs will become effective on June 1, 2023. Similar to the EU General Data Protection Regulation (“GDPR”) SCCs, the PIPL SCCs can be used for outbound transfer of personal information that does not need to undergo a security assessment under China’s PIPL.

Click here to read Ropes and Gray’s Client Alert on the Measures