China Data Security Law (DSL)
The Data Security Law of the People's Republic of China (effective September 1, 2021) establishes a comprehensive framework for data security governance. It introduces a data classification and grading system, cross‑border data transfer restrictions, security assessment mechanisms, government data security obligations, and a national security assessment system for data handling.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (5)
China DSL: Data Security Protection Obligations (Chapter IV)
| Code | Title |
|---|---|
| DSL-Art27 | Data Security Management System and Whole-Lifecycle Measures (Art. 27) |
| DSL-Art28 | Lawful and Legitimate Data Processing (Art. 28) |
| DSL-Art29 | Risk Monitoring, Remediation and Incident Notification (Art. 29) |
| DSL-Art30 | Important Data Risk Assessment and Reporting (Art. 30) |
| DSL-Art31 | Cross-Border Transfer of Important Data (Art. 31) |
| DSL-Art32 | Lawful and Proper Collection of Data (Art. 32) |
| DSL-Art33 | Data Trading Intermediary Obligations (Art. 33) |
China DSL: Data Security System (Chapter III)
| Code | Title |
|---|---|
| DSL-Art21 | Hierarchical Data Classification, Core Data and Important Data Catalogue (Art. 21) |
| DSL-Art22 | National Data Security Risk Assessment, Monitoring and Early Warning (Art. 22) |
| DSL-Art23 | Data Security Emergency Response (Art. 23) |
| DSL-Art24 | National Security Review of Data Activities (Art. 24) |
| DSL-Art25 | Export Controls on Controlled Data (Art. 25) |
China DSL: Data Security and Development (Chapter II)
| Code | Title |
|---|---|
| DSL-Art17 | Data Security Standards (Art. 17) |
| DSL-Art19 | Data Trading Market Rules (Art. 19) |
| DSL-Art7 | Data Security and Development (Art. 7) |
China DSL: General Provisions (Chapter I)
| Code | Title |
|---|---|
| DSL-Art2 | Scope and Extraterritorial Application (Art. 2) |
| DSL-Art3 | Definitions of Data and Data Processing (Art. 3) |
China DSL: Government Data and Legal Liability (Chapters V-VII)
| Code | Title |
|---|---|
| DSL-Art35 | Data Access by Public/National Security Organs (Art. 35) |
| DSL-Art36 | Foreign Authority Data Requests (Art. 36) |
| DSL-Art37 | Government Affairs Data Security (Art. 37-42) |
| DSL-Art45 | Legal Liability and Penalties (Art. 45-52) |
Your Compliance Coverage
If you comply with China Data Security Law (DSL), you already cover:
Maps to 4 other frameworks
Frequently Asked Questions
What is China Data Security Law (DSL)?
China Data Security Law (DSL) is a compliance framework from China with 5 domains and 21 controls. The Data Security Law of the People's Republic of China (effective September 1, 2021) establishes a comprehensive framework for data security governance. It introduces a data classification and grading system, cross‑border data transfer restrictions, security assessment mechanisms, government data security obligations, and a national security assessment system for data handling. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does China Data Security Law (DSL) have?
China Data Security Law (DSL) has 21 controls organised across 5 domains. The largest domains are China DSL: Data Security Protection Obligations (Chapter IV) (7 controls), China DSL: Data Security System (Chapter III) (5 controls), China DSL: Government Data and Legal Liability (Chapters V-VII) (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does China Data Security Law (DSL) map to?
China Data Security Law (DSL) maps to 4 other compliance frameworks. The top mapping partners are NIST Cybersecurity Framework 2.0 (33% coverage), China Personal Information Protection Law (PIPL) (14% coverage), GDPR (5% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with China Data Security Law (DSL) compliance?
Start your China Data Security Law (DSL) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about China Data Security Law (DSL) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 21 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required