New Rule for PI Protection Compliance Audit and Implications
On 14 February 2025, the Cyberspace Administration of China ("CAC") released the Administrative Measures for the Personal Information Protection Compliance Audit (《个人信息保护合规审计管理办法》, the "PI Audit Measures") and its FAQ on its official website[1]. Prior to that, CAC presented the consultation draft of PI Audit Measures in August 2023, and the National Cyber Security Standardisation Technical Committee of China proposed a set of national standards on compliance audit requirements in July 2024.
Compliance audit for personal information ("PI") protection is an existing requirement derived from Art. 54 of Personal Information Protection Law (《个人信息保护法》, the "PIPL") and Art.27 of the Regulation on Network Data Security Management (《网络数据安全管理条例》, the "Network Data Regulation"). The PI Audit Measures serve as implementing rules for these compliance audit requirements and will take effect from 1 May 2025.
View More