Workflow
汽车数据出境有何要求?八部门拟提供指引 明确九大豁免场景
Nan Fang Du Shi Bao·2025-06-13 15:35

Core Viewpoint - The rapid globalization of China's intelligent connected vehicle industry has led to a surge in automobile exports, raising concerns about the cross-border flow of automotive data, necessitating the establishment of a compliance system for automotive data export security [1] Group 1: Regulatory Framework - The Ministry of Industry and Information Technology and eight other departments have drafted the "Automotive Data Export Security Guidelines (2025 Edition) (Draft for Comments)," which is open for public feedback until July 13 [1] - The guidelines propose three main pathways for automotive data export, detailing nine categories of data exempt from declaration for security assessment, and establishing standards for personal information export contracts [2][3] Group 2: Data Export Scenarios - The guidelines identify three types of data export behaviors, including the transmission of automotive data collected within China to overseas entities and the storage of such data within China while allowing foreign entities to access it [3][4] - Specific thresholds for data export require reporting, such as providing personal information to over 1 million individuals or sensitive information to over 10,000 individuals [4] Group 3: Exemption Scenarios - Nine categories of exemption scenarios are proposed, with six aligning with previous regulations, including contract fulfillment and emergency management for human resources [4][5] - Three new exemption scenarios include reporting security vulnerabilities, handling security incidents, and addressing product defects [5] Group 4: Important Data Types - The guidelines specify six major business scenarios where important data types must be reported for security assessment, including research and design, production, automated driving, software upgrades, and connected operations [6][7] - Important data types include driving automation algorithms, real-time vehicle data, and location tracking data, with specific criteria for classification [7][8] Group 5: Security Protection Requirements - Automotive data processors are required to appoint a data export security officer and establish internal approval mechanisms for data export activities [9] - The guidelines mandate the use of security technologies to ensure data confidentiality and integrity during transmission, along with logging and monitoring requirements for data export activities [9]