《个人信息出境认证办法》公布 2026年1月1日起施行

Core Points - The National Internet Information Office and the State Administration for Market Regulation have jointly announced the "Personal Information Outbound Certification Measures," which will take effect on January 1, 2026 [1][2] - The measures aim to protect personal information rights, regulate outbound personal information certification activities, and promote the efficient and secure cross-border flow of personal information [1] Group 1: Certification Applicability - The certification applies to personal information processors that are not critical information infrastructure operators and have provided personal information to overseas entities, meeting specific thresholds [1] - Specifically, processors must have provided personal information to more than 100,000 but less than 1 million individuals (excluding sensitive personal information) or less than 10,000 individuals for sensitive personal information [1] Group 2: Certification Process and Requirements - Personal information processors must apply for certification through professional certification agencies, which must follow established certification norms and rules [2] - The validity period of the certification is set at three years [2] Group 3: Obligations of Certification Agencies - Professional certification agencies are required to report certification information to the national certification and accreditation information public service platform [2] - If a certified personal information processor's outbound activities are found to be inconsistent with the certification scope, the agency must suspend or revoke the certification [2] Group 4: Supervision and Management - Certification agencies must file with the National Internet Information Department within 10 working days of obtaining certification qualifications [2] - Provincial-level internet information departments can conduct interviews with certified processors if significant risks or personal information security incidents are identified [2] Group 5: Legal Responsibilities - The measures outline legal responsibilities for violations of the certification regulations and specify their applicability [3]