On June 13, 2025, China’s Ministry of Industry and Information Technology, jointly with 7 other national ministries, issued the draft of the Guidelines for the Security of Automotive Data Cross-Border Export (2025 Version) (hereinafter referred to as the Guideline) to call for public comments. It is a move amid rapid growth in the new energy vehicle and automotive IoT fields, where increasing data processing activities and export demands has led to rising compliance challenges. To address these concerns and mitigate compliance risks, Chinese authorities decided to develop the guidelines, reducing regulatory burden on the automotive businesses. The call for comment period ended on July 13, 2025.

The Guideline is formulated in accordance with China’s Cybersecurity Law, Data Security Law, Personal Information Protection Law and Regulations on the Network Security Management. It is positioned as a regulatory document that bridges the Provisions on Promoting and Regulating Cross-border Data Flow and the Several Provisions on the Management of automotive Data Security (Trial Implementation) released in 2021. Once implemented, the Guideline will fill in the regulatory gap in the data cross-border transfer specific to the automotive industry.

The draft Guideline contains key information covering several critical areas. First, it outlines fundamental principles that enterprises can use to assess whether they need to initiate a security assessment for their data cross-border activities. These principles encompass the scope of application (specifying situations considered data export), the classification of data export pathways, and the security assessment exemption criteria. Additionally, the draft puts forward nine specific exemption scenarios.

Second, the draft defines "Cross-border Transfer of Key Data." This definition identifies 49 types of key data found within six major scenarios that require mandatory security assessment. These scenarios specifically include: R&D Design scenarios, manufacturing scenarios, driving-automation scenarios, software upgrade services scenarios, network operation scenarios, and scenarios falling under the sector standard YD/T 4981-2024 Guideline for identification of key data in industrial field.

The contents of the Guideline specifically target personal information and key data generated throughout the automotive lifecycle, including car design, manufacturing, sales, usage, operation, and maintenance. If China rolls out the Guideline, they will impact a wide range of stakeholders such as:

-   Automotive manufacturers,

-   Component and software suppliers,

-   Telecommunications operators,

-   Autonomous driving service providers and platform operators,

-   Dealers,

-   Maintenance service providers, and

-   Mobility service platforms, etc.

Foreign stakeholders, especially vehicle manufacturers are advised to review the draft and actively participate in this public consultation, and keep up with the future progress.

BESTAO presents free monthly report on China compliance. It offers a comprehensive solution on observing various standards and regulatory activities in China. Sample of the monthly report please refer to：

https://www.bestao-consulting.com/detail?id=1740&status=bestao_library

Subscribe the free monthly report by register as a BESTAO website member at: https://www.bestao-consulting.com/login, or write an email to assistant@bestao-consulting.com.