Following the Data Security Law, China has drawn up a new regulation clarifying how firms should handle sensitive industrial and telecoms data. The draft regulation classifies data into “core”, “important”, and “ordinary” categories, and requires firms to take different degrees of protection measures when collecting, processing, transferring, and disposing data. On September 30, 2021, the Ministry of Industry and Information Technology (MIIT) published the Measures for the Administration of Data Security in the Field of Industrial and Information Technology sectors (Trial) (Draft) (hereafter “Measures”) and is soliciting public opinions until October 30, 2021. The draft Measures apply to all kinds...