Cross-Border Data Transfer for AI
Three PIPL Art. 38 mechanisms. One decision to get right before any personal information leaves China.
Pick Your Transfer Mechanism
Click each mechanism to see requirements, thresholds, timeline, and required documents.
CAC Security Assessment
Mandatory for CIIOs and high-volume handlers
Standard Contract
For handlers below security assessment thresholds
PI Protection Certification
Voluntary, market-oriented option for multinationals
CAC Security Assessment
Required Documents
- Self-assessment report on cross-border data transfer
- Contract between PI handler and overseas recipient
- PIPIA report covering the specific transfer
- Data processing agreement specifying security measures
- Evidence of overseas recipient’s data protection capabilities
Standard Contract Filing
Required Documents
- Signed standard contract (CAC-published form, no material changes)
- PIPIA report for the specific cross-border transfer
- Filing form submitted to provincial CAC
PI Protection Certification
Required Documents
- Certification application via designated China representative
- Evidence of PI protection measures meeting certification standards
- Internal PI processing policies and procedures
- Records of PI processing activities for the relevant transfer
Which Mechanism Applies to You?
Answer four questions to determine your required transfer mechanism under PIPL Art. 38.
When You Do Not Need a Transfer Mechanism
The Regulations on Promoting and Regulating Cross-Border Data Flow (March 2024) created six exemption scenarios. Check each one that applies to your situation.
No PI or Important Data Involved
The transfer does not involve personal information or data classified as “important data” under the DSL. Aggregated, anonymized, or purely technical data that cannot identify individuals qualifies.
Contract Performance Necessity
Transfer is necessary to perform a contract to which the individual is a party. Example: booking an international flight or hotel that requires sending the customer’s PI to an overseas service provider.
Cross-Border HR Management
Transfer is necessary for cross-border human resource management under lawfully established labor rules and collective contracts. Covers payroll, benefits, and performance management for overseas-employed staff.
Emergency Protection of Life, Health, or Property
Transfer is necessary to protect a natural person’s life, health, or property in an emergency. Time-critical medical or safety scenarios where obtaining consent is not feasible.
Cumulative PI Below 100,000 Individuals
Total non-sensitive PI transferred cross-border, calculated from January 1 of the relevant year, involves fewer than 100,000 individuals. You must track cumulative volume to stay within this threshold.
Data Collected or Generated Outside China
Data was collected or generated outside China, processed domestically, and does not contain domestic PI or important data. Example: an AI model trained on overseas data that is processed in a Chinese data center without ingesting local PI.
Important: Even when an exemption applies, you must still comply with PIPL’s general principles for PI processing. The exemption only removes the requirement to use one of the three formal transfer mechanisms (security assessment, standard contract, or certification).
How Long Each Mechanism Takes
Factor these timelines into your AI deployment schedule. The bars below show total elapsed time from start of preparation to completion.
For AI systems: Cross-border transfer assessments for AI can take 6-12 months when the system involves mixed data types (training data with embedded PI, inference data from user queries, and real-name registration data linked to Chinese IDs). Start early, especially if the CAC security assessment path is mandatory for your organization.
Which AI Data Types Trigger Transfer Rules?
AI systems generate, process, and transfer data across three distinct categories. Each has different transfer implications.
Training Data
Datasets used to train or fine-tune AI models. If training data contains PI from individuals in China, any cross-border transfer of that data requires a formal transfer mechanism.
Transfer Triggers
- Sending labeled datasets to overseas training infrastructure
- Sharing fine-tuning data with a foreign model provider
- Real-name registration data included in training sets
- Web-scraped data containing identifiable Chinese user content
Inference Data
User queries, prompts, and model responses generated during AI system operation. If users submit PI in their queries and those queries are routed to overseas servers, transfer rules apply.
Transfer Triggers
- API calls routed to overseas inference endpoints
- User prompts containing names, IDs, or contact details
- Cumulative PI volume crossing the 100,000-individual threshold
- Logging and analytics data sent to foreign cloud providers
Model Weights
Trained model parameters. Whether model weights contain “embedded PI” extractable through adversarial prompting is actively debated among regulators and researchers. No definitive CAC ruling exists as of May 2026.
Risk Factors
- Models trained on PI-containing datasets without anonymization
- Memorization attacks that can extract training data
- “Important data” classification if sector catalogs designate model parameters
- Export controls on certain AI model architectures
Sector catalogs for “important data” are still being developed. Until your sector publishes its catalog, treat data conservatively. If you are unsure whether your AI data qualifies as “important data” under the DSL, consult with the relevant sector regulator or the CAC directly.
The PIPL Art. 38 mechanisms above cover outbound transfers (data leaving China). Importing data or models into China triggers a different set of obligations:
- DSL “important data” classification: Model weights or training datasets imported into China may trigger DSL important data obligations if a sector catalog designates them, regardless of origin country.
- CSL cybersecurity review: If the Chinese entity receiving the data is a CIIO, importing AI models for deployment may trigger a CSL cybersecurity review.
- Multinational scenario: Training in Jurisdiction A, then transferring weights to China for local inference, means the Chinese entity must assess whether imported weights contain embedded PI. The classification depends on the potential for adversarial extraction, not the training data’s origin.
- Export controls: Some AI model architectures are subject to Chinese technology import/export controls. Importing a model may also trigger the exporting country’s controls.
Transferring AI Data Across Borders?
TJS advisors help multinational teams structure cross-border data flows, prepare PIPIAs, and select the appropriate transfer mechanism.
Talk to a TJS Advisor →PIPIA: What the Impact Assessment Must Cover
A Personal Information Protection Impact Assessment (PIPIA) is required before any cross-border transfer, regardless of which mechanism you use. PIA reports must be retained for at least 3 years.
Legality and Necessity
Confirm that the purpose, method, and scope of PI processing are lawful, legitimate, and necessary. Document the legal basis for the transfer.
Impact on Individuals
Assess the impact on the rights and interests of the PI subjects. Include risk severity, likelihood, and the population affected by the transfer.
Security Measures
Evaluate whether existing security measures are proportionate to the risk. Include encryption, access controls, and breach response capabilities of both sender and recipient.
Overseas Recipient’s PI Protection
Assess the recipient country’s data protection laws and the recipient’s own security practices. Document how the overseas environment compares to China’s PIPL protections.
Contract Adequacy
Review the contract between handler and recipient. Confirm it includes PI subject rights enforcement, breach notification obligations, and audit rights.
Risk Mitigation Plan
Document specific measures to reduce identified risks. Include contingency plans for data breaches, government access requests in the recipient country, and PI subject complaint handling.
Requirements You Must Not Miss
Beyond picking the right mechanism, these requirements apply to every cross-border PI transfer.
You must obtain the individual’s separate, specific consent before transferring their PI overseas. This is distinct from any general processing consent. The consent must be informed, voluntary, and documented.
Before the transfer, you must inform each individual of: (1) the overseas recipient’s name and contact details, (2) the purpose and method of processing, (3) the types of PI being transferred, and (4) how the individual can exercise their PIPL rights against the overseas recipient.
PIPIA reports must be retained for at least 3 years from the date of the assessment. Maintain version history if the transfer scope, recipient, or purpose changes. Regulators can request these reports during inspections.
Published September 29, 2025, effective March 1, 2026. These standards set technical specifications for cross-border PI processing, including encryption requirements, access control standards, and logging obligations. Compliance with these standards is expected when using any of the three transfer mechanisms.
CIIOs and PI handlers processing PI above the threshold must store PI and important data domestically within China. The cross-border transfer mechanism allows a copy to be sent overseas, but the primary data store must remain in China.