On Thursday, China's cyberspace regulator unveiled draft rules mandating service providers that hold data on more than 1 million people to undergo at least one compliance audit annually.

This move is part of the country's ongoing efforts to regulate data and information flow.

According to the draft rules issued by the Cyberspace Administration of China (CAC), infrastructure information providers or services handling data from more than one million users will be subject to a security review if they supply data overseas. The review will be conducted by an agency designated by the regulator.

Additionally, compliance agencies appointed by the CAC will evaluate services that possess data from over 100,000 users or handle sensitive data from more than 10,000 users. For services holding data from fewer than 1 million users, a personal information compliance check will be required at least once every two years.

China has been increasingly stringent in its control of data and information, particularly concerning data that flows beyond its borders. The implementation of annual audits for data holders with a large user base is yet another step in the country's efforts to manage data security and privacy. Photo by jaydeep, Wikimedia commons.