The Data Security Law stipulates that the state establishes a data protection system. This law embodies the legislative goal of the overall national security concept, focuses on the outstanding problems in the field of data security, establishes data classification and hierarchical management, establishes basic systems such as data security risk assessment, monitoring and early warning, emergency response and data security review, and clarifies the data security protection obligations of relevant subjects. This is the first basic legislation in the field of data security in China. The Data Security Law has seven chapters and 55 articles.

Based on the purpose of implementing the overall national security concept and the most important security issues in data governance, it has grasped the main contradiction and balance point of data security, which is an important basic law in the field of data security in China. This Law is formulated in order to standardize data processing activities, ensure data security, promote data development and utilization, protect the legitimate rights and interests of individuals and organizations, and safeguard national sovereignty, security and development interests.

Article 2 of People's Republic of China (PRC) Data Security Law

This Law shall apply to data processing activities and safety supervision within the territory of People's Republic of China (PRC).

Anyone who conducts data processing activities outside People's Republic of China (PRC) and China and damages the national security, public interests or the legitimate rights and interests of citizens and organizations in People's Republic of China (PRC) and China shall be investigated for legal responsibility according to law.