China Compliance
DSL
DSL (Data Security Law, 数据安全法) is the People's Republic of China's data security framework, enacted in 2021 and effective September 1, 2021. It establishes a data classification regime — including the "Important Data" (重要数据) category — and imposes security obligations on data processing activities based on classification level.
Definition
DSL (Data Security Law, 数据安全法) is the People's Republic of China's data security framework, enacted in 2021 and effective September 1, 2021. It establishes a data classification regime — including the "Important Data" (重要数据) category — and imposes security obligations on data processing activities based on classification level.
What it means
DSL operates alongside the Cybersecurity Law (CSL) and Personal Information Protection Law (PIPL) as the third pillar of China's data regulation framework. Where PIPL governs personal information specifically, DSL governs all data — personal and non-personal — through a classification-and-protection regime.
The most consequential DSL concept for connected-device manufacturers is **Important Data (重要数据)**: data that, if leaked or misused, could harm national security, public interest, or the legitimate rights of individuals or organizations. Important Data triggers heightened protection requirements, mandatory periodic risk assessment, and explicit approval for cross-border transfer.
What qualifies as Important Data varies by sector and is determined through a combination of national catalogs, industry-specific guidance, and case-by-case assessment. For connected vehicles, automotive Important Data includes geographic, biometric, and large-scale operating data. For SaaS and IoT, the classification depends on data volume, sensitivity, and aggregation potential.
The DSL Important Data pillar provides a decision tree for connected-system organizations.
Related terms
Authoritative sources
- DSL official text - CAC Important Data Identification Guide
---