This Policy Update gives an overview about the Measures on Security Assessment of Cross-Border Data Transfer released by the Cyberspace Administration of China (CAC). The regulation is based on the “troika” of Cybersecurity Law, Data Security Law and Personal Information Protection Law – that build the framework for China’s cyber regulation. The Policy Update gives some legislative history and explains the assessment models and process outlined in the regulation. Besides a risk self-assessment an additional security assessment by external authorities might be needed if certain criteria are met. Read more about the process, the assessment materials, relevant authorities and the described processing time.