China Cross-Border Data Transfer · CAC Regime · Evidence & Implementation Kit
Move data out of China legally, without decoding the CAC transfer regime yourself.
Every cross-border data transfer obligation handed to you as an adopt-ready control, from choosing the right mechanism and the self-assessment through the CAC security assessment and the Standard Contract, with the evidence the CAC examines.
Transfer-ready in a weekend, not a quarter.
Here is the honest situation. Getting data out of China is one of the hardest compliance problems in the world. Under the PIPL, Data Security Law and Cybersecurity Law, a transfer needs one of three mechanisms, a CAC security assessment, the CAC Standard Contract with filing, or certification, and the choice depends on thresholds that keep changing. You must self-assess the risk, run an impact assessment, analyze the recipient's obligations, and keep the paperwork. Getting the mechanism wrong or skipping the self-assessment is exactly where transfers get blocked.
This Kit removes that interpretation. It is every cross-border transfer obligation written as an adopt-ready control you personalize in a weekend, with the evidence the CAC examines.
What you get, the moment you buy
32
Obligations as adopt-ready controls. Every cross-border data transfer obligation, from the mechanisms and thresholds and the self-assessment through the CAC security assessment, the Standard Contract and recipient obligations, written so you personalize and apply it.
32
Evidence-they-examine checklists. For each control, exactly what the CAC examines, plus where transfers get blocked, so you close the gap first.
1
Cross-Border Data Control Matrix, pre-built. Every obligation in a working spreadsheet, ready to record the transfer mechanism, status and evidence location.
1
Gap & Readiness Assessment. Score each obligation and the workbook returns your readiness as a single percentage, and exactly what to fix next.
Grounded in China's cross-border data transfer regime, the CAC security assessment, the Standard Contract with filing, and certification, with the thresholds, the self-assessment and the 2024 relaxations and exemptions called out. Editable Word and Excel files.
The mechanism you choose is the whole game
Everything follows from which of the three transfer routes applies to you, and that depends on thresholds that shift with CAC rulemaking. This Kit builds the threshold assessment first, so you pick the correct mechanism, security assessment, Standard Contract or certification, before you invest in the wrong one.
What one control looks like
This is identifying the mandatory-assessment triggers and choosing the transfer mechanism, where a legal transfer begins. All 32 are built to this depth.
CBDT-2 Determine whether a mandatory CAC security assessment is triggered TRANSFER MECHANISMS
Put this control in place
[Data Handler] shall assess each outbound transfer against the mandatory CAC security assessment triggers, namely any transfer by a critical information infrastructure operator, any transfer of important data, any transfer of personal information of individuals above the applicable cumulative volume threshold, and any transfer of sensitive personal information above its lower threshold, and shall document the threshold calculation.
Legal note.
Volume thresholds are cumulative from the first of January of the current year across all transfers by the handler.
Evidence the CAC examines
- Threshold calculation worksheet showing counts of individuals and sensitive records exported since the start of the year
- Determination memo on critical information infrastructure operator status
- Important data classification outcome for the datasets in scope
- Legal review confirming the applicable transfer mechanism
Common finding they raise: Cumulative annual counts are frequently underestimated because organisations measure a single batch rather than the running total of individuals whose data has been exported since January.
Why this is not another template pack
- The evidence is the point. A transfer you cannot evidence gets blocked. This tells you what the CAC examines and where transfers get blocked, for every obligation.
- Mechanisms, self-assessment and contract built in. The three mechanisms, the risk self-assessment and impact assessment, and the Standard Contract and filing are written into the controls, the steps a legal transfer requires.
- Built on a mapped compliance corpus, not one person's opinion, from a graph of thousands of controls across standards.
- It compounds. This regime works alongside the PIPL, so it pairs with a PIPL program for full China privacy compliance.
Who buys this
Any organization moving personal or important data out of China, and the privacy, legal and data leads who own it. Whether it is a first transfer assessment or an ongoing program, you save weeks and walk in with the mechanism, self-assessment and evidence handled.
By the end of the weekend you will have
✓ An adopt-ready control for all 32 obligations
✓ A completed cross-border data control matrix
✓ The evidence the CAC examines
✓ Your transfer mechanism and self-assessment done
✓ A readiness percentage and a fix list
✓ The transfer-blocking gaps closed
Common questions
Is it really editable? Yes. Word and Excel files you own and adapt. No portal, no subscription.
Is this legal advice? No. It is an implementation toolkit grounded in the CAC regime. For a specific matter consult PRC counsel; this gets your mechanism, assessment and records in order fast.
What are the three mechanisms? The CAC security assessment, the CAC Standard Contract with provincial filing, and personal information protection certification. The Kit helps you choose and prepare.
Do the thresholds change? Yes, they shift through CAC rulemaking, including the 2024 relaxations and exemptions. The Kit builds the assessment so you re-check against current thresholds.
What if it is not for me? A 30-day money-back guarantee.
Do not invest in the wrong transfer mechanism.
Every cross-border obligation is fast to adopt with the Kit. It is instant, and it is guaranteed.
Add it to your cart and be transfer-ready this weekend.
Instant digital download · 30-day money-back guarantee · The Art of Service Pty Ltd, GPO Box 2673, Brisbane QLD 4001 · support@theartofservice.com