Artificial Intelligence China

Report June 23, 2026 • 9:00 am ET

Balancing openness and control: Cross-border health data and AI governance in China

Introduction
Drivers of China’s approach to personal data
Health data under China’s data governance system
State of health data in the AI sector
Future policy directions
Recommendations for MNCs to build resilience in the face of potential future regulatory changes
About the author
Acknowledgements

Introduction

The approach of the People’s Republic of China (PRC) to health data sits at the intersection of national security, economic development, and technological competition. The regulatory system examined in this report reflects a clear set of drivers: a push for data sovereignty, the strategic importance of health and biometric data, and the role of large-scale datasets in advancing artificial intelligence (AI). At the same time, the rapid digitization of China’s healthcare system, which increasingly deploys AI across clinical, administrative, and pharmaceutical domains, generates strong demand for integrated, high-quality data.

This dynamic creates a core tension for both Beijing and the multinational companies operating within China’s health sector. China seeks to expand the use of health data to support AI-driven innovation, biotechnology competitiveness, and pharmaceutical development, while maintaining strict controls over high-sensitivity genetic and genomic information. Recent draft reforms, notably the 2026 updates to the PRC’s 2019 Regulations on the Management of Human Genetic Resources,¹ suggest Beijing will further its efforts to differentiate between lower-risk clinical and biomedical collaboration, which regulators strive to facilitate through narrower human genetic resource (HGR) regime definitions and ethics-based governance mechanisms, and higher-risk genomic or strategically sensitive datasets that remain tightly controlled. ²The result is a system that enables large-scale domestic data use and selective international collaboration, but constrains global data pooling and interoperability. This has led to a complex regulatory and compliance environment governing cross-border data transfers. Uncertainty is a defining feature of the PRC’s data governance regime, especially for large firms operating at scale.

The report argues three core points:

First, China views health and biometric data as both strategic economic resources and national security assets. This is especially true for genomic, multimodal, and population-scale datasets that Beijing sees as important to biotechnology competition, AI development, and state security. As a result, an overlapping regulatory architecture among multiple agencies—including the Cyberspace Administration of China (CAC), also known as Office of the Central Cyberspace Affairs Commission, the National Health Commission (NHC), institutional ethics committees, and sectoral and provincial authorities—primarily governs cross-border health-data transfers, with the NHC increasingly assuming functions previously associated with the Ministry of Science and Technology (MOST) under China’s HGR regime. This creates compliance complications for multinational health firms.
Second, while China maintains strict formal controls, system signals reveal an opening up of more routine and pragmatic channels for data exchange. Increases in more sector-specific guidance for collaboration pathways, as well as publicly disclosed approvals, pilot programs, and multinational oncology partnerships, demonstrate that cross-border cooperation has actively become more institutionally facilitated in selected sectors, especially oncology, pharmaceuticals, and multinational clinical trials.³ However, these collaborations typically depend on strong Chinese institutional partners and may include some form of localized infrastructure, formal ethics review, and iterative engagement with regulators. In practice, access remains highly managed and case-specific.
Third, China’s AI ambitions are increasing pressure for greater internal data integration while simultaneously reinforcing restrictions on external access. AI systems tailored to the health sector depend on large-scale clinical, imaging, genomic, and behavioral datasets, creating tension between China’s industrial AI goals and its emphasis on cyber sovereignty and data controls. Health AI systems often involve sensitive personal information, user inputs, usage logs, and model outputs derived from protected medical data. The AI rules then add extra obligations around lawful sourcing, consent, training-data quality, data security, annotation governance, content labeling, misuse prevention, and explainability. So, a provider trying to move health data or health-data-derived AI workflows across borders must satisfy both the ordinary transfer regime and the AI-specific requirements related to training data, consent, data security, labeling, and output control.⁴

This report examines how China’s overlapping data-security, privacy, health-data, and AI-governance regimes shape cross-border health-data transfers and international biomedical collaboration. It aims to provide insights for policymakers on China’s shifting cross-border data-transfer regime. Moreover, the report highlights how these rules affect multinational corporations (MNCs)—in particular, pharmaceutical firms—seeking to navigate China’s evolving regulatory environment.

In the near term, China’s future cross-border data policy will likely move toward a more refined, sector-specific system that selectively eases lower-risk transfers while preserving strict oversight of strategically sensitive data, especially in areas tied to AI, biotechnology, and national security. The expectations are for regulators to expand free trade zones (FTZs) and other pilot negative-list mechanisms alongside industry-specific guidance while continuing to treat more sensitive data types (known in PRC regulatory terms as “important data”) flexibly and conservatively.

Over the medium term, China will likely institutionalize a more differentiated regime organized by sector, risk level, and geography, while shifting more oversight toward audits, compliance obligations, and post-transfer supervision rather than focusing on front-end approvals. Recent draft HGR regime revisions also suggest a broader shift toward institutional ethics governance and scientific ethics committee review replacing some front-end security approvals for lower-risk biomedical collaboration.⁵ AI development has become more central to how this system develops, with Chinese policymakers explicitly linking data circulation, data infrastructure standardization, and the construction of sector-specific datasets to national AI strategy.

In the long term, Beijing appears to pursue a model of what this report terms “managed openness” in which some forms of international data exchange remain permitted through structured and state-supervised channels, while highly sensitive data related to AI, health, genomics, and priority industrial sectors remains tightly governed under a sovereignty-centered framework.

For policymakers, China’s evolving system illustrates how AI competition, geostrategic competition over biotechnology, and national security concerns work to reshape global data governance. Beijing is integrating the privacy, industrial policy, and security aspects of data into a unified governance framework centered on state visibility and control over strategically valuable datasets.

For foreign MNCs operating in China, the practical implications of China’s health-data regime differ significantly depending on the type of data involved, the sector, the geographic location, and whether AI systems are part of the workflow. Successfully navigating this environment may require firms to:

Differentiate among types of health data and understand which datasets regulators treat as strategically sensitive.
Align operations with the distinct authorities governing outbound transfers, clinical records, and HGR.
Assume localization for many categories of sensitive health and AI-training data.
Invest in privacy-enhancing approaches such as federated learning, trusted research environments, synthetic data, and localized inference infrastructure.
Build strong partnerships with local institutional actors, including Chinese partners, hospitals, contract research organizations, research institutes, and other actors.
Maintain sustained and iterative engagement with regulators across both national and provincial levels.
Prepare for growing regulatory divergence—especially in the context of growing US-China geopolitical tensions—through more localized, parallel, and flexible China-facing operational structures.

In short, this research identifies China’s health data regime as “managed openness.” It is relatively open where data use advances state-backed innovation, clinical research, pharmaceutical development, and AI industrial policy. It is closed where data mobility threatens state visibility, sovereign control, public health security, biosecurity, or geopolitical positioning. China’s regulatory system incentivizes a “China-for-China” health AI architecture, even when firms continue to participate in multinational research and development (R&D) pipelines. The outcome is a regulatory system that facilitates selected forms of collaboration while preserving a veto point for the state.

This report first outlines the drivers of China’s approach to data—namely, the dual security and economic rationales that undergird its regulatory approach. It assesses, in particular, the role of health data in China’s core data governance laws (i.e., the Cybersecurity Law, Data Security Law, and Personal Information Protection Law) that classify the data into specific categories and prescribe requirements for export. The next section examines the role of health data in China’s AI sector, with special attention to how the intersection of AI, data regulations, and health data protections impacts cross-border data transfers. Lastly, this report analyses the near-, medium-, and long-term policy horizons and offers recommendations for MNCs to successfully navigate the shifting regulatory landscape governing the health data sector.

Drivers of China’s approach to personal data

Before the advent of China’s current data protection regime, governance of foreign access to health data—including genetic datasets, hospital records, and clinical trial data—was comparatively less centralized and less systematic.⁶ Prior to 2012, China’s data rules were a patchwork of sectoral regulations responding to industry-specific challenges. ⁷However, most now widely consider that China operates one of the world’s more restrictive data control regimes for personal data, especially and including sensitive health data,⁸ due, in large part, to how Beijing has come to view data resources as both a strategic economic resource and as national security assets.

Data as a strategic economic resource

Alongside the rapid growth in the global digital economy, the PRC has come to define data as a “fifth factor of production” (alongside land, labor, capital, and technology) and a source of national competitive advantage.⁹ This framing has significant implications for the evolution of China’s cross-border data policy. The PRC’s macroeconomic regulator, the National Development and Reform Commission (NDRC), has identified secure cross-border data flow as key to extracting the economic value from data and toward China’s self-sufficiency. ¹⁰ Cross-border data flows support China’s push to expand the country’s digital economy and improve productivity in sectors such as manufacturing, logistics, and finance.¹¹ In particular, discussions of cross-border data flows have become increasingly salient in geopolitics as major powers compete for AI advantage. AI-fueled technologies fueled by require access to large, diverse datasets, and are thus heavily dependent on the free flow of data across borders.¹²

Beyond the macro-level economic benefits of secure but abundant cross-border data flows, China’s 14th Five-Year Plan (2021 to 2025) frames the integration of AI with the life sciences as a key driver of industrial growth. Backed by top-level policy and financial support, this plan contains goals to advance sectors including biomedicine, bioengineered breeding, biomaterials, and bioenergy and to scale the broader bioeconomy.¹³ As such, China seeks cross-border health data to support multinational biomedical research and clinical trials, to improve AI model development and validation through access to more diverse datasets, and to enable cooperation in public health surveillance and scientific exchange.¹⁴ These needs help explain why China seeks to facilitate selected forms of data mobility even while tightening controls over sensitive health and genomic data.

Data as a national security asset

The PRC’s view of health data and national security is explicit in official documents and legal frameworks. In 2016, China’s top administrative body, the State Council of the People’s Republic of China (PRC State Council), defined medical and health data as “important foundational strategic resources” for the nation and for advancing its data-driven health industry.¹⁵ The PRC has linked genetic data in particular to national security—China’s 2019 HGR Regulation states that the purpose of the regulation is to: “effectively protect and rationally utilize our country’s human genetic resources, and safeguard public health, national security, and the public interest.”¹⁶ Similarly, China’s 2020 Biosecurity Law links “security in biotechnology research, development, and applications” to “preserving national security.”¹⁷ Various regulatory NHC guidelines also list health and medical big data as “important foundational strategic national resources,” the security of which “concerns national strategic security.”¹⁸ China’s Ministry of State Security has also defined securing biometric data as a matter of national security and recently warned of foreign entities using scientific cooperation as a cover to exfiltrate sensitive data.¹⁹

This securitized view of data—especially sensitive personal health data—is due, in part, to issues that arose from the rapid expansion of China’s digital economy during the mid- to late-2000s decade. During this period, Chinese technology companies accumulated vast amounts of user data, and the lack of regulation over the sector led to a series of high-profile incidents involving fraud and the illegal sale of personal information.²⁰ PRC leadership came to view the vast troves of user data possessed by technology companies as potential vectors for exfiltration and thus as serious risks to national security.²¹ In 2012, China’s top decision-making body, the National People’s Congress Standing Committee, issued the “Decision on Strengthening Information Protection on Networks,” one of the earliest instantiations linking national security with data protection in regulatory guidance.²²

Alongside these domestic developments, accusations of widespread surveillance by US companies at the behest of the US government in 2013–2014 exacerbated longstanding fears about reliance on foreign technology infrastructure and the vulnerability of Chinese data to foreign intelligence collection.²³ China’s President Xi Jinping argued in 2014 that “no matter how developed a country’s internet technology is, it simply cannot violate the information sovereignty of other countries,” explicitly linking US surveillance activities to China’s emerging concept of cyber sovereignty.²⁴ Chinese policymakers also spoke of the US policy position of supporting the “free flow of data” as a mechanism to enable US firms’ dominance of global supply chains for data extraction.²⁵ This catalyzed efforts to gain greater control over data collection, storage, and cross-border transfers.

Beijing formalized this security orientation in the 2015 National Security Law of the People’s Republic of China, which links data governance directly to national and political security.²⁶ Xi’s concept of a “comprehensive national security” is a national security policy framework that places internal security—in particular, regime survival—at its core. It is the standard against which China measures other national security considerations.²⁷ Under this concept, maintaining data “security” is integral to the system, ²⁸making control over information flows essential.²⁹The law grants authorities broad and flexible powers to regulate economic activity, including cross-border data flows, based on perceived security risks. Central to this framework is the requirement that data be “secure and controllable,” a concept tied to China’s doctrine of cyber sovereignty, which asserts that the state has full authority over data generated within its borders. ³⁰

Health data under China’s data governance system

China regulates health data through overlapping frameworks under three core laws: The 2016 Cybersecurity Law (CSL) and the 2021 Data Security Law (DSL), which focus on data security, and the 2021 Personal Information Protection Law (PIPL), which centers on personal information protection. These laws provide comprehensive baseline protections, with more specific requirements tailored by sector.

On data security, the CSL, DSL, and related regulations require managing China’s data within a hierarchical, increasingly restrictive three-tier classification system: general data, important data, and core data. ³¹.Broadly, the term “general data” refers to ordinary commercial or operational information with limited national security implications; the “important data” classification refers to data that, if tampered with, leaked, or misused, could harm national security, economic stability, public health, or major public interests; and the “core data” tier refers to data tied directly to national security, critical sectors, or major state interests whose compromise could seriously threaten political stability, economic security, or state functioning.³²

Assessment procedures for the export of this data increase in scrutiny and restrictiveness based on where the data sit, in terms of the three classifications. Health data, especially genetic and genomic data, often fall under the category of important data due to their national-security and industrial significance and, in some cases, may also implicate core data concerns.³³ Notably, both laws are intentionally vague on what constitutes important data and the factors considered as to who is an important data processor, to give regulatory authorities the broadest leeway to conduct context-specific assessments, as well as determine restrictions and handling determinations of data by sector. ³⁴

On personal information protection, in addition to its status as important data under China’s data security laws, health data often figure as “sensitive personal information” under China’s personal information protection regime, namely, 2021’s PIPL. This status renders health data subject to additional protections and specific regulations governing its sale, use, and transfer.

In the case of health data, an overlap emerges from an often dual categorization as both important data under the DSL (due to implications for national security) and sensitive personal information under the PIPL (due to implications for personal information protection) (Figure 1).

Important data: Whether health datasets qualify often depends on scale, aggregation, strategic context, sector, and foreign involvement. Both the CSL and DSL frequently categorize health data as important data, ³⁵ a category requiring increased protection due to its significance to national security.³⁶ Health datasets are more likely to qualify as important data when they are large-scale systems (i.e., they are population-level datasets, for example census data or genetic resource databases) that link to public health networks, which regulators believe could affect national security, economic operations, social stability, public health, or major public interests if tampered with, leaked, destroyed, illegally obtained, or transferred abroad.³⁷
Sensitive personal information: China’s PIPL explicitly defines medical and health information as sensitive personal information. Article 28 states that sensitive personal information includes data which, once leaked or illegally used, could easily infringe personal dignity or endanger personal or property safety, including “medical health information” and also includes specific mention of “biometric information” under its description of sensitive personal information.³⁸Health datasets also qualify as sensitive personal data at the individual level when they reveals details, such as individual health records, genetic information, and ethnic characteristics. ³⁹ Regulations passed by China’s standards body and market regulator also support this interpretation, defining health data as sensitive personal information. ⁴⁰ The PIPL, moreover, stipulates that personal information handlers may only handle sensitive personal information “under circumstances of strict protection measures” and when “there is a specific purpose and need to fulfill.”⁴¹
Personal information: When it rises to the level of concern for national security or public interest, personal information joins the important data category. In terms of health data, it becomes more likely to cross into important data territory when one or more of the following conditions apply:
- Large-scale data (e.g., provincial or national level datasets, datasets including millions of patient records, and population-wide statistics).⁴²
- Strategically relevant data (e.g., AI training datasets using sensitive health information, biotechnology R&D, an epidemiological focus, and data tied to strategic industries). ⁴³
- Aggregated data that integrate sources defined as important data (e.g., cross-hospital linked datasets, multimodal patient profiles, combined genomic data with clinical data/repositories; this also includes derivative data—including certain types of bulk data, integrated data that combines information across different populations, sectors, and use scenarios, and mined multidimensional data generated from a large amount of personal information⁴⁴).⁴⁵
- Critical Information Infrastructure Operator (CIIO) linked data (e.g., data controlled by major public hospital systems, national health infrastructure platforms, or other healthcare CIIOs).⁴⁶
- Data with public health or national security implications (e.g., data related to infectious disease monitoring, pandemic response, and state-managed health registries).⁴⁷

In short, China views all identifiable health data as sensitive personal information and deems health datasets as important data, when they aggregate or represent sectors defined as strategic by the state (and at the regulator’s discretion). This conditional dual categorization means complex compliance requirements before export.

Figure 1: Data overlap in China’s health data governance system

Exporting health data as sensitive personal information and important data

Following the passage of the CSL, DSL, and PIPL, China’s CAC developed a unified framework governing outbound data transfers.⁴⁸The first major instrument was the 2022 Measures for the Security Assessment of Outbound Data Transfers, followed by the 2023 Measures on Standard Contracts for the Outbound Transfer of Personal Information, the 2024 Provisions on Promoting and Regulating Cross-Border Data Flows, and the October 2025 Measures for Certification of Cross-Border Personal Information Transfer (which took effect on January 1, 2026). Together, these measures define the current framework governing outbound transfers of health data.

Constraints on exporting health data

For healthcare data, the key issue is that many medically relevant datasets, especially genetic and genomic data, trigger overlapping regulatory requirements. Under Article 38 of the PIPL, three pathways exist for transferring personal information abroad: Processors must either 1) pass a CAC-led security assessment, 2) obtain certification from an approved institution, or 3) sign a CAC standard contract with the foreign recipient.⁴⁹. Regardless of pathway, firms must first conduct a self-assessment to identify data protection risks,⁵⁰ and the law prohibits firms from splitting datasets to remain below regulatory thresholds.⁵¹ The status of health data under PRC law has implications for cross-border data transfer. For certain types of health data, export is subject to parallel requirements to those under the CAC.

Nucleic-acid-sequence-based genetic and genomic data fall within China’s most restrictive category of health data. The PRC’s 2019 HGR Regulation links safeguarding the country’s genetic resources, as essential to the country’s “public health, national security, and the public interest.” ⁵²Foreign entities generally cannot independently collect or store Chinese HGR within China, and the country prohibits commercial transactions involving such data. In addition, foreign entities and researchers must partner with Chinese institutions, with collaborations requiring approval from authorities, such as the NHC and, in some cases, the MOST. The draft revisions also appear to relax restrictions on some foreign-invested entities, potentially reducing compliance burdens for Chinese biotechnology firms with minority foreign investment or variable interest entity structures.⁵³ The PRC government has subjected violators of these genetic data export restrictions to fines and significant administrative penalties.⁵⁴

This creates an overlapping approval environment for cross-border health-data transfers. In May 2023, China’s MOST identified several categories of genetic data that automatically trigger outbound security review. Historically, mandatory security review has applied in specified scenarios involving sensitive genomic datasets, important families, specific regions, or large-scale sequencing activities. ⁵⁵ However, the May 2026 draft revisions suggest regulators are moving away from some of the dedicated HGR Regulation security-review mechanisms and toward ethics-committee-centered oversight for lower-risk research activities.⁵⁶ The shift does not eliminate CAC export controls, important-data obligations, or broader national-security authorities. However, it does imply a partial shift from centralized pre-approval toward embedded ethics and compliance governance. At the same time, cross-border transfers involving personal or strategically sensitive data may still fall within the scope of Article 38 of the 2021 PIPL, requiring a separate security assessment by the CAC when meeting personal data thresholds. The two systems operate separately, meaning approval under one framework does not guarantee approval under the other.⁵⁷

China also imposes strict controls on health data generated in medical settings. Regulations require that the storage of patient data, including genetic information from clinical testing, reside on domestic servers. ⁵⁸ Access to medical records has tight time restrictions and strict return requirements, with research purposes dependent upon institutional approval. ⁵⁹ Current rules prohibit foreign entities from collecting or storing Chinese HGR data within China and ban commercial transactions involving such data. Foreign researchers cannot directly access genetic data unless they partner with Chinese institutions, ⁶⁰ and such collaborations require NHC authorization.⁶¹ Permission for cross-border sharing is only in limited circumstances: (1) when Chinese holders provide HGR data access to foreign parties, and file the transfer with the NHC, including a backup copy and risk assessment, or (2) when HGR data sharing occurs within approved international research collaborations.⁶²

In addition to the above requirements, the fragmentation and uncertainty throughout the various consent requirements in China’s cross-border regulatory regime often constrain research collaborations. Multiple government-issued biomedical ethics and human subject research regulations outline general procedures for informed consent, ethics review, and clinical research oversight, but they do not fully address key issues related to cross-border health data sharing. These unresolved issues include how researchers should explain foreign jurisdictional risks, overseas recipient obligations, onward data transfers, breach notification responsibilities, or available remedies once data leaves China.⁶³

For example, China’s 2023 Measures for Ethical Review of Life Sciences and Medical Research Involving Humans does require informed consent forms to cover research participant rights, confidentiality, compensation, contacts for problems, result returns, and, for human biological samples collected, the type, quantity, purpose, preservation, use, sharing, secondary use, privacy protection, external provision, and destruction of those samples.⁶⁴

In May 2026, China’s National Science and Technology Ethics Committee (NSTEC) issued new guidance on ethics governance for human genetic data research. The guidance reinforces Beijing’s shift toward institutional ethics governance as a core mechanism for supervising biomedical and genetic-data research. Under this emerging model, scientific ethics committees increasingly function as frontline governance institutions responsible for evaluating research necessity, consent procedures, data handling, privacy protections, external sharing arrangements, and risk management obligations. ⁶⁵ This development suggests China is attempting to streamline lower-risk international biomedical collaboration while retaining state oversight through institutionally embedded governance structures rather than relying exclusively on centralized security review.

At the same time, China’s PIPL outlines a separate consent requirement, stipulating that sensitive personal information, including medical health and biometric information, requires separate consent, and cross-border use requires notice of the overseas recipient’s identity, contact information, processing purpose, processing method, categories of personal information, and procedures for individuals to exercise rights against the overseas recipient. PIPL also gives individuals the right to withdraw consent and requires renewed consent when the processing purpose, method, or categories of personal information change.⁶⁶

HGR rules add another layer: The 2019 HGR Regulation, as revised, requires prior informed consent for the collection, preservation, use, and external provision of Chinese human genetic data, and requires providers to receive information about the purpose and use of collection, health impacts, privacy protections, and their rights to voluntary participation and unconditional withdrawal. The 2023 HGR Implementing Rules further require written informed consent, ethics review by a registered ethics committee, and Chinese institutional involvement for Chinese HGR data collected, preserved, used, or provided abroad.⁶⁷

While consent is a necessary and important part of a cross-border data regime, these parallel regimes remain unintegrated under a unified cross-border data framework and thus require separate—and often duplicative—consent processes. For example, consents for clinical studies, sensitive personal information processing, cross-border transfers, and HGR collections or external provisions, while related they are not interchangeable.

The concept of broad consent appears in some ethics-facing contexts, particularly regarding future use, sharing, and secondary use of biological samples, ⁶⁸ but its legal status remains uncertain. The 2023 ethics measures require consent materials involving human biological samples to clarify their use for product development, sharing, secondary use, external provision, and destruction. This creates room for future-use consent, but it does not provide detailed standards for how broad consent should operate, how specific the future uses must be, how withdrawal should function after de-identification or overseas transfer, or what protections apply to vulnerable groups.⁶⁹

PIPL further complicates broad consent because it requires separate consent for sensitive personal information and for cross-border provision of personal information. Article 14 requires that consent be informed, voluntary, and explicit, with renewed consent when the processing purpose, method, or categories of personal information change. ⁷⁰Article 39 requires separate consent for cross-border transfer after notifying the individual of the overseas recipient and processing details.⁷¹ These requirements sit uneasily with broad or open-ended consent for unspecified future research uses, especially where future recipients, research purposes, or data-transfer pathways are unknown at the time of enrollment.⁷²

Recent judicial interpretation points in the same direction. In a 2024 cross-border personal information transfer case, a Chinese court found that consent bundled into a long privacy policy did not satisfy PIPL’s separate consent requirement. ⁷³ The court treated separate consent as specific authorization for a particular handling activity and distinguished enhanced notice from general notice. Although the case was not a health-data case, it suggests that broad, bundled, or vague consent mechanisms face legal risk when used for cross-border transfer.⁷⁴

Recent moves reduce burdens on exporting health data

The PRC has recently moved to reduce some of China’s regulatory burdens on lower-risk data transfers. Regulators have introduced adjustments to clarify review procedures and facilitate transfers. ⁷⁵ The CAC, in 2024, passed cross-border data flow measures that have provided more detailed rules, standardized templates for the application process, and defined timelines for reviews and approvals—including a five-day completeness check, a seven working-day decision window, and a fifteen working-day reconsideration period. ⁷⁶ The measures have also expanded exemptions and raised requirement thresholds for reviews and extended the validity of security assessments from two to three years with easier renewal processes.⁷⁷The 2025 certification measures issued by the CAC and the State Administration for Market Regulation further clarify certification requirements for cross-border transfers of personal information, including health and biometric data. ⁷⁸These reforms aim to provide more predictable regulatory mechanisms for firms and researchers looking to conduct studies or clinical trials.⁷⁹

In particular, under the CAC’s 2024 adjustments, ⁸⁰ non-CIIO entities exporting sensitive personal information of fewer than 10,000 individuals cumulatively since January 1 of the current year generally use China’s standard contract for cross-border data flows (known as an SCC) or a certification route, while exports above that threshold require a CAC security assessment.⁸¹

In the case of genetic data, in 2022, Beijing introduced reforms to the HGR regime, creating a separate pathway for some non-sensitive research activities. Subsequent 2023 revisions further narrowed the definition of regulated HGR information by excluding most ordinary clinical data and clarifying the scope of “foreign parties” subject to the rules.⁸² The May 2026 HGR draft revisions continue this trajectory by explicitly excluding ordinary clinical, imaging, protein, and metabolic data unless those datasets contain human gene or genome information. The draft revisions also appear to relax restrictions on some foreign-invested entities, potentially reducing compliance burdens for Chinese biotechnology firms with minority foreign investment or variable interest entity structures. At the same time, the draft preserves heightened oversight for certain large-scale genomic sequencing activities involving more than 500 individuals and continues to subject higher-sensitivity genomic and genetic datasets to stricter review.⁸³

Under the revised framework, some collection activities involving fewer than 3,000 cases no longer require the same level of formal HGR approval, while some international clinical trials became eligible for exemptions.⁸⁴ The 2023 HGR regime measures also clarified the scope of permit applications for international scientific research cooperation, and the May 2026 draft revisions suggest regulators are shifting portions of oversight responsibility toward institutional ethics review mechanisms.⁸⁵ These reforms appear designed to reduce friction for multinational pharmaceutical collaboration and improve the international competitiveness of Chinese biotechnology firms. One study found that international collaboration projects accounted for 84.51 percent of human genomic permits in 2024, with US firms remaining key partners despite increasing US-China geopolitical tensions.⁸⁶ The 2026 draft revisions reinforce this differentiated approach by further separating lower-risk clinical and biomedical collaboration from higher-sensitivity genomic and national-security-relevant datasets. At the same time, genomic, exome, important-family, specified-region, or important-data cases remain tightly controlled, reflecting China’s approach of “managed openness.” Rather than broadly prohibiting international biomedical collaboration, China seems to be moving toward a conditional-governance model that selectively permits cross-border access through institutionally supervised and sector-specific channels, with the state maintaining broad visibility.

Post-2023 HGR regime adjustments have reduced one source of friction for routine cross-border clinical-trial data flows, but they have not removed China’s broader data-export controls. MOST’s 2023 HGR Implementing Rules clarify that the regulatory category of “human genetic resources information” covers human gene and genome data generated from HGR materials, but does not include clinical, imaging, protein, or metabolic data where those datasets do not contain human gene or genome information.⁸⁷ The practical effect is to make it easier for China-based clinical-trial data to support global clinical development pathways where regulators accept multiregional clinical-trial data.⁸⁸ It has also expanded the ability to include Chinese patient cohorts in global oncology datasets, ⁸⁹ as well as real-world evidence studies without lengthy approval processes.⁹⁰ The 2026 draft revisions reinforce this trajectory by further separating lower-risk clinical and biomedical collaboration from tightly controlled nucleic-acid-sequence-based genetic and genomic information.⁹¹

The HGR adjustment also does not override separate obligations under the PIPL, DSL, CSL, or CAC data-export rules. CAC’s March 2024 Provisions state that China’s outbound data framework operates through the CSL, DSL, and PIPL, and CAC explains that outbound data security management applies to important data and personal information rather than all data.⁹² Because clinical-trial and pharmaceutical data often include medical health information, these often remain sensitive personal information under PIPL even when it no longer triggers the HGR threshold.⁹³ Therefore, the same dataset might avoid HGR review while still requiring CAC analysis, SCC filing, certification, or a CAC security assessment depending on the transfer scenario, data type, exporter status, and volume.⁹⁴

Under the March 2024 CAC rules, CAC security assessment remains mandatory for CIIO exports of personal information or important data, non-CIIO exports of important data, non-CIIO exports of personal information above 1 million individuals cumulatively since January 1 of the current year, and non-CIIO exports of sensitive personal information above 10,000 individuals cumulatively since January 1 of the current year.⁹⁵ The March 2024 CAC rules therefore remain central for pharmaceutical data exports, especially where transfers involve important data, large volumes of personal information, sensitive personal information above the threshold, or a CIIO entity.⁹⁶

Standard contracts as a middle ground compliance pathway

For smaller sensitive personal information exports, SCCs are a contractual compliance route, offering a lighter, more attractive regulatory pathway for multinational pharmaceutical and clinical-trial operations with more procedural predictability than CAC security assessments, which can be resource-intensive, slower, and less predictable, particularly where regulators might scrutinize national security implications, important data classification, foreign government access risks, large-scale aggregation, AI training use cases, and genomic or population-level datasets. The SCC process is more procedurally standardized.⁹⁷ Companies execute the CAC standard contract, conduct a personal information protection impact assessment (PIPIA), and file materials with the provincial CAC, rather than undergoing a more intensive security assessment process.

MNCs also use SCCs as a lower-friction compliance pathway for datasets that fall below CAC security-assessment thresholds yet still contain sensitive personal information. This is especially relevant for clinical-trial data because even though HGR revisions exclude many non-genomic clinical datasets from HGR information, the PIPL still treats medical and health information as sensitive personal information.⁹⁸ For example, most clinical-trial data qualify as sensitive personal information under PIPL because this law explicitly categorizes health information as such (Figure 2). And pharmaceutical companies may approach or exceed the sensitive personal information thresholds relatively quickly through repeated exports tied to multicenter trials, adverse event reporting, imaging repositories, companion diagnostics, and long-term patient follow-up, which can cumulatively involve thousands of Chinese participants across repeated exports (while smaller single-study transfers may remain below it).⁹⁹ Companies therefore often structure transfers to remain within SCC eligibility ranges where possible, as they leave room for regulators to revisit filings where transfer purposes, scope, data sensitivity, overseas storage location, recipient processing methods, or foreign legal conditions change.¹⁰⁰

In addition, even where firms rely on certification or SCCs, CAC review remains mandatory for data considered important data.¹⁰¹Firms remain cautious because the important-data classification remains a major uncertainty in sensitive sectors.¹⁰² Chinese regulators have deliberately preserved discretion around what counts as important data, especially in strategic sectors that directly intersect with healthcare (e.g., biotechnology, genomics, AI medical training data, etc.). In health, biotechnology, genomics, AI medical training data, and pharmaceutical contexts, that uncertainty gives companies reason to adopt the use of SCCs as a more conservative compliance strategy even when a transfer appears to fall below the formal CAC security-assessment thresholds.

Figure 2: China’s health data export regulatory pathway

Collaboration under the new regulatory regime

Cancer research is one area where examples of increased cross-border research collaboration under the new regime are evident.¹⁰³ For example, Chinese clinical trial data have in some cases fed directly into global drug development pipelines. The US-based biotechnology firm Amgen partnered with the China-based BeiGene on multinational oncology trials, using data from clinical trials conducted in China to support its global development of oncology medicines.¹⁰⁴ Swedish-British pharmaceutical company AstraZeneca’s Shanghai-based entity routinely integrates Chinese clinical trial data into global development pipelines. The company runs multi-country cancer trials, including large global Phase III oncology studies, such as the FLAURA2 trial for lung cancer, which enrolled patients across regions and incorporated a Chinese patient cohort alongside the global population.¹⁰⁵ Evidence from these trials shows that outcomes for Chinese patients are part of the overall global dataset analyzed and used to support regulatory approvals in multiple jurisdictions, including China, the United States, and Europe.¹⁰⁶ Lastly, Roche conducts extensive oncology trials in China, including in immunotherapy and precision medicine;¹⁰⁷ the company explicitly highlights the use of both clinical trial data and real-world evidence to support regulatory and reimbursement decisions across jurisdictions, indicating that data generated in China contributes to broader global evidence packages for cancer therapies.¹⁰⁸ As the examples above illustrate, Chinese patient data is already embedded in global oncology research workflows, and recent regulatory changes expand the scope of potential collaboration.

In addition, publicly available approval notices and disclosed cases do show that foreign universities and multinational pharmaceutical firms have in the past obtained permission to use Chinese health or HGR data through approved collaborations, clinical trials, CAC export assessments, and pilot-zone filing mechanisms, especially following the 2022 and 2023 easing. Examples include:

Beijing Friendship Hospital and the University of Amsterdam: This collaboration is an early example of a successful approval case. It involved clinical-trial data exports between Beijing Friendship Hospital, a public institution, and medical research centers at the University of Amsterdam. However, the project is not necessarily representative as it included sponsorship from the National Health Commission as a “poster project” for medical and health data transfers.¹⁰⁹
Bayer Healthcare’s China (Beijing) Pilot Free Trade Zone negative-list filing: Bayer Healthcare became Beijing’s first enterprise approved to transfer data abroad under the Chinese capital’s FTZ negative-list mechanism. Beijing authorities stated the filing review took five working days and simplified the procedures needed for compliant data export. They framed it as supporting Bayer’s business operations and the introduction of innovative drugs and therapeutics in China.¹¹⁰
MOST approvals of HGR projects: MOST has approved scientific research projects for Roche (urothelial cancer trial, follicular lymphoma trial, gastric and gastroesophageal junction cancer umbrella study), Pfizer and Array BioPharma (colorectal cancer trial), Novartis (BRAFV600E-mutant non-small cell lung cancer trial), AstraZeneca, (acalabrutinib hematologic malignancy trial and tezepelumab severe asthma trial), AstraZeneca and Alexion (AL amyloidosis trials), and Sanofi (fitusiran hemophilia trial and chronic rhinosinusitis trial).¹¹¹ All of these cases required Chinese participating institutions as partners (e.g., hospitals (cancer-specific and general), medical institutes, clinical testing/medical research firms, laboratory partners, pharmaceutical and drug development firms, etc.).¹¹²

In practice, foreign access to Chinese health data is highly mediated and approved on a case-by-case basis. Existing rules lack clarity on application procedures and do not specify whether foreign and domestic researchers receive equal treatment.¹¹³ Foreign access to Chinese genetic resources remains highly managed, with hospital approvals, ethics review, sectoral HGR controls, CAC data-security requirements, and pilot-zone mechanisms shaping whether access occurs on-site, through domestic servers, or through approved outbound transfer channels. Recent approvals offer more insights into the particular use cases that make up successful applications, but companies exporting important data or large volumes of personal information still face detailed, complicated, and overlapping compliance procedures and tend to have to rely heavily on domestic partners to navigate PRC regulatory processes.¹¹⁴

Implications for cross-border data transfer activities and cooperation on health research

For multinational firms operating in China’s health sector, cross-border data transfer is possible in certain circumstances, yet remains heavily conditioned on the regulatory classification of the transferred data, local partnerships, and government discretion. A key operational issue is whether regulators classify a health dataset as important data. Once regulators classify it as important data, an outbound transfer becomes substantially more difficult and generally requires CAC-led security review regardless of which transfer mechanism a company intends to use.

On data, firms should assume that:

Identifiable health datasets trigger PIPL obligations.
Large-scale or strategically significant datasets likely trigger DSL “important data” requirements (including mandatory security assessments).
Genetic and genomic data face the highest barriers and frequently trigger parallel CAC and HGR approvals.

The CAC is the main driver of the general cross-border data-transfer architecture, but it is not the only meaningful regulator for health data. For health and biomedical data, sector regulators shape what data counts as sensitive, what research activities require approval or filing, and what foreign entities may access. In May 2024, China shifted management of the HGR regime—historically administered by MOST—to the NHC.¹¹⁵ One could characterize the current system as CAC-led at the horizontal data governance layer, but sectorally co-governed in practice.

Companies face overlapping regulatory requirements from multiple authorities simultaneously: 

CAC for data export.
NHC and hospital systems for medical-data access.
HGR authorities for genomic information.
Ethics committees for research approval.

Taking genetic data as the most restrictive case, PRC rules significantly hinder international cooperation on genomic research. For example, HGR rules enforced by health authorities might block commercial use of genetic data, yet not raise issues under cybersecurity reviews. In practice, genetic data are subject to separate security assessments, one by the MOST under the HGR regime and one by the CAC under the 2021 PIPL. These parallel processes create significant compliance burdens for data processors. Existing regulations do not clarify whether or how to align these processes, and the absence of any coordination mechanisms for these parallel processes adds uncertainty and may slow international biomedical collaboration.¹¹⁶ Operationally, this implies that:

Local partnerships are essential. Approval processes are highly discretionary and require ongoing coordination with hospitals, ethics committees, provincial authorities, CAC offices, and sector-specific regulators. Foreign firms rarely interact directly with regulators without Chinese institutional counterparts. In addition, approval processes remain discretionary and opaque, with timelines and documentation requirements varying significantly across jurisdictions and sectors. Compliance is also increasingly sector- and locality-dependent, particularly as pilot FTZs and provincial authorities have begun to further shape implementation of cross-border data transfer regimes. heightening the importance of a well-positioned local partner(s).
Consent practices that tackle each stage of the transfer process. For companies and researchers, consent practices should separately address participation in the study, processing of sensitive personal information, collection or use of biological samples, secondary research use, sharing with third parties, cross-border transfer, identity and role of overseas recipients, withdrawal rights, remedies, data localization limits, and whether HGR review or CAC security assessment applies. Compliance risks can arise with practices like reliance on a consent form that is too general to satisfy PIPL, too narrow to support secondary research, or insufficient for HGR-related transfer.
Many successful collaborations rely on managed-access models. Examples include on-site access use (versus data sharing), domestic servers for data storage, federated analysis of sensitive data, and approved partnership structures. Meanwhile, research, cloud, storage, and AI-development workflow designs will likely need to be more intentional about China’s localization and approval requirements from the outset, versus treating them as a downstream legal issue.

The AI factor

China’s health data regime only becomes more complex when applied to AI. AI systems depend on large, diverse, and often integrated datasets; for health data, this can include clinical records, imaging data, and, in certain cases, genomic information.

As a result, the same legal categories discussed above (i.e., sensitive personal information, important data, and HGR) directly affect allowable training, validation, and deployment of AI models in the China context. Cross-border data transfer restrictions therefore not only shape whether data can move, but also the organization of AI development across jurisdictions, including whether training occurs within China, through localized datasets, or via alternative approaches, such as federated analysis.¹¹⁷

Similar to China’s approach to cross-border transfer of health data, the PRC is selectively open where cross-border data use advances state-backed goals, such as AI development, pharmaceutical innovation, clinical trial participation, and industrial upgrading. It remains highly restrictive where data movement implicates sovereignty, biosecurity, strategic industries, public opinion control, or foreign visibility into sensitive datasets. The PRC system of “managed openness” is one of controlled pathways for approved collaboration combined with broad state discretion to intervene, delay, or deny transfers where state security is concerned. AI intensifies this tension. China simultaneously needs larger, more diverse, and internationally integrated datasets for AI competitiveness, while it also treats many of those same datasets as strategic national resources.

The next section examines how AI both intensifies existing constraints and creates new points of friction within China’s health data governance system.

State of health data in the AI sector

AI in China’s healthcare sector

China directly embeds AI into state-led health policy. Beginning with the “Healthy China 2030” plan and the “Next Generation Artificial Intelligence Development Plan,” the government has identified healthcare as a priority sector for AI deployment.¹¹⁸ These plans depict AI as playing a key role in optimizing resource allocation in the healthcare sector, expanding access to medical services and treatment (through telemedicine, for example), and improving diagnostic accuracy, among other benefits.¹¹⁹

More recently, China’s 2025 “AI Plus Initiative” set targets for widespread adoption of AI across society, including aiming for 70 percent adoption by 2027 and 90 percent by 2030, with the goal of a fully “intelligent society” by 2035.¹²⁰ The NHC followed with its AI Plus plan, outlining dozens of AI use cases across clinical care, hospital management, and public health, including AI-assisted medical record generation, clinical decision support, pharmacy management, and epidemic prediction.¹²¹

These initiatives identify health data as a core enabling resource. The NHC’s AI Plus plan calls for building high-quality healthcare datasets, improving data labeling and interoperability, expanding data access across institutions, and establishing trusted data spaces for high-quality medical and health data. It emphasizes cross-departmental data sharing and the compliant, efficient use of medical data to support AI development.¹²²

Extensive digitalization across the healthcare system supports this data environment.¹²³ Internet hospitals illustrate this model, delivering their services across clinical pathways, from consultation and diagnosis to prescription and reimbursement, through digital platforms.¹²⁴ Supporting infrastructure extends to backend governance as well. For example, China’s National Healthcare Security Administration has implemented a nationwide drug traceability system that assigns a unique code to each unit of medicine, allowing regulators to track prescriptions, dispensing, and reimbursement across the supply chain.¹²⁵ Piloted in April 2024, the system had reached nearly 95 percent coverage of designated hospitals and pharmacies by early 2025, enabling large-scale monitoring of drug use and insurance claims.¹²⁶

Implications for cross-border data transfer activities and cooperation on health research

For health data specifically, AI can make cross-border compliance harder in practice even if the legal transfer mechanism stays the same. Health AI systems often involve sensitive personal information, user inputs, usage logs, and model outputs derived from protected medical data. China’s AI rules add additional obligations related to lawful sourcing, consent, training data quality, data security, annotation governance, content labeling, misuse prevention, and explainability. So, a provider trying to move health data or health-data-derived AI workflows across borders must satisfy both the ordinary transfer regime and the AI-specific requirements related to training data, consent, data security, labeling, and output control.

Medical AI often depends on precisely the types of data that trigger the most stringent regulation. The NHC’s own AI guidance highlights use cases involving electronic medical records, clinical trial data, adverse event reporting, and real-world data.¹²⁷ As systems become more multimodal and individualized, they are more likely to intersect simultaneously with PIPL and DSL classifications, HGR rules, and ethical review requirements, triggering complex compliance obligations.

This creates particular challenges for cross-border collaboration. Local pilot mechanisms have sought to facilitate some specific cross-border collaboration on health data. For example, in March 2024, Beijing launched an AI data training base alongside a regulatory sandbox, offering firms access to computing resources, data, and compliance support to facilitate development while maintaining regulatory oversight.¹²⁸

Public reporting indicates that the initiative focused on “large models + big data + massive computing power” and included the release of more than 100 high-quality datasets exceeding 150 petabytes (PB) in aggregate volume through partnerships involving the Beijing International Big Data Exchange, the Chinese Academy of Sciences, and other institutions.¹²⁹ Beijing policy documents further state that the intent of the training base was to support large-model training through access to compute, development tools, open-source resources, and data infrastructure.¹³⁰ While official reporting does not provide a detailed public catalog of health datasets specifically, broader Beijing AI policy documents and healthcare AI pilots indicate likely priority categories including clinical records, medical imaging data, pathology and radiology datasets, pharmaceutical and clinical trial data, public health datasets, and multimodal hospital data used for AI-assisted diagnostics and biomedical model training.¹³¹

However, the regulatory environment remains vague and confusing for most companies operating in this space. For example, clinical and imaging data may fall outside the HGR regime but remain regulated as sensitive personal information, while genomic datasets fall within HGR rules and are subject to additional approval and foreign-access restrictions. The most difficult compliance cases will involve multimodal datasets that combine clinical, genomic, and behavioral data, which tend to be patient-linked and biomarker-rich.¹³² Companies that develop health AI have to comply with the same general personal info protection mandates that other tech companies do, in addition to complying with health data rules and rules on health data sets.

Legal and regulatory overlap of AI, health data, and China’s data governance regime

China’s AI health strategy is, in large part, indexing on the availability of large domestic datasets.¹³³ The goal is a system where data can aggregate across hospitals, regions, and populations, to enable system-level insights that can support AI-driven decision-making, forecasting, and automation. At the same time, this data remains subject to strict localization requirements and government control.

Multiple overlapping regulatory frameworks govern health data. The 2018 Regulations on the Management of Health Big Data require that health data reside on secure domestic servers, while 2022 cybersecurity regulations for healthcare institutions mandate that data lifecycle activities, including collection, storage, processing, transmission, sharing, backup, and deletion, be conducted within China. In practice, this means hospitals, research institutions, and companies handling health data should maintain a localized infrastructure and tightly control how data moves across systems and organizational boundaries. The 2021 PIPL also classifies health data as sensitive personal information, triggering strict requirements for collection, use, and transfer.¹³⁴

AI regulation reinforces and extends these data governance rules. Since the Generative AI Interim Measures took effect in August 2023, China has moved to institutionalize a formal filing and registration system for foundation models. The process involves layered compliance steps, including technical documentation, security assessment, and disclosure requirements, with provincial authorities conducting preliminary reviews before final oversight by the Cyberspace Administration of China. The 2023 Interim Measures for Generative AI also require the lawful sourcing of training data, alongside personal data use with consent or another legal basis, and that AI systems comply with existing laws, such as the CSL, DSL, and PIPL.¹³⁵ Several large models, including models used in healthcare and medical applications, have passed China’s filing process and appeared on official or publicly released CAC filing registries.¹³⁶

AI data regulations layer onto existing data governance structures, in addition to AI-specific mandates. This creates multiple points of intersection between AI and health data regulation. The DSL might classify certain training datasets as important data, if they include genetic or genomic resources the state views as critical to national security, triggering export restrictions and security assessment requirements.¹³⁷ Meanwhile, personal health data falls under PIPL, requiring consent, purpose limitation, and compliance with cross-border transfer mechanisms.¹³⁸ Genetic and genomic data fall under the HGR regime, which introduces separate approval requirements and restrictions on foreign access.¹³⁹ In addition, hospitals and health systems may qualify as critical information infrastructure, requiring domestic storage and security assessments for data export.¹⁴⁰

AI-specific rules add further obligations. China’s 2023 Interim Measures for the Management of Generative Artificial Intelligence Services require that providers of generative AI services (i.e., all companies or entities that develop or offer generative AI systems to the public in China) bear the responsibilities of a network information content producer and, when this involves personal information, the responsibilities of a personal information processor under the 2021 PIPL. Providers must safeguard user input information and usage records. They cannot collect unnecessary personal information, unlawfully retain input information or usage logs that can identify users, and nor unlawfully provide those inputs or logs to others. The measures also require AI providers who discover unlawful content to promptly stop generation and transmission, remove the content, take corrective steps (e.g., model optimization training), and report the discovery to the relevant authorities, among other obligations.¹⁴¹ In practice, this means AI developers and platform operators are responsible not only for the legality and security of training data and generated outputs, but also for ensuring compliance with China’s rules governing personal information collection, processing, storage, and transfer.

The Cybersecurity Technical Requirements for the Security of Generative AI Services establish detailed expectations for security of training data, model integrity, and implementation of risk controls.¹⁴² Models that generate health-related outputs (e.g., diagnostics) must train on reliable, high-quality medical datasets and adhere strictly to ethical and clinical norms. Moreover, providers must maintain strict data-labeling practices, ensure high-quality annotation by data labelers, and deploy technical safeguards, such as content filtering and classification tools, to reduce potential safety risks and improve the quality of outputs.¹⁴³ Additional regulations, including the Internet Information Service Algorithm Recommendation Provisions, reinforce these requirements. They establish an ongoing governance obligation for AI suppliers throughout the entire data pipeline and impose obligations for algorithm review, data governance, transparency, and security monitoring, and require providers to assess both training data and outputs.¹⁴⁴

Likewise, technical standards issued by China’s national standards bodies and regulators regarding pre-training and fine-tuning data in generative AI set clear standards for how data handlers must treat their training datasets. Service providers must verify that data is legally obtained and ensure they have gathered all personal or sensitive health information in accordance with existing laws. The standard requires sample-based content reviews during the pre-processing phase to ensure the model meets safety standards. When datasets contain patient-level health records, handlers must engage in strict de-identification processes to meet legal obligations under the PIPL.¹⁴⁵

China has also introduced new transparency and traceability obligations through the March 2025 Measures for the Identification of AI-Generated Content and the accompanying mandatory national standard, the Cybersecurity Technical Specification for Identifying AI-Generated Synthetic Content. Together, these rules require AI-generated content to carry both visible labels and embedded technical identifiers so users and downstream platforms can recognize its synthetic origin.¹⁴⁶ Applied in digital health settings, these requirements mean outputs, such as health guidance or diagnostic content, must clearly identify as AI-generated to reduce risks of confusion or misinformation. The rules also require metadata to include information on content provenance, provider identity, and traceable identifiers, extending accountability across the full chain of content distribution.¹⁴⁷

AI is deepening the core contradiction at the center of China’s health data governance system. On the one hand, China’s ambitions in medical AI, biotechnology, pharmaceutical innovation, and precision medicine require access to massive, diverse, and internationally connected datasets capable of supporting advanced model training, validation, and deployment. This creates pressure for greater cross-border data integration, expanded clinical collaboration, and more flexible mechanisms for data sharing. On the other hand, China views many of the same datasets that make AI systems more effective, especially genomic, biometric, and large-scale health datasets, as strategic resources tied to national security, economic competitiveness, and sovereign control over critical technologies. This tension is visible in several areas already discussed in the report:

Easing rules for multinational oncology trials while tightening genomic and population-scale data controls.
Creating free-trade-zone pilots and negative lists while expanding the important data category.
Encouraging AI-enabled healthcare while requiring localization, security reviews, and algorithm filings.
Supporting cross-border pharmaceutical R&D while retaining discretionary approval authority.

In sum, AI regulation increasingly intersects directly with health-data governance (Figure 3). Firms developing health AI systems in China have obligations related not only to data security, personal data protection, and genetic resource management under China’s current regime, but also to the lawful sourcing of training data, consent management, annotation quality, model explainability, content labeling, output traceability, and cybersecurity review.

Figure 3: Regulatory/legal overlap of AI regulation and health-data governance

Future policy directions

Now that China’s cross-border data regime for personal information is largely complete, policy is likely to focus on refining implementation. China’s 2025 Government Work Report calls for improving the basic data system, expanding data utilization, promoting and regulating cross-border flows, and signals a commitment to continuously refine the existing system.¹⁴⁸ Pilot mechanisms, including FTZ negative lists, are already in use, with the CAC calling out particular progress in the pharmaceutical sector.¹⁴⁹ These pilots refer primarily to recent FTZ initiatives in Beijing, Shanghai, Tianjin, and Hainan, where regulators have experimented with more flexible cross-border transfer rules for selected industries and data categories.¹⁵⁰ The CAC has stated that regulators intend to replicate and scale these pilot experiences, particularly FTZ negative-list approaches and streamlined approval mechanisms, to additional regions and sectors as implementation matures.¹⁵¹ Negative list pilots reduce uncertainty by explicitly identifying categories that do not require CAC security assessment or related procedures, providing more procedural certainty to firms operating in the sector.

At the same time, “important data” will remain tightly controlled.¹⁵² China recently expanded the DSL’s important data category to include industrial, economic, and technical data deemed strategically sensitive. The definition remains intentionally vague, allowing regulators the flexibility to expand its scope.¹⁵³ As geopolitical competition around biotechnology increases, there is potential to deem a growing number of data categories strategically significant. Reflecting this dynamic, many firms still face uncertainty in determining what qualifies as important data, even after formal easing. Uncertainty is a defining feature of the revised regime, especially for large firms operating at scale.

A second near-term priority is more sector-specific guidance. China aims to establish a more refined regulatory framework centered on business scenarios and industry-specific rules to complement the existing more general legal guidance.¹⁵⁴ Supporting this interpretation, the National Development and Reform Commission has signaled plans to develop industry-specific rules for cross-border data flows, and also signaled plans for 2026 to finalize negative lists for additional FTZs.¹⁵⁵ For example, the PRC in April 2025 issued guidelines on cross-border flows of financial data,¹⁵⁶ and in February 2026 released guidance on cross-border automobile data transfers.¹⁵⁷

A third near-term trend is selective facilitation paired with continued supervision. The 2024 CAC provisions introduced exemptions for lower-risk transfers, such as contract performance, human resource management, emergency scenarios, and limited volumes of non-sensitive data.¹⁵⁸ At the same time, the CAC has stated regulators continue building and using the negative-list mechanism as an approval boundary, versus moving to unrestricted flows, signaling that in the near term, lower-risk cases will see continued easing of restrictions, while the expectations are that state control and oversight over higher-risk categories will offer little movement.¹⁵⁹

Medium-term: Differentiation, institutionalization, and post-transfer oversight

In the medium term, China is moving from a broadly restrictive model toward one that categorizes data flows by risk, sector, and location. For example, sector-specific export rules have begun to emerge for autonomous and connected vehicles. Draft automotive data-transfer guidance issued in 2025 treats certain data used for autonomous-driving and advanced driver-assistance development as important data requiring approval for overseas transfer, while permitting lower-risk transfers through clearer compliance pathways.¹⁶⁰ At the same time, location-based pilots advance through FTZs. Shanghai’s FTZ and Lingang Special Area introduced a negative-list model in 2025 under which data not listed as restricted may flow abroad without extra filings or declarations; Shanghai expanded this model citywide in April 2026.¹⁶¹ Hainan has also issued a free trade port data-export negative list, adding a second major pilot location.¹⁶²

Meanwhile, the state will also likely move to enhance its regulatory oversight capabilities. CAC’s 2024 cross-border data-flow provisions relaxed some front-end approval requirements, including exemptions for transfers that do not involve personal information or important data, while preserving obligations for data handlers to protect exported data, take remedial action after incidents, and report problems to regulators.¹⁶³ Recent automotive data guidance points in the same direction by requiring designated compliance personnel, internal approval procedures, and multi-year transfer logs, suggesting that in the medium-term, lower-risk transfers will move more easily up front, while audits, inspections, and post-transfer compliance become more important.¹⁶⁴

AI is likely to deepen sectoralization in concrete ways, especially through the state-led development of sector-specific, AI training-ready datasets. In a 2025 article published by the National Development and Reform Commission, Liu Liehong, one of China’s top officials on data policy and digital governance, describes data as “the fuel that powers the development of artificial intelligence technology” and argues that data systems must enable circulation and use while also being secure. ¹⁶⁵

This policy direction is already visible in recent sectoral initiatives. For example, China’s “Data Element ×” Three-Year Action Plan (2024–2026), issued by multiple central agencies, identifies at least 12 priority sectors, including healthcare, scientific research, and manufacturing, and calls for improving data supply quality, enabling circulation, and supporting advanced applications such as AI and large models.¹⁶⁶ In the health sector specifically, the plan and related policy efforts promote the standardization and sharing of electronic medical records and other clinical datasets to support AI-driven applications, with dataset standardization explicitly framed as necessary for machine learning and large model training.167 More broadly, recent policy development has focused on building “AI-ready” sectoral datasets that can directly train models across industries, linking data governance reforms to AI industrial strategy.¹⁶⁸

These initiatives align with a wider shift in China’s digital policy, in which the state seeks to unlock the “multiplier effect” of data across sectors while maintaining centralized oversight through unified standards, security controls, and data classification frameworks.¹⁶⁹. In practice, this means China is constructing structured, sector-specific pipelines to aggregate, standardize, and use data, including in some cases internationally sourced data, for AI training under state-defined governance systems.

Beijing may also continue to deepen international cooperation on data governance through multilateral forums, such as the United Nations and World Trade Organization, while advancing the Digital Silk Road and promoting governance approaches aligned with PRC preferences.¹⁷⁰ China’s National Data Administration recently announced the launch of a new office, the Department of International Data Governance Cooperation, as a means to assist the PRC in coordinating global cross-border data flows.¹⁷¹One analysis flagged developments like these could be a positive signal for data sharing in scientific research, stating that something like “a government-managed sandbox in which data sharing is encouraged might make China data more available for certain types of research, even if the sources are limited and contained.”¹⁷²

Long-term: Managed openness within a sovereignty-centered system

Over the long term, China aims to build a comprehensive cross-border data governance model covering the full data lifecycle, from collection and processing to transfer and trading. This system will combine domestic control with selective international integration. This trajectory aligns with China’s “dual circulation” strategy.¹⁷³ In essence, Beijing will optimize domestic data flows to support economic development and technological innovation, while selectively permitting cross-border flows where they align with national interests (Figure 4).

China is also likely to play a more active role in shaping international data governance standards while maintaining core principles of sovereignty and state oversight. China’s 2022 “Twenty Measures on Data” state that China should “actively participate in the formulation of international rules governing cross-border data flows,” while ensuring security across the full process of data provision, circulation, and use.¹⁷⁴ More recent 2026 planning guidance similarly calls for aligning with “high international standards” in areas including finance, healthcare, education, and cross-border data flows, while balancing development and security.¹⁷⁵ These signals suggest China seeks a larger role in shaping global digital rule-making while maintaining its core positioning on data sovereignty and security. The long-run trajectory will be toward a more mature, layered regime in which some categories of data move through more standardized channels, while politically and strategically sensitive data remain subject to tighter gatekeeping.

AI is likely to matter even more in the long run because it raises both the economic value and strategic sensitivity of data. In the long term, this suggests the PRC will aim to maintain participation in global AI value chains, while treating data flows relevant to AI as matters of national security and central to data sovereignty, and subject to more stringent oversight than flows related to ordinary digital trade.

Figure 4: China’s near-, medium-, long-term data policy directions

Recommendations for MNCs to build resilience in the face of potential future regulatory changes

China’s health and data governance system now prioritizes domestic control, policy alignment, and strategic value of data, while still allowing targeted collaboration in areas that support national goals. For foreign MNCs operating in China, the practical implications of China’s health-data regime differ significantly depending on the type of data involved, the sector, the geographic location, and whether AI systems are part of the workflow. Still, several broad operational principles emerge from the current regulatory environment.

Differentiate among types of health data

Not all health data carries the same regulatory or political sensitivity. Routine clinical-trial data and certain imaging datasets increasingly move through approved channels, especially in oncology and multinational pharmaceutical trials. By contrast, genomic data, multimodal datasets combining genomic and behavioral information, and population-scale datasets remain significantly more sensitive because regulators link them to biotechnology competition, AI development, and national security. The most difficult compliance environments are likely to involve: multimodal AI-training datasets, integrated patient-level longitudinal records, genomic and sequencing datasets, real-world evidence platforms operating across borders, and foundation-model training environments involving sensitive medical data.

Understand which regulators matter for which activity

China’s health-data system remains fragmented across multiple regulatory authorities with overlapping jurisdiction.

The CAC primarily oversees outbound data-transfer assessments, cybersecurity reviews, and implementation of the PIPL and DSL.
Previously under MOST management, NHC now oversees the HGR regime, genomic collaboration approvals, and foreign participation in genetic-resource activities.
NHC and hospital systems govern clinical records, health-data governance, ethics review, and hospital information systems.

Provincial governments and FTZ authorities increasingly shape implementation through pilot mechanisms, negative lists, and localized experimentation.

Successfully navigating an evolving regulatory regime will depend on regulatory alignment, local partnership, and operational flexibility across jurisdictions. Fortunately for multinationals, China still needs international collaboration to meet its long-term healthcare sector goals,¹⁷⁶ and this means opportunities for cooperation continue despite persisting and rising geopolitical tensions.

Assume localization by default

Companies should assume that sensitive health data, especially identifiable patient data, imaging datasets, genomic information, and multimodal AI-training datasets, will need to remain stored and processed within China unless a clear approved pathway exists for export. MNCs have begun to consider more China-localized data stacks paired with other privacy-enhancing approaches, or restructuring workflows to minimize cross-border transfer dependence.¹⁷⁷

Techniques, such as federated learning (in which an AI model trains across multiple locations without centralizing the underlying data), domestic model training, trusted research environments, localized inference infrastructure, and use of synthetic data (artificially generated data designed to statistically resemble real-world data) can support collaboration without transferring raw data and align with emerging PRC approaches sometimes described as making data “usable but not visible.” ¹⁷⁸ China has begun advancing pilot initiatives around trusted data spaces and privacy-preserving data-sharing frameworks in healthcare, suggesting these models have emerging government support.¹⁷⁹

Build around Chinese institutional partners

China’s system places high value on institutional relationships, local trust, and embedded presence, which have direct impacts on business outcomes. As one expert in China’s healthcare sector put it, “trust, reputation and alignment with local interests shape everything—from access to clinical sites and patient data, to regulatory timelines and hospital partnerships. Those who prioritize relationships first and profit second will be best positioned to navigate complexity and thrive.”¹⁸⁰

Successful collaboration generally depends on strong Chinese institutional partners. These often include top-tier hospitals, local affiliates, contract research organizations, research institutes, or state-linked healthcare entities capable of interfacing with regulators and ethics committees. In many cases, these institutions formally control or steward the underlying datasets and serve as the primary interface with authorities. Institutional trust, existing regulator relationships, and operational familiarity with provincial implementation practices often determine whether projects move forward efficiently.¹⁸¹

Partnership models should tailor to specific objectives. Models can include equity-based partnerships,¹⁸² project-based collaborations,¹⁸³ capacity-building and exchanges,¹⁸⁴ licensing arrangements, and embedded, long-term local presence.¹⁸⁵ Several partnership models exist, with tradeoffs for each type. For example, equity-based partnerships (i.e., joint ventures, acquisitions, co-funding arrangements, etc.) are beneficial in terms of better ensuring strategic alignment and signaling long-term commitment, as well as gaining local insights and engaging in shared risk not available with other partnership models. However, these processes are time-consuming, costly, and often require significant financial and human resource investments. Meanwhile, project-based collaborations (more common for global research projects) are much less costly and much quicker to launch. However, questions around intellectual property and data ownership and dependence on local execution of the project may come with significant downsides.¹⁸⁶

Expect iterative and ongoing engagement

Although the post-2024 CAC regime has become more proceduralized, firms still report substantial uncertainty around the important data classification, scope determinations, and documentation requirements. Publicly available guidance now includes standardized filing templates, formal completeness checks, published review timelines, and expanded exemptions.

However, implementation still appears highly relationship-driven and iterative in practice. China’s regulatory system often relies significantly on ongoing engagement and coordination, from local pilot zone engagements at the working level to central authorities. Approval processes often depend on iterative dialogue. Successful business outcomes are often the result of continuous regulatory engagement, including early-stage consultation on data export and trial design, coordination across local and national authorities, and dedicated in-country teams to manage government relations.¹⁸⁷

Companies should expect extensive pre-filing consultation, multiple rounds of documentation revision, and coordination across legal, compliance, technical, ethics, and hospital stakeholders. The goal should be sustained engagement rather than transaction-oriented. For example, a cadence of bi-monthly check-ins at the working level to update on progress and thank local teams for their assistance can better equip these teams to make bigger “asks” higher up the bureaucratic chain when needs arise. For example, pilot programs such as FTZs and “green channel” mechanisms provide faster approvals when firms engage proactively.¹⁸⁸

Plan for regulatory divergence and operational decoupling

US and Chinese policies on health data, biotechnology, and sensitive information are diverging, increasing global data fragmentation and hindering opportunities for cross-border collaboration.¹⁸⁹ The United States has introduced restrictions affecting bulk sensitive data transfers and biotechnology collaboration,¹⁹⁰ while China treats certain health, genomic, and related biodata as strategically sensitive and subjects many transfers to security review.¹⁹¹

Firms could consider parallel operating structures, including separate data environments for China and global operations, distinct clinical trial strategies and data pipelines, and flexible manufacturing and R&D footprints across jurisdictions. These approaches, while potentially improving regulatory resilience and operational continuity, are often resource-intensive and may require substantial investments in infrastructure, compliance, staffing, legal coordination, and duplicative operational capacity. Elements of this shift are already visible, with many multinationals expanding localized R&D, manufacturing, and data-handling infrastructure in China to manage regulatory fragmentation and improve resilience across jurisdictions. For example, recent analyses have found a broader shift by foreign life sciences firms toward localization strategies in response to regulatory, supply-chain, and geopolitical risk.¹⁹²

About the author

Kenton Thibaut is senior resident China fellow at the Atlantic Council’s Digital Forensic Research Lab (DFRLab), where she leads China programming for the Democracy + Tech Initiative; she is also a Senior Fellow at the Scowcroft Center’s Indo-Pacific Security Initiative.

In this capacity, she serves as head of China research and as principal investigator for projects examining China’s role in the global technology ecosystem and the PRC’s policy priorities in the digital domain. Her research is explicitly comparative, situating China’s data and technology policies alongside those of the United States and the European Union to assess their implications for strategic competition, global standards-setting, and the international digital order.

Thibaut received her PhD in Political Science from Georgetown University, where her doctoral research examined the social and political drivers of regulatory fragmentation in cross-border data governance regimes. She holds an MA in International Economics from the Johns Hopkins School of Advanced International Studies and completed graduate studies in Nanjing, China.

Acknowledgements

The author would like to thank Diana Pankevich, Patrick Beyrer, Samm Sacks, Rebecca Katz, Kendra Schaefer, and Trey Herr for their comments on earlier drafts of this report, various health and biopharma sector experts for background discussions, and Nitansha Bansal, Justin Sherman, and the rest of the project team for their support.

Explore the program

The Atlantic Council’s Cyber Statecraft Initiative, part of the Atlantic Council Technology Programs, works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

learn more

Image: Freepik.

Share

Table of contents

Introduction

Drivers of China’s approach to personal data

Data as a strategic economic resource

Data as a national security asset

Health data under China’s data governance system

Figure 1: Data overlap in China’s health data governance system

Exporting health data as sensitive personal information and important data

Constraints on exporting health data

Recent moves reduce burdens on exporting health data

Standard contracts as a middle ground compliance pathway

Figure 2: China’s health data export regulatory pathway

Collaboration under the new regulatory regime

Implications for cross-border data transfer activities and cooperation on health research

The AI factor

State of health data in the AI sector

AI in China’s healthcare sector

Implications for cross-border data transfer activities and cooperation on health research

Legal and regulatory overlap of AI, health data, and China’s data governance regime

Figure 3: Regulatory/legal overlap of AI regulation and health-data governance

Future policy directions

Near-term: Refinement, selective easing, and controlled facilitation

Medium-term: Differentiation, institutionalization, and post-transfer oversight

Long-term: Managed openness within a sovereignty-centered system

Figure 4: China’s near-, medium-, long-term data policy directions

Recommendations for MNCs to build resilience in the face of potential future regulatory changes

Differentiate among types of health data

Understand which regulators matter for which activity

Assume localization by default

Build around Chinese institutional partners

Expect iterative and ongoing engagement

Plan for regulatory divergence and operational decoupling

About the author

Acknowledgements

Related Reading

Navigating the European Union’s AI and health data framework

Securing data in the AI supply chain

The US AI health data collision: Charting the future of US cross-border data flow policy, health data, and health and biopharma AI policy

Explore the program

Oops...

It looks like we're having a technical issue.