Pain Point

China Data Localization

The cumulative regulatory effect of the PRC Cybersecurity Law (2017), Data Security Law (2021), and Personal Information Protection Law (2021) — jointly prohibiting cross-border export of "important data," PRC-citizen personal information, and state-secret-adjacent data without explicit Cyberspace Administration of China (CAC) review.

7 connections 3 resources 2 posts

Summary

What it is

The cumulative regulatory effect of the PRC Cybersecurity Law (2017), Data Security Law (2021), and Personal Information Protection Law (2021) — jointly prohibiting cross-border export of "important data," PRC-citizen personal information, and state-secret-adjacent data without explicit Cyberspace Administration of China (CAC) review.

Where it fits

The PRC-side gravity well. The single biggest reason the index now lists Aliyun OSS, Tencent COS, and Huawei OBS as first-class nodes — workloads inside China are not architecturally portable to non-PRC providers without regulatory work that takes quarters and may simply fail.

Misconceptions / Traps
  • Data localization is not just personal data — "important data" is broad and discretionary, and CAC interpretation has tightened over time.
  • "Set up an AWS region in China" does not solve this — AWS China is operated by Sinnet/NWCD as separate legal entities under PRC law, with reduced feature parity.
  • Multinational replication strategies that include PRC users typically fork into a PRC-local stack and a global stack, with deliberate non-replication at the boundary.
Key Connections
  • Drives Aliyun OSS / Tencent COS / Huawei OBS adoption inside China
  • enables East Data West Computing as the lawful pattern
  • scoped_to Sovereign Storage, S3, Object Storage

Definition

What it is

The cumulative effect of three PRC laws — the **Cybersecurity Law (2017)**, **Data Security Law (2021)**, and **Personal Information Protection Law (2021)** — that jointly **prohibit cross-border export** of "important data," personal information of PRC citizens, and any data classified as state-secret-adjacent unless an explicit Cyberspace Administration of China (CAC) security review is passed. In practice this is the regulatory backdrop that makes **Aliyun OSS, Tencent COS, and Huawei OBS** the only viable storage tier for any AI workload involving Chinese-domiciled users, including most foundation-model training corpora collected inside China.

Connections 7

Outbound 3
scoped_to3
S3Object StorageSovereign Storage
Inbound 4
solves4
Aliyun OSSTencent COSHuawei OBSEast Data West Computing

Resources 3

DocsHigh
www.gibsondunn.com/wp-content/uploads/2021/10/chinas-new-per...

Legal-firm summary of China's Personal Information Protection Law (PIPL) covering the cross-border transfer regime that implements data localization for personal information.

SpecHigh
www.cac.gov.cn/2017-06/01/c_1121057780.htm

Cyberspace Administration of China official text of the Cybersecurity Law (2017) — the foundational PRC law that created the data-localization framework.

BlogHigh
www.dlapiper.com/en/insights/publications/2024/01/chinas-rev...

Analyst summary of CAC's revised cross-border transfer rules — practical guide for what an "important data" classification requires of an export workflow.

Featured in

2026-05-08 When the Index Gained 13 Nodes: A Field Guide to the May 2026 Wave On May 7 the index added 13 new nodes — five technologies, six pain points, one architecture, one standard. Each answers a specific question engineers building on object storage are asking right now: what is China's S3 stack, why are GPUs starving, what replaced MinIO, what are the three data gravity wells, and a few more. This post walks through them by question rather than by node type, because that's how the questions actually arrive in production. 2026-05-07 When DeepSeek Made Storage Strategic: The China Direction Reshaping the S3 Ecosystem DeepSeek's $5.6M training run didn't just reset model architecture. It made object storage performance-critical, made silicon export controls a storage decision, and pushed Aliyun OSS, Tencent COS, and Huawei OBS from regional curiosities into the global S3 vocabulary. This index added 13 nodes to track what changed.