Law of the People's Republic of China on the Protection of Personal Information (effective November 1, 2021)

Articles 54 and 64: Provide the basic legal framework for personal information protection compliance audits, requiring companies to proactively fulfill their auditing obligations and cooperate with supervision.

Regulations on Network Data Security Management (effective January 1, 2025)

Article 27: To further refine the auditing requirements, network data processors shall periodically conduct compliance audits, either on their own or by commissioning professional organizations, of their handling of personal information in compliance with laws and administrative regulations.

Measures for the Management of Compliance Audits on Personal Information Protection (issued on February 14, 2025, effective May 1, 2025)

The first supporting rules for personal information protection compliance audits were formalized.