On 1 February 2013 entered into force the following data localisation requirement, contained in "Information Security Technology - Guidelines for Personal Information Protection Within Public and Commercial Services Information Systems", prepared by the Ministry of Industry and Information Technology (MIIT) Standardization Administration. Article 5.4.5 prohibits the transfer of personal data abroad without explicit consent of either the data owner or the state:
 
'Absent expressed consent of the subject of the personal information, or explicit legal or regulatory permission, or absent the consent of the competent authorities, the administrator of personal information shall not transfer the personal information to any overseas receiver of personal information, including any individuals located overseas or any organizations and institutions registered overseas.'