Under China’s data protection regulatory framework, data processors are required to pass a security assessment conducted by the cybersecurity regulator before transferring certain categories or volumes of data out of China. This January, six months after the Cyberspace Administration of China (“CAC”) released the Measures on Security Assessment of Outbound Data Transfers (“