The PIPL is China's first comprehensive personal information protection statute, effective 1 November 2021. It establishes a consent-based framework for processing personal information, grants individuals rights over their data, and adds distinctive data localization and cross-border transfer controls.

The Cybersecurity Law took effect 1 June 2017 as the foundational statute for China's cyberspace governance. It introduced network operator security obligations, real-name registration, and the concept of critical information infrastructure with associated data localization duties.

The Data Security Law took effect 1 September 2021, governing data handling activities broadly rather than only personal information. It establishes a tiered data classification system, with escalating protections for important data and core data tied to national security.