Entities who want to provide data abroad may go through an internal security review and, on some occasions, will be subject to a government review, according to a draft regulation released by the Cyberspace Administration of China (CAC) Friday.

The draft regulation was released to solicit public opinions, the CAC statement said.

An internal security review should go through the amount, range, variety and confidentiality of data to be provided overseas and assess the risks that such a move may pose on state and public interests and legal rights and interests of individuals and organizations, the document said.

Whether the data will be transmitted safely without damage and leakage should also be reviewed, it added.

If the data is collected from major IT infrastructure projects in China or the collector operates a data bank containing the personal information of 1 million individuals or more, the security review should be submitted to the CAC.

The document said that the CAC will also go through a security review of sharing abroad personal information of 100,000 individuals or more.