From incident response to red teaming, many global teams touch systems and data in China without realising the legal tripwires. In this live CIO Summit conversation, THEOS Cyber CEO Paul Jackson speaks with DLA Piper’s Carolyn Bigg about the realities of operating in China’s data and cyber landscape. Topics include why consent is foundational, why remote access counts as a cross-border transfer, volume thresholds that trigger filings or approvals, and new breach notification measures with four-hour reporting for higher-severity incidents and mandatory 30-day remediation reporting. They also cover local technical standards beyond ISO 27001, provincial CAC dynamics, operational risks such as license exposure, and the unique AI environment in China where toolsets, policy aims, and threat models differ from the West. A clear, practical primer for CISOs, legal, and operations leaders who need to plan before the crisis.

Disclaimer: This episode provides general information. It is not intended to be, and should not be used as, a substitute for taking legal advice in any specific situation. Organisations should consult counsel for guidance.

Production Credits:

Presented by: Paul Jackson
Studio Engineer & Editor: Roy D'Monte
Executive Producers: Paul Jackson and Ian Carless
Co-produced by: Theos Cyber and W4 Podcast Studio