中美医药数据出境监管新规对生物医药企业国际化影响及合规建议


 

在医药行业全球化发展、国家间政治摩擦加剧及资本市场监管收紧等背景形势影响下,国内生物医药企业选择出海发展以及开展跨境合作已成为“活下去”和“寻发展”的趋势。在国际化发展过程中,不可避免地涉及到跨境处理医药数据;而医药行业的特殊性使得医药数据中通常会包含敏感个人信息、人类遗传资源信息等数据,此类特殊类型的数据一直是国内外监管机关进行国家安全保障和生物安全监管的重点对象,也是国内生物医药企业在设计业务模式以及洽谈跨国项目合作过程中的核心关注点。

 

本文以美国近期出台的数据出境新规《关于防止受关注国家获取美国人批量敏感个人数据和美国政府相关数据的行政命令》(“《行政命令》”)为切入点,分别对美国和中国对医药数据跨境传输的监管规定、监管措施和法律责任进行梳理总结,并对国内生物医药企业在涉及数据跨境传输的情形下需关注的合规要点提出建议,以供生物医药企业参考了解。

 
 
 
 
1
美国医药数据跨境传输监管新规、管控措施及法律责任

 

1
美国医药数据跨境传输监管概况
 

美国在联邦层面并未出台统一的数据监管法案,而在州及地方层面,美国各州及地方监管机关在其管辖范围内出台了相应数据监管法案。例如,美国华盛顿州于2023年4月27日出台了《我的健康我的数据法案》(“MHMDA”),自2024年3月31日起对受监管者全面生效,MHMDA适用于“消费者健康数据”,要求企业提供数据主体权利,并提供有关其处理活动的某些披露,在没有“既定必要性”的情况下,只有在消费者同意的情况下才能处理消费者健康数据。

 

2
美国医药数据跨境传输监管新规
 

《行政命令》于2024年2月28日由美国总统拜登基于宪法和《国际紧急经济权力法》等美国法律赋予的权力签署发布。根据白宫2024年2月28日发布的事实说明[1],《行政命令》系美国总统为了保护美国人的数据安全而采取的最重要的行政行动,并授权美国司法部长防止美国人的个人数据大规模转移到受关注国家。《行政命令》侧重于美国人的个人和敏感信息,包括基因组数据、生物识别数据、个人健康数据、地理位置数据、财务数据和某些类型的个人身份信息。此外,美国司法部于2024年2月29日发布《受关注国家获取美国人大量敏感个人数据和美国政府相关数据规则》的拟议规则预通知 (“《预通知》”) ,将《行政命令》中的规则进一步细化,并向社会公开征求意见。

 

美国近年来采取了多种行政手段以加强对美国信息安全和跨境交易的监管,包括但不限于美国商务部于2021年1月19日发布的《<确保信息通信技术与服务供应链安全>最终暂行规定》(“IFR”)中规定了针对信息、通信技术及服务(“ICTS”)行业内的公司进行国家安全审查的程序,以及在《外国投资风险审查现代化法案》中扩大了受制于美国外国投资委员会(“CFIUS”)审查的外国投资范围,审查要求也趋于严格。《行政命令》从跨境信息传输的角度进一步限制了中国主体对美国敏感数据的访问。

 
3
美国医药数据跨境传输监管要点
 

(1)《行政命令》监管要点

 

• 敏感个人信息的范围

 

根据《行政命令》第七条(l),“敏感个人数据”是指受保护的个人标识符、地理位置及相关传感器数据、生物识别符、人类“组学数据”、个人健康数据、个人财务数据或上述任何组合的数据,且这些数据如果被关联或可关联到任何可识别的美国个人或离散且可识别的美国个人群体,就可能被受关注国家利用来损害美国国家安全。“敏感个人数据”的具体定义则是授权司法部长根据《行政命令》第2条发布《受关注国家获取美国人大量敏感个人数据和美国政府相关数据规则》进一步确定。

 

对于国内生物医药企业而言,在出海至美国的相关场景下,其通常会涉及已开展包括美国在内的多中心临床试验的情形,而在临床试验过程中所获取的美国受试者入组前的健康体检信息、病历表、给药记录、临床症状、体征、病程、影像学记录、不良反应记录、生物样本(如血液、尿液、唾液)等,将跨境传输回国内医药企业用于分析研究,而上述数据均可能构成敏感个人数据。

 

而在国内医药企业作为被许可方,引进美国许可产品或技术的license-in交易场景中,国内企业为尽调和评估许可产品或技术之目的,通常需要美国的许可方向国内医药企业提供许可产品或技术相关的临床前研究数据、临床试验数据等数据,前述数据也可能构成敏感个人数据。

 

• 受关注的国家

 

根据美国司法部发布的关于预先通知的要点列举[2],美国司法部考虑将中国(包括香港特别行政区和澳门特别行政区)、俄罗斯、伊朗、朝鲜、古巴和委内瑞拉在内的六个国家识别为“受关注国家”。根据《行政命令》第七条(c)和(d),被识别为“受关注国家”的法律后果主要体现在由受关注国家拥有、控制或受其管辖或指导的实体将会受到相应限制,而且受相应限制的对象范围还包括:该实体的外国雇员或承包商;受关注国家的外国雇员或承包商;主要居住在受关注国家领土管辖范围内的外国公民;或由司法部长指定为属于受关注国家拥有、控制或受其管辖或指导,代表关切国家或其他受限制人员行事,或故意直接或间接导致违反本命令或执行本命令的任何规定的个人。

 

因此,无论是在国内设立和运营的企业,还是国内企业在美国的子公司或承包商,都可能属于受关注国家的受限制人员,开展美国个人数据相关交易将受到监管。

 

• 大量数据的标准

 

根据《预通知》,是否构成大量数据可能采用以下阈值范围进行认定,目前《预通知》在公开征求意见过程中,未来最终的阈值范围不排除会发生变化:

 

 

实践中,从临床试验I期到临床试验IV期,受试者的人数会逐步增长,累计受试者人数很通常超过百人,进而很有可能会因超过上表阈值范围而落入监管范围。

 

• 具体监管措施

 

根据《行政命令》第二条(a),若交易涉及大量敏感个人数据的,或对美国国家安全构成不可接受的风险的,或不符合豁免条件且未获得许可证授权的,可能被禁止或被限制。美国司法部和美国国土安全部正在制定受限制的交易下相关方必须采取的安全措施,根据《预通知》,安全措施包括:落实基本组织网络安全态势要求;在受限制数据交易中采取包括数据最小化和屏蔽、使用隐私保护技术、开发信息技术系统以防止未授权披露,以及实施逻辑和物理访问控制在内的技术措施;和满足特定合规要求,例如通过独立审计师对上述措施进行年度审计。

 

在国内生物医药企业出海至美国以及作为被许可方从美国引进许可产品或技术等BD交易场景下,会涉及从美国向中国传输临床数据和人体相关数据的情形,由于可能涉及大量敏感个人数据,可能被禁止或限制,因此,国内医药企业需要按照国土安全部制定的后续规则采取相应安全措施,满足豁免条件或取得许可证。

 

(2)其他监管要点

 

具体到数据跨境传输领域,第一,美国对于个人信息的跨境传输监管主要通过亚太经济合作组织(APEC)确立的《跨境隐私规则体系》(Cross-Border Privacy Rules System, “CBPR系统”)完成。CBPR系统旨在建立消费者、企业和监管机构对个人信息跨境流动的信任,其要求参与企业实施与APEC隐私框架一致的数据隐私政策[3]。第二,美国对于关键领域数据的跨境传输监管主要通过《外国投资风险评估现代化法案》(The Foreign Investment Risk Review Modernization Act of 2018, “FIRRMA”)、《出口管制条例》(Export Administration Regulations, “EAR”)等法案以外商投资安全审查、出口管制等手段进行相应规制。

 

具体而言:(1)当交易涉及到敏感个人数据(Sensitive Personal Data)时,美国外国投资委员会(“CFIUS”)将有权进行外商投资安全审查,交易参与方必须履行强制申报义务[4];以及(2)当特定类型出口产品的技术数据进行跨境传输时,需要事先取得出口许可证。[5]

 

4
美国医药数据跨境传输法律责任
 

相对应地,若国内生物医药企业在将医药数据从美国出境到国内的过程中未履行上述义务,将依法承担相应责任。具体而言:(1)对于未提交强制申报的,将根据违法行为的性质,处以不超过25万美元或交易价值的民事罚款(以较高者为准)[6];(2)对于违反EAR等法案的出口行为,将面临民事罚款(Civil Monetary Penalties)、拒绝出口特权(Denial of export privileges)、吊销参与资格(Exclusion from practice)、监禁、刑事罚款等制裁或处罚[7];以及(3)司法部未来出台的《受关注国家获取美国人大量敏感个人数据和美国政府相关数据规则》将进一步明确违反《行政命令》的法律后果及罚则。

 
 
2
中国医药数据跨境传输监管新规、管控措施及法律责任
 
1
中国医药数据跨境传输监管概况
 

中国的数据跨境传输监管以《民法典》《刑法》《网络安全法》《数据安全法》《个人信息保护法》等为基础法律,并相继出台《数据出境安全评估办法》《个人信息出境标准合同办法》《个人信息出境标准合同备案指南》《网络安全标准实践指南—个人信息跨境处理活动安全认证规范V2.0》等配套规则为数据出境的提供实操指引,同时辅以《人类遗传资源管理条例》《关键信息基础设施安全保护条例》《电子病历应用管理规范(试行)》等细分领域规范,构建了一套全方位、多层次的法律法规体系。

 

此外,国家互联网信息办公室于2023年9月28日发布《规范和促进数据跨境流动规定(征求意见稿)》,拟对数据跨境传输监管制度进行优化调整。国内生物医药企业在跨境数据传输场景下针对涉及到的不同数据类型,需遵守不同的对应监管要求。具体而言,以药物临床试验阶段不可避免会涉及到的临床试验数据、健康医疗数据[8]为例,相关主体还需对应遵守《国家健康医疗大数据标准、安全和服务管理办法(试行)》《药物临床试验质量管理规范(2020修订)》等法规政策。

 
2
中国医药数据跨境传输监管措施
 

特别地,对于国内生物医药企业而言,需要格外注意的是,在跨境技术交易、多中心临床试验等跨境数据传输场景中:(1)如涉及到了人类遗传资源[9]出境,需取得相应监管部门的批准;以及(2)如涉及到了重要数据和/或个人信息出境,则可能需申报数据出境安全评估并进行数据出境风险自评估[10],或通过订立标准合同的方式向境外提供并完成备案[11]。其中,重要数据是指一旦遭到篡改、破坏、泄露或者非法获取、非法利用等,可能危害国家安全、经济运行、社会稳定、公共健康和安全等的数据。[12]个人信息是指以电子或者其他方式记录的与已识别或者可识别的自然人有关的各种信息,不包括匿名化处理后的信息。[13]

 
3
中国医药数据跨境传输法律责任
 

基于以上监管要求,若中国生物医药企业在跨境数据传输场景项下涉及受监管的数据类型,而未履行对应审批、申报等义务的,则根据所涉数据类型的不同,将面临不同的民事责任、行政责任乃至刑事责任。

 

1.在民事责任层面,以侵犯个人信息为例,将依法承担民事侵权责任[14]

 

2.在行政责任层面,以违规跨境传输重要数据为例,有关主管部门将责令改正,给予警告和/或对医药企业以及直接负责的主管人员、其他直接责任人员处以相应金额的罚款,乃至责令暂停相关业务、停业整顿、吊销相关业务许可证或者吊销营业执照[15]

 

3.在刑事责任层面,以违反国家有关规定,非法运送、邮寄、携带中国人类遗传资源材料出境为例,危害公众健康或者社会公共利益的,将根据情节严重程度,依法被处以对应期限的有期徒刑、拘役、管制和/或对应金额的罚金[16]

 
 
3
中美医药数据出境监管新规对生物医药企业国际化影响及合规建议
 
1
辨别项目涉及的数据的类型
 

由于不同的数据类型的监管要求有所区别,因此,建议各生物医药企业在开展多中心临床试验或跨境技术交易等项目前,参考中美各监管要求的监管范围以及对各类数据的定义,辨别该项目涉及的数据类型以及是否属于受到监管的数据,从而,有针对性的了解与遵循法律明确的监管要求。

 

若跨境技术交易的内容为临床前阶段的化学药技术,则一般仅涉及临床前研究数据,例如药理毒理研究数据、动物试验研究数据等,因此受到对应监管的可能性也较小。相反,若跨境技术交易的内容已处于临床试验阶段或拟开展包括美国在内的多中心临床试验,由于临床试验是以人体(患者或健康受试者)为对象的试验[17],其必然涉及个人信息、敏感个人信息、健康医疗数据、人类遗传资源等,因此,该项目的跨境数据传输将受到中美监管机关的对应监管。有鉴于此,国内生物医药企业应在项目开展前对涉及到的数据的情况进行合理预判,以确保项目的合规顺利进行。

 
2
项目开展前明确所涉数据是否涉及出境
 

在确定项目所涉及的数据类型后,各生物医药企业应进一步明确所欲开展的项目是否涉及数据出境,包括从中国出境到美国以及从美国出境到中国。例如,在国内生物医药企业拟将已进行到临床试验阶段的药品license out至美国的情形下,作为许可内容的一部分,其临床试验数据等将出境至美国;而对于在美国成立了研发中心,在美国开展产品临床试验,且产品未来拟在美国市场注册上市的国内生物医药企业来说,临床试验数据可能不涉及出境到中国。如若涉及,则建议对应了解此种数据类型在中国或美国的跨境传输监管要求,确认是否符合豁免的情形,以办理相应审批、备案手续或履行安全评估等行政程序,建立相应的数据安全体系以及采取必要数据安全措施等。

 
3
事先履行数据跨境传输所需的审批或备案程序
 

是否根据监管要求履行数据跨境传输所需的审批或备案程序关涉到项目整体的合法合规。如项目涉及个人信息从中国出境到美国,根据《个人信息保护法》的相关规定,确需向中国境外提供个人信息的,应具备下列条件之一:(1)依规通过国家网信部门组织的安全评估;(2)依规经专业机构进行个人信息保护认证;(3)按国家网信部门制定的标准合同与境外接收方订立合同,约定双方的权利和义务;(4)法律、行政法规或者国家网信部门规定的其他条件[18]。如项目涉及人类遗传资源材料运送、邮寄、携带从中国出境到美国,则需取得国务院卫生健康主管部门出具的人类遗传资源材料出境证明[19]方可进行。

 

如未依法办理上述审批手续或程序,则各技术交易相关主体将受到对应制裁和/或处罚,阻碍交易的正常进行甚至导致交易失败。当项目涉及敏感个人数据从美国出境到中国时,则需通过CFIUS的外商投资安全审查,履行强制申报义务,并根据《行政命令》采取数据安全措施,取得许可证等。

 
4
在项目交易文件中明确数据跨境传输的合规要求及各方需履行的义务
 

为了确保数据跨境项目的平稳顺利进行,建议各生物医药企业建立内部数据跨境传输合规管理制度和管理机制,以及完善内部数据安全体系建设;如涉及跨境技术交易项目的,则在交易文件中明确交易所涉数据跨境传输的具体合规要求,并以此进一步明确交易各方所需履行的义务内容,从而保证交易的整体合规性。否则,生物医药企业将可能面临不同程度的法律风险,乃至面临数据被销毁等制裁和/或处罚措施。

 

以国内生物医药企业引进美国的医药技术为例,若涉及大量敏感个人数据的,一方面,建议Licensee在交易文件中明确要求Licensor履行美国对于敏感个人信息出境到中国的监管要求,包括行政程序和内部数据安全体系建设,保证交易不存在数据跨境传输方面的障碍。另一方面,建议要求Licensor应对取得数据权利主体的知情同意,以及通过伦理审查等作出相应的陈述与保证。

 
5
持续关注中美数据跨境传输的监管动态和监管新规
 

近年来中国和美国对于数据跨境传输及个人信息的监管力度不断加大,数据跨境及个人信息保护领域的新规出台较为频繁,中国在2022年和2023年在数据跨境传输领域陆续实施了《数据出境安全评估办法》《人类遗传资源管理条例实施细则》《个人信息出境标准合同办法》等多项法律法规,美国此次行政命令的出台以及未来实施细则的发布对国内生物医药企业的出海规划也造成了不小的影响。为减少因数据跨境传输问题导致项目开展受到阻碍或失败的情形发生,笔者倾向于建议国内生物医药企业持续关注中美数据跨境传输领域的监管动态以及执法动态,对应完善自身及项目所涉的政府监管程序和/或审批、备案手续,调整商业模式和策略,以保证项目的最终成就和合规长效执行。

 

 

— 尾言 
  

生物医药企业在面对中美愈发严格的医药数据出境监管时,应对数据跨境传输的合规问题给予充分的重视,在开展出海或跨境技术交易项目前对数据跨境传输监管要求进行充分了解与掌握,建立完善的数据安全管理体系和管理制度,积极履行监管程序和监管义务,同时,及时和企业内部数据合规人员或外部医药合规律师进行沟通确认数据出境合规要求,保障医药数据的安全性和隐私保护,以减少可能发生的中美医药数据监管的不利法律后果,在合规的基础上实现企业的国际化或出海发展的重要目标。

 
 
本文作者简介

 

刘婷婷
 

刘婷婷律师是上海市锦天城律师事务所资深律师,现为中国生物医药产业链创新与转化联盟(CBIITA联盟)商务拓展专委会副主委、威科先行医药行业智合规专家委员会成员等。刘律师被知名法律评级机构LEGALBAND评为2023年度中国律界俊杰三十强,刘律师还被国际权威法律评级机构《The Legal 500》评为2024年中国大陆生命科学与大健康领域重点推荐律师。

 

刘婷婷律师自执业以来精耕于生命科学和医药健康领域,主要为跨国药械企业(包括但不限于阿斯利康、雅培、西门子医疗、默沙东、勃林格殷格翰、罗氏、百济神州、爱施健、美纳里尼、石药集团、天境生物、京新药业、凯因科技、邦耀生物、鞍石生物等)、医疗机构(包括但不限于国内首家外资三甲综合性医院和顶级公立三甲医院)、医疗(生)集团、互联网医疗健康企业、保险公司以及专投医疗药械项目的专业基金公司等企业机构提供境内外投融资并购、跨境药械技术交易和合作、监管合规、争议解决及公司日常等法律服务,包括协助国内外多家知名药企开展多个跨境License in/out技术交易和合作开发项目等。

 

刘婷婷律师毕业于华东政法大学,获得法学学士学位。刘律师在上海律协、威科先行、LexisNexis、LEB、E药经理人等专业法律和医药行业平台发表医药健康领域法律实务总结文章和报告近百篇,包括但不限于:《医药企业技术交易实务系列文章(合辑)》(中英文版本,2023年,联合E药经理人发布);《医疗机构新设并购及合规管理实务手册》(2023年,联合威科先行法律数据库发布);《医药行业行政处罚风险提示与防范解析报告》(2020年,联合威科先行法律数据库发布);《医疗AI法律及监管报告》行业发展与现状和医疗AI产品责任章节(2019年,联合腾讯健康发布,国内首份医疗AI法律研究报告)等。

 

联系电话:15216738527(同微信)

联系邮箱:tinaliu@allbrightlaw.com

 
黄冠鸿
 

黄冠鸿律师是上海市锦天城律师事务所资深律师、国际公认反洗钱师(CAMS)

 

黄冠鸿律师自执业以来,专注在金融监管、风险与内控管理、生命大健康等领域的法律服务。在医疗药械常法、合规融资交易业务领域,黄律师曾服务的客户包括但不限于罗氏诊断、美纳里尼、石药集团、京新药业、凯因科技、嘉和美康、健新原力、鞍石生物、邦耀生物、祥耀生物、思勤医疗、勤浩医药、逻晟生物、帝奇医药、子瞻生物、纽安津生物、迈诺威医药、霖鼎光学、森世海亚集团、阳光医疗集团、哈特瑞姆心脏医疗集团、上海联影集团等医疗药械企业,为他们提供的法律服务范围涵盖企业日常事务、研发及临床、运营和数据合规、境内外投资、股权融资、及跨境BD交易等方面的法律服务。

 

黄冠鸿律师毕业于华东政法大学,同时获得法学学士、经济学(金融方向)学士学位。

 

联系电话:18817836896(同微信)

联系邮箱:hgh@allbrightlaw.com

 
周汝歆
 

周汝歆是上海市锦天城律师事务所律师助理。周汝歆毕业于华东政法大学, 获得法学学士学位, 并于美国乔治城大学法学院获得法学硕士学位和证券与金融法证书。具有中国法律职业资格。周汝歆主要就生命科学与医疗健康、网络安全与数据合规、反垄断、反腐败及公司合规的日常事务提供法律服务。

 

参考文献:(上下滑动查看更多)

1.参见https://www.whitehouse.gov/briefing-room/statements-releases/2024/02/28/fact-sheet-president-biden-issues-sweeping-executive-order-to-protect-americans-sensitive-personal-data/。

2.参见https://www.justice.gov/opa/media/1340216/dl。

3.参见CBPR系统官网,链接:http://cbprs.org/documents/。

4.FIRRMA第1703节。

5.参见美国商务部工业与安全局(BIS)官网,链接:https://www.bis.doc.gov/index.php/regulations/commerce-control-list-ccl。

6.CFIUS最终规则§800.901。

7.EAR § 764.3。

8.《信息安全技术 医疗健康数据安全指南》第3.1条和第3.2条,个人健康医疗数据是指单独或者与其他信息结合后能够识别特定自然人或者反映特定自然人生理或心理健康的相关电子数据。健康医疗数据是指个人健康医疗数据以及由个人健康医疗数据加工处理之后得到的健康医疗相关电子数据。

9.《人类遗传资源管理条例》第2条,人类遗传资源包括人类遗传资源材料和人类遗传资源信息,人类遗传资源材料是指含有人体基因组、基因等遗传物质的器官、组织、细胞等遗传材料。人类遗传资源信息是指利用人类遗传资源材料产生的数据等信息资料。

10.《数据出境安全评估办法》第4条和第5条。

11.《个人信息出境标准合同办法》第4条和第7条。

12.《数据出境安全评估办法》第19条。

13.《个人信息保护法》第4条。

14.《民法典》第999条和第1038条。

15.《数据安全法》第46条。

16.《刑法修正案(十一)》第38条。

17.《药物临床试验质量管理规范》第11条。

18.《个人信息保护法》第38条。

19.《人类遗传资源管理条例》第27条和《国务院关于修改和废止部分行政法规的决定》(国令第777号,2024年5月1日起施行)第4条。

 

英译版(上下滑动查看更多)
 
 
1
Introduction
 
 
Under the influence of the globalization of the pharmaceutical industry, the intensification of political friction between countries and the tightening of capital market regulation, domestic biopharmaceutical enterprises choose to develop overseas and carry out cross-border cooperation, which has become a trend of both surviving and seeking new development. In the process of internationalization, cross-border processing of pharmaceutical data is inevitable; and the specificity of the pharmaceutical industry means that the pharmaceutical data usually contain sensitive personal information, human genetic resources and other data, which has always been the key target of national security and biosafety supervision by domestic and foreign regulatory authorities, and is also the core concern of the domestic biopharmaceutical enterprises in the process of designing their business models and negotiating cross-border project cooperation.
 
This article starts with the new data export regulation recently issued by the United States, that is the Executive Order on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern (the Executive Order), summarizes the regulatory provisions, regulatory measures and legal liabilities of the United States and China on cross-border transmission of pharmaceutical data respectively, and makes suggestions on the compliance points that domestic biopharmaceutical enterprises need to pay attention to in cases involving cross-border transmission of data for the reference of biopharmaceutical enterprises.
 
 
2
New Regulations, Control Measures and Legal Liability for Cross-Border Transmission of Pharmaceutical Data in the U.S.

 

 
Overview of the Regulation of Cross-border Transmission of Pharmaceutical Data in the U.S.
 
The United States does not have a uniform data regulation act at the federal level, while at the state and local level, U.S. state and local regulatory authorities have introduced corresponding data regulation acts within their jurisdictions. For example, the State of Washington in the U.S. introduced the My Health My Data Act (MHMDA) on 27 April 2023, which has been in full force and effect for regulated entities since 31 March 2024. The MHMDA applies to “consumer health data” and requires enterprises to provide data subject rights and certain disclosures about their processing activities, and in the absence of “established necessity”, health data of the consumers can only be processed with their consent.
 
 
New U.S. Regulations for the Cross-border Transmission of Pharmaceutical Data
 
 
The Executive Order was signed and issued on 28 February 2024, by President Biden of the United States, pursuant to the authority vested in him by the Constitution and the International Emergency Economic Powers Act, among other U.S. laws. According to the Fact Sheet issued by the White House on 28 February 2024,[1] the Executive Order is the most significant executive action taken by the President of the United States to protect the security of Americans’ data and authorizes the U.S. Attorney General to prevent large-scale transfers of Americans’ personal data to countries of concern. The Executive Order focuses on the personal and sensitive information of Americans, including genomic data, biometric data, personal health data, geolocation data, financial data, and certain types of personally identifiable information. In addition, the U.S. Department of Justice issued an Advance notice of proposed rulemaking (ANPRM) on 29 February 2024 for the Provisions Regarding Access to Americans’ Bulk Sensitive Personal Data and Government-Related Data by Countries of Concern to further refine the rules contained in the Executive Order and make them available for public comment.
 
The U.S. has taken a variety of administrative actions in recent years to strengthen the regulation of U.S. information security and cross-border transactions, including but not limited to, the U.S. Department of Commerce’s Final Interim Regulations (IFR) for Securing the ICT and Services Supply Chain issued on 19 January 2021, which set forth the procedures for conducting national security reviews of enterprises in the information, communications technology and Services (ICTS) industry, as well as expanding the scope of foreign investments subject to review by the Committee on Foreign Investment in the United States (CFIUS) in the Foreign Investment Risk Review Modernization Act. The review requirements have also become more stringent. The Executive Order further restricts access by Chinese subjects to sensitive U.S. data from the perspective of cross-border information transfers.
 
 
Regulatory Points in the Regulation of Cross-border Transmission of Pharmaceutical Data in the U.S.
 
 
(1)Regulatory Points of the Executive Order
 
• Scope of Sensitive Personal Data
 
Under Section 7 Article (l) of the Executive Order, “sensitive personal data” means covered personal identifiers, geolocation and related sensor data, biometric identifiers, human‘omic data, personal health data, personal financial data, or any combination thereof, as further defined in regulations issued by the Attorney General pursuant to Section 2 of this order, and that could be exploited by a country of concern to harm United States national security if that data is linked or linkable to any identifiable United States individual or to a discrete and identifiable group of United States individuals.  
 
For domestic biopharmaceutical enterprises, in the scenario of going overseas to the U.S., it usually involves multi-center clinical trials, including those conducted in the U.S. In the process of the clinical trials, the U.S. subjects’ pre-enrollment health checkups, medical history forms, medication administration records, clinical signs, symptoms, disease duration, imaging records, adverse reaction records, biological samples (e.g., blood, urine, saliva), etc., will be transferred back to the domestic pharmaceutical enterprises across the border for analysis and research, and all of the above data may constitute sensitive personal data.
 
In the license-in transaction scenario where a domestic pharmaceutical enterprise introduces a U.S. licensed product or technology as a licensee, the domestic enterprise, for the purpose of due diligence and evaluation of the licensed product or technology, usually needs the U.S. licensee to provide the domestic pharmaceutical enterprise with preclinical research data, clinical trial data and other data related to the licensed product or technology, and the aforesaid data may also constitute sensitive personal data.
 
• Countries of Concern
 
According to the Fact Sheet of Advance Notice issued by the U.S. Department of Justice,[2] the Department will contemplate identifying six countries, including China (including Hong Kong and Macao), Russia, Iran, North Korea, Cuba and Venezuela, as “countries of concern”. Pursuant to Section 7(c) and (d) of the Executive Order, an entity owned by, controlled by, or subject to the jurisdiction or direction of a country of concern; a foreign person who is an employee or contractor of such an entity; a foreign person who is an employee or contractor of a country of concern; a foreign person who is primarily resident in the territorial jurisdiction of a country of concern; or any person designated by the Attorney General as being owned or controlled by or subject to the jurisdiction or direction of a country of concern, as acting on behalf of or purporting to act on behalf of a country of concern or other covered person, or as knowingly causing or directing, directly or indirectly, a violation of this order or any regulations implementing this order, are subject to corresponding regulations.
 
As a result, both enterprises established and operating domestically and subsidiaries or contractors of domestic enterprises in the U.S. may be covered persons in countries of concern and will be subject to regulation for conducting U.S. personal data-related transactions.
 
• Criteria for Bulk Data
 
According to the Advance Notice of Proposed Rulemaking (ANPRM), whether it constitutes a large amount of data may be determined using the following range of thresholds, which is currently in the public consultation process, and the final range of thresholds may not be excluded from changing in the future:

 

 

In practice, as the number of subjects grows gradually from Phase I to Phase IV of a clinical trial, and the total number of subjects usually exceeds one hundred, the U.S. person data involved is likely to exceed the above threshold range and fall within the scope of regulation.
 
• Specific Regulatory Measures
 
Pursuant to Section 2 (a) of the Executive Order, transactions may be prohibited or restricted if they involve bulk sensitive personal data, or if they pose an unacceptable risk to the national security of the United States, or if they do not qualify for an exemption and are not authorized by a license. The U.S. Department of Justice and the U.S. Department of Homeland Security are in the process of developing security measures that must be taken by interested parties under restricted transactions, which, according to the Advance Notice, include: implementing basic organizational cybersecurity posture requirements; adopting measures in restricted data transactions that include data minimization and masking strategies, the use of privacy-preserving technologies, the development of information technology systems to prevent unauthorized disclosures, and the implementation of logical and physical access controls technical; and meeting specific compliance requirements, such as annual audits of these measures by independent auditors.
 
In scenarios where a domestic pharmaceutical enterprise goes overseas to the U.S or BD transaction scenarios such as importing licensed products or technologies from the U.S. as licensees, the transfer of clinical data and human-related data from the U.S. to China will be involved, which may be prohibited or restricted due to the possible involvement of bulk sensitive personal data, and therefore the domestic pharmaceutical enterprises have to take appropriate security measures in accordance with the subsequent rules set by the Department of Homeland Security to satisfy the conditions of the exemption or obtain a license.
 
(2)Other Regulatory Points
 
In the specific field of cross-border data transfer, first, U.S. regulation of cross-border transfers of personal information is accomplished primarily through the Cross-Border Privacy Rules System (CBPR System) established by the Asia-Pacific Economic Cooperation (APEC).[3] The CBPR System aims to establish trust among consumers, enterprises, and regulatory authorities regarding the cross-border flow of personal information. It requires participating enterprises to implement data privacy policies consistent with the APEC Privacy Framework. Second, the United States regulates the cross-border transfer of critical sector data primarily through the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) and the Export Administration Regulations (EAR), which involve foreign investment security reviews and export controls.
 
Specifically: (i) When transactions involve sensitive personal data, the Committee on Foreign Investment in the United States (CFIUS) has the authority to conduct foreign investment security reviews,[4] and the parties involved in the transaction must fulfill mandatory reporting obligations. (ii) When technical data of certain types of export products are transferred cross-border, an export license must be obtained in advance.[5]
 
 
U.S. Legal Liability for Cross-Border Transmission of Pharmaceutical Data
 
 
Correspondingly, if domestic biopharmaceutical enterprises fail to fulfill the above-mentioned obligations when transferring pharmaceutical data from the United States to the country, they will be legally responsible accordingly. Specifically: (a) For failure to submit mandatory declarations, civil fines will be imposed based on the nature of the violation, not exceeding $250,000 or the transaction value (whichever is higher)[6]; (b) Violations of export laws such as EAR will result in civil monetary penalties, denial of export privileges, exclusion from participation, imprisonment, criminal fines, and other sanctions or penalties[7]; (c) The forthcoming Provisions Regarding Access to Americans’ Bulk Sensitive Personal Data and Government-Related Data by Countries of Concern by the U.S. Department of Justice will further clarify the legal consequences and penalties for violating the Executive Order.
 
 
3
New Regulations, Control Measures and Legal Liability for the Regulation of Cross-Border Transmission of Pharmaceutical Data in China
 
 
Overview of the Regulation of Cross-border Transmission of Pharmaceutical Data in China
 
 
China’s regulation on cross-border data transfer is based on fundamental laws such as the Civil Code, Criminal Law, Cybersecurity Law, Data Security Law, and Personal Information Protection Law. Additionally, complementary regulations such as the Measures for Security Assessment of Outbound Data Transfer, Measures for Standard Contract for the Outbound Transfer of Personal Information, Guidelines of the Cyberspace Administration of China for the Recordation of the Standard Contracts for the Outbound Transfer of Personal Information, and Practice Guidelines for Cybersecurity Standards: Specification for Security Certification of Cross-border Processing of Personal Information V2.0 have been successively introduced to provide practical guidance for data exports. Furthermore, specific regulations in subdivided areas such as the Regulation on the Administration of Human Genetic Resources, Regulation on Protecting the Security of Critical Information Infrastructure, and the Management Standards for the Application of Electronic Medical Records (for Trial Implementation) complement these efforts, establishing a comprehensive and multi-level legal framework for regulation.
 
In addition, the Cyberspace Administration of China issued the the Provisions on Regulating and Promoting Cross-border Data Flow (Exposure Draft) on 28 September 2023, and intends to optimize and adjust the cross-border data transmission regulatory system. Domestic biopharmaceutical enterprises need to comply with different corresponding regulatory requirements for different data types involved in cross-border data transmission scenarios. Specifically, in the case of clinical trial data and healthcare data that will inevitably be involved in the clinical trial phase of drugs[8], relevant entities also need to comply with regulations and policies such as the National Health and Medical Big Data Standards, Safety and Service Management Measures (for Trial Implementation) and Good Clinical Practice (2020 Revision).
 
 
Regulatory measures for cross-border transmission of pharmaceutical data in China
 
 
In particular, for domestic biopharmaceutical enterprises, it is important to note that in cross-border data transmission scenarios such as cross-border technology transactions and multi-center clinical trials: (a) if human genetic resources are involved in the outbound transaction, it is necessary to obtain the approval of the corresponding regulatory authorities;[9] and (b) if important data and/or personal information are involved in the outbound transaction, it may be necessary to declare the data outbound security assessment and carry out the self-evaluation of the risk of data outbound transaction,[10] or provide the data outbound by entering into a standard contract and completing the filing.[11] Among them, important data refers to data that may jeopardize national security, economic operation, social stability, public health and safety, etc.,[12] once it is tampered with, damaged, leaked or illegally accessed or illegally utilized. Personal information refers to all kinds of information related to identified or identifiable natural persons recorded electronically or by other means, excluding anonymized information.[13]
 
 
Legal Liability for Cross-Border Transmission of Pharmaceutical Data in China
 
 
Based on the above regulatory requirements, if a Chinese biopharmaceutical enterprise is involved in regulated data types under cross-border data transmission scenarios and fails to fulfill the corresponding obligations of approval and declaration, it will face different civil, administrative and even criminal liabilities depending on the data types involved.
 
(a) At the level of civil liability, infringement of personal information, for example, will be subject to civil tort liability in accordance with the law.[14]
 
(b) At the level of administrative liability, in the case of transmitting important data across borders in violation of the law, for example, the relevant competent authorities will order rectification, give a warning and/or impose a corresponding fine on the pharmaceutical enterprise, as well as the directly responsible supervisory personnel and other directly responsible personnel, or even order suspension of the relevant business, suspension of business rectification, revocation of the relevant business permit or revocation of the business license.[15]
 
(c) At the level of criminal liability, in the case of illegally transporting, mailing or carrying Chinese human genetic resources materials out of China in violation of relevant State regulations, for example, those who jeopardize public health or the public interest will, depending on the seriousness of the circumstances, be sentenced to fixed-term imprisonment, detention, control and/or a fine of a corresponding amount.[16]
 
 
4
Impact of the New Regulation on the Export of Pharmaceutical Data from China and the U.S. on the Internationalization of Biopharmaceutical Enterprises and Suggestions for Compliance
 
 
 
Identify the Type of Data Involved in the Project
 
 
Since the regulatory requirements for different types of data vary, it is recommended that biopharmaceutical enterprises refer to the regulatory scope and definitions of various types of data in the U.S. and China regulatory requirements before carrying out projects such as multi-center clinical trials or cross-border technology transactions in order to identify the types of data involved in the project and whether or not they are regulated data, and thus to understand and comply with the regulatory requirements specified in the law in a targeted manner.
 
If the content of the cross-border technology transaction is preclinical chemical technology, it generally involves only preclinical research data, such as pharmacological and toxicological research data, animal testing research data, etc., and is therefore less likely to be subject to corresponding regulation. On the contrary, if the content of the cross-border technology transaction is already in the clinical trial stage or is intended to carry out multi-center clinical trials including the U.S., since the clinical trial is a trial targeting human beings (patients or healthy subjects),[17] which inevitably involves personal information, sensitive personal information, healthcare data, human genetic resources, etc., the cross-border data transmission of the project will be subject to the corresponding regulation by the U.S. and Chinese regulatory authorities. In view of this, domestic biopharmaceutical enterprises should reasonably anticipate the situation of the data involved before the project is carried out, in order to ensure that the project is carried out smoothly and in a compliant manner.
 
 
Clarify Whether the Data Involved Are Related to Export Before the Project Is Carried Out
 
 
After determining the types of data involved in the project, each biopharmaceutical enterprise should further clarify whether the project to be carried out involves data export, including export from China to the U.S. and export from the U.S. to China. For example, when a domestic biopharmaceutical enterprise plans to license out a drug that has reached the clinical trial stage to the U.S., as part of the licensing content, its clinical trial data will be exported to the U.S.; and for domestic biopharmaceutical enterprises that have set up an R&D center in the U.S., conducted product clinical trials in the U.S. and intend to register and market their products in the U.S. market in the future, clinical trial data may not involve exporting to China. If so, it is recommended to understand the regulatory requirements for cross-border transmission of this type of data in China or the U.S., to confirm whether it meets the exemptions, to go through the corresponding approval and filing procedures or fulfill the administrative procedures such as security assessment, to set up the corresponding data security system and to take the necessary data security measures.
 
 
Prior Fulfillment of the Approval or Filing Procedures Required for Cross-border Transmission of Data
 
 
Whether the approval or filing procedures required for cross-border data transfer are performed in accordance with regulatory requirements is related to the legal compliance of the entire project. If the project involves the export of personal information from China to the U.S., according to the relevant provisions of the Personal Information Protection Law, if personal information needs to be provided outside China, one of the following conditions must be met: (a) It or he has passed the security assessment organized by the national cyberspace administration in accordance with Article 40 of this Law; (b) It or he has been subject to the personal information protection certification by a specialized institution in accordance with the provisions issued by the national cyberspace administration; (c) It or he has entered into a contract with the overseas recipient in accordance with the model contract developed by the national cyberspace administration, agreeing on both parties’ rights and obligations; (d) It or he meets other conditions provided in laws or administrative regulations or by the national cyberspace administration.[18] If the project involves the transportation, mailing, or carrying of human genetic resources materials out of China to the U.S., it is necessary to obtain an exit certificate for human genetic resources materials issued by the Health Administration Department of the State Council before proceeding.[19]
 
If the above approval procedures or processes are not completed in accordance with the law, each technology transaction-related entity will be subject to corresponding sanctions and/or penalties, which will hinder the normal progress of the transaction and even cause the transaction to fail. When a project involves sensitive personal data exported from the U.S. to China, it must pass CFIUS’s foreign investment security review, fulfill mandatory reporting obligations, take data security measures in accordance with the Executive Order, and obtain a license.
 
 
 
Clarify the Compliance Requirements for Cross-border Transmission of Data and the Obligations to Be Fulfilled by Each Party in the Project Transaction Documents
In order to ensure the smooth progress of cross-border data projects, it is recommended that all biopharmaceutical enterprises establish internal cross-border data transmission compliance management systems and management mechanisms, and improve the construction of internal data security systems; if cross-border technology transaction projects are involved, the document clarifies the specific compliance requirements for cross-border transmission of data involved in the transaction, and further clarifies the obligations that parties to the transaction need to perform to ensure the overall compliance of the transaction. Otherwise, biopharmaceutical enterprises may face varying degrees of legal risks, and even face sanctions and/or penalties such as data destruction.
 
Take the introduction of U.S. pharmaceutical technology by domestic biopharmaceutical enterprises as an example, if a large amount of sensitive personal data is involved, on the one hand, it is recommended that Licensee explicitly require Licensor in the transaction documents to fulfill U.S. regulatory requirements for sensitive personal information exported to China, including administrative procedures and the construction of an internal data security system ,so as to ensure that there are no obstacles to cross-border data transmission in transactions. On the other hand, it is recommended that Licensor should make corresponding statements and guarantees on obtaining informed consent from data rights subjects and passing ethical review.
 
 
Continuously Monitor the Regulatory Developments and New Regulatory Rules on Cross-border Data Transmission Between the U.S. and China
 
 
In recent years, China and the U.S. have been increasing their efforts to regulate cross-border data transmission and personal information, and new regulations in the field of cross-border data and personal information protection have been issued more frequently. China has implemented a number of laws and regulations in the field of cross-border data transmission such as Measures for the Security Assessment of Outbound Data Transfer, Detailed Rules for the Implementation of the Regulation on the Administration of Human Genetic Resources, Measures for the Standard Contract for the Outbound Transfer of Personal Information, etc., in the fields of cross-border data transmission in 2022 and 2023. The introduction of the U.S. Executive Order and the release of future implementation rules have also had a considerable impact on the overseas planning of domestic biopharmaceutical enterprises. In order to minimize the obstruction or failure of projects due to cross-border data transmission issues, the author tends to recommend that domestic biopharmaceutical enterprises continue to pay attention to the regulatory and law enforcement developments in the field of cross-border data transmission between China and the U.S., improve the governmental regulatory procedures and/or the approval and filing procedures involved in the projects, and adjust the business models and strategies to ensure the ultimate success of the projects and the long term implementation of the compliance.
 
 
5
Conclusion
 
In the face of the increasingly strict regulation of pharmaceutical data export from China and the U.S., biopharmaceutical enterprises should pay full attention to the compliance issue of cross-border data transmission, fully understand and master the regulatory requirements of cross-border data transmission before carrying out overseas or cross-border technology transaction projects, establish a perfect data security management system and management system, and actively fulfill the regulatory procedures and regulatory obligations. At the same time, they should timely communicate with the internal data compliance personnel or external pharmaceutical compliance lawyers to confirm the data export compliance requirements, safeguard the security and privacy protection of pharmaceutical data, so as to reduce the possible adverse legal consequences of US-China pharmaceutical data regulation, and to achieve the important goal of the enterprise’s internationalization or overseas development on the basis of compliance.
 
Author: Tina Liu, Daniel Huang, Weiss Zhou, Anita Huang
 
 
Author Team Profile

 

Tina Liu
 

Tina Liu is a Senior Associate at AllBright Law Offices in Shanghai Office and is currently the deputy chair of the Business Development Committee of the China Biomedical Industry Chain Innovation and Transformation Alliance (CBIITA Alliance) and columnist of the Compliance Expert Committee of Pharmaceutical Industry of Wolters Kluwer. Tina Liu ranked among the Top 30 Outstanding Lawyers in the Chinese legal field for the year 2023 by the well-known legal rating agency LEGALBAND, and key recommended lawyer in the field of life sciences and healthcare in the 2024 edition of “The Legal 500”.

 

Ms. Liu’s practice is focused in the areas of Life Science and Healthcare. Ms. Liu has represented well-known foreign pharmaceutical and medical device companies (including but not limited to AstraZeneca, Abbott, Siemens Healthineers, MSD, Boehringer Ingelheim, Roche, BeiGene, Aspen, Menarini, CSPC, I-Mab, Jingxin, Kawin, BRL, Avistone, etc.), medical institutions (including but not limited to the first foreign-funded grade A tertiary hospital and top public grade A tertiary hospital in China), medical (health) group, Internet medical and health enterprises, insurance companies and professional fund companies specializing in medical and pharmaceutical equipment projects for domestic and foreign investment and acquisition, cross-border pharmaceutical technology transactions and cooperation, regulatory compliance, dispute resolution, etc. , which assisted domestic and foreign well-known pharmaceutical companies to carry out cross-border License in/out technology transactions and cooperative development projects

 

Ms. Liu graduated from East China University of Political Science and Law. Ms. Liu has published over a hundred articles in the field of life sciences and healthcare law. Some representative research works include: A Series of Articles on Pharmaceutical Technology Transactions Practices for Pharmaceutical Companies (Chinese and English versions, 2023, published jointly with Healthcare Executive); Practical Manual for the Establishment, Merger, and Compliance Management of Medical Institutions (2023, jointly published with Wolters Kluwer Legal Database); Analysis Report on Medical Industry Administrative Penalty Risks and Prevention (2020, jointly published with Wolters Kluwer Legal Database); Legal and Regulatory Report on Medical AI- the chapter of Industry Development and Status, Medical AI Product Liability (2019, jointly published with Tencent Health, the first AI legal research report in China).

 

TEL:15216738527

E-mail:tinaliu@allbrightlaw.com

 
Daniel Huang
 

Mr. Huang is a Senior Associate at AllBright Law Offices in Shanghai Office and a Certified Anti-Money Laundering Specialist (CAMS).

 

Mr. Huang mainly practices legal services in the fields of Health & Life Science, Banking Compliance, Financial Crime Legal and Compliance area. Mr. Huang has represented well known foreign pharmaceutical and medical device companies (including but not limited to Roche, Menarini, CSPC Pharmaceutical Group, Jingxin, Kawin, Goodwill, Innoforce, Avistone, BRL medicine, Symraybio, Seekin, Genhouse, Neologics, DiQi Pharmaceuticals, Biocasting, Neoantigen, Minovapharma, Leading-optics, SynthAsiaChina, Sunshine Medical Technology. Heartrhythm, United-imaging, etc.) for legal service covered Daily business, R&D and clinical, operational and data compliance, overseas investment, equity financing, and cross-border BD transactions.

 

Mr. Huang graduated from East China University of Political Science and Law with a bachelor’s degree in law and a bachelor’s degree in economics (Finance).

 

TEL:18817836896

E-mail:hgh@allbrightlaw.com

 
Weiss Zhou
 

Weiss Zhou is a Paralegal at AllBright Law Offices in Shanghai Office. Ms. Zhou received her LLB degree from East China University of Political Science and Law and her LLM degree and Certificate of specialization in Securities and Finance Law from Georgetown University Law Center and has passed the Chinese National Bar Examination. Ms. Zhou mainly provides legal services on daily matters relating to life sciences and healthcare, cybersecurity and data compliance, anti-trust, anti-corruption and corporate compliance.

 

Anita Huang
 

Anita Huang is a legal intern at AllBright Law Offices in Shanghai Office. She is currently an undergraduate student at Fudan University Law School, and has been sent to the U.K. for a one-semester exchange program. Ms. Huang has been honored with scholarships and numerous awards as an oralist in international English moot court competitions and English public speaking contests. She specializes in legal services in Life Science and Healthcare.

 

Reference: (Swipe up and down to see more)

1.See: https://www.whitehouse.gov/briefing-room/statements-releases/2024/02/28/fact-sheet-president-biden-issues-sweeping-executive-order-to-protect-americans-sensitive-personal-data/. 

2.See: https://www.justice.gov/opa/media/1340216/dl. 

3.See: http://cbprs.org/documents/. 

4.See: FIRRMA Sec. 1703. 

5.See:https://www.bis.doc.gov/index.php/regulations/commerce-control-list-ccl. 

6.CFIUS §§ 800.901. 

7.EAR § 764.3. 

8.Art. 3.1 and 3.2 of the Information Security Technology Guidelines on Healthcare Data Security state that personal healthcare data refers to electronic data that, alone or in combination with other information, can identify a specific natural person or reflect the physical or mental health of a specific natural person. Healthcare data refers to personal healthcare data and healthcare-related electronic data obtained after the processing of personal healthcare data. 

9.Art. 2 of the Regulation of the People’s Republic of China on the Administration of Human Genetic Resources states that for the purposes of this Regulation, the term “human genetic resources” includes the materials of human genetic resources and information on human genetic resources. The term “materials of human genetic resources” means genetic materials such as organs, tissues and cells which contain human genomes, genes and other genetic substances. The term “information on human genetic resources” means information materials such as data generated from the utilization of materials of human genetic resources. 

10.Art. 4 and 5 of Measures for the Security Assessment of Outbound Data Transfer. 

11.Art. 4 and 7 of Measures for the Standard Contract for the Outbound Transfer of Personal Information. 

12.Art. 19 of Measures for the Security Assessment of Outbound Data Transfer. 

13.Art. 4 of Personal Information Protection Law of the People’s Republic of China. 

14.Art. 999 and 1038 of Civil Code of the People’s Republic of China. 

15.Art. 46 of Data Security Law of the People's Republic of China. 

16.Art. 38 of Amendment (XI) to the Criminal Law of the People's Republic of China. 

17.Art. 11 of Code of Practice for the Quality Management of Pharmaceutical Clinical Trials. 

18.Art. 38 of Personal Information Protection Law of the People's Republic of China. 

19.Art. 27 of the Regulation of the People’s Republic of China on the Administration of Human Genetic Resources and Art. 4 of the Decision of the State Council on Amending and Abolishing Some Administrative Regulations (State Order No. 777, effective from May 1, 2024). 

 

 

Recommended content

Contact us

Address:Room 62, 6th Floor, Building 1, Zone 1, No.186 South 4th Ring West Road , Fengtai District, Beijing

Tel:010-83634390

Address:Address:Room 1704, Building E, Nanotechnology Park, SIP, Suzhou, Jiangsu Province

TONACEA

图片名称

XIEYI Release

图片名称

TONACEA Biotech

图片名称

TONACEA Micro Service

图片名称

©2022 TONACEA(beijing)Technology Development Co., Ltd