The main purpose of the Overseas Data Transfer Draft is to require companies, organizations and individuals in China to apply for permission, under certain circumstances, to transmit personal information and critical data (“Digital Data”) out of the country. The draft rules would require two different types of security assessments in connection with overseas transfers of Digital Data: (i) self-assessments conducted by the companies, individuals and organizations planning to transfer the Digital Data overseas, and (ii) assessments conducted by the respective primary industry regulators charged with supervising the operation of those companies, individuals and organizations (the “Primary Regulators”).