Document demo-id-cybe

Jun 10, 2026
CHAPTER I — GENERAL PROVISIONS

Article 1. Critical Information Infrastructure
Critical information infrastructure refers to network facilities and information systems in important industries and sectors such as public communications, energy, transport, water conservancy, finance, public services, e-government, and national defense science and technology that, if destroyed or suffering data leakage, may seriously endanger national security, the national economy, people's livelihoods, or the public interest.

Article 2. Regulatory Authority
The national cyberspace administration shall be responsible for the overall coordination of cybersecurity work and related supervision and administration.

CHAPTER II — CROSS-BORDER DATA FLOWS

Article 3. Data Localization Mandate
Operators of critical information infrastructure shall store personal information and important data collected and generated during operations within the territory of the People's Republic of China. Where it is genuinely necessary to provide such data overseas due to business requirements, a security assessment shall be conducted in accordance with the measures formulated by the national cyberspace administration in conjunction with relevant departments of the State Council.

Article 4. Consent and Transparency
The processing of personal information shall be subject to the consent of the natural person concerned. The data subject shall be informed of the purpose, method, and scope of processing.

Article 5. Cross-Border Transfer Mechanisms
Where personal information is to be provided outside the territory, the data processor shall: (a) pass a security assessment organized by the national cyberspace administration; (b) obtain personal information protection certification; or (c) conclude a standard contract with the overseas recipient.

CHAPTER III — LEGAL LIABILITY

Article 6. Penalties for Non-Compliance
Violation of Article 3 of this regulation shall result in an order to rectify, a warning, confiscation of illegal gains, and a fine of not less than 500,000 RMB and not more than 5,000,000 RMB. In serious cases, the relevant business license shall be revoked.

Article 7. Personal Liability
The directly responsible person in charge and other directly responsible personnel shall be fined not less than 10,000 RMB and not more than 100,000 RMB.
p.1

Semantic Graph

RDTII indicator cards · D3 force layout

task demo-id-cybe

Indicator Cards

4 mappings
1.1A Data Localization Mandateverified

CII operators must store personal information and important data collected within the territory domestically.

语义92%
溯源100%
逻辑88%
Cyberspace Administration500K–5M RMBapter_2.article_3.clause_1
1.2B Cross-Border Transfer Restrictionverified

Cross-border data transfers require security assessment, certification, or standard contractual clauses.

语义86%
溯源95%
逻辑91%
Cyberspace AdministrationLicense revocationapter_2.article_5.clause_1
2.1A Personal Data Protectiondraft

Processing of personal information requires informed consent with disclosure of purpose, method, and scope.

语义81%
溯源88%
逻辑83%
Data Protection Authorityapter_2.article_4.clause_1
4.1A Regulatory Enforcement Powersapproved

Competent authorities may order rectification, issue warnings, confiscate illegal gains, and impose fines of 500K–5M RMB.

语义78%
溯源92%
逻辑85%
Competent AuthorityFine + Warningapter_3.article_6.clause_1

Send a clause to begin analysis.

Audit Matrix

CoT tree · confidence · expert intervention

task demo-id-cybe

Confidence Matrix

Semantic Similarity92%
Grounding Completeness100%
Logical Coherence88%

Chain of Thought

  1. 1

    Entity identification: Critical Information Infrastructure / personal data / domestic storage obligation / security assessment authority

  2. 2

    Retrieve RDTII taxonomy candidates from Vectorize

    VectorizeQuery({"q":"data localization mandate","k":8})

    1.1A score=0.91 · 1.2B score=0.62 · 2.1A score=0.31

  3. 3

    Reverse-grounding verification against source document

    reverseGround({"clauseId":"doc.chapter_2.article_3.clause_1"})

    snippet ⊆ clause.text · bbox ⊆ node.bbox · byteSpan ⊆ node.byteSpan · OK

  4. 4

    Conclusion: 1.1A Data Localization Mandate (primary), 1.2B Cross-Border Transfer Restriction (secondary).

Evidence (byte-anchored)

Operators of critical information infrastructure shall store personal information and important data collected and generated during operations within the territory.

doc.chapter_2.article_3.clause_1 · bbox p.1 (80,320,600,60) · byteSpan 847..1042