The Cyberspace Administration of China released the draft of Provisions on Standard Contracts for Cross-border Transfers of Personal Information for public comments. As per Article 38 of the PIPL, there are four scenarios for data exporters to transfer personal information outside of China legitimately. What are those four scenarios? And while the Provision is still a draft legislation, once promulgated it will have an impact on companies with international data flows, so companies should start to review their data flows accordingly to be ahead of the legislative procedures.