By issuing the draft of Provisions on Standard Contracts for Cross-border Transfers of Personal Data, the Cyberspace Administration of China has given visibility over the missing piece of the Personal Information Protection Law regulatory framework. It provides certainty about the process for cross-border transfer of personal data in lower quantities, where the data processors’ operations do not have a significant impact on the public interest. However, the full picture for many businesses is still complex. When deciding on the approach to take, all relevant laws and regulations must be reviewed in parallel to chart a path across this complex landscape. New information is available about the impact of the draft provisions and how businesses need to respond.