关键词: 数据主权, 本地存储, 跨境流动, 域外管辖, 规则谱系

Abstract: Research on data sovereignty rules is helpful for different entities to understand China's data sovereignty rule system, as well as for the standardized expression of rule texts, thereby reducing the cost of data sovereignty compliance. According to the three key process areas of local storage, cross-border flow and extraterritorial jurisdiction, 46 samples related to data sovereignty were screened, 148 rule texts were extracted, and the grounded theory method was used to manually code multiple times with NVivo12 Plus. The hierarchy of data sovereignty rules is composed of objects, subjects and obligations. The objects are divided into 7 categories: data, information, equipment, key information infrastructure, security, interests and rights. The subjects include 6 categories: state, party institutions, administrative subjects, public affairs subjects, enterprise subjects and other subjects. The obligations encompass 29 categories, including security assessment, outbound security assessment, personal information impact assessment, data security protection, within-territory data storage, within-territory information storage, with-territory equipment building, entity establishment, compliance with compliance requirements, reporting obligation, listing and announcement.Overall, the data sovereignty rule system is complete, covering various types of rule fields such as legal norms, departmental norms, and standard norms; Data sovereignty exhibits a "defensive" characteristic, namely orderly flow, appropriate localization, and necessary jurisdiction.

Key words: Data sovereignty, Local storage, Cross border mobility, Extraterritorial jurisdiction, Rule genealogy