What It Is

Personal Information Protection Law (PIPL) is China's comprehensive national regulation enacted in 2021, governing collection, processing, storage, transfer, and deletion of personal information. It applies domestically and extraterritorially to organizations handling data of Chinese individuals. PIPL adopts a risk-based approach with strict consent defaults, modeled partly on GDPR but emphasizing national security and data localization.

Key Components

• Core principles: lawfulness, necessity, minimization, transparency, accountability.
• Seven legal bases, prioritizing consent; no broad legitimate interests.
• Sensitive personal information (SPI) rules, individual rights (access, deletion, portability).
• Cross-border mechanisms: security assessments, SCCs, certification. Compliance enforced by CAC with fines up to 5% revenue.

Why Organizations Use It

• Mandatory for China-exposed firms to avoid penalties, disruptions.
• Builds trust, enables market access, reduces breach risks.
• Strategic advantages in operations, talent, M&A.

Implementation Overview

Phased framework: gap analysis, policies, controls, audits (6-12 months). Applies to all sizes, industries targeting China; requires PIPOs, representatives for foreigners. No formal certification but ongoing audits.

What It Is

AS9110C (AS9110:2016 Rev C) is a certification standard for quality management systems (QMS) in aviation maintenance organizations, including repair stations and MRO providers. It builds on ISO 9001:2015 with Annex SL structure, emphasizing risk-based thinking, PDCA cycle, and aviation-specific controls for continuing airworthiness.

Key Components

• Core clauses 4–10 covering context, leadership, planning, support, operation, evaluation, improvement.
• Aviation additions: configuration management, counterfeit parts prevention, human factors, traceability, preservation.
• No fixed control count; focuses on documented information and process approach.
• Voluntary certification via IAQG OASIS database.

Why Organizations Use It

• Meets customer/OEM contracts and regulatory alignment (FAA/EASA Part 145).
• Mitigates safety risks, ensures traceability, boosts on-time delivery.
• Enhances market access, customer satisfaction, operational efficiency.
• Builds stakeholder trust through auditable evidence.

Implementation Overview

• Phased: gap analysis, process design, training, audits, certification (6-12 months typical).
• Applies to MROs of all sizes globally; requires internal audits, management review before Stage 2 audit.