Recently, China has published the “Security Assessment Measures for Outbound Data Transfers,” a crucial regulation on outbound data flows. This regulation contains strong national security considerations and produces independent and direct legal effects compared with other assessment systems in China’s laws. However, there is a possibility that conflict arises between these measures and the international commitments made by China due to the ambiguity in how "critical data" is defined, the excessive emphasis placed on self-risk assessment, and the arbitrary extension of procedures. Particularly, with China's current application to join the CPTPP, the restrictive measures of its cross-border data flow may appear to violate the obligation of CPTPP, but may be justified through CPTPP’s exception clauses. In light of this, it is necessary for China to adopt a more modest approach to balancing data security with the effort made to promote the flow of cross-border data.