China: National Information Security Standardisation Technical Committee cybersecurity standards covering operational security and automated decision-making

Progress

Current status

adopted

01 Oct 2025 in force

28 Mar 2025 adopted

Scope

Implementers

China

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

platform intermediary: user-generated content

ML and AI development

other service provider

software provider: other software

infrastructure provider: network hardware and equipment

Government Branch

executive

Government Body

other regulatory body

Implementation Level

national

Timeline of events

01 Oct 2025

in force

6 cybersecurity national standards covering operational security and automated decision-making enter into force

On 1 October 2025, 6 cybersecurity national standards developed by the National Information Security Standardisation Technical Committee enter into force. They address a range of cybersecurity and data governance issues. These include technical spec…

Source

Event type order

Action type implementation

Government branch executive

Government body other regulatory body

28 Mar 2025

adopted

State Administration for Market Regulation and Standardisation Administration adopted 6 cybersecurity national standards (Announcement No. 6 of 2025)

On 28 March 2025, the State Administration for Market Regulation and the Standardisation Administration of China issued the National Standard Announcement (No. 6 of 2025), approving 6 national cybersecurity standards developed under the supervision …

Source

Event type order

Action type adoption

Government branch executive

Government body other regulatory body

Related changes

adopted

China: National Information Security Standardisation Technical Committee's Online Certificate Status Protocol for key public cybersecurity infrastructure (GB/T 19713-2025)

Online Certificate Status Protocol for key public cybersecurity infrastructure (GB/T 19713-2025) enters into force

01 Sep 2025

in consultation

China: National Cybersecurity Standardisation Technical Committee standard for auditing information security management systems for cybersecurity technology

National Cybersecurity Standardisation Technical Committee closes consultation on draft national standard for auditing information security management systems for cybersecurity technology

29 Jul 2025

in consultation

China: National Cybersecurity Standardisation Technical Committee network security technology computer basic input and output system security technical specification

National Cybersecurity Standardisation Technical Committee closes consultation on Network Security Technology Computer Basic Input and Output System (BIOS) Security Technical Specification

29 Jul 2025

adopted

China: National Standardisation Administration plan for recommended national standards

National Standardisation Administration issued plan for recommended national standards including nine cybersecurity standards

15 Jul 2025

processing consultation

China: Cybersecurity standards for AI-generated content identification and detection

National Cybersecurity Standardisation Technical Committee closes consultation on six cybersecurity standard practice guidelines for AI-generated content

06 Jul 2025

processing consultation

China: National Cybersecurity Standardisation Technical Committee's cybersecurity standard for Quantum Key Distribution

National Cybersecurity Standardisation Technical Committee closes consultation on cybersecurity standard for Quantum Key Distribution

24 Jun 2025

processing consultation

China: National Cybersecurity Standardisation Technical Committee's cybersecurity technical standard concerning secret sharing mechanisms

National Cybersecurity Standardisation Technical Committee closes consultation on cybersecurity technical standard concerning secret sharing mechanisms

24 Jun 2025

adopted

China: Requirements for personal information protection compliance audit service capability requirements of professional institutions

National Information Security Standardisation Technical Committee adopted guidelines on service capability requirements for professional institutions of personal information protection compliance audits

26 May 2025

processing consultation

China: National Cybersecurity Standardisation Technical Committee standard on requirements for audit and certification bodies for cybersecurity technology information security management system

National Cybersecurity Standardisation Technical Committee closes consultation on requirements for audit and certification bodies for cybersecurity technology information security management system

19 May 2025

processing consultation

China: National Cybersecurity Standardisation Technical Committee standard on cybersecurity incident management: guidelines for incident response planning and preparation (cybersecurity incident management-part 2)

National Cybersecurity Standardisation Technical Committee closes consultation on cybersecurity incident management standard: guidelines for incident response planning and preparation

19 May 2025

in force

China: TC260 Batch of 9 National Cybersecurity Standards

Implemented Batch of 9 National Cybersecurity Standards

01 Apr 2025

processing consultation

China: TC260 Artificial Intelligence Safety Standard System (V1.0)

TC260 closes consultation on draft “Artificial Intelligence Safety Standard System (V1.0)”

21 Feb 2025

adopted

China: TC260 Guide on Personal Information Security Protection Requirements for Facial Recognition Payment Scenarios

TC260 publishes Guide on Personal Information Security Protection Requirements for Facial Recognition Payment Scenarios

26 Jan 2025

processing consultation

China: TC260 Batch of 15 Cybersecurity Standards

Closed Consultation on 15 TC260 Cybersecurity Standards

29 Nov 2024

processing consultation

China: TC260 Cybersecurity Technology, Security Technology, Cybersecurity, Part 7: Guidelines for Network Virtualization Security

Closed consultation on TC260 draft Cybersecurity Technology, Security Technology, Cybersecurity, Part 7: Guidelines for Network Virtualization Security

28 Oct 2024

adopted

China: TC260 cybersecurity standards practice guidelines

Adopted TC260 cybersecurity standards practice guidelines

21 Oct 2024

processing consultation

China: TC260 National Standard on Network Security Technical Identification - Password Authentication System and Related Security Technical Requirements

Closed consultation on TC260 National Standard on Network Security Technical Identification - Password Authentication System and Related Security Technical Requirements

01 Oct 2024

adopted

China: TC260 cybersecurity standard practice guidelines - sensitive personal information identification guidelines

Adopted TC260 cybersecurity standard practice guidelines-sensitive personal information identification guidelines

18 Sep 2024

processing consultation

China: TC260 Cybersecurity Standard Practice Guidelines for Internet Platform Data Processing Suspension

Closed consultation on TC260 draft Cybersecurity Standard Practice Guidelines for Internet Platform Data Processing Suspension

22 Aug 2024

processing consultation

China: TC260 Guidance on Social Responsibility of Data Security and Personal Information Protection

Closed consultation on draft Guidance on Social Responsibility of Data Security and Personal Information Protection

19 Aug 2024

processing consultation

China: TC260 Cybersecurity Standards: Guideline regarding external vehicle data

Closed consultation on TC260 guideline regarding external vehicle data

05 Jul 2024

adopted

China: Cybersecurity Standard Practice Guidelines - Cybersecurity Assessment Guidelines for Large Internet Platforms

Adopted Cybersecurity Standard Practice Guidelines - Cybersecurity Assessment Guidelines for Large Internet Platforms

25 Jun 2024

processing consultation

China: TC260 standard on data security technology security requirements for government data processing

Closed consultation on TC260 draft standard on data security technology security requirements for government data processing

14 Jun 2024

processing consultation

China: TC260 Information Security Technology Requirements for Transfer of Personal Information Based on Individual Requests

Closed consultation on TC260 information security technology requirements for transfer of personal information based on individual requests

02 Jun 2024

adopted

China: TC260 Batch of 16 National Cybersecurity Standards

Adopted TC260 Batch of 16 National Cybersecurity Standards

25 Apr 2024

under deliberation

China: TC 260 Cybersecurity Operation and Maintenance Implementation Guide

Announced TC260 Cybersecurity Operation and Maintenance Guide

19 Mar 2024

adopted

China: TC260 Data Classification and Grading Rules for Data Security Technology Rules (GB/T 43697-2024)

Adopted TC260 Data Classification and Grading Rules for Data Security Technology Rules (GB/T 43697-2024)

15 Mar 2024

adopted

China: TC260 Guidelines for Network Security Standard Practices - Interconnection Format of Network Security Products Asset Information

Adopted TC260 Guidelines for Network Security Standard Practices - Interconnection Format of Network Security Products Asset Information

13 Mar 2024

adopted

China: CNITSEC Safety and Reliability Assessment Work Guide for IT Products (Trial)

Adopted CNITSEC Safety and Reliability Assessment Work Guide for IT Products (Trial)

04 Mar 2024

adopted

China: TC260 List of 17 National Standards Projects for Network Security

TC260 List of 17 National Standards Projects for Network Security

19 Feb 2024

processing consultation

China: Standard on Information Security Technology Critical Data Processing Security Requirements

Closed consultation on draft standard on Information Security Technology Critical Data Processing Security Requirements

24 Oct 2023

processing consultation

China: Standard on Information Security Technology Requirements for Large-scale Internet Enterprises to Establish Personal Information Protection Supervision Institutions

Closed consultation on draft standard on Information Security Technology Requirements for Large-scale Internet Enterprises to Establish Personal Information Protection Supervision Institutions

24 Oct 2023

in consultation

China: Standards regarding security requirements for automated decision-making based on personal information

Closed consultation on draft standards regarding security requirements for automated decision-making based on personal information

15 Oct 2023

adopted

China: TC 260 Practice Guide to Cybersecurity Standards on Generative artificial intelligence service content identification method

Adopted Practice Guide to Cybersecurity Standards on Generative artificial intelligence service content identification method

25 Aug 2023

adopted

China: TC260 Second Batch of 18 Cybersecurity Standards

Adopted TC260 Second Batch of 18 Cybersecurity Standards

20 Jul 2023

processing consultation

China: TC 260 Practice Guidelines for Network Security Standards - Security Requirements for Personal Information Protection in Facial Recognition Payment Scenarios

Closed consultation on Practice Guidelines for Network Security Standards - Security Requirements for Personal Information Protection in Facial Recognition Payment Scenarios

06 Jun 2023

in force

China: TC260 Batch of 14 Cybersecurity Standards

Implemented TC260 Batch of 14 Cybersecurity Standards

01 May 2023