China: National Network Security Standardisation Technical Committee closes consultation on requirements for personal information protection compliance audit service capability requirements of professional institutions

On 17 March 2025, the National Network Security Standardisation Technical Committee (TC260) closes its public consultation on the draft "Network Security Standard Practice Guide - Requirements for Personal Information Protection Compliance Audit Service Capability of Professional Institutions". The guidelines aim to standardise the professional institutions' service capabilities, ensuring they have the necessary resources, personnel, and technical abilities to perform audits effectively. The notice outlines requirements for basic conditions, management systems, technical capabilities, personnel qualifications, and facilities. It emphasises the importance of compliance with laws and regulations, risk management, and continuous improvement in audit practices.