China: Ministry of Industry and Information Technology published guiding opinions for compliance management by small and medium enterprises including network and data security

On 7 March 2025, the Ministry of Industry and Information Technology published a guiding opinion aimed at strengthening compliance management among small and medium-sized enterprises (SMEs), including network and data security compliance. The opinion highlights strengthened protections for information systems, networks, and data, the establishment of compliance management systems, data classification and access controls, and personnel and technical security measures. SMEs must identify and file important data, conduct risk assessments, and manage compliance risks related to data sharing, processing, and cross-border transfers. They are also required to meet security obligations in personal data processing and third-party data transactions while preventing and responding to data breaches.