China: 6 cybersecurity national standards covering operational security and automated decision-making enter into force

On 1 October 2025, 6 cybersecurity national standards developed by the National Information Security Standardisation Technical Committee enter into force. They address a range of cybersecurity and data governance issues. These include technical specifications for operational security management products (GB/T 45409-2025), capability requirements for data security assessment institutions (GB/T 45389-2025), and security requirements for automated decision-making based on personal information (GB/T 45392-2025). The set also covers security requirements for the processing of government data (GB/T 45396-2025), requirements for internal personal information protection supervisory bodies in large internet enterprises (GB/T 45404-2025), and security technical requirements for programmable logic controllers (GB/T 45406-2025).