China: National Cybersecurity Standardisation Technical Committee opened consultation on draft national standard on cybersecurity technology focusing on capability requirements and evaluation specification for assessment organisation of classified protection of cybersecurity

On 14 July 2025, the Secretariat of the National Cybersecurity Standardisation Technical Committee (TC260) opened a consultation on capability requirements and evaluation specifications for cybersecurity classified protection assessment organisations, until 12 September 2025. The draft sets detailed rules on organisational structure, assessor qualifications, technical capabilities, management systems, and security measures. It introduces classification of organisations into three service levels, strengthens requirements for technical directors, risk control, and data security, and updates evaluation processes for initial, continuous, and capability reviews, applying to institutions assessing networks and systems under the Cybersecurity Law’s graded protection regime.