China: National Cybersecurity Standardisation Technical Committee closes consultation on personal information protection requirements for scan-to-order services

On 4 August 2025, the National Cybersecurity Standardisation Technical Committee closes the consultation on the draft cybersecurity standard practice guide on personal information protection requirements for scan-to-order services. The consultation sought input on standardising personal information protection within the scope of scan-to-order services used by various businesses. The guide applies to third-party providers offering such scan-to-order digital services. The guide seeks to prevent excessive or unlawful data collection from dine-in users. It mandates transparency, user consent, data minimisation, and secure processing, while prohibiting practices like forced subscriptions or unauthorised data sharing.