China: National Cybersecurity Standardisation Committee closes consultation on national standard on cybersecurity technology focusing on internet of things security reference model and general requirements

On 26 October 2025, the National Cybersecurity Standardisation Committee closes the consultation on a national standard for cybersecurity technology, focusing on the Internet of Things (IoT) security reference model and general requirements. The standard applies to all organisations developing or operating IoT systems across their entire lifecycle. It introduces a three-dimensional security framework with four distinct security zones and lifecycle-mapped requirements. The standard introduces obligations including mandatory data classification and encryption, supply chain security controls, and prioritised use of state-approved cryptographic algorithms. Organisations must use certified equipment for critical components and conduct annual risk assessments with regulatory reporting. The standard provides immediate guidance for IoT security implementation. The standard also serves as the baseline for sector-specific regulations.