China: TC260 adopted Guidelines on Cybersecurity Protection for AI-Generated Synthetic Content Identification Metadata

On 28 August 2025, the National Technical Committee on Cybersecurity Standards (TC260) adopted the Cybersecurity Standard Practice Guide — Artificial Intelligence Generated Synthetic Content Identification Method: File Metadata Implicit Identification Security Protection Technical Guide, which provides technical implementation requirements and reference formats for security protection of implicit identification in file metadata, in alignment with the mandatory national standard GB 45438-2025 Cybersecurity Technology — Identification Methods for AI-Generated Synthetic Content. The Guide specifies the scope, normative references, terms, definitions, abbreviations, protection objectives, and security mechanisms relevant to metadata-based implicit identification. It details mechanisms, including digital signature-based verification and binding methods using cryptographic hash functions and content fingerprinting, ensuring the authenticity, integrity, and binding of identifiers to AI-generated synthetic content. The Guide establishes a standardised JSON-based format under the “SecurityData” label for recording protective information, with mandatory fields such as Type and Version, and optional fields including Bindings, PrivSD, PubSD, and Extension, covering both publicly and non-publicly verifiable security data. The Guide also incorporates guidance on management, signature computation, validation processes, and the application of cryptographic object identifiers (OIDs) for algorithm specification. Annexes provide illustrative examples for generation and validation of protective information, including recommended content selection strategies for JPEG, PNG, and other file formats, thereby supporting conformity assessment and secure implementation of metadata implicit identifiers in synthetic content files.