China: National Information Security Standardisation Technical Committee adopted standard practice guidelines for internet platform data processing suspension
Description
National Information Security Standardisation Technical Committee adopted standard practice guidelines for internet platform data processing suspension
On 16 September 2025, the National Information Security Standardisation Technical Committee (TC260) adopted the standard practice guidelines for internet platform data processing suspension. The guidance applies to internet platforms, including websites, applications, and mini-programs, specifically those processing over 10 million users’ data, that cease operations due to mergers, splits, dissolution, or bankruptcy. Platforms must classify data, stop new collection, and notify users of transfers. Personal information must be handled transparently, with announcements at least 20 working days before shutdown, allowing access, copying, transfer, correction, or deletion. Continued storage is allowed only for legal, financial, or law enforcement purposes, with protective measures. Delegated processors must return or delete data within 15 working days. Key data handling requires submission of a plan at least 45 working days prior, reporting scale, sensitivity, risks, recipients, and mitigation measures. Platforms must assess deletion effectiveness and retain reports for three years.
Original source