China: National Cybersecurity Standardisation Technical Committee adopted guide on generated AI service security emergency response

On 15 September 2025, the National Cybersecurity Standardisation Technical Committee adopted the Guide on Generative Artificial Intelligence Service Security Emergency Response (V1.0-202509). The guide was prepared to implement the Interim Measures for the Management of Generative Artificial Intelligence Services and to support service providers and other relevant entities in handling security incidents. It sets out methods for classifying and grading incidents, together with management and technical measures for all stages of the emergency response process. The guide applies both to generative AI service providers and to departments responsible for security incident response. The emergency response framework consists of four phases: preparedness, monitoring and early warning, response, and review and improvement. Preparedness requires providers to establish incident response strategies, detailed management plans, and tailored emergency measures for different categories and levels of incidents. The guide also recommends setting up an Incident Response Team, delivering regular training, and organising emergency drills. Technical measures include developing a security risk knowledge base, maintaining keyword libraries, implementing data protection and secure system configurations, and strengthening defences against network attacks, complemented by external cooperation. Monitoring and early warning involve creating monitoring strategies, analysing data, and establishing automatic alert mechanisms. The response phase covers assessment and decision-making, activation of response plans, investigation, incident handling, recovery, and service testing. Reporting procedures distinguish between immediate reporting for higher-level incidents (Level 3 and above) and routine reporting for lower-level incidents. Finally, the guide emphasises ongoing review and improvement, including regular evaluations, simulation exercises, and systematic knowledge management to strengthen long-term response capacity.