China: National Information Security Standardisation Technical Committee adopted guidelines on data security requirements for academic and scientific service platforms including cybersecurity regulation

On 16 September 2025, the National Information Security Standardisation Technical Committee (TC260) released the cybersecurity standard practice guidelines – data security requirements for academic and scientific service platforms. The guidelines require operators to implement organisational management, user management, content management, emergency response, security auditing, and security risk assessments. Obligations include appointment of data security officers and management institutions for platforms with more than 10 million users or handling important data, establishment of internal management systems, incident reporting and notification, and annual security risk assessments in accordance with GB/T 45577—2025.