China: National Information Security Standardisation Technical Committee adopted guidelines on data security requirements for academic and scientific service platforms including cross-border data transfer requirements

On 16 September 2025, the National Information Security Standardisation Technical Committee (TC260) released the cybersecurity standard practice guidelines – data security requirements for academic and scientific service platforms. The guidelines require non-public data collected or generated domestically to undergo data export security assessments before being provided abroad. Operators must complete approval procedures, apply desensitisation to sensitive datasets, comply with outbound personal information management requirements, and prohibit disclosure of sensitive unit information. Annual risk assessment reports must specify recipient identity, type, volume, purpose, location, duration, and access conditions of outbound data.