China: State Administration for Market Regulation National Standard on Information Security Technology Cloud Computing Service Security Capability Assessment Method enters into force

On 1 February 2026, the Information Security Technology Cloud Computing Service Security Capability Assessment Method enters into force, having been drawn up by the National Network Security Standardization Technical Committee (TC260). The standard specifies the security capabilities required for cloud service providers. The standard categorises security capability requirements into general, enhanced, and advanced levels, with the latter two serving as supplements and reinforcements to the lower-level requirements. This document also provides assessment methods and is intended to guide third-party assessment organisations in conducting security assessments. It can also serve as a reference for cloud service providers conducting self-assessments.