China: National Information Security Standardisation Technical Committee’s standard on security requirements for data transaction services enters into force

National Information Security Standardisation Technical Committee’s standard on security requirements for data transaction services enters into force

On 1 July 2026, the National Information Security Standardisation Technical Committee’s (TC260) Standard Data Security Technology - Security Requirements for Data Transaction Services (GB/T 37932-2025) enters into force. The standard sets out security requirements for data-transaction services covering participants, platforms, targets, and processes. It applies to data providers, data demanders, data-transaction institutions, data vendors, and third-party data-service institutions, and to authorities and assessment bodies responsible for supervising and evaluating the security of data-transaction services.

Original source

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

cross-cutting

Implementation Level

national

Government Branch

executive

Government Body

other regulatory body

Complete timeline of this policy change

Hide details

2025-12-02

adopted

On 2 December 2025, the National Information Security Standardisation Technical Committee (TC260) a…

2026-07-01

in force

On 1 July 2026, the National Information Security Standardisation Technical Committee’s (TC260) Sta…

Description

National Information Security Standardisation Technical Committee’s standard on security requirements for data transaction services enters into force

Scope

Complete timeline of this policy change