China: National Cybersecurity Standardisation Technical Committee closes consultation on draft standard on capability requirements for personal information protection compliance audit institutions

On 12 April 2026, the Secretariat of the National Cybersecurity Standardisation Technical Committee (TC 260) closes the public consultation on the draft national standard Data Security Technology — Capability Requirements for Professional Institutions Specialised in Personal Information Protection Compliance Audit. The draft standard establishes capability requirements for professional institutions conducting personal information protection compliance audits across five domains: basic conditions, management capability, personnel capability, professional capability, and resource capability. The draft standard builds on and incorporates existing national standards on information security terminology, personal information security requirements, and personal information protection compliance audit requirements.