China: National Cybersecurity Standardisation Technical Committee opened consultation on draft standard on capability requirements for personal information protection compliance audit institutions

On 11 February 2026, the Secretariat of the National Cybersecurity Standardisation Technical Committee (TC 260) opened a public consultation on the draft national standard Data Security Technology — Capability Requirements for Professional Institutions Specialised in Personal Information Protection Compliance Audit, until 12 April 2026. The draft standard establishes capability requirements for professional institutions conducting personal information protection compliance audits across five domains: basic conditions, management capability, personnel capability, professional capability, and resource capability. The draft standard builds on and incorporates existing national standards on information security terminology, personal information security requirements, and personal information protection compliance audit requirements. Respondents are invited to submit comments and disclose any known relevant patents together with supporting documentation.