At the national strategic level, the National Data Bureau has been established; the important regulation for the financial industry, 'Management Measures for Data Security in the Business Field of the People's Bank of China (Draft for Comments)', has been released; the Ministry of Finance has issued the 'Provisional Regulations on Accounting Treatment of Enterprise Data Resources', with data assets 'entering the balance sheet'; a number of national standards for personal information protection have been successively issued...

With the introduction of relevant laws and regulations, the construction of China's data security legal system has taken initial shape, and its regulatory role and influence on various fields and departments will further deepen.

This article collects 28 national policies, 90 local regulations, 21 industry norms, 67 national standards, 8 local standards, 19 group standards, 3 industry standards, and 80 industry-related reports related to data security in 2023, a total of 316 documents for everyone's reference.

National Policy

1、Guidelines on Promoting the Development of the Data Security Industry

Issuing Date: January 3, 2023

Issuing Unit: Ministry of Industry and Information Technology and other sixteen departments

Overview/Requirements: The 'Guiding Opinions' clarify the guiding ideas and basic principles for the development of the data security industry, propose development goals to be achieved by 2025 and 2035, and based on this, determine seven key tasks: enhancing industrial innovation capabilities, strengthening data security services, advancing the construction of the standard system, promoting the application of technical products, building a prosperous industrial ecology, strengthening talent supply guarantees, and deepening international exchanges and cooperation.

2、《Management Regulations for Deep Synthesis in Internet Information Services》

Implementation Date: January 10, 2023

Issuing Unit: National Internet Information Office, Ministry of Industry and Information Technology, Ministry of Public Security

Overview/Requirements: The 'Regulations' aim to strengthen the management of deep synthesis in internet information services, promote socialist core values, safeguard national security and public interests, and protect the legitimate rights and interests of citizens, legal persons, and other organizations.

3、Measures for Further Encouraging Foreign Investment in Establishing Research and Development Centers

Issuing Date: January 11, 2023

Issuing Unit: Ministry of Commerce, Ministry of Science and Technology

Overview/Requirements: The 'Measures' propose to support the legal cross-border flow of research and development data; strengthen the management of data cross-border security, safeguard national security and the public interest, and protect personal information rights and interests; and efficiently carry out security assessments for important data and personal information outflow to promote the safe and orderly free flow of research and development data.

4、Standard Contract for Personal Information Outflow

Publishing Date: February 3, 2023

Implementation Date: June 1, 2023

Publisher: National Internet Information Office

Overview/Requirements: The 'Regulations' aim to implement the provisions of the 'Personal Information Protection Law', protect personal information rights and interests, and regulate personal information cross-border activities.

5, 'Overall Layout Plan for the Construction of a Digital China'

Issuing Date: February 27, 2023

Issuing Unit: Central Committee of the Communist Party of China and the State Council

Overview/Requirements: The 'Plan' points out that building a digital China is an important engine for promoting China's modernization in the digital era and a powerful support for constructing new competitive advantages for the country. Accelerating the construction of a digital China is of great significance and far-reaching impact on comprehensively building a modern socialist country and promoting the great rejuvenation of the Chinese nation.

6、《Generative Artificial Intelligence Service Management Measures (Consultation Draft)》

Publishing Date: 2023-04-11

Issuing Unit: National Cyberspace Administration

Overview/Requirements: The 'Regulations' propose that providers assume the obligation to protect users' input information and usage records during the service provision process. It is prohibited to retain input information that can infer the user's identity, to create a user profile based on user input information and usage, or to provide user input information to others.

7、《People's Republic of China Digital Economy Promotion Law (Expert Draft)》

Release Date: 2023-04-15

Issuing Unit: Academic Seminar on the 'Promotion of Digital Economy Law (Expert Draft)'

Overview/Requirements: The 'Promotion of Digital Economy Law (Expert Draft)' consists of 8 chapters and 66 articles, including General Provisions, Digital Infrastructure Construction, Digital Industrialization and Industrial Digitization, Development and Protection of Data Resources, Digital Governance, Promotion and Guarantee of Digital Economy, Legal Liability, and Supplementary Provisions.

8、《Commercial Cryptography Management Regulations》

Issuing Time: April 27, 2023

Issuing Unit: State Council

Overview/Requirements: The 'Regulations' aim to standardize the application and management of commercial密码, encourage and promote the development of the commercial密码 industry, ensure network and information security, safeguard national security and public interests, and protect the legitimate rights and interests of citizens, legal persons, and other organizations.

9、《Guidelines for Filing Personal Information Cross-border Standard Contracts (First Edition)》

Issuance Date: 2023-05-30

Publisher: National Internet Information Office

Overview/Requirements: The 'Guidelines (First Edition)' aims to guide and assist personal information processors in standardizing and orderly filing personal information cross-border standard contracts, and explains specific requirements for the filing methods, procedures, and materials of personal information cross-border standard contract filing.

10、《China's Stance on Relevant Issues of Global Digital Governance》

Issuing Date: 2023-06-01

Issuing Unit: Ministry of Foreign Affairs

Overview/Requirements: China supports the leading role of the United Nations in global digital governance and rule-making, and is willing to work with all parties to seek solutions to the prominent issues of digital development and global digital governance, and to gather international consensus. To this end, China has submitted its opinions on the formulation of the 'Global Digital Compact' to the United Nations.

11、《Management Regulations for Proximity Ad-Hoc Network Information Services (Draft for Comments)》

Release Date: 2023-06-06

Issuing Unit: National Cyberspace Administration

Overview/Requirements: The 'Regulations' aim to standardize the provision of proximity ad-hoc network information services, safeguard national security and public interests, and protect the legitimate rights and interests of citizens, legal persons, and other organizations.

12、《Management Measures for Commercial密码 Detection Institutions (Draft for Comments)》

Issuing Date: 2023-06-09

Unit of Publication: National Cryptography Administration

Overview/Requirements: In order to strengthen the management of commercial密码 detection institutions and standardize commercial密码 detection activities, this measure is formulated in accordance with relevant laws and regulations such as the 'Cybersecurity Law of the People's Republic of China' and the 'Regulations on Commercial密码 Management'.

13、《Management Measures for Security Assessment of Commercial密码 Applications (Draft for Comments)》

Issuing Date: 2023-06-09

Unit of Publication: National Cryptography Administration

Overview/Requirements: In order to standardize the work of security assessment for commercial密码 applications, ensure network and information security, safeguard national security and public interests, and protect the legitimate rights and interests of citizens, legal persons, and other organizations, this measure is formulated in accordance with relevant laws and regulations such as the 'Cybersecurity Law of the People's Republic of China' and the 'Regulations on Commercial密码 Management'.

14, 'Opinions on Promoting the Standardized and Healthy Development of Cybersecurity Insurance'

Issuing Date: 2023-07-02

Issuing Unit: Ministry of Industry and Information Technology, National Financial Supervision and Administration

Overview/Requirements: The purpose of the Measures is to accelerate the integration and innovation of the cybersecurity industry and financial services, guide the healthy and orderly development of cybersecurity insurance, cultivate new business formats of cybersecurity insurance, promote enterprises to strengthen cybersecurity risk management, and drive the high-quality development of the cybersecurity industry.

15, 'The Measures for Archiving and Managing Electronic Documents and Electronic Archives in E-Government Services'

Issuing Date: 2023-07-30

Issuing Unit: General Office of the State Council

Overview/Requirements: This measure applies to the archiving and management of electronic documents and electronic archives in e-government services provided by government service institutions. The archiving and management of electronic documents and electronic archives for administrative penalties and administrative inspections can be implemented in accordance with this measure.

16, 'The Management Measures for Compliance Audit of Personal Information Protection'

Publication Date: 2023-08-03

Publisher: National Internet Information Office

Summary/Requirements: The 'Measures' aim to guide and standardize the compliance audit activities of personal information protection, improve the compliance level of personal information processing activities, and protect personal information rights.

17. 'Safety Management Regulations for the Application of Facial Recognition Technology (Trial)'

Release Date: 2023-08-08

Publisher: National Internet Information Office

Summary/Requirements: The 'Regulations' aim to standardize the application of facial recognition technology, protect personal information rights and other personal and property rights, maintain social order and public security.

18. 'Interim Provisions on the Accounting Treatment of Enterprise Data Resources'

Release Date: 2023-08-21

Unit of Publication: Ministry of Finance

Summary/Requirements: This regulation applies to data resources recognized as intangible assets or inventory and other asset categories in accordance with the relevant provisions of the Enterprise Accounting Standards, as well as data resources legally owned or controlled by enterprises that are expected to bring economic benefits to the enterprises but have not been recognized as assets due to not meeting the relevant asset recognition conditions of the Enterprise Accounting Standards.

19. 'Interim Provisions on the Temporary Collection of Electronic Data in Administrative Law Enforcement of Market Supervision and Administration'

Release Date: 2023-08-22

Unit of Publication: National Administration for Market Regulation

Summary/Requirements: The 'Regulations' aim to standardize the electronic data collection work in administrative law enforcement of market supervision and administration, improve the electronic data collection capability of law enforcement personnel, and enhance the efficiency of administrative law enforcement.

20. 'Notice on Specifying Matters Concerning the Data Services of Currency Brokerage Companies'

Publishing Date: August 30, 2023

Unit of Publication: National Financial Supervision and Administration Bureau and other five departments

Summary/Requirements: This notice aims to standardize the provision of data services by currency brokerage companies, encourage the legal and reasonable use of data, ensure data security, enhance market information transparency, promote fair competition in the market, and drive the high-quality development of the industry.

21. 'Guiding Opinions on the Evaluation of Data Assets'

Publication Date: 2023-09-08

Unit of Publication: China Appraisal Association

Summary/Requirements: The 'Guiding Opinions' aim to standardize the behavior of data asset evaluation and protect the legitimate rights and interests of the parties involved in asset evaluation and the public interest.

22Regulations on Standardization and Promotion of Data Cross-border Flow

Publication Date: 2023-10-07

Publisher: National Internet Information Office

Summary/Requirements: The 'Regulations' responds to the compliance confusion of various enterprises in practice and reduces the compliance costs that some enterprises need to fulfill in the process of data出境 through the positive listing of exemption lists.

23. 'Administrative Measures for Commercial Cryptography Testing Institutions'

Publication Date: 2023-10-07

Unit of Publication: National Cryptography Administration

Summary/Requirements: The 'Measures' aim to strengthen the management of commercial cryptography testing institutions and standardize the activities of commercial cryptography testing.

24. 'Administrative Measures for the Safety Evaluation of Commercial Cryptography Applications'

Publication Date: 2023-10-07

Unit of Publication: National Cryptography Administration

Summary/Requirements: The formulation of 'Measures' refines the requirements of the 'Cybersecurity Law' and 'Regulations' on the main body, methods, procedures, and filing aspects of the safety evaluation of commercial cryptography applications. It absorbs and inherits the experience and practices of the pilot projects for the safety evaluation of commercial cryptography applications, combines the actual work, emphasizes legality, rationality, and operability, and strives to ensure completeness of content and rigor of logic.

25. 'Regulations on Internet Protection for Minors'

Publication Date: 2023-10-16

Unit of Publication: National Internet Office

Overview/Requirements: The 'Regulations' aim to create a network environment that is conducive to the physical and mental health of minors and protect the legitimate rights and interests of minors.

26, 'Interim Measures for the Security Management of Accounting Firm Data (Consultation Draft)

Release Date: November 14, 2023

Publisher: General Office of the Ministry of Finance, Secretariat of the National Internet Information Office

Overview/Requirements: The 'Measures' aim to ensure the data security of accounting firms and standardize the data processing activities of accounting firms.

27, 'Network Security Incident Reporting Measures'

Publication Date: 2023-12-08

Publisher: National Internet Information Office

Overview/Requirements: The 'Measures' aim to standardize the reporting of network security incidents, reduce the losses and hazards caused by network security incidents, and maintain national cyber security.

28, 'Data Elements × Three-Year Action Plan (2024-2026)

Publication Date: 2023-12-15

Publisher: National Data Bureau

Overview/Requirements: The 'Action Plan' proposes that by the end of 2026, the breadth and depth of application scenarios of data elements will be greatly expanded, the multiplier effect of data elements in the economic development field will be evident, and more than 300 typical application scenarios with strong demonstration power, high visibility, and wide driving force will be created.

Local Regulations

[Shanghai]

1、Lingang New District International Data Industry Special Planning (2023-2025)

Release Date: January 5, 2023

Publisher: Management Committee of the Lingang New District of China (Shanghai) Pilot Free Trade Zone

Overview/Requirements: The 'Plan' combines the digital economic development orientation, industrial layout, and urban spatial layout of the Lingang New District, and puts forward five major tasks: constructing the supporting foundation of data elements, creating a carrier area for data industries, building a prosperous and orderly market ecosystem, promoting cross-border data flow services, and enhancing the industrial value of data empowerment.

2、《Shanghai Information Infrastructure Management Measures》

Release Date: January 19, 2023

Implementation Time: March 1, 2023

Publisher: Shanghai Municipal People's Government

Overview/Requirements: The 'Measures' aim to standardize and promote the construction and management of information infrastructure in the city, ensure the security of information infrastructure, and promote the comprehensive digital transformation of the economy, life, and governance.

3, 'Shanghai Public Data Sharing Implementation Measures (Trial Implementation)'

Release Date: March 2, 2023

Publisher: Shanghai

Overview/Requirements: The 'Implementation Measures' aim to further improve the data management system, deepen the standardized governance and application of public data.

4Shanghai Telecommunications and Internet Industry Chief Data Officer System Construction Guide

Publication Date: 2023-05-31

Publisher: Shanghai Communications Administration Bureau

Overview/Requirements: In order to deeply implement and carry out the spirit of documents such as the 'Data Security Law', 'Opinions of the CPC Central Committee and the State Council on Building a More Perfect System and Mechanism for the Market-oriented Allocation of Elements', 'Overall Layout Plan for the Construction of Digital China', 'Administrative Measures for Data Security in the Information and Industrialization Field (Trial Implementation)', 'Shanghai Data Regulations', and other documents, efforts are made to create an open, healthy, and secure digital ecology, adhere to the dual emphasis on data development and security, deepen the data governance of the telecommunications and Internet industries in Shanghai, improve the data security management organizations of telecommunications and Internet enterprises, clarify the management responsibilities and boundaries of the Chief Data Officer (CDO) in the telecommunications and Internet industries in Shanghai, and formulate this construction guide.

5. 'Shanghai Online Food Delivery Service Consumer Personal Information Protection Compliance Guidance'

Release Date: July 18, 2023

Issuing Unit: Shanghai Consumer Rights Protection Committee

Overview/Requirements: The 'Guidance' aims to strengthen the protection of personal information of consumers in the catering industry in this city, and effectively improve the level of compliance in business operations of catering operators.

6. 'Action Plan for Promoting the Innovative Development of the Data Element Industry in the New赛道 of the Digital Economy (2023-2025)'

Issuing Date: 2023-07-22

Issuing Unit: Office of the People's Government of Shanghai

Overview/Requirements: The 'Action Plan' aims to implement the major strategic deployments of the Party Central Committee and the State Council on building a strong digital country and digital China, and implement the spirit of documents such as the national data-based system and the cultivation of the data element market.

7. 'Several Provisions (Draft) for Promoting Data Circulation and Trading in Pudong New Area (Shanghai)'

Issuing Date: 2023-07-25

Issuing Unit: Office of the Standing Committee of the Shanghai Municipal People's Congress

Overview/Requirements: This regulation applies to data circulation and trading activities, as well as related promotion, guarantee, and supervision activities conducted within the administrative area of Pudong New Area.

8. 'Several Provisions (Draft) for Promoting Data Circulation and Trading in Pudong New Area (Shanghai)'

Issuing Date: 2023-07-25

Issuing Unit: Office of the Standing Committee of the Shanghai Municipal People's Congress

Overview/Requirements: This regulation applies to data circulation and trading activities, as well as related promotion, guarantee, and supervision activities conducted within the administrative area of Pudong New Area.

9. 'Guidance on Data Transaction Security and Compliance'

Issuing Date: 2023-10-19

Issuing Unit: Shanghai Data Exchange

Overview/Requirements: The 'Guidance' aims to further enhance the understanding and awareness of data trading entities about the compliance and security of data transactions, and guide trading entities to conduct data transactions in compliance and safety.

10. 'Shanghai Commercial Supermarket Personal Information Protection Compliance Guidance'

Issuing Date: 2023-11-06

Issuing Unit: Shanghai Consumer Rights Protection Committee, Shanghai Chain Operation Association

Overview/Requirements: The 'Guidance' aims to strengthen the protection of personal information in the shopping consumption field of commercial supermarkets in this city, and promote commercial supermarket operators to actively fulfill their obligations to protect personal information.

[Fujian Province]

1、Overall Plan for Reform and Construction of Digital Government in Fujian Province

Issuing Date: January 10, 2023

Issuing Unit: People's Government of Fujian Province

Overview/Requirements: The 'Plan' aims to thoroughly implement the spirit of the Party's 20th National Congress, seriously implement the major deployment of the Party Central Committee and the State Council on strengthening the construction of digital government, accelerate the construction of an overall coordinated and efficient digital government, and promote the modernization of the system and capacity for governance.

2. Implementation Plan for Accelerating the Market-oriented Reform of Data Elements in Fujian Province

Issuing Date: 2023-09-19

Issuing Unit: Fujian Provincial Development and Reform Commission

Overview/Requirements: The 'Implementation Plan' aims to thoroughly implement the spirit of the 'Opinion of the CPC Central Committee and the State Council on Building Data-based Systems and Giving Full Play to the Role of Data Elements', promote the construction of data-based systems, activate the potential of data elements, accelerate the market-oriented reform of data elements, and help to expand, strengthen, and optimize the digital economy.

3, 'Provisional Measures for the Authorization and Operation Management of Public Data in Xiamen City (Draft for Comments)'

Release Date: 2023-10-10

Publisher: Xiamen Municipal Bureau of Industry and Information Technology, Xiamen Municipal Bureau of Big Data Administration

Overview/Requirements: The Provisional Measures aim to standardize the behavior of public data authorization and operation, accelerate the socialization and value-added development and utilization of public data resources, cultivate the data element market, and promote the construction and development of digital government, digital society, and digital economy.

4, 'Implementation Plan for the Construction of an Integrated Public Data System in Fujian Province'

Release Date: 2023-10-11

Publisher: Fujian Provincial Government Office

Overview/Requirements: By 2025, the integrated public data system in the province will be more comprehensive, deeply integrated with the national integrated government big data system, and data inter-provincial intercommunication will be more efficient and normalized. The basic system of data fundamental institutions will be basically established, the quality of public data will be significantly improved, the demand for public data sharing will be generally met, and the ability of big data analysis and application will be significantly enhanced.

[Henan Province]

1、Work Plan for the Development of Digital Economy in Henan Province in 2023

Release Date: January 25, 2023

Publisher: Henan Provincial Development and Reform Commission

Overview/Requirements: The Plan proposes to implement the leading project of intelligent manufacturing. Accelerate the deep integration of digital technologies such as 5G, artificial intelligence, and digital twins with the manufacturing industry, promote the intelligent transformation of key industries such as non-ferrous metals and chemicals, build about 150 intelligent factories, select a batch of benchmark enterprises and excellent scenarios for intelligent manufacturing, and strive to create a national-level digital transformation promotion center.

2、Implementation Measures for the Security Management of Government Data in Zhengzhou City

Release Date: March 2, 2023

Publisher: Zhengzhou Municipal People's Government

Overview/Requirements: The Implementation Measures aim to strengthen the security management of government data, establish and improve the security guarantee system for government data, and prevent the occurrence of government data security incidents.

3、《Work Plan for the Development of Big Data Industry in Henan Province in 2023》

Release Date: 2023-04-03

Publisher: Henan Province's Leading Group for Strong Manufacturing Province Construction

Overview/Requirements: The Work Plan clearly states that by 2023, the industrial development foundation of big data in Henan Province will be more solid, the industrial ecology will continue to optimize, the enabling effect will be more significant, new breakthroughs will be made in the cultivation of the data element market, new achievements will be made in innovative applications, the industrial development will move to a new level, and the scale of the big data industry will increase by more than 25%.

4、《Implementation Plan for Strengthening Digital Government Construction in Henan Province (2023-2025)》

Release Date: 2023-04-26

Overview/Requirements: In order to implement the

【Tibet Autonomous Region】

1、《Tibet Autonomous Region Network Information Security Regulations》

Implementation Date: February 1, 2023

Issuing Organization: The 11th Standing Committee of the People's Congress of the Tibet Autonomous Region

Overview/Requirements: The 'Regulations' aim to safeguard national security and public interests, oppose separatism, promote ethnic unity and progress, ensure network information security, and protect the legitimate rights and interests of citizens, legal persons, and other organizations.

【Zhejiang Province】

1《On the Implementation Opinions to Support the Steady and Progressive Improvement of the Information Service Industry>

Release Date: February 14, 2023

Issuing Organization: Zhejiang Provincial Leading Group for Digital Economic Development

Overview/Requirements: The 'Opinion' proposes to strengthen the research and application of data security technology, explore property rights systems and market systems that are conducive to data security protection, effective utilization, and compliant circulation, and improve the institutional and systemic mechanism of the data element market.

2、《Hangzhou Municipal Public Data Authorization Operation Implementation Plan (Trial)》(Draft for Comments)

Release Date: February 21, 2023

Issuing Organization: Hangzhou Municipal Bureau of Data Resources

Overview/Requirements: The 'Plan' aims to accelerate the orderly development and utilization of public data and cultivate the data element market. In terms of data security, the 'Plan' clarifies the basic principle of 'stable and orderly, controllable and secure', and proposes to encourage certification at the level of 3 or above of Data Management Capability Maturity Model (DCMM) and Data Security Capability Maturity Model (DSMM).

3, 'Zhejiang Province Enterprise Chief Data Officer System Construction Guidelines (Trial)

Release Date: 2023-07-16

Issuing Organization: Zhejiang Provincial Economic and Information Technology Commission

Overview/Requirements: The 'Construction Guide' aims to deeply implement the Opinions of the CPC Central Committee and the State Council on 'Building a Data-based System and Giving Full Play to the Role of Data Elements', implement the 'Zhejiang Province Pilot Program for Promoting the Value-ization of Industrial Data', accelerate the guidance for enterprises to build a Chief Data Officer system, improve the public data service ecosystem of enterprises, and realize data governance, data-driven, and data value-added.

4, 'Zhejiang Province Public Data Authorization Operation Management Measures (Trial)

Release Date: 2023-08-01

Issuing Organization: Zhejiang Provincial Government Office

Overview/Requirements: The 'Management Measures' aim to standardize the management of public data authorized operation, accelerate the orderly development and utilization of public data, and cultivate the data element market. These measures are applicable to the pilot work of public data authorized operation within the administrative area of this province.

5, 'Wenzhou Municipal Public Data Authorization Operation Management Implementation Measures (Trial)

Release Date: 2023-08-05

Issuing Organization: Wenzhou Municipal Bureau of Big Data Development

Overview/Requirements: The authorization, processing, operation, pricing, safety supervision and other data activities related to public data authorized operation within the administrative area of this city are applicable to this implementation measure.

6, 'Zhejiang Province Automotive Data Processing Management Regulations'

Release Date: 2023-11-04

Issuing Organization: Provincial Internet Information Office, Provincial Development and Reform Commission, Provincial Economic and Information Technology Commission, Provincial Public Security Bureau, Provincial Department of Transport

Overview/Requirements: The Regulations aim to standardize the handling of motor vehicle data within the province, protect the legitimate rights and interests of individuals and organizations, maintain national security and public interests, and promote the rational development and utilization of motor vehicle data.

7, 'Hangzhou Digital Trade Promotion Regulations (Draft)'

Publication Date: 2023-11-07

Publisher: Hangzhou Municipal People's Congress Standing Committee, Legal Affairs Commission

Overview/Requirements: The Regulations aim to promote the development of digital trade, build a digital trade system, optimize the digital trade market environment, and promote high-quality economic development.

[Guangdong Province]

1、Measures for the Implementation of the Construction of 'Digital Government 2.0' Focusing on the Work of 'Real Economy as the Foundation and Manufacturing as the Leader'

Release Time: February 16, 2023

Publisher: Guangdong Provincial Administration of Government Affairs Service Data

Overview/Requirements: The Measures propose work measures in seven aspects, including optimizing the business environment, empowering the real economy to improve quality and efficiency, promoting the development of the data industry, cultivating the digital government industrial ecosystem, promoting the high-quality development of the information and creation industry, advancing the development of the digital government network security industry, and creating a good environment for serving the real economy.

2、Interim Measures for the Management of Shenzhen Data Property Registration (Solicitation for Comments)

Issuing Date: February 17, 2023

Publisher: Shenzhen Municipal Commission of Development and Reform

Overview/Requirements: The Measures aim to standardize the registration of data property, protect the legitimate rights and interests of market participants in the data element market, and promote the open flow and exploitation and utilization of data as a production factor.

3、Interim Measures for the Management of Shenzhen Data Trading

Implementation Time: March 1, 2023

Publisher: Shenzhen Municipal Development and Reform Commission

Overview/Requirements: The Measures aim to establish a compliant, efficient, and controllable data可信 circulation system; build a data trading service environment with identifiable data sources, definable usage scope, traceable circulation process, and preventable safety risks; under the premise of ensuring data security, public interest, and the legality of data sources, market entities shall enjoy the rights to hold data resources, use data processing, and operate data products in accordance with the law.

4、Interim Measures for the Management of Shenzhen Data Merchants and Third-party Service Institutions for Data Circulation and Trading

Implementation Time: March 10, 2023

Publisher: Shenzhen Municipal Development and Reform Commission

Overview/Requirements: The Measures clearly stipulate that data merchants shall conduct strict review of the transaction targets to ensure their legal source, authenticity of content, and reliability of quality. In cases involving cross-border transactions and providing transaction targets to overseas entities, they shall comply with the national regulations on the security management of data出境. Data merchants shall adopt security protection management measures, establish a security management department, and establish and improve systems for classified and graded management of data security, employee access permission management, supplier qualification management, and internal audit, and regularly carry out safety education and training.

5、《Guangdong Province Data Circulation and Transaction Management Measures (Trial) (Draft for Comments)》

Release Date: 2023-04-04

Issuing Unit: Guangdong Provincial Service Governance Data Management Bureau

Summary/Requirements: In order to standardize the circulation and transaction activities of data, protect the rights and interests of data elements, ensure data security, promote the autonomous and orderly flow and efficient and fair allocation of data elements, cultivate two-level data element markets, in accordance with the 'Cybersecurity Law of the People's Republic of China', the 'Data Security Law of the People's Republic of China', the 'Personal Information Protection Law of the People's Republic of China', the 'Guangdong Province Digital Economy Promotion Regulations', the 'Guangdong Province Public Data Management Measures' and relevant laws and regulations, combined with the actual situation of the province, these Measures are formulated.

6、《Guangdong Province Data Asset Compliance Registration Rules (Trial) (Solicitation for Comments)》

Release Date: 2023-04-04

Issuing Unit: Guangdong Provincial Service Governance Data Management Bureau

Overview/Requirements: In order to standardize the registration of data assets, protect the rights and interests of data elements, and promote the compliant and efficient circulation and trading of data, in accordance with the 'Interim Measures for the Administration of Data Circulation and Trading in Guangdong Province' and relevant laws and regulations, combined with the actual situation of the province, this rule is formulated.

7、《Guangdong Province Data Circulation and Transaction Supervision Rules (Trial) (Draft for Comments)》

Release Date: 2023-04-04

Issuing Unit: Guangdong Provincial Service Governance Data Management Bureau

Summary/Requirements: In order to prevent risks in data circulation and transaction activities, standardize the behavior of data circulation and transaction subjects in our province, ensure the safe and orderly flow and efficient and fair allocation of data, promote the healthy and effective operation of the data element market, in accordance with the 'Guangdong Province Data Circulation and Transaction Management Measures (Trial)', this rule is formulated.

8、《Guangdong Province Data Broker Management Rules (Trial)》

Release Date: 2023-04-04

Issuing Unit: Guangdong Provincial Service Governance Data Management Bureau

Summary/Requirements: In order to standardize the identification, business operations, and daily supervision of data brokers, in accordance with the 'Guangdong Province Data Circulation and Transaction Management Measures (Trial)', this rule is formulated.

9、《Guangdong Province Data Circulation and Transaction Technical Security Specification (Trial) (Draft for Comments)》

Release Date: 2023-04-04

Issuing Unit: Guangdong Provincial Service Governance Data Management Bureau

Summary/Requirements: In order to establish a comprehensive technical security framework to support compliant registration, circulation and transaction, and supervision and management of data circulation and transaction, in accordance with the relevant provisions of the 'Guangdong Province Data Circulation and Transaction Management Measures (Trial)', this specification is formulated.

10、《Guangdong Province Data Circulation and Transaction Management Measures (Trial) (Draft for Comments)》

Release Date: 2023-04-04

Issuing Unit: Guangdong Provincial Service Governance Data Management Bureau

Summary/Requirements: In order to standardize the circulation and transaction activities of data, protect the rights and interests of data elements, ensure data security, promote the autonomous and orderly flow and efficient and fair allocation of data elements, cultivate two-level data element markets, in accordance with the 'Cybersecurity Law of the People's Republic of China', the 'Data Security Law of the People's Republic of China', the 'Personal Information Protection Law of the People's Republic of China', the 'Guangdong Province Digital Economy Promotion Regulations', the 'Guangdong Province Public Data Management Measures' and relevant laws and regulations, combined with the actual situation of the province, these Measures are formulated.

11、《Guangzhou Public Data Openness Management Measures》

Publishing Date: 2023-04-11

Issuing Unit: Guangzhou Municipal Service Governance Data Management Bureau

Summary/Requirements: In order to standardize and promote the opening and exploitation of public data in the city, enhance the governance capacity and public service level of the government, accelerate the effective flow of data elements, promote the development of the digital economy and the digital society, in accordance with relevant laws, regulations, and rules, combined with the actual situation of the city, these Measures are formulated.

12, 'Shenzhen Data Property Registration Management Temporary Measures'

Release Date: 2023-07-01

Issuing Unit: Shenzhen Municipal Commission of Development and Reform

Summary/Requirements: The Measures aim to standardize the registration of data property, protect the legitimate rights and interests of the subjects participating in the data element market, and promote the opening, flow, and exploitation of data.

13, 'Shenzhen Enterprise Data Compliance Guidance'

Publication Date: 2023-09-11

Issuing Unit: Shenzhen Municipal Procuratorate, Shenzhen Internet Information Office, etc.

Summary/Requirements: Enterprises of all types in Shenzhen can refer to this guidance for data compliance management in data processing activities. This guidance is not mandatory; where there are special provisions in laws, regulations, and relevant national or industry standards, those provisions shall apply.

14, 'Shenzhen Public Data Openness Management Measures (Draft for Comments)

Release Date: 2023-09-26

Issuing Unit: Shenzhen Municipal Service Governance Data Management Bureau

General Overview/Requirements: The 'Management Measures' aim to standardize and promote the opening of public data throughout the city, promote the development and utilization of public data, release the economic and social value of public data, and give full play to the supporting role of public data in the high-quality development of the digital economy, digital government, digital culture, digital society, and digital ecological civilization.

15. 'Shenzhen Municipal Health and Health Data Management Measures'

Issuing Date: November 16, 2023

Issuing Unit: Shenzhen Municipal Health and Health Commission

General Overview/Requirements: The 'Management Measures' aim to standardize and promote the opening of public data in the city, promote the development and utilization of public data, release the economic and social value of public data, and give full play to the supporting role of public data in the high-quality development of the digital economy, digital government, digital culture, digital society, and digital ecological civilization.

16. 'Implementation Opinions on Better Utilizing Data Elements to Promote the High-Quality Development of Guangzhou'

Issuing Date: 2023-11-28

Issuing Unit: Guangzhou Municipal Committee for Comprehensive Deepening of Reform

General Overview/Requirements: The 'Implementation Opinions' point out that it is necessary to explore the establishment of a data element statistical accounting system, formulate guidelines for the value evaluation of data elements, promote the inclusion of data element value in the national economic accounting, and scientifically evaluate the contribution of data elements in various districts, departments, and industries to economic and social development.

[Xinjiang Uygur Autonomous Region]

1、'Measures for the Management of Public Data in Xinjiang Uygur Autonomous Region (Trial)'

Issuing Date: February 17, 2023

Issuing Unit: Office of the People's Government of Xinjiang Uygur Autonomous Region

General Overview/Requirements: The 'Measures' mention that the public data主管部门 should clarify the source department of public data according to the requirements of 'one number, one source, one standard'. The autonomous region's public data主管部门 is responsible for organizing the establishment of public data security management systems, formulating public data security level classification and protection measures, regularly conducting local and remote backups of public data sharing and open databases in accordance with national and autonomous region regulations, guiding and supervising the safety assurance work throughout the process of public data collection, use, and management, and regularly carrying out public data risk assessment and security review.

[Yunnan Province]

1、《Overall Plan for the Construction of Yunnan Province's Digital Government》

Release Date: March 2, 2023

Issuing Unit: Yunnan Province People's Government

General Overview/Requirements: The 'Plan' proposes a digital government technical architecture including 'four horizontal and three vertical' seven systems. 'Four horizontal' refers to the business application system, the common application support system, the data resource system, and the infrastructure system; 'three vertical' refers to the security assurance system, the system and standardization system, and the operation and maintenance system.

2. 'Dali Prefecture Data Security Management Measures'

Release Date: 2023-10-09

Issuing Unit: Dali Bai Autonomous Prefecture People's Government

General Overview/Requirements: The data element security management in Dali Prefecture adheres to the principle of 'equally emphasizing development and security, combining prevention and governance, considering both system and technology, and coordinating the government and the market', accelerating the construction of a data element security governance system, and ensuring the orderly flow of data elements in accordance with the law.

3. 'Dali Prefecture Data Element Management Measures'

Release Date: 2023-10-09

Issuing Unit: Dali Bai Autonomous Prefecture People's Government

General Overview/Requirements: The data element management in Dali Prefecture follows the principle of 'development and security in parallel, circulation and utilization and rights protection in balance', encouraging the legal and regulatory supply of data, safe and compliant development, and reasonable and effective utilization, promoting the orderly and free flow of data in accordance with the law, and safeguarding the legitimate rights and interests of all parties involved in data elements.

4, 'Yunnan Province Public Data Management Measures (Draft for Comments)'>

Issuing Date: October 27, 2023

Issuing Organization: Yunnan Provincial Department of Development and Reform

Overview/Requirements: The 'Management Measures' aims to strengthen the management of public data, ensure the security of public data, promote the sharing, opening, and application of public data, protect the legitimate rights and interests of natural persons, legal persons, and unincorporated organizations, further promote the construction of Digital Yunnan, and improve the modernization of the provincial governance system and governance capacity.

【Hubei Province】

1、《Wuhan Digital Economy Promotion Regulations (Draft for Comments)'>

Issuing Date: March 13, 2023

Issuing Organization: Wuhan Economic and Information Technology Bureau

Overview/Requirements: The 'Regulations' aims to break through the development of the digital economy, promote the deep integration of digital technology and the real economy, accelerate the high-quality development of the economy and society, accelerate the digital transformation of cities, and at the same time achieve the promotion of development and the standardization of supervision.

2、《Hubei Province Measures for Promoting the Digital Economy》

Release Date: 2023-05-22

Issuing Organization: Hubei Provincial People's Government

Overview/Requirements: In order to accelerate the development of the digital economy, promote the digital industrialization and industrial digitalization, promote the efficient circulation and use of data element resources, promote the deep integration of the digital economy and the real economy, build a national highland of digital economic development, in accordance with relevant laws and regulations, combined with the actual situation of this province, this measure is formulated.

3, 'Hubei Province Interim Measures for Data Trading Management',

Publication Date: 2023-11-07

Issuing Organization: Hubei Provincial Department of Development and Reform

Overview/Requirements: The 'Interim Measures' aims to guide and cultivate the data trading market in this province, prevent risks in data trading, standardize data trading behavior, and promote the efficient and orderly circulation of data.

【Beijing】

1，《Work Plan on Promoting the Innovative Development of Beijing's Internet 3.0 Industry (2023-2025)》,

Issuing Date: March 17, 2023

Issuing Organization: Beijing Commission of Science and Technology, Zhongguancun Science Park Management Committee, Beijing Bureau of Economy and Information Technology

Overview/Requirements: The 'Work Plan' aims to seize the opportunities of the new round of scientific and technological innovation and industrial transformation, and promote the innovative development of Beijing's Internet 3.0 industry. In terms of Internet 3.0 supervision, it proposes to focus on content supervision of Internet 3.0, data security, privacy protection, identity credibility, and asset confirmation, and strengthen the exploration of supervision mechanisms and models.

2、《Beijing Management Measures for Data Intellectual Property Rights (Trial)》

Issuing Date: May 12, 2023

Issuing Organization: Beijing Intellectual Property Bureau

Overview/Requirements: The 'Management Measures' aims to standardize the registration of data intellectual property rights within the administrative region of Beijing, safeguard the legitimate rights and interests of the participants in the data element market, promote the efficient circulation and use of data elements, release the potential of data elements, and support the high-quality development of the digital economy.

3, 'Implementation Opinions on Further Accelerating the Development of Digital Economy by Giving Full Play to the Role of Data Elements'

Release Date: 2023-07-05

Issuing Organization: Beijing Municipal Government

Overview/Requirements: The Implementation Opinions aim to implement the decisions and deployments of the Central Committee and the State Council on building a data-based system and giving full play to the role of data elements, deeply implement the 'Beijing Municipal Digital Economy Promotion Regulations', cultivate and develop the data element market, and accelerate the construction of a global benchmark city for the digital economy.

4, 'Detailed Implementation Measures for Data Security Management in the Telecommunications Field in Beijing'

Publishing Date: 2023-07-24

Issuing Organization: Beijing Municipal Communications Administration

Overview/Requirements: Data processors in the telecommunications field in Beijing should comply with the requirements of relevant laws, administrative regulations, and this detail when carrying out data processing activities and their safety supervision.

5, 'Case Analysis and Compliance Guidelines for Unauthorized Collection and Use of Consumer Personal Information in Beijing Scanning Consumption Service'

Publishing Date: August 30, 2023

Issuing Organization: Beijing Municipal Internet Information Office

Overview/Requirements: The Compliance Guidelines aim to further regulate the business practices of scanning consumption service operations in our city, and effectively protect the personal information legal rights and interests of consumers.

6, 'Draft for Comments of Beijing Foreign Investment Regulations'

Publishing Date: September 20, 2023

Issuing Organization: Beijing Municipal Commission of Commerce

Overview/Requirements: The Regulations aim to promote higher-level opening-up in the city, actively promote foreign investment, protect the legitimate rights and interests of foreign investors, regulate the management of foreign investment, and help build a new pattern of comprehensive opening-up.

7, 'Guidelines for Beijing Enterprises' Data Intellectual Property Work'

Publishing Date: December 6, 2023

Issuing Organization: Beijing Municipal Bureau of Intellectual Property, Beijing Municipal Economic and Information Technology Bureau, Beijing Municipal Procuratorate

Overview/Requirements: The main part of the Guidelines involves 5 chapters on the creation, application, and management of data intellectual property rights, guiding enterprises to standardize all aspects of data intellectual property work.

8, 'Beijing Public Data Special Zone Authorization and Operation Management Measures'

Publication Date: 2023-12-08

Issuing Organization: Beijing Municipal Economic and Information Technology Bureau

Overview/Requirements: The Management Measures aim to implement the spirit of the central and municipal documents related to data elements, accelerate the orderly development and utilization of public data, improve the authorization and operation management mechanism of public data special zones, and cultivate the data element market.

[Shandong Province]

1、Implementation Plan for the Construction of Digital Government in Shandong Province

Publishing Date: February 3, 2023

Issuing Organization: Shandong Provincial Government News Office

Overview/Requirements: The Implementation Plan clearly states the need to improve data management mechanisms, accelerate the construction of a unified, collaborative, and secure provincial-level integrated government big data system. Focus on deepening the innovative application of data, creating innovative application scenarios in all regions and fields. Strengthen the safety management responsibilities of the digital government, enhance the security of key information infrastructure, strengthen technical security protection, improve the level of independent control, and accelerate the construction of a 'clearly defined responsibilities, controllable, capable, and efficient' cyber security system, and firmly establish the safety defense line.

2、《Yantai City Action Plan for Activating Data Element Potential and Giving Full Play to the Role of Data Elements (2023-2025Year)》

Publishing Date: 2023-04-07

Issuing Organization: Office of the People's Government of Yantai City

Summary/Requirements: In order to activate the potential of data elements, enhance the new driving force of economic development, give full play to the strategic and fundamental role of data elements in promoting the high-quality development of the economy and society, in accordance with the 'Opinions of the CPC Central Committee and the State Council on Building a Data-based System and Giving Full Play to the Role of Data Elements' and the 'Regulations Promoting the Development of Big Data in Shandong Province', combining with the actual situation of our city, this action plan is formulated.

3、《Provisional Measures for the Management of Public Data Operation Pilot in Qingdao City》

Issuance Date: 2023-04-25

Issuing Organization: Qingdao Municipal Bureau of Big Data Development

Summary/Requirements: The 'Provisional Measures' consists of 8 chapters and 41 articles, focusing on the key subjects, links, and processes involved in the operation of public data, clearly defining the division of responsibilities, platform construction, data supply, data management, data application, data security, evaluation, and exit mechanism.

4、 《Digital Qingdao Development Plan (2023-2025)》

Release Date: 2023-05-08

Issuing Organization: Office of the Digital Qingdao Construction Leadership Group

Summary/Requirements: The 'Development Plan (2023-2025)' proposes that Qingdao will take the benchmark practice area of 'Digital China' as the guide, focusing on the requirements of leading within the province, advancing domestically, and highlighting characteristics globally, in accordance with the general principles of upholding the leadership of the Party, overall transformation, all-round empowerment, revolutionary reshaping, systematic collaboration, and forward-looking layout, to promote the construction of the '5+12+N' 'Digital Qingdao 2.0 Project'.

5、《Work Outline for the Development of Big Data Industry in Shandong Province in 2023》

Issuance Date: 2023-05-30

Issuing Organization: Shandong Provincial Department of Industry and Information Technology

Summary/Requirements: In order to thoroughly implement the relevant deployment and arrangements of the Party Committee and the provincial government to promote the development of the digital economy, implement the requirements of 'Shandong Province '14th Five-Year Plan for the Development of Big Data Industry' and 'Key Work Tasks for 2023 in Shandong Province to Build a Green, Low-Carbon, High-Quality Development Pilot Area', give full play to the role of data elements, continuously promote the rapid development of the big data industry throughout the province, promote the deep integration of digital technology with the real economy, and formulate this work outline in combination with the actual situation of our province.

6, 'Implementation Measures for Data Security Management in the Field of Industrial and Information Technology of Shandong Province'

Issuance Date: 2023-07-20

Issuing Organization: Shandong Administration Bureau, Provincial Department of Industry and Information Technology

Summary/Requirements: The data processing activities in the field of industrial and information technology and their safety supervision carried out within the administrative region of this province shall comply with the requirements of relevant laws, administrative regulations and this detailed implementation regulation.

[Heilongjiang Province]

1、《Implementation Plan for Accelerating the Construction of Digital Government in Harbin City2023-2025》

Issuance Date: 2023-04-12

Issuing Organization: Harbin Municipal People's Government

Summary/Requirements: In order to deeply implement and carry out the spirit of the Implementation Opinions of the People's Government of Heilongjiang Province on Strengthening the Construction of Digital Government, promote the construction of digital government at a high standard, accelerate the transformation of government functions, promote the modernization of the government governance system and governance capacity, in accordance with the relevant requirements of the 'Heilongjiang Province Promotion of Big Data Development and Application Regulations' and the 'Heilongjiang Province '14th Five-Year Plan for Digital Government Construction', combining with the actual situation of our city, this plan is formulated.

[Inner Mongolia Autonomous Region]

1、 《Implementation Plan for the Construction of the Regional Integrated Government Affairs Big Data System in Inner Mongolia Autonomous Region》

Issuing Time: April 14, 2023

Issuing Unit: Inner Mongolia Autonomous Region People's Government Office

Overview/Requirements: In order to implement the spirit of the 'Guiding Opinions of the State Council on Strengthening the Construction of Digital Governments' and the 'Notice of the General Office of the State Council on Printing and Issuing the Guiding Opinions on the Construction of a National Integrated Government Affairs Big Data System', integrate and build a unified standard, reasonable layout, coordinated management, and safe and reliable regional integrated government affairs big data system, combined with the actual situation of the autonomous region, this plan is formulated.

[Jiangsu Province]

1、 《Jiangsu Province Digital Government Construction Work Key Points for 2023》

Issuing Time: April 27, 2023

Issuing Unit: Jiangsu Provincial People's Government Office

Overview/Requirements: Based on promoting high-quality development, efficient governance, and high-quality life, the 'Work Key Points' focuses on deepening the construction of the digital government, striving to improve the integrated government affairs big data system, comprehensively promoting the digital transformation of industry and field, further promoting the reconstruction and optimization of government governance processes and models, and continuously improving the level of government management and service efficiency.

2、 《Suzhou City Public Data Openness Implementation Measures》

Release Date: 2023-05-04

Issuing Unit: Suzhou City Big Data Administration Bureau

Overview/Requirements: In order to standardize and promote the opening, development and utilization, and safety management of public data in this city, promote the wider, deeper, and higher-quality opening of public data, promote the reasonable, efficient, and innovative application of public data, activate the potential of data elements, enhance the new driving force of economic development, strengthen the core competitiveness of the city, and comprehensively empower the construction of Digital Suzhou, in accordance with the 'Jiangsu Province Public Data Management Measures' and the 'Suzhou City Data Regulations', combined with the actual situation of this city, this detailed regulation is formulated.

3、Suzhou City Data Regulations

Implementation Time: March 1, 2023

Issuing Unit: The Standing Committee of the 17th People's Congress of Suzhou City

Overview/Requirements: The 'Regulations' mainly reflect two aspects: the opening of public data and authorized operation. The Regulations propose to establish an authorized operation mechanism for public data, supporting the government to authorize public data to units that meet the safety supervision conditions for development and utilization, forming data products and services for use by third parties. This can effectively ensure data security and efficiently release the value of public data.

[Sichuan Province]

1、《Implementation Plan for the Construction of the Chief Data Officer System in Dazhou City》

Issuing Date: 2023-05-06

Issuing Unit: Dazhou Digital Economy Bureau

Overview/Requirements: In order to better carry out the construction of the Chief Data Officer system, the 'Plan' requires local departments and units (institutions) to provide guarantees for the efficient performance of the Chief Data Officer by establishing special data teams (groups) or appointing data specialists in various ways. At the same time, it encourages local departments and units (institutions) to introduce professional talent resources by means of hiring professional technical personnel on a temporary basis, recruiting government employees, and purchasing services, etc., to assist the Chief Data Officer in carrying out work. This will become an important measure for building the digital talent team in our city.

2、 《Guidelines for the Construction of the System of Chief Data Officer (CDO) in Sichuan Province Enterprises》

Issuing Date: 2023-05-29

Issuing Unit: Sichuan Provincial Department of Economy and Information Technology

Overview/Requirements: In order to accelerate the construction of a data-based system, activate the potential of data factors, cultivate a data factor market system, establish a CDO working mechanism throughout the province, support enterprises in establishing CDO positions, cultivate a team of data management talents, promote the digital development of enterprises, and help build 'Digital Sichuan'.

【Gansu Province】

1、《Implementation Opinions on Promoting the Development of the Data Factor Market》

Issuing Date: 2023-05-29

Issuing Unit: Communist Party of China Gansu Provincial Committee, People's Government of Gansu Province

Overview/Requirements: In order to fully implement the spirit of the 'Opinion of the CPC Central Committee and the State Council on Building a More Perfect Market-oriented Mechanism for the Allocation of Production Factors' and the 'Opinion of the CPC Central Committee and the State Council on Building a Better Data-based System and Giving Full Play to the Role of Data Factors', accelerate the construction of our province's data-based system, promote the reform of the market-oriented allocation of data factors, create a new pattern of dual driving of computing power and data in the context of digital transformation, and combine with the actual situation of our province, the following opinions are put forward.

【Shanxi Province】

1、《Shanxi Province Government Data Security Management Measures》

Issuing Date: 2023-06-07

Issuing Unit: General Office of the People's Government of Shanxi Province

Overview/Requirements: The 'Management Measures' clearly define the concepts of government data and government data security, and makes specific provisions for the four aspects of system, management, guarantee, and responsibility to ensure the security of government data.

2. 'Taiyuan City Government Data Resource Sharing Implementation Measures'

Issuing Date: 2023-11-13

Issuing Unit: Taiyuan Municipal Administration of Government Information

Overview/Requirements: The 'Implementation Measures' aim to standardize and promote the sharing of government data resources in our city, improve the level of government management and service, and promote the construction of a digital government.

【Guizhou Province】

1、《Guizhou Province Government Data Resource Management Measures》

Issuing Date: 2023-06-21

Issuing Unit: General Office of the People's Government of Guizhou Province

Overview/Requirements: In order to further standardize the management of government data resources in the province, promote the integration, communication, and application of government data, in accordance with the 'Cybersecurity Law of the People's Republic of China', 'Data Security Law of the People's Republic of China', 'Notice on the Issuance of the Interim Measures for the Management of Sharing Government Information Resources', 'Opinion of the General Office of the State Council on Establishing and Improving the Mechanism for Sharing and Coordinating Government Data and Accelerating the Orderly Sharing of Data', 'Guizhou Province Big Data Development and Application Promotion Regulations', 'Guizhou Province Big Data Security Protection Regulations', 'Guizhou Province Government Data Sharing and Openness Regulations', and other relevant requirements, combining with the actual work, these measures are formulated.

2. 'Guizhou Province Data Circulation and Trading Promotion Regulations'

Release Date: 2023-08-16

Unit of Publication: Guizhou Big Data Development Administration

Overview/Requirements: Activities related to the circulation and trading of data and other activities within the administrative region of this province shall apply to this Regulation.

3. 'Measures for the Management of Data Element Registration in Guizhou Province (Trial)'

Publication Date: 2023-08-31

Unit of Publication: Guizhou Big Data Development Administration

Overview/Requirements: The 'Measures' aim to standardize the registration behavior of data elements, protect the legitimate rights and interests of the participants in the data element market, and activate the potential of data elements.

4. 'Measures for the Management of Data Element Registration Services in Guizhou Province'

Publication Date: 2023-11-15

Unit of Publication: Guizhou Big Data Bureau

Overview/Requirements: The 'Measures' are designed to standardize the registration of data elements, protect the legitimate rights and interests of the registrants, and activate the potential of data elements.

[Hunan Province]

1. 'Temporary Measures for the Management of Government Data Operation in Changsha City (Draft for Comments)'

Release Date: 2023-07-13

Unit of Publication: Changsha City Data Resource Administration

Overview/Requirements: The 'Measures' aim to regulate the operation and management of government data in Changsha City, clarify the responsibilities and positioning of related work in data operation, work procedures, and operational mechanisms, strengthen the process management of data operation, tap into the value of data, increase fiscal revenue to support the construction of smart cities, and ensure the safe and compliant use of data.

2. 'Regulation for Promoting the Digital Economy in Hunan Province'

Publication Date: 2023-08-29

Unit of Publication: Hunan Provincial Department of Justice

Overview/Requirements: Activities to promote the development of the digital economy within the administrative region of this province, as well as related activities to provide support and guarantees for the digital economy, shall apply to this Regulation.

[Guangxi Zhuang Autonomous Region]

1. 'Overall Program for Guangxi to Build a Data-based System and Give Full Play to the Role of Data Elements'

Publication Date: 2023-08-14

Unit of Publication: Office of the People's Government of Guangxi Zhuang Autonomous Region

Overview/Requirements: The 'Program' aims to continuously promote the market-oriented reform of data element development in Guangxi, in accordance with the spirit of 'Opinions on Building a Data-based System and Giving Full Play to the Role of Data Elements' issued by the CPC Central Committee and the State Council, build a data-based system, activate the potential of data elements, strengthen and optimize the digital economy, and enhance the new kinetic energy of economic development.

2. 'Temporary Measures for the Market-oriented Development of Data Elements in Guangxi'

Publication Date: 2023-11-07

Unit of Publication: Office of the Guangxi Autonomous Region Government

Overview/Requirements: The 'Provisional Measures' aim to protect the rights and interests of natural persons, legal persons, and unincorporated organizations related to data, regulate activities in the data element market, ensure data security, and promote the exploitation, utilization, and trading of data elements to promote the market-based allocation of data elements.

[Jilin Province]

1. 'Changchun Measures for the Management of Data Trading'

Publication Date: 2023-08-28

Unit of Publication: Changchun Municipal People's Government

Overview/Requirements: The 'Measures' aim to cultivate and strengthen the data element market, regulate data trading behavior, and promote the development of the digital economy.

[Tianjin]

1. 'Tianjin Measures for the Registration of Data Intellectual Property Rights (Trial)

Release Date: 2023-09-12

Unit of Publication: Tianjin Intellectual Property Bureau

Summary/Requirements: The registration of data intellectual property rights should follow the laws and regulations of data development, grasp the basic attributes of data elements, and follow the principles of legal compliance, voluntary registration, safety and efficiency, promotion of circulation, openness and transparency, and honesty and credibility to ensure that national security, business secrets, and personal privacy are not violated.

[Jiangxi Province]

1, 'Jiangxi Province Data Application Regulations'

Release Date: 2023-11-30

Publisher: Jiangxi Provincial Department of Development and Reform

Summary/Requirements: The 'Application Regulations' aims to promote the integration, sharing, and development of data resources in the province, facilitate the legal and orderly circulation of data elements, accelerate the cultivation of the data element market, and help promote the high-quality development of the digital economy in our province.

[Hainan Province]

1, 'Three-Year Action Plan for Cultivating the Data Element Market in Hainan Province'

Publication Date: 2023-12-05

Publisher: Office of the People's Government of Hainan Province

Summary/Requirements: The 'Action Plan' aims to comprehensively implement the national deployment to build a more perfect market-oriented allocation system for elements and a data-based system to give full play to the role of data elements, accelerate the reform of market-oriented allocation of data elements in our province, activate the potential of data elements, and promote the high-quality development of the digital economy in Hainan Free Trade Port.

[Anhui Province]

1, 'Management Measures for the Authorized Operation of Public Data in Anhui Province'

Release Date: 2023-12-07

Publisher: Anhui Provincial Bureau of Data Resources

Summary/Requirements: To standardize the authorized operation of public data and related management activities, fully release the value of public data, cultivate the data element market, promote the development of the data industry, and advance the construction of Digital Anhui.

2, 'Management Measures for the Registration of Data Resources in Anhui Province'

Release Date: 2023-12-07

Publisher: Anhui Provincial Bureau of Data Resources

Summary/Requirements: The 'Management Measures' aims to implement the spirit of 'Opinions on Building a Data-based System and Giving Full Play to the Role of Data Elements' issued by the CPC Central Committee and the State Council, explore the establishment of a property operation mechanism with separate rights and interests such as data ownership, data processing and usage rights, and data product operation rights, activate the value of data elements, promote the legal and efficient circulation and use of data resources, and drive the high-quality development of the digital economy.

[Hong Kong Special Administrative Region]

1, 'Hong Kong Policy Declaration on Promoting Data Circulation and Ensuring Data Security'

Publication Date: 2023-12-08

Publisher: Hong Kong Special Administrative Region Government Innovation and Technology Bureau

Summary/Requirements: The 'Policy Declaration' aims to propose a comprehensive data governance concept and strategy, strengthen data security and facility planning while promoting data integration, application, opening, and sharing, to better coordinate development and security.

2, 'Implementation Guidelines for the Cross-border Flow of Personal Information in the Guangdong-Hong Kong-Macao Greater Bay Area'

Publication Date: 2023-12-08

Publisher: National Internet Information Office, Hong Kong Special Administrative Region Government Innovation and Technology Bureau　

Summary/Requirements: The 'Implementation Guidelines' aims to promote the safe and orderly cross-border flow of personal information in the Guangdong-Hong Kong-Macao Greater Bay Area, and to promote the high-quality development of the Greater Bay Area.

Industry Standards

[Traffic Industry]

1、Practical Guidelines for the Classification and Grading of Intelligent Connected Vehicle Data

Release Date: January 5, 2023

Issuing Authority: Data Security Promotion Plan

Summary/Requirements: The 'Practical Guidelines' clearly defines the methodology for classifying and grading intelligent connected vehicle data, and provides general safety measures for data of different levels.

2、《Compliance Practice Guidelines on Several Issues of Automotive Data Security》

Release Date: January 5, 2023

Issuing Authority: Data Security Promotion Plan

Summary/Requirements: The 'Practice Guidelines' aim to further improve the level of data security protection in the automotive industry, enhance the ability of automotive enterprises to ensure compliance with data security, promote the safe and secure use of automotive data, and ensure the two-way promotion of safety and development.

3、《Measures for the Safety Protection of Key Information Infrastructure in Road and Waterway Transportation》

Release Date: 2023-04-24

Issuing Authority: Ministry of Transport

Summary/Requirements: In order to ensure the safety of key information infrastructure in road and waterway transportation, maintain network security, and in accordance with laws and administrative regulations such as the 'Cybersecurity Law of the People's Republic of China' and 'Regulations on the Protection of Key Information Infrastructure', these Measures are formulated.

4. 'Guiding Opinions on Accelerating the Construction and Development of Smart Civil Aviation in Line with the Overall Deployment of Digital China Construction'

Release Date: July 3, 2023

Issuing Authority: Civil Aviation Administration of China

Summary/Requirements: The Guiding Opinions aim to implement the 'Overall Layout Plan for the Construction of Digital China' and 'Opinions on Building a Data-based System and Giving Full Play to the Role of Data Elements', better coordinate the construction of new-type infrastructure, activate the potential of data elements, and give full play to the innovative engine role of smart civil aviation construction in promoting the high-quality development of civil aviation.

5. 'Measures for the Safety Protection of Key Information Infrastructure in the Railway Industry (Draft for Comments)

Release Date: July 18, 2023

Issuing Authority: National Railway Administration

Summary/Requirements: The safety protection and supervision management of key information infrastructure in the railway industry shall apply to these Measures.

【Financial Industry】

1、Three-Year Enhancement Plan for Network and Information Security of Securities Companies (2023-2025）》

Release Date: January 6, 2023

Issuing Authority: China Securities Association

Summary/Requirements: The 'Security Enhancement Plan' proposes to establish a scientific and reasonable technology investment mechanism, requiring the industry to reasonably increase technology fund investment. Encourage companies with conditions to ensure that the average annual information technology investment from 2023 to 2025 is not less than 8% of the average net profit of the three years or 6% of the average operating revenue over the same period.

2、Measures for the Management of Bank Insurance Regulatory Statistics

Implementation Date: February 1, 2023

Issuing Authority: China Banking and Insurance Regulatory Commission

Summary/Requirements: The Measures require that regulatory statistical work and material management should strictly comply with relevant laws, regulations, supervisory rules and standards such as confidentiality, network security, data security, and personal information protection. Related units and individuals should strictly keep confidential in accordance with laws and regulations, and ensure the security of regulatory statistical data.

3、《Measures for the Classification of Financial Assets of Commercial Banks》

Release Date: February 10, 2023

Issuing Authority: China Banking and Insurance Regulatory Commission, People's Bank of China

Summary/Requirements: The Measures aim to promote commercial banks to accurately assess credit risk and truly reflect the quality of financial assets.

4、Regulations on Strengthening the保密 and File Management of Securities Issuance and Listing by Domestic Enterprises Abroad

Release Date: February 24, 2023

Issuing Authority: China Securities Regulatory Commission, Ministry of Finance, National Bureau of保密, National Archives Administration

Overview/Requirements: This document is a revision of 'Provisions on Strengthening the Secret and File Management of Work Related to the Issuance and Listing of Securities Abroad', including strengthening the emphasis on the confidentiality responsibilities of enterprises.

5、《Measures for Network and Information Security in the Securities and Futures Industry》

Release Date: February 23, 2023

Issuing Unit: China Securities Regulatory Commission

Overview/Requirements: 'Measures' aims to ensure the network and information security of the securities and futures industry, protect the legitimate rights and interests of investors, and promote the stable and healthy development of the securities and futures industry.

6, 'Draft Measures for Data Security Management in the Business Field of the People's Bank of China (for Comments)'

Publishing Date: 2023-07-24

Issuing Unit: People's Bank of China

Overview/Requirements: Data processing activities related to the business field of the People's Bank of China carried out within the territory of the People's Republic of China shall apply this measure. Where laws, administrative regulations, or regulations of the People's Bank of China provide otherwise, the provisions shall be followed.

[Industrial Field]

1、《2023Key Tasks of Power Safety Supervision and Management in 2023》

Release Time: January 17, 2023

Issuing Unit: National Energy Administration

Overview/Requirements: 'Task' proposes to revise the emergency plan for industry network security incidents, establish and improve the technical support system for network security supervision and management, and promote the application of quantum computing, Beidou, commercial cryptography, etc. in the power industry.

2、《Notice on Further Improving the Service Ability of Mobile Internet Applications》

Release Time: February 6, 2023

Issuing Unit: Ministry of Industry and Information Technology

Overview/Requirements: 'Notice' aims to optimize service supply, improve user experience, maintain a good information consumption environment, and promote high-quality development of the industry.

3、《Guidelines for the Construction of Data Security Standard System in the Industrial Field (2023 Edition)》

Release Date: 2023-05-22

Issuing Unit: Ministry of Industry and Information Technology

Overview/Requirements: The data security standard system in the industrial field consists of six categories of standards: basic commonality, security management, technical products, security assessment and industrial evaluation, emerging integration fields, and vertical industries.

4, 'Provisions for the Implementation of Risk Assessment of Data Security in the Field of Information and Information Technology Industry (Interim)'

Release Date: 2023-10-09

Release Unit: Cybersecurity Administration of the Ministry of Industry and Information Technology　

Overview/Requirements: 'Provisions' aims to implement the 'Data Security Law' and 'Interim Measures for Data Security Management in the Field of Information and Information Technology Industry', and guide local industry主管部门 and data processors in the field of information and information technology to carry out risk assessment work in accordance with regulations.

5, 'Measures for the Classification and Grading of Security Data in the Industrial Internet'

Publishing Date: 2023-10-24

Issuing Unit: Ministry of Industry and Information Technology

Overview/Requirements: 'Measures' proposes that the classification and grading management of industrial internet security is targeted at industrial internet enterprises, and the types of enterprises mainly include three categories: (1) industrial enterprises applying the industrial internet; (2) industrial internet platform enterprises; (3) industrial internet identification and resolution enterprises.

6, 'Interim Measures for the Guideline on Discretionary Decision-Making of Administrative Penalties for Data Security Incidents in the Field of Information and Information Technology Industry'

Publishing Date: 2023-10-24

Release Unit: Cybersecurity Administration of the Ministry of Industry and Information Technology

Overview/Requirements: 'Guidelines' aims to implement the 'Data Security Law' and 'Interim Measures for Data Security Management in the Field of Information and Information Technology Industry', and promote the institutionalization and standardization of administrative penalty work for data security in the field of information and information technology industry.

7, 'Emergency Plan for Data Security Incidents in the Field of Information and Information Technology Industry'

Publishing Date: 2023-12-14

Release Unit: Cybersecurity Administration of the Ministry of Industry and Information Technology

Overview/Requirements: The 'Plan' aims to establish and improve an emergency organization system and working mechanism for data security incidents in the field of industry and information technology, improve the comprehensive response capability for data security incidents, ensure timely and effective control, reduction, and elimination of the harm and loss caused by data security incidents, protect the legitimate rights and interests of individuals and organizations, and maintain national security and public interests.

[Logistics Industry]

1《Express User Personal Information Security Management Regulations》New Edition

Release Time: February 6, 2023

Release Unit: Development Research Center of the State Post Bureau

Overview/Requirements: The 'Regulations' aims to strengthen the security management of personal information of express users, protect the legitimate rights and interests of users, maintain the security of postal communication and information, and promote the healthy development of the postal industry.

[Retail Industry]

1、《Retail Enterprise Data Security Compliance Guidelines》

Release Date: February 10, 2023

Release Unit: China General Chamber of Commerce

Overview/Requirements: The 'Guidelines' is a systematic elaboration of the relevant requirements for data security compliance by experts based on judicial practice, providing reliable guidance for enterprises to carry out relevant data application work.

[Medical Industry]

1、《Opinions on Further Improving the Medical and Health Service System》

Release Date: March 23, 2023

Release Unit: General Office of the Communist Party of China Central Committee, General Office of the State Council

Overview/Requirements: The 'Opinions' propose to develop 'Internet + Medical Health', build industrial internet platforms for the medical field, accelerate the application of the Internet, blockchain, Internet of Things, artificial intelligence, cloud computing, big data, and other technologies in the medical and health field, accelerate the construction of a health medical data security system, strengthen data security monitoring and early warning, improve the data security protection capabilities of medical and health institutions, and strengthen the protection of important information.

National Standard

1、National Vocational Standard for Data Security Engineering Technicians

Release Time: January 17, 2023

Vocational Code: 2-02-38-12

Release Unit: Ministry of Human Resources and Social Security

Overview/Requirements: The National Vocational Standard for Data Security Engineering Technicians stipulates the professional requirements for data security engineering technicians, including four parts: professional overview, basic requirements, work requirements, and weight table.

2《Information Security Technology - Information Security Control》

Release Time: March 10, 2023

Standard Number: GB/T 22081—XXXX/ISO/IEC 27002:2022

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document provides a set of general information security control reference set, including implementation guidelines.

3《Information Security Technology - Personal Information Cross-border Transmission Certification Requirements》

Release Date: March 16, 2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document stipulates the basic principles, basic requirements, and personal information subject rights protection requirements for cross-border personal information provision by personal information processors. This document is applicable to the personal information protection certification conducted by certification bodies for cross-border personal information provision activities of personal information processors, as well as for supervision, management, and evaluation by competent authorities, third-party assessment institutions, and other organizations.

4《Express Electronic waybill》

Release Time: 2022-04-07

Standard Number: GB/T 41833-2022

Publishing Unit: National Market监督管理总局

Overview/Requirements: The national standard for 'Express Electronic Waybill' is formulated based on the postal industry standard for 'Express Electronic Waybill' released in 2015, which standardizes the categories, layers, and specifications of express electronic waybills, clarifies the requirements for different areas and information content on the waybill, such as the code number area, destination information area, consignee information area, sender information area, contents information area, and receipt area, and further optimizes the division and layout of areas.

5、《Information Technology Big Data Data Resource Planning》

Publishing Date: 2023-04-11

Standard Number: GB/T 42450-2023

Publishing Unit: National Standardization Administration Commission

Overview/Requirements: The standard clearly proposes the core elements of data resource planning, regulates all aspects of data resource design, refines the process of data resource planning, and is used to guide organizations in establishing relevant documents and activities for data resource planning that meet their business needs.

6、《Information Security Technology Guidelines for Measuring Cybersecurity Service Costs》

Publication Date: 2023-04-16

Standard Number: GB/T 42461-2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document establishes the composition of cybersecurity service costs and provides guidelines for measuring cybersecurity service costs. The cybersecurity service costs in this document do not include profit. This document is applicable to activities such as cybersecurity service cost budgeting, project bidding, project settlement, and preparation of relevant contracts by both parties in the supply and demand of cybersecurity services, and for reference by other related parties.

7、《Information Security Technology Guidelines for the Assessment of the Effect of Personal Information De-identification》

Publication Date: 2023-04-16

Standard Number: GB/T 42460-2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document provides guidelines for the classification and assessment of the effect of personal information de-identification. This document is applicable to personal information de-identification activities, as well as the implementation of personal information security management, supervision, and evaluation.

8、《Information Security Technology General Technical Requirements for Cybersecurity Situation Awareness》

Publication Date: 2023-04-16

Standard Number: GB/T 42453-2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document provides a technical framework for cybersecurity situation awareness and specifies the general technical requirements for the core components of this framework. This document is applicable to the planning, design, development, construction, and evaluation of cybersecurity situation awareness products, systems, or platforms.

9、《Information Security Technology Guidelines for Data Security in the Telecommunications Field》

Publication Date: 2023-04-16

Standard Number: GB/T 42447-2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document provides the security principles and general security measures for data processing activities in the telecommunications field, as well as the corresponding security measures that should be adopted in the process of implementing data collection, storage, use, processing, transmission, provision, public disclosure, and destruction.

10、《Information Security Technology Basic Requirements for Cybersecurity Professionals》

Publication Date: 2023-04-16

Standard Number: GB/T 42446-2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document establishes the classification of cybersecurity professionals and specifies the knowledge and skill requirements for various types of professionals. This document is applicable to the use, cultivation, evaluation, and management of cybersecurity professionals by various organizations.

11、 《Information Security Technology Public Domain Name Service System Security Requirements》

Publication Date: 2023-04-16

Standard Number: GB/T 33134-2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the technical and security management requirements for public domain name service systems. This document applies to the operation and management of public domain name service systems at all levels.

12、《Information Security Technology IPSec VPN Secure Access Basic Requirements and Implementation Guidelines》

Publication Date: 2023-04-16

Standard Number: GB/T 32922-2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the basic requirements for gateway, client, security management, and password application during the 1PSec VPN secure access application process, and provides typical scenarios and implementation process guidelines for secure access using IPSec VPN technology.

13、《Information Security Technology Public Key Infrastructure PKI System Security Evaluation Methods》

Publication Date: 2023-04-16

Standard Number: GB/T 21054-2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the security evaluation methods for PKI systems based on GB/T 21053-2023, including security function evaluation methods and security assurance requirements evaluation methods. This document applies to the security evaluation of PKI systems.

14、《Information Security Technology Public Key Infrastructure PKI System Security Requirements》

Publication Date: 2023-04-16

Standard Number: GB/T 21053-2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document divides the security levels of the PKI system into basic level and enhanced level, and specifies the security function requirements and security assurance requirements for the corresponding security levels. This document applies to the research and development of PKI systems, and the evaluation and procurement of PKI system products may refer to this document for implementation.

15、《Information Technology Security Technology Digital Signatures with Appendices Part 1: Overview》

Publication Date: 2023-04-16

Standard Number: GB/T 17902.1-2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document includes the general principles and requirements of digital signatures with appendices, as well as definitions and symbols used in all parts of GB/T 17902.

16、《Information Technology Security Technology Entity Authentication Part 3: Mechanisms Using Digital Signature Technology》

Publication Date: 2023-04-16

Standard Number: GB/T 15843.3-2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies two types of entity authentication mechanisms using digital signature technology. The first type does not involve an online trusted third party, including two one-way authentication mechanisms and three two-way authentication mechanisms; the second type involves an online trusted third party, also including two one-way authentication mechanisms and three two-way authentication mechanisms.

17, (Draft for Comments) Automotive Whole Vehicle Information Security Technology Requirements

Publication Date: 2023-05-05

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the requirements for the automotive information security management system, general requirements for vehicle information security, technical requirements for vehicle information security, audit and evaluation methods, and testing and verification methods. This document applies to M-class, N-class vehicles, and O-class vehicles equipped with at least one electronic control unit. Other types of vehicles may refer to this document for implementation.

18、《Information Security Technology General Technical Specification for Terminal Computer Security》

Issuing Date: 2023-05-06

Standard Number: GB/T 29240—XXXX

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document stipulates the general security technical requirements for terminal computers and describes the testing and evaluation methods. This document is applicable to guiding the design, development, testing, and evaluation of general security functions of terminal computers.

19、《Information Security Technology - General Framework for Confidential Computing》

Issuing Date: 2023-05-06

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document provides a general framework for confidential computing, including the core components, basic functions, security services, and service interface types of the framework. This document is applicable to guiding the design, research and development, deployment, and use of confidential computing-related products, services, or solutions, and also applicable to guiding network operators in the application of confidential computing technology, third-party assessment institutions can also refer to it for use.

20、《Information Security Technology - Capability Requirements for Data Security Assessment Institutions》

Issuing Date: 2023-05-06

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document stipulates the capability requirements for data security assessment institutions. This document is applicable to the capability construction of data security assessment institutions themselves, also applicable to the evaluation activities carried out by the competent supervisory and regulatory authorities on data security assessment institutions, and can also provide a reference for data processors to select data security assessment institutions.

21、《Network Security Standard Practice Guide-Personal Information Protection Security Requirements for Facial Recognition Payment Scenarios》

Release Date: 2023-05-23

Standard Number: TC260-PG-2023XX

Issuing Organization: Secretariat of National Information Security Standardization Technical Committee

Overview/Requirements: This practice guide proposes personal information protection requirements for facial recognition payment scenarios in indoor and outdoor areas.

This practice guide does not apply to facial recognition payment made by users on their own mobile phones or other self-owned intelligent mobile terminals.

22、 《Network Security Standard Practice Guide - Implementation Guidance for Network Data Security Risk AssessmentSouth>

Issuing Date: 2023-05-26

Standard Number: TC260-PG-20231A

Issuing Organization: Secretariat of National Information Security Standardization Technical Committee

Overview/Requirements: In order to implement the requirements of the Data Security Law on data security risk assessment, while organizing the preparation of national standards, the secretariat has prepared the 'Network Security Standard Practice Guide - Implementation Guidance for Network Data Security Risk Assessment' to guide the work of network data security risk assessment.

23、《Information Technology - Security Techniques - Guidelines for Information Security Management System (Draft for Comments)》

Issuing Date: 2023-06-15

Standard Number: GB/T 31496—XXXX/ISO/IEC 27003:2017

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document provides explanations and guidelines for GB/T 22080-2016.

24、《Cloud Computing Service Security Guidelines (Draft for Comments)》

Issuing Date: 2023-06-15

Standard Number: GB/T 31167—XXXX

Issuing Organization: General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, China National Standardization Administration

Overview/Requirements: This document proposes the basic security management requirements for the adoption of cloud computing services by Party and government organs and key information infrastructure operators, and clarifies the security management and technical measures at each stage of the lifecycle of the adoption of cloud computing services.

25、 《Information Security Technology - Specification for Trusted Execution Environment Service》

Issuing Date: 2023-06-15

Standard Number: GB/T 42572-2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document provides supplementary guidelines for the Information Security Management System (ISMS) standard family, used for implementing information security management in information sharing groups. This document provides controls and guidelines for inter-industry and inter-organizational communication regarding the initiation, implementation, maintenance, and improvement of information security. It provides guidelines and general principles on how to use established message transmission and other technical methods to meet specified requirements.

26、《Information Security Technology - Security Management of Inter-industry and Inter-organizational Communication (Draft for Comments)》

Issuing Date: 2023-06-15

Standard Number: GB/T 32920—XXXX/ISO/IEC 27010:2015

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document provides supplementary guidelines for the Information Security Management System (ISMS) standard family, used for implementing information security management in information sharing groups. This document provides controls and guidelines for inter-industry and inter-organizational communication regarding the initiation, implementation, maintenance, and improvement of information security. It provides guidelines and general principles on how to use established message transmission and other technical methods to meet specified requirements.

27、《Information Security Technology - Security Specification for Electronic Credential Services》

Issuing Date: 2023-06-15

Standard Number: GB/T 42589-2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the security requirements and evaluation methods for services such as issuance, issuance, delivery, storage, approval, verification, and status management of electronic credentials. This document is applicable to the design, deployment, provision, and evaluation of electronic credential services, and can also provide references for the supervision of electronic credential services.

28、《Information Security Technology - Technical Specification for Network Security Audit Products》

Issuing Date: 2023-06-15

Standard Number: GB/T 20945-2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the technical requirements for network security audit products and describes the evaluation methods. This document is applicable to the design, development, testing, and evaluation of network security audit products.

29、《Information Security Technology - Implementation Guidelines for Disclosure and Consent in Personal Information Processing》

Issuing Date: 2023-06-15

Standard Number: GB/T 42574—2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document provides the implementation methods and steps for informing individuals of processing rules and obtaining individual consent when processing personal information. This document is applicable to the protection of personal rights by personal information processors during the conduct of personal information processing activities, and can also provide references for supervision, inspection, and evaluation activities.

30、《Information Security Technology - Security Requirements for Cloud Computing Service》

Issuing Date: 2023-06-15

Standard Number: GB/T 31168—2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the security capabilities that cloud service providers should possess when providing cloud computing services. This document is applicable to the construction, supervision, management, and evaluation of cloud computing service capabilities.

31、《Information Security Technology - Security Requirements for Edge Computing》

Issuing Date: 2023-06-15

Standard Number: GB/T 42564—2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the security framework for edge computing as well as the security requirements for infrastructure security, network security, application security, data security, security operation and maintenance, security support, end-edge collaboration security, and cloud-edge collaboration technology under the security framework. This document is applicable for guiding the research, development, testing, deployment, and operation of edge computing for providers and developers of edge computing.

32、《Information Security Technology - Technical Specification for Network Intrusion Defense Products》

Issuing Date: 2023-06-15

Standard Number: GB/T 28451—2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the technical requirements and evaluation methods for network intrusion defense products, and performs hierarchical classification. This document is applicable to the design, development, testing, and evaluation of network intrusion defense products.

33、《Information Security Technology - Security Framework for Blockchain Technology》

Issuing Date: 2023-06-15

Standard Number: GB/T 42570—2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document provides a security framework for blockchain technology, which includes blockchain cryptographic support, blockchain security function components, blockchain security management and operation, and blockchain role security responsibilities. This document is applicable to guiding blockchain business providers in the overall planning and security framework design during the process of blockchain design, development, deployment, management, and operation, and can also provide a reference for carrying out blockchain security assessments.

34、《Information Security Technology Technical Specification for Anti-Spam Products》

Issuing Date: 2023-06-15

Standard Number: GB/T 30282—2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the technical requirements for anti-spam products and describes the corresponding test and evaluation methods. This document is applicable to the development, testing, and evaluation of anti-spam products, as well as for guiding the use and management of products.

35、《Information Security Technology Guide for Classification and Grading of Network Security Events》

Issuing Date: 2023-06-15

Standard Number: GB/T 20986—2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document describes the methods for classifying and grading network security events, defines the categories and levels of network security events, and clearly defines the classification codes for network security events. This document is applicable to network operators and relevant departments in activities such as network security event analysis, information notification, monitoring and early warning, and emergency response.

36、《Information Security Technology Technical Specification for Electronic Government Mobile Office System》

Issuing Date: 2023-06-15

Standard Number: GB/T 35282—2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the technical requirements for various parts of electronic government mobile office systems, such as mobile terminal security, mobile communication security, mobile access security, server security, and system security management, and provides test and evaluation methods. This document is applicable to the secure design, implementation, security management, and test evaluation of electronic government mobile office systems.

37、《Information Security Technology Technical Requirements for Network Identity Service》

Issuing Date: 2023-06-15

Standard Number: GB/T 42573—2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document establishes the participants and models for network identity services for natural persons, specifies the security levels and technical requirements for network identity services. This document is applicable to the design, development, deployment, and application of network identity services for natural persons.

38、《Information Security Technology Security Specification for Blockchain Information Service》

Issuing Date: 2023-06-15

Standard Number: GB/T 42571—2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the technical and management requirements for the security of blockchain information service providers, describes the corresponding test and evaluation methods, and inspection and evaluation methods. This document is applicable to the provision of services such as security construction, secure operation, security management, and security assessment for blockchain information services.

39、《Information Security Technology Technical Specification for Government Affairs Network Security Monitoring Platform》

Issuing Date: 2023-06-15

Standard Number: GB/T 42583-2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the technical and management requirements for the security of blockchain information service providers, describes the corresponding test and evaluation methods, and inspection and evaluation methods. This document is applicable to the provision of services such as security construction, secure operation, security management, and security assessment for blockchain information services.

40、《Information Security Technology - Personal Information Security Assessment Specification for Mobile Internet Applications (App)》

Issuing Date: 2023-06-15

Standard Number: GB/T 42582—2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the evaluation process for the personal information security assessment of mobile internet applications based on GB/T 35273—2020 and the methods for evaluating various security requirements. This document is applicable to guiding third-party evaluation institutions in assessing the personal information security of mobile internet applications, as well as the supervision and management by competent regulatory authorities over the personal information security of mobile internet applications, and for mobile internet application operators to carry out self-assessment of personal information security in accordance with this document.

41、《Information Security Technology - Implementation Guidelines for Information Security Risk Management》

Issuing Date: 2023-06-15

Standard Number: GB/T 24364—2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document establishes the implementation framework for information security risk management, describes the principles, safeguard mechanisms, safeguard measures, capabilities, and processes of information security risk management, and provides the implementation points and work forms for each management process. This document is applicable to organizations of all types in carrying out information security risk management work.

42, Information Security Technology - Technical Specification for Security Operation and Maintenance Systems

Publication Date: 2023-07-12

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the security operation and maintenance system security function requirements, self-security requirements, security guarantee requirements, and testing and evaluation methods for security operation and maintenance. This document is applicable to the design, development, testing, and evaluation of security operation and maintenance systems.

43, Information Security Technology - Interconnectivity Framework for Network Security Products

Publication Date: 2023-07-19

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document provides the interconnectivity framework for network security products, including interconnectivity functions and interconnectivity information. This document is applicable to guiding the design, development, and application of network security product interconnectivity.

44, Information Security Technology - Requirements for Security Capabilities of Big Data Services

Release Date: 2023-08-06

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This standard is applicable to parties providing big data services to government departments and the general public, including data providers, big data application providers, big data platform providers, and big data service coordinators, and can also serve as a reference for third-party assessments of the security capabilities of big data services.

45, Guideline for Data Classification and Grading for Data Security Risk Prevention and Control in Securities and Futures Industry

Release Date: 2023-08-06

Standard Number: GB/T 42775-2023

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document provides the applicable data scope, safeguard measures, principles and methods of data classification and grading, and suggestions for handling key issues in data classification and grading for the securities and futures industry. This document is applicable to various institutions in the securities and futures industry in carrying out data classification and grading for data use in the prevention and control of data security risks. Other related institutions can serve as references.

46. Specification for Network Security Risk Assessment of Financial Information Systems

Release Date: 2023-08-06

Standard Number: GB/T 42926-2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document establishes the key points, principles, elements, and principles of risk assessment work, stipulates the requirements for the preparation phase, identification phase, risk calculation and handling phase of risk assessment work. It is applicable for financial management departments, financial institutions, and network security risk assessment service institutions to carry out network security risk assessment work for financial information systems.

47. Practice Guide for Network Security Standards—Interconnectivity of Network Security Products and Alarm Information Format

Release Date: 2023-08-08

Standard Number: TC260-PG-2023XX

Issuing Organization: Secretariat of National Information Security Standardization Technical Committee

Overview/Requirements: This practical guide aims to standardize the description of alarm information content and format, starting from the perspective of effective intercommunication and integration of alarm information from different network security products, and divides the types of network security product alarm information into five categories: malicious program alarms, network attack alarms, data security alarms, abnormal behavior alarms, and other alarms, and further subdivides them into twenty-one subcategories. It stipulates the general and proprietary information formats of various alarm information, and provides corresponding field tables, including field names, field descriptions, field types, and whether they are mandatory.

48. Security Requirements for Handling Sensitive Personal Information on Information Security Technology

Release Date: 2023-08-09

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document provides methods for defining sensitive personal information and stipulates the security requirements for handling sensitive personal information. It is applicable for standardizing the activities of personal information processors handling sensitive personal information, and can also provide references for supervisory authorities and third-party evaluation institutions to supervise, manage, and evaluate the activities of personal information processors handling sensitive personal information.

49. Security Requirements for Automated Decision-Making Based on Personal Information on Information Security Technology

Release Date: 2023-08-16

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document stipulates the requirements for data security and personal information protection obligations, transparency of automated decision-making, fairness and justice of decision results, and protection of personal legitimate rights and interests when personal information processors carry out automated decision-making activities. It is applicable for standardizing the activities of personal information processors in handling sensitive personal information, and can also provide references for supervisory authorities and third-party evaluation institutions to supervise, manage, and evaluate the activities of personal information processors handling sensitive personal information.

50. Methods for Data Security Risk Assessment on Information Security Technology

Release Date: 2023-08-21

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document provides the basic concepts, element relationships, analysis principles, implementation processes, evaluation contents, and analysis and evaluation methods of data security risk assessment, and clarifies the key points and work methods of each stage of data security risk assessment. This document is applicable for guiding data processors and third-party evaluation institutions to carry out data security risk assessments, and can also be referred to by relevant supervisory and regulatory authorities when implementing data security inspection and evaluation.

51. Security Specifications for Office Equipment on Information Security Technology

Release Date: 2023-08-25

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document stipulates the technical requirements and evaluation methods for office equipment security. It is applicable to the safe procurement, evaluation, maintenance, and management of office equipment.

52. Requirements for Personal Information Protection Supervision Institutions within Large Internet Enterprises on Information Security Technology

Release Date: 2023-08-25

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the requirements for large internet enterprises to establish and operate personal information protection supervisory institutions, including the establishment, responsibilities, work rules, and membership requirements of personal information protection supervisory institutions. It is applicable for large internet enterprises to establish and operate personal information protection supervisory institutions, and can also provide references for supervision, inspection, and evaluation activities.

53, 'Information Security Technology - Security Requirements for Data Transaction Services'

Release Date: 2023-08-25

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document stipulates the security requirements for data transaction services, including the security requirements for data transaction participants, transaction objects, trading platforms, and the transaction process. It is applicable for data suppliers, data consumers, data transaction venues, data merchants, and third-party professional service institutions to standardize their data transaction activities, and also applicable for regulatory authorities and evaluation agencies to supervise, manage, and evaluate the security of data transaction services.

54, 'Information Security Technology - Criteria for Network Resilience Evaluation'

Release Date: 2023-08-25

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document provides a network resilience evaluation model, proposes evaluation indicators and methods for object system analysis, network resilience functions, and network resilience architecture. It is applicable for organizations to conduct self-evaluation of their system network resilience capabilities, for network security service providers to conduct third-party evaluations of system resilience capabilities, and also applicable for the design, construction, and enhancement of system network resilience capabilities.

55, 'Information Security Technology - Criteria for Determining Network Attacks and Network Attack Events'

Release Date: 2023-08-25

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document provides descriptive information elements, judgment criteria, and counting standards for network attacks and network attack events. It is applicable for guiding organizations in the monitoring and analysis of network attacks and network attack events, situation awareness, information reporting, and other activities.

56, 'Information Security Technology - Message Authentication Code, Part 2: Mechanisms Using Dedicated Hash Functions'

Release Date: 2023-08-25

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the user requirements for using message authentication codes (MAC) based on dedicated hash functions, and provides 3 algorithms for using message authentication codes based on dedicated hash functions. These message authentication code algorithms can be used for data integrity verification, to check whether data has been altered unauthorizedly. This document is applicable to secure architectures, processes, and application security services.

57, 'Information Security Technology - Security Requirements for Important Data Processing'

Release Date: 2023-08-25

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document stipulates the security requirements for data processors handling important data. It is applicable for data processors conducting processing activities on important data, and can also be referred to by regulatory authorities, evaluation agencies, or other relevant organizations when implementing security supervision, evaluation, and other activities on data processing activities.

58, 'Information Security Technology - Requirements for Network Security Service Capabilities'

Publication Date: 2023-09-07

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the specific requirements for the capabilities that network security service providers should possess when providing network security services. This document is applicable for guiding network security service providers in the construction of their network security service capabilities, as well as in evaluating the capability levels of network security service providers. It can also serve as a reference for government departments and key information infrastructure operators when selecting network security service providers.

59, 'Information Security Technology - Guidelines for Information Security Control Assessment'

Publication Date: 2023-09-07

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document provides guidelines for the review and assessment of the implementation and operation of information security control measures, including technical evaluation of information system controls, which is based on the information security requirements and technical evaluation criteria established by the organization.

60, 'Information Security Technology - Evaluation Requirements for Information System Password Application'

Publication Date: 2023-09-07

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document stipulates the evaluation requirements for different levels of password applications in information systems, including compliance with cryptographic algorithms, cryptographic technology, cryptographic products, cryptographic services, and key management security. It proposes general evaluation requirements for password applications from the first level to the fifth level; it proposes technical evaluation requirements for password applications from the first level to the fourth level from the four technical levels of the physical and environmental security of information systems, network and communication security, equipment and computing security, and application and data security; it proposes management evaluation requirements for password applications from the first level to the fourth level from the four management aspects of management system, personnel management, construction and operation, and emergency response, and gives requirements for overall evaluation, risk analysis and evaluation, and evaluation conclusions in the evaluation process.

61, 'Information Security Technology - Technical Requirements for Information System Password Application Design'

Publication Date: 2023-09-07

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document proposes recommendations for the design of information system password application solutions, including guidelines for the design of the application layer of information systems, guidelines for the design of password service support, guidelines for the design of password application on computing platforms, and guidelines for key management design. This document is applicable to information system construction parties, password technology application parties, and password technology service parties, and provides guidance and reference for the design of information system password application solutions.

62, 'Guidelines for Data Exchange and Sharing of Smart City Infrastructure'

Publication Date: 2023-09-07

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document provides guidelines for entities with the authority to develop and operate community infrastructure on principles and frameworks for data exchange and sharing. This document is suitable for all types of cities involved in data exchange and sharing of urban infrastructure data. Each city, based on its own characteristics and conditions, adopts appropriate methods to implement the data exchange and sharing of urban infrastructure data specifically.

63, 'Information Security Technology - Guidelines for the Application of Cybersecurity Insurance'

Publication Date: 2023-09-13

Publisher: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document describes the concept, role, and main application stages of cybersecurity insurance, and proposes the processes and methods for each stage of cybersecurity insurance application. This document is applicable for organizations that adopt cybersecurity insurance to transfer risks, and can also serve as a reference for insurers and service providers.

64, 'Practice Guide for Cybersecurity Standards - Cross-border Personal Information Protection Requirements in the Guangdong-Hong Kong-Macau Greater Bay Area'

Publication Date: 2023-11-01

Issuing Organization: Secretariat of National Information Security Standardization Technical Committee

Standard Number: TC260-PG-2023XX

Overview/Requirements: This document stipulates the basic principles and requirements for cross-border personal information processing in the Guangdong-Hong Kong-Macau Greater Bay Area. This document applies to personal information processors within the Greater Bay Area who conduct cross-border personal information processing activities in accordance with memorandums through certification.

65. 'Information Security Technology - Security Specification for Data Recovery Service of Storage Media'

Release Date: November 27, 2023

Issuing Organization: National Market监督管理总局, National Standardization Administration

Overview/Requirements: This document specifies the security principles, security management requirements, and security implementation requirements for data recovery service of storage media, and describes the evaluation methods that meet the security management requirements and security implementation requirements.

66. 'Practice Guide for Network Security Standards - Asset Information Format for Interconnectivity of Network Security Products (Draft for Comments)'

Issuing Date: 2023-11-28

Issuing Organization: National Market监督管理总局, National Standardization Administration

Standard Number: TC260-PG-2023XX

Overview/Requirements: This practice guide specifies the description format of asset information for the interconnectivity of network security products. This practice guide is applicable to the design, development, application, and testing of the interconnectivity of network security products.

67. 'Practice Guide for Network Security Standards - Interconnectivity of Network Security Products Alarm Information Format'

Issuing Date: 2023-11-28

Issuing Organization: Secretariat of National Information Security Standardization Technical Committee

Standard Number: TC260-PG-2023XX

Overview/Requirements: 'Practice Guide' provides the description format of alarm information when network security products interconnect, which can be used to guide the design, development, application, and testing of the interconnectivity function of network security products.

Local Standard

1、《Standard for Supervision and Inspection of Network Data Security》

Issuing Date: 2023-06-15

Standard Number: DB12/T 11982023

Issuing Organization: Tianjin Municipal Commission of Market Regulation

Overview/Requirements: This document specifies the process, content, and requirements for the supervision and inspection of network data security. This document is applicable to organizations such as network data security supervision and inspection departments, industry management authorities, and third-party assessment institutions. It supervises, inspects, manages, and evaluates the activities of network data processors in collecting, storing, using, processing, transmitting, providing, publicly disclosing, and destroying network data, and is also applicable to various network data processors in carrying out construction, self-inspection, and rectification work.

2. 'Technical Specification for Data Collection of Urban Road Intersection'

Issuing Date: 2023-07-25

Standard Number: DB32/T 4511-2023

Issuing Organization: Jiangsu Provincial Administration for Market Regulation

Overview/Requirements: This document specifies the content of data collection for urban road intersection and the relevant data coding rules. This document is applicable to the information construction, management, and service of urban road intersections.

3. 'Specification for Data Exchange and Sharing of Electronic Labor Contracts'

Issuing Date: 2023-07-23

Standard Number: DB33/T 1311—2023

Issuing Organization: Zhejiang Provincial Administration for Market Regulation

Overview/Requirements: This standard specifies the general framework, data exchange process, data exchange service interface, data sharing process, and data sharing service interface for the exchange and sharing of electronic labor contract services. This standard applies to the exchange and sharing of electronic labor contract data.

4, 'Public Data Data Governance Specification Part 1: Data Collection'

Release Date: 2023-08-22

Standard Number: DB37/T 4646.1—2023

Issuing Organization: Shandong Provincial Administration for Market Regulation

Overview/Requirements: This document stipulates the data collection process, requirements for data collection, requirements for data update, and security of data collection. This document is applicable to guiding all levels of public management and service agencies to collect data to the provincial integrated big data platform.

5, 'Public Data Data Governance Specification Part 3: Data Return'

Release Date: 2023-08-22

Standard Number: DB37/T 4646.3-2023

Issuing Organization: Shandong Provincial Administration for Market Regulation

Overview/Requirements: This document stipulates the requirements for the return architecture, types, processes, and security guarantees of public data. This document is applicable to the data return work carried out by all levels of public management and service agencies based on the provincial integrated big data platform.

6, 'Technical Guidelines for Data Exchange of Agricultural Internet of Things Platforms'

Release Date: 2023-07-05

Standard Number: DB 23/T 3506-2023

Issuing Organization: Heilongjiang Provincial Administration for Market Regulation

Overview/Requirements: This document defines the terms and definitions, abbreviations, and principles of data exchange of agricultural Internet of Things platforms, and provides guidance on data exchange principles, methods, processes, formats, data security, and maintenance design. This document is applicable to the data exchange of agricultural Internet of Things data exchange platforms for planting industries.

7, 'Safety Management Specification for Government Data Open and Shared Services'

Release Date: 2023-07-05

Standard Number: DB 23/T 3509-2023

Issuing Organization: Heilongjiang Provincial Administration for Market Regulation

Overview/Requirements: This document stipulates the terms and definitions, general requirements, organizational management, security management, and quality management of the security management of government data open and shared services. This document is applicable to the security management of the open and shared services of non-secret government data of all levels of government departments.

8, 'Guidelines for Classification and Grading of Government Pre-publication Data'

Release Date: 2023-07-05

Standard Number: DB 23/T 35102023

Issuing Organization: Heilongjiang Provincial Administration for Market Regulation

Overview/Requirements: This document defines the terms and definitions of government pre-publication data, and provides principles, methods, processes, and evaluation suggestions for the classification and grading of government pre-publication data. This document is applicable to government departments, government data management agencies, government informationization operation and maintenance departments, public data management agencies, and enterprises and institutions that provide corresponding services for the construction and operation of government information systems to carry out the classification and grading of government data.

Group Standard

1、Evaluation System for Compliance Construction of Internet Enterprises

Release Date: January 5, 2023

Issuing Organization: China Federation of Internet Societies

Standard Number: T/CFIS XXXX-XXXX

Overview/Requirements: This standard is the first group standard in China's Internet field, focusing on compliance construction evaluation. It constructs an indicator system from four aspects: compliance strategic planning, compliance principal responsibility, compliance risk identification, and compliance rectification measures. It is mainly applicable to Internet enterprises such as online sales, life services, social entertainment, and information consulting, and is helpful to guide Internet enterprises to operate legally and develop in an orderly manner.

2、《Method for Data Security Compliance Assessment》

Release Date: January 19, 2023

Implementation Date: January 25, 2023

Issuing Organization: Shenzhen Information Service Industry Blockchain Association

Standard Number: T/SZBA 001—2023

Overview/Requirements: This document specifies the evaluation framework, evaluation process, and content and requirements for data security compliance assessment. This document is applicable to organizations of all types to carry out data security compliance assessment work.

3，《Guidelines for Data Security and Personal Information Protection Social Responsibility》

Implementation Date: February 1, 2023

Issuing Organization: China Cybersecurity Industry Alliance

Standard Number: T/CCIA 002—2022

Overview/Requirements: This document provides guidance for organizations to understand their social responsibilities for data security and personal information protection and to implement related activities. This document is applicable to organizations that process data, as well as to third-party organizations that evaluate the level of an organization's fulfillment of its social responsibilities for data security and personal information protection.

4，《Guidelines for Compliance Management Systems of Enterprises in the Information and Communication and Internet Industry》

Release Date: March 2, 2023

Publisher: China Internet Association

Standard Number: T/ISC 0023-2023

Overview/Requirements: This document provides a general guide for information and communication enterprises and internet enterprises to establish, implement, evaluate, maintain, and improve compliance management systems. This document is applicable to information and communication enterprises and internet enterprises engaged in compliance management-related work.

5. 'Technical Specification for Secure Data Circulation Based on Blockchain and Privacy Computing (Draft for Comments)'

Release Date: 2023-11-04

Issuing Organization: Guangdong Cloud Computing Application Association

Overview/Requirements: This document specifies technical requirements for data circulation security based on blockchain and privacy computing, including the blockchain and privacy computing technologies that need to be used, as well as necessary technical requirements during the process of data assetization and circulation. This document is applicable to the research and development, testing, evaluation, and acceptance of data security circulation products based on blockchain and privacy computing.

6. 'Business Process Specification for Secure Data Circulation Based on Blockchain and Privacy Computing (Draft for Comments)'

Release Date: 2023-11-04

Issuing Organization: Guangdong Cloud Computing Application Association

Overview/Requirements: This document provides business process specifications for data circulation security based on blockchain and privacy computing, including data types involved in the business process of data security circulation, participating entities and their respective responsibilities, as well as general business process requirements (covering the process of data assetization and the process of data asset circulation).

7. 'General Rules for Data Circulation Backup Review'

Release Date: 2023-11-04

Publisher: China Internet Association

Overview/Requirements: This document specifies the general technical requirements for data circulation backup review, including general requirements for data circulation backup and technical requirements for data circulation backup review. This document is applicable to the design, development, operation, and maintenance of data circulation backup review systems/platforms/tools during the implementation of multi-party data transactions, government-enterprise data disclosure, and multi-party data sharing, in order to support the supervision, evaluation, and review of trading platforms, government departments, and third-party organizations.

8, '<Financial Data Security Technical Protection Specification>'

Release Date: 2023-11-10

Publisher: China Internet Finance Association

Standard Number: T/NIFA 21—2023

Overview/Requirements: This document stipulates the objectives and principles of technical protection for financial data security, clarifies relevant systems and specifications, data security throughout the entire lifecycle, data security supervision and operation and maintenance methods, and establishes technical protection plans for data security for financial institutions in the process of business operations and management.

9, '<'Guidelines for Emergency Response and Disposal of Financial Data Security》

Release Date: 2023-11-10

Publisher: China Internet Finance Association

Standard Number: T/NIFA 22-2023

Overview/Requirements: This document is applicable to guiding financial institutions to carry out emergency response and disposal of financial data security, and provides references for competent departments and third-party evaluation institutions to carry out emergency response and disposal checks and evaluations of financial data security.

10, 'Guidelines for Financial Data Asset Management'

Release Date: 2023-11-10

Publisher: China Internet Finance Association

Standard Number: T/NIFA 20-2023

Overview/Requirements: This document provides a framework, principles, objects, activities, operation support and guarantee for the management of financial data assets. This document is applicable to guiding banking financial institutions to carry out data asset management on the basis of data governance. Banking financial institutions refer to financial institutions that absorb public deposits established within the People's Republic of China, such as commercial banks, urban credit cooperatives, rural credit cooperatives, and policy banks.

11, 'Requirements for Data Security Technical Capability Assessment'

Release Date: 2023-11-30

Publisher: China Internet Finance Association

Overview/Requirements: This document stipulates the technical capability requirements for organizations such as enterprises and institutions that should possess data security capabilities. This document is not only applicable to the technical capability assessment of third-party institutions but also applicable to providing references and guidance for enterprises to conduct self-assessment of their data security technical capabilities.

12, 'General Principles for Data Authorization and Risk Control'

Publication Date: 2023-08-07

Publisher: China Internet Association

Overview/Requirements: This document establishes a data authorization and risk control framework, stipulates the requirements for data collection and storage, processing and analysis, use, and authorization and transaction link risk control. This document is applicable to the authorization and security of enterprises and organizations in handling personal and non-personal data internally, and is also applicable to the authorization and security in the process of data transactions.

13, 'Guidelines for the Protection of Personal Payment Information'

Release Date: 2023-08-09

Standard Number: T/PCAC: 0001-2023

Publisher: China Payment Clearing Association

Overview/Requirements: This specification defines the scope of personal payment information, proposes the basic principles, security framework, security protection scope, business entities and main obligations, organizational construction, personnel management, terminal and business system security, and other contents, and puts forward typical protection requirements for different business scenarios. This specification is used to guide the information systems of member units of this association in handling personal payment information services and activities.

14. 'Technical Requirements for All-Data Intelligent Control Technology in Big Data Application Platforms'

Publication Date: 2023-07-12

Publisher: China Small and Medium Enterprises Association

Overview/Requirements: This document specifies the terminology and definitions, abbreviations, general requirements, functional requirements, and construction requirements for all-data intelligent control in big data application platforms. This document is applicable to the design, development, and testing of all-data intelligent control in big data application platforms.

15. 'Ethical Requirements for Health and Medical Data Sharing'

Publication Date: 2023-09-11

Publisher: China International Science and Technology Promotion Association

Overview/Requirements: This document specifies the ethical principles, general principles, informed consent, privacy confidentiality and protection, use of health and medical data, intellectual property protection, conflicts of interest, benefit sharing, ethics committees, and ethical review for ethical requirements of health and medical data sharing. This document is applicable to trials, development trials, and international and domestic scientific research cooperation carried out by the use of health and medical data.

16. 'Information Security Technology - Requirements for Privacy and Security Protection of Health and Medical Data'

Publication Date: 2023-09-11

Publisher: China International Science and Technology Promotion Association

Overview/Requirements: This document specifies the general principles, responsibilities, data collection protection, data storage protection, data processing, data use, and technical support for the privacy and security protection of health and medical data. This document is applicable to the supervision, management, and evaluation of the privacy and security protection of health and medical data.

17. 'Specification for Construction of Active Health Platforms'

Publication Date: 2023-09-11

Publisher: China International Science and Technology Promotion Association

Overview/Requirements: This document specifies the abbreviations, construction principles, platform architecture, perception and control, network transmission, interface requirements, functional requirements, system implementation, and information security for the construction of active health platforms (hereinafter referred to as the platform). This document is applicable to the design, development, and application of active health platforms.

18. 'Specification for Data Analysis Application Testing of Active Health Platforms'

Publication Date: 2023-09-11

Publisher: China International Science and Technology Promotion Association

Overview/Requirements: This document specifies the abbreviations, overview, general principles, functional testing of data preparation modules, functional testing of analysis support modules, functional testing of data analysis modules, and functional testing of process scheduling modules for the data analysis application testing of active health platforms. This document is applicable to the application testing of data analysis on active health platforms.

19. 'Specification for Data Sharing Management of Medical Scientific Data on Active Health Platforms'

Publication Date: 2023-09-11

Publisher: China International Science and Technology Promotion Association

Overview/Requirements: This document specifies the general requirements, management framework, and data sharing management for the data analysis application testing of active health platforms. This document is applicable to the data sharing management of medical scientific data on active health platforms.

Industry Standard

1. 'Rules for Classification and Coding of Health and Health Information Datasets'

Publication Date: 2023-08-07

Standard Number: WS/T 306-2023

Publisher: National Health Commission of the People's Republic of China

Overview/Requirements: This standard specifies the basic principles, technical methods, and application rules to be followed in the classification and coding of health and health information datasets. This standard is applicable to the formulation of classification and coding schemes for various health and health information datasets in the health and health field.

2. 'Guidelines for Information Security Operation and Management in the Securities and Futures Industry'

Publication Date: 2023-10-23

Issuing Unit: China Securities Regulatory Commission

Standard Number: JR/T 0295-2023

Overview/Requirements: This document provides guidance and methods for the management of security management, basic security management, information asset management, vulnerability management, development security management, data security management, centralized monitoring and response management, and continuous improvement management in the operation and management of information security. This document is applicable to core institutions and operating institutions in the securities and futures industry after completing the basic information security construction and carrying out information security operation and management work.

3, 'Information System Penetration Testing Guide for Securities and Futures Industry'

Release Date: February 7, 2023

Issuing Unit: China Securities Regulatory Commission

Standard Number: JR/T 0276-2023

Overview/Requirements: This document provides the overall process for conducting penetration testing in the construction of information systems in the securities and futures industry, and also provides operational guidelines on how to ensure test quality and control security risks in the planning, design, execution, summary, and risk management of penetration testing.

Industry Report

1、《Data Asset Management Practice White Paper (6.0Edition)

Release Date: January 4, 2023

Source: CCSA TC601 Big Data Technology Standard Promotion Committee

Overview: The main contents of the white paper include six aspects: an overview of data asset management, functional activities, safeguard measures, practical steps, trends, summary, and prospects.

2、《2022Annual Data Security Report>

Release Date: January 5, 2023

Report Source: Data Security Promotion Plan

Overview: This research report investigates the current situation of data security development on both the demand and supply sides through questionnaires. According to the results of this survey, the participating demand-side enterprises have all carried out data security work to varying degrees and formulated data security work plans, and supply-side manufacturers also believe that the market prospect of data security is very promising, and are actively deploying data security products and services.

3、《Data Security Governance Practice Guide2.0》

Release Date: January 5, 2023

Report Source: Data Security Promotion Plan

Overview: Based on a large amount of industry research and enterprise practice, this guide optimizes the overall view of data security governance on the basis of 'Guide (1.0)', and carries out preliminary exploration of the construction scheme for key issues such as the difficulty of data classification and grading, and the easy disconnection between management and technology, further refining the practice route of data security governance.

4,《Big Data White Paper》

Release Date: January 5, 2023

Report Source: China Communications Institute

Overview: This white paper focuses on the new technologies, new models, and new business formats emerging in the big data field over the past year, analyzes and summarizes the overall situation of big data development globally and in China, and focuses on the five core areas of data storage and computing, data management, data circulation, data application, and data security.

5、《Digital Twin City White Paper》

Release Date: January 5, 2023

Source: China Information and Communication Research Institute, China Internet Association, China Communications Standards Association

Overview: This white paper consists of three major parts: the development overview, the implementation suggestions, and the construction prospects, and updates the overall architecture of the digital twin city; it systematically analyzes the construction ideas of 'city digital twin' and 'digital twin new engine' for the first time; and proposes the implementation path for digital twin cities.

6, and the 'White Paper on Digital Transformation Development of the Telecommunications Industry'

Release Date: January 8, 2023

Report Source: China Communications Institute

Overview: This white paper makes a relatively comprehensive summary of the long-term transformation exploration of the telecommunications industry, hoping to extract the system, direction, and path of digital transformation development through summarizing the practice, cases, experiences, and problems of the telecommunications industry in the digital transformation over the past ten years.

7、Report on Data Security under the Perspective of Data Element Circulation (2022)

Release Date: January 8, 2023

Report Source: China Communications Institute

Overview/Requirements: The report analyzes the promotion of the construction of China's data security guarantee system from the perspective of data element circulation, and proposes measures and suggestions from the aspects of classification and grading, circulation environment, security technology, and collaborative governance, providing beneficial reference and reference for improving the security guarantee of data elements in China's data element circulation perspective.

8、List of Key Tasks in the 2023 Municipal Government Work Report

Release Date: January 30, 2023

Report Source: Beijing Municipal People's Government

Overview/Requirements: The report proposes to build a global benchmark city for the digital economy, implement the Beijing Digital Economy Promotion Regulations, promote the construction of the Beijing Data Special Zone, carry out pilot demonstration of data basic systems, cultivate a new market for the open and shared data elements, enhance the level of the international big data exchange, encourage various market entities to enter the market for transactions, accelerate the gathering of high-value industry data, and create a special zone for inclusive social data; cultivate data evaluation and safety evaluation and other data element market institutions, providing full-chain services such as data brokerage, registration, and evaluation; and take the lead in the service of digital trade, cross-border data circulation, and connecting with international digital economy rules.

9、《Cybersecurity Services Market Insight Report》

Release Date: February 8, 2023

Report Source: Sisou Security Industry Research Institute

Overview: In view of the diversity and complexity of the细分 fields involved in cybersecurity services, this report focuses on the in-depth analysis of the detailed needs of cybersecurity services and common characteristics.

10, and the 'Guangdong Province Digital Government Cybersecurity Index Assessment Report'

Release Date: February 10, 2023

Report Source: Office of the Leading Group for the Reform and Construction of 'Digital Government' in Guangdong Province

Overview: Based on survey and evaluation data, the report sorts out and analyzes the current security status, existing problems, and highlights of digital government cybersecurity in various cities of Guangdong Province, promotes and guides the continuous enhancement of the cybersecurity system construction in cities and districts, and promotes the digital government cybersecurity work in the province to a new level and a new leap.

11, and the '2022 Annual Banking Regulatory Penalty Analysis Insight'

Release Date: February 15, 2023

Report Source: KPMG Enterprise Consulting (China) Co., Ltd.

Overview: This report conducts in-depth data analysis and trend interpretation of regulatory policies and penalty dynamics, hoping to help financial institutions, especially commercial banks, grasp the regulatory focus in a timely manner, keenly perceive the changing trends of compliance risks, and take effective countermeasures.

12、《2022Year Industrial Information Security Situation Report>

Release Date: February 15, 2023

Report Source: Monitoring and Emergency Response Department of the National Industrial Information Security Development Research Center

Overview: The report analyzes the four aspects of event analysis, policy trends, technology trends, and industrial development of industrial information security.

13、《Enterprise Cross-border Data Flow Security Compliance White Paper》
Release Date: February 20, 2023

Report Source: China Mobile Research Institute Jointly with China Mobile International Co., Ltd.

Overview: The white paper focuses on the urgent issues faced by enterprises in cross-border data flow, proposes a corporate cross-border data flow security compliance guidance scheme with the core of 'synergistic development of management system, technology system, and operation system', and predicts the development direction of enterprise cross-border data flow.

14、《PreciseEDRCapacity White Paper》

Release Date: February 20, 2023

Report Source: Shushi Consulting

Overview: Collaborated with domestic EDR security vendors Weibufen Online for over a month of research work, and based on the protection of user privacy without leaking any original research data, the research results were compiled into a white paper.

15、《Industrial Data Security Monitoring and Emergency Response Insight Report》

Release Date: February 20, 2023

Report Source: Freebuf Consulting

Overview: The report mainly tells about the coexistence of development opportunities and security challenges of industrial data, major countries and regions' industrial data security policies, industrial data security management strategies and emergency response technology, and the current situation and future of the industrial data security industry development.

16、《Concept Paper of the Global Security Initiative

Release Date: February 21, 2023

Report Source: China

Overview: The highest leader of the People's Republic of China, the President, proposes the Global Security Initiative, advocating for a spirit of unity to adapt to the profoundly adjusted international格局, and a win-win mindset to deal with complex and intertwined security challenges. The aim is to eliminate the root causes of international conflicts, improve global security governance, promote the international community to inject more stability and certainty into the turbulent and changing era, and achieve lasting peace and development in the world.

17、《2022China Cybersecurity Industry Development Report

Release Date: February 23, 2023

Report Source: China Cybersecurity Industry Innovation and Development Alliance, China Information and Communication Research Institute

Overview: This report first gives an overview of the overall scale and structure of the cybersecurity market, and then focuses on the latest development trends of internal and external factors. It displays the development trend of the cybersecurity industry from multiple dimensions such as domestic and foreign policies, technical products, corporate operations, capital empowerment, and industrial ecology.

18、Global Data Compliance and Privacy Technology Development Report 2022

Release Date: February 24, 2023

Report Source: EY and Cyber Research Institute

Overview: The report comprehensively sorts out the compliance systems of data security and algorithm application at home and abroad, updates the concept, connotation, and extension of privacy technology, and proposes five major findings based on holistic research.

19

Release Date: March 1, 2023

Report Source: PwC

Overview: This in-depth interpretation will stand on the perspective of financial institutions how to actively respond to the new requirements of the development of the data element market, integrating the two perspectives of internal data assetization and external data element marketization, analyzing the impact of four main aspects: data property, circulation and trading, revenue distribution, and security governance. It also proposes discussions and suggestions on the empowerment of business development and participation in the data asset ecology of financial institutions under the 'Twenty Articles on Data'.

20

Release Date: March 2, 2023

Report Source:环球律师事务所, Nanyang Compliance Technology Research Institute

Overview: The report introduces the overall legislative status of data出境 in our country, and based on practical experience and focusing on the perspective of enterprises, shares the ten aspects that enterprises usually think about in the operation process of data出境. It also conducts in-depth analysis of difficult points and common mistakes, providing ideas for enterprises to complete data出境 compliance work.

21

Release Date: March 8, 2023

Report Source: China Consumer Association

Overview: The 'Report' points out that the current issues of infringing on consumers' personal information rights need to be highly valued by all parties in society. The main problems are manifested in violating the necessity principle of processing, violating the quality principle of personal information processing, violating the 'informed consent' rule, and the scope of compensation for the infringement of personal information rights to be determined.

22

Release Date: March 11, 2023

Report Source: Zhejiang Securities

Overview: The main contents of the report include data security regulatory framework, trends in the development of the data security market, market space for data security, security vendor layout, and data security investment framework.

23

Release Date: March 14, 2023

Report Source: Sisou Security Industry Research Institute

Overview: The report focuses on the domestic substitution and innovation-related content in the email security industry, analyzes the current market size, structure, and development stage of the email security market, and looks forward to the future.

24

Release Date: March 15, 2023

Report Source: Shushi Consulting

Overview: The 'White Paper' discusses how to meet the needs for data security and control during the process of data access.

25

Release Date: March 16, 2023

Report Source: International Cloud Security Alliance Greater China Region

Overview: The 'Guide' starts with the concept and scope of blockchain data, analyzing the needs for data security and privacy protection, and presents the overall framework of data security and privacy protection from the perspective of access layer, processing layer, and display layer design guidelines. It also provides testing guidelines and concludes with blockchain data security application scenarios.

26、Building the Rule of Law in China's Internet in the New EraWhite Paper

Release Date: March 16, 2023

Report Source: State Council Information Office

Overview: The white paper points out that the rule of law is the basic way of internet governance. Using the concept of the rule of law, thinking mode of the rule of law, and means of the rule of law to promote the development and governance of the internet has become a general consensus globally.

27,Consensus Algorithm and Consensus Security

Release Date: March 23, 2023

Report Source: Cloud Security Alliance Greater China

Overview: This white paper is the first important literature in China to systematically discuss blockchain consensus algorithms and consensus security issues. The white paper conducts detailed testing and evaluation of various consensus algorithms from three aspects: theoretical analysis, implementation analysis, and application deployment. It also explores the practical experience of these projects in the field of consensus algorithm security with the Hyperledger and Ethereum projects as examples.

28, 'Global Chief Data Officer Survey'

Release Date: March 27, 2023

Report Source: PwC

Overview: The 'Survey' data shows that the number of Chief Data Officers appointed by global leading enterprises is rising, and Chief Data Officers can have a positive impact on financial performance.

29、《Data Security Products and Services Observation Report》

Release Date: 2023-04-09

Report Source: Data Security Promotion Plan

Overview: This report introduces, analyzes, and forms ten observations and viewpoints on data security products and services in China based on graph data.

30, 'Enterprise Data Security Risk Management Guide'

Release Date: 2023-04-13

Report Source: Cloud Security Alliance Greater China

Overview: This guide builds a data-centered risk management framework, based on a comprehensive analysis of the data security risks faced by various data processing activities. It provides practical management methods from six major aspects: data security risk management planning, data processing activity management, data security risk assessment, data security risk disposal, data security risk supervision and improvement, and data security risk communication and review. It also provides detailed practical ideas through 20 appendices tools, hoping to provide reference and help for data security professionals in various enterprises.

31、《2023 China Digital Government Construction and Development White Paper》

Release Date: 2023-04-13

Report Source: China Electronics Cloud and IDC China

Overview: The white paper focuses on the research and analysis of new changes in the construction and development of digital government, new characteristics of product and technology needs, and new requirements for government performance, hoping to provide assistance and reference for the construction of digital government.

32、《Data Network White Paper》

Release Date: 2023-04-15

Report Source: China Mobile

Overview: The Data Network is a new type of credible data circulation infrastructure, aiming to build a data network that can be accessed on demand, has a solid foundation of calculation and network, shares securely, cooperates openly, and is manageable and controllable.

33、《2023 Q1 Data Asset Leak Analysis Report》

Release Date: 2023-04-19

Report Source: Threat Hunter

Overview: The report shows that nearly 1000 data leakage incidents occurred in Q1, involving 1204 enterprises and 38 industries, with the black industry's data trading mainly concentrated on more concealed and convenient anonymous social platforms.

34、《Enterprise Data Authorization and Global Compliance Trends Report (2023)》

Release Date: 2023-04-24

Report Source: Tsinghua University Research Center for Technological Innovation, International Data Management Association, Global Law Firm

Overview: This report globally launches the 'Accurate Authorization Path for Enterprise Data', which is a universal data authorization theory and method system for global enterprises in response to the challenges of data authorization and compliance governance in the AIGC era.

35、《Attack Surface Management Product Market Analysis Report》

Release Date: 2023-05-04

Report Source: NumberSay Security

Overview: The report provides an analysis of what attack surface management is, where it is positioned in the user security defense line, what are its core technologies and capabilities, what are the technical differences and product positioning of various manufacturers, what are the pain points of attack surface management work in various client units, the construction progress, and an analysis of related projects in the attack surface management market through the NumberSay Security commercial analysis platform, and gives a summary and outlook of the attack surface management market.

36、《Digital Security Capability Insight Report》

Release Date: 2023-05-07

Report Source: China Electronics Technology Standardization Institute

Overview: The report believes that data, business, and security are interdependent and indispensable. The deep application of data and business development put higher requirements on security. Data security cannot imitate the traditional cybersecurity construction approach of 'treating the symptom but not the root cause'. It requires the implementation of data security governance, the development of a systematic plan for data security, the establishment of corresponding organizational structures and responsibility systems, the construction of a systematic data security capability, and the enhancement of full-process and full-lifecycle data security governance, security protection construction, security risk monitoring, and security capability verification to form a closed-loop management of data security and continuously improve the barrier efficiency.

37、《2023 Cybersecurity Key Trends》

Release Date: 2023-05-08

Report Source: KPMG

Overview: The report gathers cybersecurity experts from KPMG in various fields globally, discussing the eight priorities that Chief Information Security Officers (CISOs) and their teams should focus on in 2023 to effectively manage cybersecurity risks and protect the development and future of enterprises.

38、《CNC Machine Tool Network Security Report (2023)》

Release Date: 2023-05-08

Report Source: China Communications Institute

Overview: This report, based on the development of CNC machine tools under the background of industrial internet, analyzes the current status of CNC machine tool network security from aspects such as domestic and foreign policies, security technology research, and technical standards and specifications. The report details the existing vulnerabilities and security risks such as intrusion attacks in CNC machine tools, as well as the deep-seated reasons, and provides suggestions for security protection implementation plans. Finally, the report proposes the future work direction of CNC machine tool network security from aspects such as standards, technical research, and evaluation and testing.

39、《Guide for the Construction of Data Security Oasis System》

Release Date: 2023-05-10

Report Source: Qiming Star

Overview: Based on national laws, regulations, and policy requirements, this report comprehensively analyzes the development characteristics of the current data security field, implements the data security construction system, combines the project practice experience and capability basis, and proposes a five-step implementation path for data security: security planning, classification and grading, risk identification, security construction, and security operation.

40、《White Paper on Market-oriented Allocation of Data Elements and Construction of Digital Ecosystem》

Release Date: 2023-05-19

Report Source: Tianjin Bincheng Digital Ecosystem Research Institute, North China Big Data Exchange Center

Overview: This white paper takes the market-oriented allocation of data elements and the construction of digital ecological systems as the entry point, constructs a 'four-in-one' supporting framework of data ownership, data pricing, data security, and data operation at the level of top-level design as the system guarantee; at the level of practical implementation, it takes the 'dual-listing and intelligent matching trading based on market demand-driven supply and demand' data trading and circulation solution as the core, empowers the data to realize the evolution from resourceization to assetization to capitalization with the help of the data element production and processing platform, constructs a credible circulation environment for data elements with the common platform of blockchain, and takes the data bank as the strategic thinking of data trust service and data element market-oriented allocation, providing a solution for the implementation of data trading and circulation and efficient utilization.

41、《China's Data Property Rights Blue Book 2022》

Release Date: 2023-05-22

Report Source: Renmin Data, School of Cybersecurity, Zhejiang University

Overview: The blue book deeply analyzes the ways of constructing the system of data property rights from four aspects: public data, enterprise data, personal data, and technology.

42、《Digital China Development Report (2022)》

Release Date: 2023-05-23

Report Source: Cyberspace Administration of China

Overview: The report shows that significant achievements have been made in the construction of the digital China in 2022, with a significant increase in the scale and level of China's digital infrastructure. In 2023, the development work of digital China will further strengthen the foundation of digital China construction, unblock the major arteries of digital infrastructure, and smooth the large circulation of data resources.

43、《Individuals as the Masters of Their Information Data - A New Paradigm for the Data Element Market》

Release Date: 2023-05-24

Report Source: Data Asset Research Center, School of Economics and Management, Beijing University of Posts and Telecommunications

Overview: The main theme of this white paper is how to effectively serve the digital life of the data subject with personal data scattered in various places; at the same time, to further tap the social value of such data under the premise of consensus, security, efficiency, compliance and sustainability, and inject new momentum into the digital economy; and this value mining process not only depends on the willingness and ability of the original data processors, but can also aggregate personal data into a new 'resource pool' and new market forces and social opportunities to accelerate the formation of a new mechanism for the data element market.

44、《2023 Data Breach Investigation Report》

Release Date: 2023-06-06

Report Source: Verizon

Summary: In the 2023 DBIR, Verizon analyzed 16,312 security incidents and 5,199 data breach incidents. The report shows that 74% of data breach incidents involve human factors

45、《Open Bank Data Protection and Compliance Practice Case Report》

Release Date: 2023-06-06

Report Source: China UnionPay Technical Management Committee

Summary: The report collects 10 typical open bank data protection practice cases from 9 commercial banks, puts forward suggestions for the improvement of policy, standard, and technical research according to the current situation, and further promotes the construction of the open bank ecosystem effectively.

46、《Our country<Data Security Law>Report on the Law Enforcement Situation Since the Implementation》

Release Date: 2023-06-17

Report Source: Tsinghua University

Summary: The report collects a series of law enforcement notices initiated by administrative organs based on the 'Data Security Law', publicly releases 34 typical cases of administrative penalties decided according to the 'Data Security Law', and summarizes the main situations and problems of applying laws in practice in combination with the implementation cases of the 'Data Security Law' accumulated through public channels.

47、《2023 China Cybersecurity Market and Enterprise Competitiveness Analysis》

Release Date: 2023-06-20

Report Source: China Cybersecurity Industry Alliance

Summary: The report aims to objectively and accurately reflect the current situation of the cybersecurity market in our country, evaluate the competitiveness of cybersecurity enterprises, and study the evolution trend of the cybersecurity market structure, hoping to provide effective references for professionals in the industry.

48、《2023 Top Ten Big Data Keywords》

Release Date: 2023-06-28

Report Source: China Communications Institute

Summary: Among the top ten big data keywords of 2023, four are distributed in the data development and application phase, two in the data element market phase, and two in the data security phase, reflecting that this year's focus of development is on the business empowerment of data and the integration of internal and external, as well as the continued consolidation of the security foundation.

49, '2023 Banking Cross-Network Data Security Exchange White Paper'

Release Date: 2023-07-01

Report Source: Feichiyunlian

Summary/Requirements: Based on the current situation and problems of interbank data exchange in the banking industry, this white paper proposes targeted solutions and construction suggestions, providing valuable construction strategies and references for banks in our country.

50, 'Enterprise Cybersecurity Compliance Framework System'

Release Date: 2023-07-05

Report Source: Cloud Security Alliance Greater China

Summary/Requirements: This report proposes the enterprise cybersecurity compliance framework system as the '1+2+SEC+N+1' architecture.

51, '2023 l Q2 Howling Cybersecurity Industry Key Insights'

Release Date: 2023-07-06

Report Source:嘶吼安全研究员

Overview/Requirements: This report focuses on several aspects, including the trends in cybersecurity policies in Q2 2023, insights into cybersecurity investment and financing, insights into cybersecurity vendors, insights into major cybersecurity events, and insights into cybersecurity technology.

52, 'Personal Information Protection Compliance Guidelines - China Edition'

Release Date: 2023-07-10

Report Source: Cloud Security Alliance Greater China

Overview/Requirements: The purpose of this report is to provide systematic implementation guidance for personal information processors within the jurisdiction of the 'Personal Information Protection Law'. This report includes the relevant content of basic requirements for personal information protection compliance, including principles, methodology framework, etc. It provides a structured framework of 'compliance requirements - control measures and procedures - other considerations' to guide the norms that personal information processors should comply with in their processing activities.

53, 'Financial Data Protection Governance White Paper'

Release Date: 2023-07-11

Report Source: Beijing Financial Technology Industry Alliance

Overview/Requirements: This report focuses on the financial practice, development status, exploration, and standardization of related capability requirements of data protection governance, summarizes the relevant construction paradigms, and promotes the research and application of data protection and governance in the financial field.

54, 'China Personal Information Cross-border Transfer Standard Contract White Paper'

Release Date: 2023-07-13

Report Source: National Network and Information System Security Product Quality Inspection and Testing Center, etc.

Overview/Requirements: This white paper analyzes the key issues in the practice of personal information cross-border transfer and shares how the standard contract for personal information cross-border transfer is implemented.

55, 'ISACA Personal Information Protection Maturity Assessment Best Practice Guide'

Release Date: 2023-07-15

Report Source: ISACA

Overview/Requirements: In accordance with the relevant laws and regulations on personal information protection and combining the best practices of different industries, ISACA seeks to balance the utilization of data elements and privacy protection while taking into account the requirements for personal information protection and the regulatory requirements of different industries, providing an optimal practice guide for the implementation of the organization's personal information protection maturity assessment project, and assisting and providing practical tools for the organization to carry out personal information protection maturity assessment work.

56, 'Global Digital Trust Status in 2023'

Release Date: 2023-07-15

Report Source: ISACA

Overview/Requirements: This survey involves the familiarity, priority, credibility, readiness, and challenges in the global digital trust field.

and responsibilities, and makes a comparative analysis with the results of the previous year. In addition to the insights obtained, the report also provides practical guidance and opinions from industry professionals. Finally, the report summarizes five key points to help enterprises strengthen digital trust in digital transformation, enhance innovation capabilities, and maintain market competitiveness.

57, 'Data Security and Compliance Management Guide for Retail Enterprises'

Release Date: 2023-07-17

Report Source: China General Chamber of Commerce

Overview/Requirements: This guide combines judicial practice and systematically expounds on the relevant management requirements for data security and compliance, aiming to provide effective guidance for enterprises to carry out data-related work.

58, 'White Paper on Trustworthy Data Circulation Technology for Financial Data'

Release Date: 2023-08-08

Report Source: Beijing Financial Technology Industry Alliance

Overview/Requirements: This white paper discusses the current status, problems, opportunities, and challenges of data circulation in the financial industry from the dimensions of technology, business, management, and law, and proposes a set of technical solutions for data circulation in the financial industry. The solution is based on Huawei OceanStor storage, combined with the practical experience of CITIC Bank in important information systems, to ensure the security, controllability, and traceability of data in the process of circulation, and to achieve efficient sharing and collaborative analysis of data among different entities.

59, 'Integrated Endpoint Security Capabilities White Paper'

Release Date: 2023-08-10

Report Source: Shushi Consulting

Overview/Requirements: The white paper analyzes typical scenarios, conceptual overview, main capabilities, representative enterprises, and future development trends of integrated endpoint security.

60, '2023 Public Data Financial Application White Paper'

Release Date: 2023-08-16

Report Source: Chengdu Branch Business Management Department of the People's Bank of China, Sichuan Province Financial Technology Association

Overview/Requirements: This white paper focuses for the first time in China on the opening and application of public data to the financial field, conducts a comprehensive and systematic analysis and research, attempts to fill the gap in this research field, and aims to provide beneficial references for theoretical research and practical innovation in this field.

61, 'Zero Trust Development Research Report'

Release Date: 2023-08-25

Report Source: China Academy of Information and Communications Technology Cloud Computing and Big Data Research Institute

Overview/Requirements: The report focuses on the new developments and changes in the zero-trust industry over the past two years. The report first introduces the security challenges faced by enterprise IT architecture after the deepening of digital transformation, how zero trust solves security challenges, and how to respond to new security threats. Secondly, from the two major perspectives of zero-trust supply side and zero-trust application side, the report observes and analyzes the development status and application pain points of the zero-trust industry in our country.

62, 'Earth Big Data White Paper (2023)

Release Date: 2023-09-12

Report Source: Big Data Technology Standard Promotion Committee, Earth Big Data Working Group

Overview/Requirements: This white paper will sort out the content scope, data resources, key technologies, industry ecology, application scenarios, and practice cases of Earth Big Data, and initially propose practical methods for Earth Big Data, aiming to clarify the current development status of the Earth Big Data industry and provide reference for the relevant practices of Earth Big Data development and utilization by all parties in the industry.

63, 'White Paper on Data Circulation Construction Based on Public Data Authorization Operation'

Release Date: 2023-09-21

Report Source: Huawei Technologies Co., Ltd., China Academy of Information and Communications Technology Cloud Computing and Big Data Research Institute

Overview/Requirements: This white paper mainly elaborates on the current status, theoretical basis, promotion ideas, platform solutions, and typical application scenarios of the development of public data authorization operation.

No. 64, 'Intelligent Connected Vehicle Data Security and Compliance White Paper'

Release Date: 2023-09-22

Report Source: Lotus Technology and PwC

Overview/Requirements: Chapter 1, Chapter 2, and Chapter 4 are based on the perspective of the intelligent connected vehicle industry, combining the requirements of laws and regulations in various countries, and elaborating on the requirements for data security and compliance as well as industry prospects; Chapter 3 is based on Lotus Technology's own practice and elaborates on Lotus Technology's practice in data security and compliance.

No. 65, 'Financial Institutions External Data Management Practice White Paper (2023)'

Release Date: 2023-09-26

Report Source: Big Data Technology Standard Promotion Committee, National Engineering Laboratory for Big Data Circulation and Trading, and Big Data Circulation Compliance Evaluation Research Center

Overview/Requirements: This white paper iterates the content of external data full-process management based on the industry situation and adds a chapter on the analysis of hotspots in the development of external data combined with industrial practice. The 2023 version continues to collect and summarize the practice cases of the financial industry in external data management and share them in the appendix of this book.

No. 66, 'Data Elements White Paper (2023)'

Release Date: 2023-09-26

Report Source: China Information and Communication Research Institute

Overview/Requirements: Based on the 'Data Elements White Paper (2022)', this white paper further discusses the theoretical understanding of data elements and focuses on the new models, new industries, and new hotspots emerging in the exploration of data elements over the past year.

No. 67, 'Privacy Engineering White Paper'

Release Date: 2023-09-26

Report Source: Big Data Technology Standard Promotion Committee

Overview/Requirements: This white paper introduces the theoretical development of privacy engineering and the practical experience of Chinese enterprises in privacy engineering, hoping to provide reference for the construction of enterprise privacy protection capabilities and promote the formation of a privacy engineering system more suitable for Chinese enterprises.

No. 68, 'Trustworthy Data Circulation Network (TDN) White Paper (2023)'

Release Date: 2023-10-09

Report Source: China Academy of Information and Communications Technology Cloud Computing and Big Data Research Institute

Overview/Requirements: This white paper aims to promote the efficient and sustainable release of the value of data elements, addressing the difficulties and challenges faced in the process of data flow. Focusing on the key issues of data infrastructure construction, it analyzes the fundamental principles of可信 data circulation and proposes the concept of Trustworthy Data Circulation Network (TDN).

No. 69, '2023 China Banking Industry Artificial Intelligence and Big Data Use Case Analysis Report'

Release Date: 2023-10-17

Report Source: Dune Community

Overview/Requirements: In view of numerous artificial intelligence and big data use cases, banks should screen and prioritize use cases from two dimensions: business value and feasibility. This use case priority matrix defines 18 artificial intelligence and big data use cases, which will help banks achieve revenue growth, cost reduction, efficiency improvement, and enhanced user experience, while reducing risks. Bank CIOs or decision-makers related to AI and big data can use the use case priority matrix to prioritize use cases with higher business value and feasibility for reasonable resource allocation and investment.

70, '2023 Global Cybersecurity Status'

Release Date: November 2, 2023

Report Source: ISACA

Overview/Requirements: This survey report focuses on the development of cybersecurity talent, personnel allocation, cybersecurity budget, and threat situation in today's cybersecurity field.

and the development trends of cybersecurity maturity, etc. Overall, the survey data in 2023 once again confirms the results of the survey in 2022, and is almost identical to last year's data. However, further in-depth analysis shows that the data in 2023 may be affected by geopolitical, economic, and technological progress, showing some subtle changes compared to previous survey results.

71, 'China Cybersecurity Industry Analysis Report (2023)'

Release Date: November 8, 2023

Report Source: China Cybersecurity Industry Alliance

Overview/Requirements: This report first introduces the overall situation of China's cybersecurity industry in 2023, which faces both opportunities such as the gradual improvement of cybersecurity governance, the acceleration of the iteration and upgrade of cybersecurity technology, the enhancement of digital security level, and the acceleration of the global cybersecurity strategic layout, and challenges such as the slowing down of the development momentum of the cybersecurity industry under the economic downturn and the intensification of great power competition, as well as the more complex and arduous situation of cybersecurity challenges caused by the improper application of new technologies.

72, 'Observation Report on the Implementation of the Personal Information Protection Law for Two Years'

Release Date: November 14, 2023

Report Source: Data Security Community Program, CCIA Data Security Working Committee, etc.

Overview/Requirements: This report focuses on the implementation of the 'Personal Information Protection Law' for two years, observing the main progress in terms of institutional advancement, administrative law enforcement, judicial practice, and public perception from multiple dimensions.

73, '2023 Security Operation Market Report'

Release Date: November 27, 2023

Report Source: Shusuo Security Research Institute Co., Ltd.

Overview/Requirements: This research mainly focuses on the security operation service market, taking the largest demand for network security operation as the main application scenario, and the security operation of non-security operation platform products and other application scenarios is not regarded as the main content of this research.

74, 'White Paper on the Way of Government Data'

Release Date: November 29, 2023

Report Source: Anhui Big Data Center, Huawei Cloud Computing Technology Co., Ltd.

Overview/Requirements: Focusing on the current development status and challenges in data convergence, governance, and application in the government industry, this report summarizes the ten-step advancement of the way of government data and summarizes relevant engineering cases and practical experience, providing methodological guidance and practical exploration for data governance in the government field.

75, '2023 Transportation Industry Data Element Marketization White Paper'

Release Date: 2023-12-04

Report Source: East China Jiangsu Big Data Trading Center

Overview/Requirements: This report stands from a global perspective, closely following the current practical needs and development trends of the digitalization of the transportation industry, and elaborates on the current situation of the development of data elements in the transportation industry from several aspects such as policies, regulations, standards, types, technology, and marketization process. It makes a comprehensive and systematic analysis of the marketization development of data elements in several fields such as waterway, highway, railway, aviation, urban, and Internet of Vehicles, sorts out excellent case studies of integrated applications, and looks forward to future development.

76, 'Cross-border Data Circulation Compliance and Technical Application White Paper (2023)'

Release Date: 2023-12-07

Report Source: Open Islands Open Source Community

Overview/Requirements: The 'White Paper (2023)' focuses on the current situation of cross-border data circulation in the Guangdong-Hong Kong-Macau Greater Bay Area, and promotes the pioneering and experimental research, formulation, and implementation of safe rules for cross-border data flow.

77, '2023 Global Data Leakage Situation Report'

Release Date: 2023-12-12

Report Source: Shushi Consulting

Overview/Requirements: In order to grasp the situation of data leakage and respond to increasingly complex security risks, Shushi Consulting jointly with ZeroXin'an, based on the 0.zone open-source intelligence system, jointly released the monthly report on 'Data Leakage Situation'. The monitoring scope of the system includes about 100,000 threat sources such as the clear web, deep web, dark web, and anonymous communities. In addition to the monthly overview of data leakage, the report will also conduct sampling event analysis of some typical data leakage incidents. If there is a significant data forgery event, it will also be analyzed and refuted.

78, '2023 Data Resource Entry White Paper'

Release Date: 2023-12-13

Report Source: Beijing Yihualu Data Element Technology Innovation Research Institute

Overview/Requirements: The 'White Paper' focuses on all aspects of data resource entry, from data governance to privacy protection, from asset assessment to the 'five-step method' of entry, from case practice to future trends, contributing collective wisdom to promote the entry of data resources.

79, 'Master Data Management Practice White Paper (2.0)'

Release Date: 2023-12-20

Report Source: Big Data Technology Standard Promotion Committee of the China Communications Standards Association

Overview/Requirements: The 'White Paper' mainly includes an overview of master data management, practice in various industries of master data management, main content of master data management, master data management strategies, and future expectations of master data management.

80, 'Data Security Governance Practical Guidelines (3.0)'

Release Date: 2023-12-20

Report Source: Data Security Promotion Plan

Overview/Requirements: The 'Practical Guidelines' aims to guide the construction of industry data security governance capabilities and promote the development of industry data security governance capabilities, based on the 'Data Security Governance Capability Assessment Method' of the Big Data Technology Standard Promotion Committee of the China Communications Standards Association BDC 91-2022, and sort out the connotation of the concept of data security governance.