On 17 December 2020, the Ministry of Industry and Information Technology (MIIT) issued the Guidelines on the Construction of a Data Security Standards System in the Telecoms and Internet Industries.

As the guiding document of the data security standardization work, the Guidelines clearly define the basic principles that the industry data security standard work should follow, and puts forward the framework of the data security standards system.

According to the Guidelines, the data security standards system for telecoms and internet industries comprises four categories:

  • basic and general standards – these include terminology definitions, data security frameworks and data categories and classifications;
  • critical technology standards – these deal with data security technology used throughout the entire data lifecycle, including in the collection, transmission, storage, processing, exchange and destruction of data;
  • security management standards – these concern data security specifications, data security assessments, monitoring and early warning and processing, emergency responses and disaster back up and security capability certifications; and
  • critical field standards – these concern 5G, mobile data, connected cars, the Internet of Things, the Internet of Industry, cloud computing, Big Data, AI, blockchain and other critical fields.

These standards will cover the regulation, evaluation and protection of data collection, transmission, storage, processing, exchange, and destruction, which will guide the telecommunications and Internet industries to effectively implement the requirements of relevant laws and regulations on data security management.

The Guidelines were introduced in detail in the 7th meeting of the Data Security Group under CCSA TC8 on Internet and Information Security (CCSA TC8 TF1) on 27 January 2021. At the meeting, CCSA TC8 TF1 said it would use the Guides as the basis and guidance to carry out standardization work. In particular, TF1 should give play to the guiding role of the framework proposed in the industry data security standards system in the application of standard project approval, constantly promote the development and revision of industry data security standards and the implementation of key standards, and promote the leading and supporting role of standards in ensuring data security.

The full text of the Chinese Guidelines for the Construction of Data Security Standard System in the Telecommunications and Internet Industries can be downloaded here. The Chinese reference can be found at