On 11 August 2020 the Ministry of Industry and Information Technology issued the Guidelines on the Construction of a Data Security Standards System in the Telecoms and Internet Industries for public comment.
According to the draft guidelines, the data security standards system for telecoms and internet industries comprises four categories:
- basic and general standards – these include terminology definitions, data security frameworks and data categories and classifications;
- critical technology standards – these deal with data security technology used throughout the entire data lifecycle, including in the collection, transmission, storage, processing, exchange and destruction of data;
- security management standards – these concern data security specifications, data security assessments, monitoring and early warning and processing, emergency responses and disaster back up and security capability certifications; and
- critical field standards – these concern 5G, mobile data, connected cars, the Internet of Things, the Internet of Industry, cloud computing, Big Data, AI, blockchain and other critical fields.
