China rolls out new guidelines to classify and secure financial information

China has introduced a new set of financial data service regulations aimed at strengthening data security management, improving oversight

China has introduced a new set of financial data service regulations aimed at strengthening data security management, improving oversight of the financial industry, and expanding its broader cybersecurity framework. These measures were jointly issued on Saturday by the Cyberspace Administration of China, the People’s Bank of China, and four other regulatory bodies as part of a coordinated national effort to enhance control over financial information systems.

The new guidelines establish a structured framework for classifying, protecting, and managing financial data across all service providers operating within China. Under these rules, all relevant institutions are required to comply fully with the country’s data security law and implement standardized procedures for handling financial information. The regulations are designed to ensure that data is properly categorized based on its importance and sensitivity, as well as the potential risks that could arise in the event of unauthorized access or leakage.

According to the guidelines, financial data will now be divided into four distinct categories: important data, sensitive general data, and routine general data, with classifications determined by their level of significance and vulnerability. This tiered system is intended to help organizations apply appropriate levels of protection depending on the nature of the information they manage. By introducing clearer distinctions between different types of data, regulators aim to reduce risks associated with data misuse and improve overall information governance within the financial sector.

Officials emphasized that these rules come in response to the rapid growth in data generation and the increasing volume of information flows within China’s financial industry. As digital financial services continue to expand, the need for a more standardized and comprehensive regulatory system has become urgent. Authorities noted that financial information services are evolving in an orderly manner, but the scale and complexity of data processing now require more formalized, classified, and graded management systems to maintain security and stability.

The new framework, however, explicitly excludes data related to state secrets and military information, which are governed by separate and more stringent regulations. The primary focus of these guidelines is to safeguard sensitive financial information while supporting the broader national objective of strengthening data security practices across all sectors.

In addition to classification requirements, financial institutions and service providers are now obligated to carry out detailed data inventories. This includes systematically identifying and cataloguing all types of data under their control. Companies must maintain updated classification lists that accurately reflect the sensitivity and importance of their datasets. Furthermore, they are required to submit reports on catalogs of important data to regulatory authorities to ensure proper oversight and compliance.

Through these measures, China aims to create a more transparent, secure, and efficiently regulated financial data environment. The regulations are intended not only to protect sensitive information from potential breaches but also to encourage lawful and responsible use of financial data. Ultimately, these guidelines represent a significant step in reinforcing national cybersecurity efforts while supporting the continued development and modernization of the country’s financial information services sector.