PBC Releases Measures for Data Security Management in the Business Domain of the People's Bank of China

The People's Bank of China (PBC) has released the Measures for Data Security Management in the Business Domain of the People's Bank of China (the "Measures"), effective from June 30, 2025.

The Measures not only introduce the security protection obligations to be fulfilled by data processors in principle but also detail the measures for exemption from relevant obligations under exceptional circumstances, adding that such measures shall not affect the normal handling of financial business. The Measures, upon clarifying the circumstances for lighter or reduced administrative penalties, encourage data processors to diligently strengthen data security protection, and support them in providing valuable data security risk intelligence and assisting in the timely identification of major data security risks, which contributes to the collaboration for enhanced data security assurance. The Measures consist of 56 articles in seven chapters. Among them, Chapter II General Requirements on Business Data Classification and Grading, sets forth the regulations on data resource directories, classification and grading, system building, and operational procedures; Chapter III Security Management Requirements for the Entire Process of Business Data clarifies the security management regulations for data collection, storage, use, processing, transmission, disclosure, deletion, and other processes.



(Source: http://www.pbc.gov.cn/tiaofasi/144941/144957/5702602/index.html)

Note: The link to the Chinese official website of the document is for your reference.