NEA Issues the Administrative Measures for Data Security in the Energy Sector

Recently, the National Energy Administration (NEA) has issued the Administrative Measures for Data Security in the Energy Sector (for Trial Implementation) (the "Measures"), which will take effect on July 1, 2026, and remain in force for five years.

The Measures cover fundamental responsibilities for data security in the energy sector, data protection requirements, data security monitoring, early warning and emergency response, supervision and inspection, and legal liability. To strengthen data security management in the energy sector, the Measures propose to establish the following systems and mechanisms: (1) a data classification and graded protection system, under which energy sector data not involving state secrets are classified as general data, important data, or core data, with corresponding technical requirements proposed for the protection of important data and core data; (2) an important data catalog system that can identify key information, storage locations, and security protection measures for important data; (3) a data security risk assessment mechanism, requiring processors of important data and core data to conduct risk assessments at least once a year, and mandating risk assessments for the outbound transfer of important data or the transfer of core data between entities in accordance with laws and regulations; and (4) a data security monitoring, early warning, and emergency response mechanism for the energy sector.



(Source: https://www.nea.gov.cn/20251212/f8ee9d3f829641cb9cc4f1e9405e794a/c.html)

Note: The link to the Chinese official website of the document is for your reference.