China: TC260 requests comments on draft standard on security requirements for data transaction services
On August 25, 2023, the National Information Security Standardization Technical Committee (TC260) requested public comments on the draft Information Security Technology-Security Requirements for Data Transaction Service standard. The draft standard provides security requirements for data transaction participants, as well as transaction objects, platforms, and processes, and is applicable to data suppliers, data demanders, data trading venues, data vendors, and third-party professional service organizations.
The draft standard outlines that it aims to standardize data transactions and details data security principles, among other things:
- legal compliance principle;
- principle of process controllability;
- principle of classification; and
- security principle.
More granularly, the draft standard outlines specific security requirements for different parties and transactions including data transaction participants, as well as transaction platforms and processes. Furthermore, the draft standard notes examples of prohibited transaction data.
Public comments can be submitted to [email protected] until October 24, 2023.