China Issues Financial Information Service Data Classification and Grading Guidelines

China’s Cyberspace Administration, the People’s Bank of China (PBOC), the National Financial Regulatory Administration, the China Securities Regulatory Commission, the National Bureau of Statistics, and the State Administration of Foreign Exchange (SAFE) have jointly issued the “Financial Information Service Data Classification and Grading Guidelines” (hereinafter referred to as the “Guidelines”).

Regarding data classification, the Guidelines categorize financial information service data by business attributes. The first-level classification includes three categories: business data, user data, and enterprise data, which are further divided into nine second-level categories and 67 third-level categories.

Regarding data grading, the Guidelines reference the national standard GB/T 43697-2024 “Data Security Technology — Data Classification and Grading Rules.” Based on the importance and sensitivity of financial information service data in economic and social development, as well as the degree of harm that may result from leakage, tampering, damage, or illegal acquisition, use, or sharing of such data to national security, economic operation, social order, public interest, organizational rights, and personal rights, the data is classified into four levels from highest to lowest: core data, important data, sensitive general data, and routine general data.