China's TC260 outlines requirements for privacy compliance auditors in draft

( March 4, 2025, 08:50 GMT | Official Statement) -- MLex Summary: China’s TC260, the cybersecurity standard-setting body, has released draft guidelines detailing the service capabilities requirements for professional institutions conducting personal-information protection compliance audits to implement related regulations and support compliance audit work. The draft guidelines outline capability requirements from five aspects: basic conditions, management systems, technical capabilities, personnel capabilities, and facility and equipment resource capabilities. The draft guidelines will be open for public comments until March 17. Below please find the statement and attached, in Chinse, is the draft guidelines: ...

Prepare for tomorrow’s regulatory change, today

MLex identifies risk to business wherever it emerges, with specialist reporters across the globe providing exclusive news and deep-dive analysis on the proposals, probes, enforcement actions and rulings that matter to your organization and clients, now and in the longer term.

Know what others in the room don’t, with features including:

Daily newsletters for Antitrust, M&A, Trade, Data Privacy & Security, Technology, AI and more
Custom alerts on specific filters including geographies, industries, topics and companies to suit your practice needs
Predictive analysis from expert journalists across North America, the UK and Europe, Latin America and Asia-Pacific
Curated case files bringing together news, analysis and source documents in a single timeline

Experience MLex today with a 14-day free trial.

Start Free Trial

Already a subscriber? Click here to login

China's TC260 outlines requirements for privacy compliance auditors in draft

Prepare for tomorrow’s regulatory change, today

Documents

Related Sections