Energy, Aviation & Resources · 能源·航空·自然资源.
4 entries. The resource- and infrastructure-sector layer for energy, civil aviation, and natural resources — important-data cataloguing, classified-grading protection, and monitoring-and-early-warning duties calibrated to critical-infrastructure risk.
Departmental Rules .
部门规章 · CAC, MIIT, MPS and others
- § 01
Measures for the Administration of Data Security in the Energy Industry (Trial)
能源行业数据安全管理办法(试行)
Issued by the National Energy Administration as a departmental normative document (Doc. No. Guo Neng Fa Gui Hua Gui [2025] No. 108) on December 8, 2025, effective July 1, 2026, with a five-year term. These trial measures implement the Data Security Law within the energy sector. They define 'energy industry data' (data collected and generated in energy activities — planning, design, construction, production, storage and transport, consumption, and research) and establish the three-tier classification of general, important, and core data. The measures assign supervisory roles to the National Energy Administration, provincial energy authorities, and central energy enterprises; set out catalog-reporting duties for important and core data; and impose graduated protection requirements keyed to Multi-Level Protection Scheme (MLPS) levels — Level 3 or above for important data, and Level 4 (or CII protection) for core data. They also require annual risk assessments for important-data processors, cross-border security assessment for outbound important data, risk-assessment thresholds for core-data transfers (the 30% annual cumulative volume trigger), and a monitoring, early-warning, and emergency-response regime with a one-working-day reporting deadline for major incidents.
- § 02
Guide to the Classification and Grading of Energy Industry Data (2026 Edition)
能源行业数据分类分级指南(2026年版)
Issued by the National Energy Administration on June 30, 2026 and effective July 1, 2026 — the same day as the companion Measures for the Administration of Data Security in the Energy Industry (Trial) — this Guide (4 chapters, 15 articles) operationalizes the trial Measures' three-tier general/important/core classification for the energy sector. It sets classification dimensions (energy type — coal, petroleum, natural gas, nuclear, hydro, wind, solar, biomass, geothermal, ocean, electric power, hydrogen — and energy activity — planning, design, construction, production, storage and transport, consumption, research), grading rules for derived and de-sensitized data, and bright-line thresholds for identifying important and core data: precise (100m-or-better) geo-coordinates and any materials containing them for large coal mines, thermal/hydro/nuclear power stations, and 750kV-plus substations and converter stations; real-time dispatch/control instruction data for designated hydropower stations, ultra-high-voltage substations, and PipeChina's oil-and-gas dispatch control system; and electric-power consumption-data thresholds keyed to user count (10 million users triggers important-data status; 100 million users, or a special-grade important user's continuous 1-year consumption record, triggers core-data status). The National Energy Administration's accompanying press Q&A explains that the grading logic tracks the degree of harm to national security from leakage or tampering, and sets out the six post-issuance compliance duties for important/core data processors: compile and file an important-data catalogue, build a data-security management system, implement multi-level protection scheme (MLPS)/CII/cryptographic protection, run annual risk assessments, apply for risk assessment before outbound transfer of important data or cross-entity transfer of core data, and report incidents immediately.
- § 03
Measures for the Administration of Data Security in the Field of Natural Resources
自然资源领域数据安全管理办法
Issued by the Ministry of Natural Resources as a departmental normative document (Doc. No. Zi Ran Zi Fa [2024] No. 57) on March 22, 2024, and effective the same day, having been approved by the national data security work coordination mechanism. These measures implement the Data Security Law for non-classified data in the natural-resources field — geographic information data (including basic geographic information and remote-sensing imagery), natural-resources survey and monitoring data (land, minerals, forests, grasslands, water, wetlands, sea areas and islands), territorial spatial planning data, and natural-resources management data (use control, asset management, cultivated-land protection, ecological restoration, real estate registration, etc.). The measures establish the three-tier general/important/core classification with six reference indicators for identifying important data, assign supervisory roles to the Ministry of Natural Resources, the National Forestry and Grassland Administration, and local industry regulators, and set out a full data-lifecycle security regime (collection, storage, use and processing, transmission, provision, disclosure, deletion). Key obligations include catalog reporting and review of important and core data, MLPS Level 3+ for important data and Level 4 / CII protection for core data, the 30% cumulative-volume risk-assessment trigger for core-data provision, in-country storage with cross-border security assessment for important data, annual risk assessment for important-data processors, and a monitoring, early-warning, and emergency-response framework.
National Standards .
国家标准 · GB/T, TC260
- § 01 · MH/T 3038—2025
Technical Requirements for Monitoring and Warning of Data Security in Civil Aviation (MH/T 3038—2025)
民用航空数据安全监测预警技术要求(MH/T 3038—2025)
MH/T 3038—2025 is a civil-aviation industry standard issued by the Civil Aviation Administration of China (CAAC), released July 18, 2025 and effective August 1, 2025. It establishes the basic principles for civil-aviation data security monitoring and warning and specifies the technical requirements for data security monitoring and warning, to guide data processors in the civil-aviation field in building monitoring and early-warning capabilities; it does not apply to data security monitoring and warning involving State secrets. The standard sets out monitoring requirements across the full data-processing lifecycle (collection, storage, use and processing, transmission, provision, deletion), keyed to the protection of core data, important data, and sensitive personal information, and aligned with the aviation data classification and grading standard MH/T 3039. It defines a four-tier warning system — red (Level I), orange (Level II), yellow (Level III), and blue (Level IV) — based on data level and volume, together with requirements for warning issuance, response, and escalation/de-escalation or cancellation. Appendix A provides illustrative monitoring examples for typical civil-aviation business scenarios (passenger ticketing, security screening, baggage check-in, check-in, air traffic management, and safety supervision).