Industrial Internet & IoV · 工业互联网与车联网.
8 entries. The MIIT-led layer for industry and connected vehicles — the three-tier industrial-data classification, risk-assessment and incident-response rules, the automotive data-security and data-export regime, internet data centers, and live-streaming commerce — stacked on top of the general regime.
Departmental Rules .
部门规章 · CAC, MIIT, MPS and others
- § 01 · Industrial Data Security Measures
Administrative Measures for Data Security in the Field of Industry and Information Technology (Trial)
工业和信息化领域数据安全管理办法(试行)
These Measures are the principal sector-specific framework implementing the Data Security Law within the industry, telecommunications and radio-spectrum fields administered by MIIT. They establish a three-tier data classification (general / important / core data), filing of important- and core-data catalogues, full-lifecycle security obligations, cross-border transfer controls, monitoring and incident-response duties, and a testing/certification/assessment regime. Issued as MIIT Cyber Security [2022] No. 166 and effective January 1, 2023.
- § 02
Implementing Rules for Data Security Risk Assessment in the Field of Industry and Information Technology (Trial)
工业和信息化领域数据安全风险评估实施细则(试行)
These Implementing Rules operationalize the annual risk-assessment obligation imposed on processors of important data and core data by the MIIT Industrial Data Security Measures. They prescribe the assessment scope, the eight mandatory assessment focus areas, the once-a-year cadence and one-year validity of results, triggering events for re-assessment, requirements for in-house or third-party assessment teams, reporting timelines to local regulators, and the duties and capability-certification regime for third-party assessment institutions. Issued as MIIT Cyber Security [2024] No. 82 and effective June 1, 2024.
- § 03
Emergency Response Plan for Data Security Incidents in the Field of Industry and Information Technology (Trial)
工业和信息化领域数据安全事件应急预案(试行)
This Emergency Response Plan, issued as MIIT Cyber Security [2024] No. 214, establishes the incident-response framework for data security incidents in the industry, telecommunications and radio fields. It grades incidents into four levels (especially significant, significant, relatively significant, and general), sets out the organizational structure, monitoring and early-warning, reporting timelines, graded response measures and post-incident handling, and defines how MIIT and local industry regulators coordinate with data processors. The page below translates the issuing notice in full; the annexed plan text was distributed as a separate attachment and is summarized rather than reproduced article-by-article.
- § 04
Notice of the Ministry of Industry and Information Technology on Strengthening the Cybersecurity and Data Security of the Internet of Vehicles
工业和信息化部关于加强车联网网络安全和数据安全工作的通知
This Notice sets out MIIT's consolidated cybersecurity and data security requirements for the Internet of Vehicles (IoV) ecosystem, covering intelligent connected vehicle manufacturers, IoV service-platform operators and related parties. It addresses vehicle network security, vulnerability management, IoV network and communications security, monitoring and emergency response, MLPS grading and filing, platform security, OTA upgrade security, data classification and grading, data security technical safeguards, and cross-border data transfer. Issued as MIIT Cyber Security [2021] No. 134 and effective September 15, 2021.
- § 05 · Automotive Data Provisions
Several Provisions on Automotive Data Security Management (Trial)
汽车数据安全管理若干规定(试行)
These Provisions are the foundational rule governing the processing of automotive data — both personal information and important data arising in the design, production, sale, use and maintenance of vehicles. They define automotive data, personal/sensitive personal information and important data (including a list of important-data categories), set out processing principles (in-vehicle processing, default no-collection, precision-range applicability, anonymization), notice-and-consent requirements, important-data risk assessment and annual reporting, and domestic storage with security assessment for cross-border transfer. Jointly issued by the CAC, NDRC, MIIT, MPS and MOT as Order No. 7 and effective October 1, 2021.
- § 06
Administrative Measures for the Supervision of Live-Streaming E-Commerce
直播电商监督管理办法
These Measures establish the supervisory framework for live-streaming e-commerce in China, allocating obligations among platform operators, live-streaming-room operators, live-streaming marketing personnel and their service agencies. They impose real-identity verification and registration, periodic reporting of identity information to market-regulation authorities, graded and classified management, transaction-information retention of at least three years, prohibitions on false or misleading commercial publicity (including via AI), AI-generated-persona labeling, and consumer-rights and credit-supervision mechanisms. Jointly issued by the State Administration for Market Regulation and the Cyberspace Administration of China as Order No. 117 and effective February 1, 2026.
National Standards .
国家标准 · GB/T, TC260
- § 01
Guidelines for the Security of Automotive Data Export (2026 Edition)
汽车数据出境安全指引(2026版)
These Guidelines give automotive data processors a practical, scenario-based roadmap for lawfully exporting automotive data under the Data Security Law, PIPL and the Network Data Security Management Regulation. They define what counts as a data-export act, set out the quantitative thresholds that trigger a security assessment, standard contract or certification (and the exemptions), provide a detailed important-data determination catalogue across six business scenarios, describe the end-to-end export procedure, and impose management, technical-protection, logging and emergency-response requirements. The important-data determination tables are rendered below as structured prose by scenario rather than reproduced cell-by-cell.
- § 02
Implementing Guidelines for the Protection of Customer Data Security in Internet Data Centers
互联网数据中心客户数据安全保护实施指引
Issued as MIIT General Office Cyber Security [2025] No. 5, this instrument comprises a notice and an annexed implementing guideline directing Internet Data Center (IDC) operators to strengthen the security of customer data they host. It follows the principle of consistent rights and responsibilities, classified strategy, combined management-and-technology, and ensured security, and sets out general safeguard capabilities (responsibility boundaries, access/operation/destruction/isolation controls, incident response, and security-service provision) plus scenario-specific requirements for server-hosting and for data-storage-and-computing (including AI training-data and computing-power-scheduling security). Both the notice and the annexed guideline are translated in full below.