China has released new guidelines for financial services data, further building on its growing cybersecurity and data governance rules as the country creates more detailed regulations for sensitive industries.
China’s cybersecurity administrators moved on Saturday to tighten the grading and classification of data in the financial information services sector, with the stated goal of strengthening data security management and regulating industry development.
Four Levels for Financial Services Data
The key change is a formal classification system for financial information services data.
Reuters reported that the Cyberspace Administration of China said data would be divided into four levels: core, important, sensitive general, and routine general.
The classification will be based on several risk factors.
The Economic Times, said the four-level system will consider the importance of the data, its sensitivity, and the potential harm that could result from leaks.
This structure suggests that financial data will not be treated as one broad category. Instead, regulators appear to be pushing financial information service providers to identify which data carries higher risk and which data can be managed under less restrictive classifications.
CAC Leads the Move With Other Departments
The guidelines were not issued by one agency alone. The move was announced jointly by the Cyberspace Administration of China and six other departments, including the People’s Bank of China.
This is important because it shows the guidelines connect cybersecurity policy with financial regulation. The People’s Bank of China’s involvement means the rules cover both digital security and how financial information is managed in a tightly regulated industry.
Financial services handle large amounts of personal, transactional, institutional, and market data. If this information is leaked or misused, it could harm consumers, companies, and financial stability. That is why regulators are focusing on classifying and managing data by risk.
Sector-Specific Rules Follow Broader Data Laws
China’s latest move also fits a longer regulatory pattern. China has strengthened its data security framework in recent years, moving from top-level legislation to more detailed, sector-specific rules.
This change is important because broad data laws set general rules, but sector-specific rules show industries how to follow them in real situations. For finance, this could mean clearer guidance on how to identify, rank, store, protect, and monitor data based on how sensitive it is.
The guidelines themselves point to the reason for the change. The guidelines said that financial information services are developing in an orderly manner while the volume of data is expanding, creating an urgent need for standardized, classified, and graded management.
State Secrets and Military Data Are Excluded
The new rules also set limits on their own coverage. The guidelines do not apply to data involving state secrets or military information.
This exclusion means those types of data are still managed by different, probably stricter, legal or administrative rules. The financial services guidelines focus on industry data, not on national security information already covered by other laws.
Why the Guidelines Matter
The new guidelines show that China is making its cybersecurity rules more detailed. Regulators are moving beyond broad principles and creating specific systems for industries with higher data risks.
For financial information service providers, the main point is that classifying data is now a compliance requirement. Companies need to know what data they have, how sensitive it is, what harm a leak could cause, and what protection regulators expect.
China’s four-level financial data system might seem technical, but it could have a big impact. It shows a wider trend where cybersecurity, finance, and data governance are being treated as connected parts of the same policy plan.
