The State Internet Information Office and two other departments have issued the "Management Methods for Internet Security Labels".

Recently, the Cyberspace Administration of China and two other departments issued the "Network Security Label Management Measures." Among them, it is mentioned that if product producers forge, impersonate, or use network security labels for false advertising, the filing organization should revoke the network security label filing for the relevant products, publicly announce the producer's violations, and not accept their product filings for a year from the date of the announcement. The corresponding network security capabilities for network security labels range from basic level, enhanced level, to leading level, represented by one star, two stars, and three stars respectively. The basic level requires products to meet basic security requirements of relevant national standards, such as no weak passwords or default passwords, establishing a vulnerability management mechanism and dynamically fixing vulnerabilities, and keeping software updated. The enhanced level requires products to have advanced network security capabilities compared to similar products; the leading level requires products to have leading network security capabilities compared to similar products, and they should also undergo penetration testing methods to detect their ability to defend against high-level network attacks. The specific security requirements for each product's label level are determined in the implementation rules. These security requirements should be aligned with existing national and international standards, drawing on the experiences of other countries and regions that have implemented network security labeling systems. The original text is as follows: Notice on the Issuance of the "Network Security Label Management Measures" State Internet Information Office Document No. 2026-4 Provincial, autonomous region, and municipal cyberspace administrations, telecommunications management bureaus, public security bureaus, Xinjiang Production Construction Corps Cyberspace Administration and Public Security Bureau, relevant central and state organs, and other relevant units: The "Network Security Label Management Measures" are hereby issued to you for implementation. Cyberspace Administration of China Ministry of Industry and Information Technology Ministry of Public Security April 2, 2026 Network Security Label Management Measures Chapter I General Provisions Article 1: In order to enhance the network security capabilities of products, strengthen consumer rights protection, safeguard network security and public interests, and in accordance with the "Cybersecurity Law of the People's Republic of China" and other laws and regulations, these Measures are formulated. Article 2: The term "network security label" in these Measures refers to information labels that can reflect the network security capabilities of products. These Measures apply to products with Internet connectivity, with specific product implementation managed through a catalogue. Article 3: The management of network security labels adheres to the principles of overall development and security, with product producers participating on a voluntary basis. Product producers are encouraged to improve the network security capabilities of their products and label them with network security labels in accordance with these Measures. Consumers are encouraged to prioritize products labeled with network security labels. Article 4: The State Internet Information Office, the Ministry of Industry and Information Technology, and the Ministry of Public Security are responsible for the management of network security labels, issuing and publicizing the "Catalog of Products Implementing Network Security Labels" in batches, specifying the specific implementation rules for each category of products and the national standards or technical documents they are based on, organizing network security label promotional education, and entrusting the Chinese Electronics Technology Standardization Institute (referred to as the filing organization) to handle network security label filings, information release, and related work. Chapter II Label Implementation Article 5: The network security capabilities corresponding to network security labels range from basic level, enhanced level, to leading level, represented by one star, two stars, and three stars respectively. The basic level requires products to meet the basic security requirements of relevant national standards, such as having no weak or default passwords, establishing a vulnerability management mechanism and dynamically fixing vulnerabilities, and keeping software updated; the enhanced level requires products to have advanced network security capabilities compared to similar products; the leading level requires products to have leading network security capabilities... (Continues...)