Issuance of the Guidelines on Classification and Grading of Financial Information Service Data

Recently, the Cyberspace Administration of China, the People's Bank of China, the China Banking and Insurance Regulatory Commission, the China Securities Regulatory Commission, the National Bureau of Statistics, and the State Administration of Foreign Exchange jointly issued the "Guidelines for Classification and Grading of Financial Information Services Data." The "Guidelines" are in line with the "Regulations on the Management of Financial Information Services" and apply to financial information service providers engaged in data classification, grading, and identification of important data within the territory of the People's Republic of China. The "Guidelines" do not apply to data involving state secrets and military data. In terms of data classification, the "Guidelines" classify financial information service data based on business attributes, with three primary categories: business data, user data, and enterprise data. These categories further divide into nine secondary categories and 67 tertiary categories. In terms of grading, the "Guidelines" refer to the national standard GB/T 43697-2024 "Data security technology - Data Classification and Grading Rules," dividing data into four levels from high to low based on the importance and sensitivity of financial information service data in economic and social development, as well as the level of harm to national security, economic operation, social order, public interest, organizational rights, and individual rights in case of leakage, tampering, destruction, illegal access, illegal use, and illegal sharing. The four levels are core data, important data, sensitive general data, and routine general data.