The Cyberspace Administration of China, along with two other departments, jointly announce the "Methods for Assessing Internet Data Security Risks". Important data must be assessed annually.

According to the "Network Data Security Risk Assessment Measures" jointly issued by the Cyberspace Administration of China, the Ministry of Industry and Information Technology, and the Ministry of Public Security on June 18, the measures will be implemented starting from August 20, 2026. The measures stipulate that network data processors handling important data should conduct risk assessments annually, and in case of major changes in the security status of important data that may have adverse effects on data security, timely risk assessments should be carried out on the changed aspects and their impacts. In addition, the measures encourage network data processors handling general data to conduct risk assessments at least once every 3 years. Under the guidance of the national data security work coordination mechanism, the Cyberspace Administration of China, together with relevant departments such as the State Council's telecommunications and public security departments, will establish a special mechanism for assessing network data security risks, guiding and supervising the risk assessment work. The annual risk assessment inspection plan should be submitted to the Cyberspace Administration of China by the end of January each year. At the same time, no network data processor shall be repeatedly required to commission an assessment agency to conduct risk assessments for the same network data security incident or risk.