On April 18, China’s National Information Security Standardization Technical Committee (NISSTC) released the Practical Guide to Cybersecurity Standard -- Implementation Guidelines for Risk Assessment of Network Data Security (Draft for Comment) (the "Draft"), which is open for public comments until May 2, 2023.

The Draft presents the idea, main contents, processes and methods of assessing risks to network data security, and proposes assessing security risks from the data security management, data processing activities, data security technology, and personal information protection. This standard can guide data processors in carrying out risk assessment on their own and provide reference for relevant competent regulatory authorities to organize data security inspections and assessments. The Draft further outlines five stages of the data security risk assessment process: assessment preparation, information research, risk assessment, comprehensive analysis, and assessment summary.

(Source: China’s National Information Security Standardization Technical Committee)