The Ministry of Industry and Information Technology recently issued the Administrative Measures for Data Security in the Field of Industry and Information Technology (for Trial Implementation), which contains eight chapters and forty-two articles. The main contents include defining the concept of data and data processors in the field of industry and information technology, and clarifying the scope and responsibilities of supervision, determining relevant requirements for data classification and classification management, important data identification and filing. For different levels of data, seven aspects including corresponding security management and protection requirements are put forward around the links of data collection, storage, processing, transmission, provision, disclosure, destruction, exit, transfer, and entrusted processing, and will be implemented as of January 1, 2023.

The management measures specify that the data in the field of industry and information include industrial data, telecommunication data and radio data. Industrial data refers to the data generated and collected in the process of R&D and design, production and manufacturing, management and administration, operation and maintenance, platform operation in various industries and fields of industry. Telecommunication data refers to the data generated and collected in the operation of telecommunication business. Radio data refers to radio frequency and other radio wave parameter data generated and collected in radio business activities.

The relevant person in charge of the Ministry of Industry and Information Technology said that the management measures focused on solving the problem of "who will manage, what will be managed, and how to manage" data security in the field of industry and information technology, and established a two-level supervision mechanism of "the Ministry of Industry and Information Technology and local industry supervision departments", taking the hierarchical protection of data as the general principle, requiring that general data should be strengthened the security management of the whole life cycle, important data should be protected on the basis of general data protection, and core data should be protected more strictly on the basis of important data protection.

At the same time, the Ministry of Industry and Information Technology will establish a data security risk monitoring mechanism, organize the development of data security monitoring and early warning interfaces and standards, coordinate the construction of data security monitoring and early warning technical means, form monitoring, early warning, disposal, traceability and other capabilities, and strengthen information sharing with relevant departments.