---
title_en: "Data Security Technology — Guide to Social Responsibility for Data Security and Personal Information Protection (GB/T 46071-2025)"
title_zh: "数据安全技术 数据安全和个人信息保护社会责任指南 (GB/T 46071-2025)"
abbreviation: "GB/T 46071"
hierarchy: "standard"
issuing_body: "Standardization Administration of China; National Information Security Standardization Technical Committee (TC260)"
status: "effective"
related_laws: ["dsl"]
domains: ["data-security"]
url: https://datacompliancechina.com/laws/gbt-46071-data-protection-social-responsibility/
summary: "GB/T 46071-2025 is a recommended national standard offering guidance on social responsibility in data security and personal information protection. It frames data security and PI protection as elements of organizational social responsibility, providing principles and guidance for organizations to take responsibility toward data subjects, society and the public — covering governance, transparency, stakeholder engagement and accountability. It is a 2025 'Data Security Technology' series standard that complements the binding duties of the DSL and PIPL with a responsibility-and-governance framing."
---

> **Source: Data Compliance China** — https://datacompliancechina.com/laws/gbt-46071-data-protection-social-responsibility/ · English rendering and annotations by DCC; the Chinese original governs. Cite as: Data Compliance China, "Data Security Technology — Guide to Social Responsibility for Data Security and Personal Information Protection (GB/T 46071-2025)", https://datacompliancechina.com/laws/gbt-46071-data-protection-social-responsibility/
> *DCC summary, not a translation.* GB/T 46071-2025 is a copyrighted national standard. The structured summary below is DCC's own paraphrase grounded in the standard's title and number; specific clauses should be checked against the published text.

## Scope

GB/T 46071-2025 provides **guidance on social responsibility relating to data security and personal information protection** — that is, how organizations should understand and discharge their responsibilities toward data subjects, society and the public when handling data and personal information. It applies to organizations seeking to build data-security and personal-information protection into their social-responsibility and governance practices, and is a reference for stakeholders evaluating such practices.

It is a **recommended** standard in the "Data Security Technology" (数据安全技术) series, and is advisory/governance-oriented rather than a set of technical control requirements.

## Key contents

At a structural level the standard is expected to cover:

- **Principles of social responsibility** for data security and personal-information protection — accountability, transparency, ethical and lawful conduct, respect for data-subject rights and the public interest.
- **Responsibility toward stakeholders** — data subjects, partners, regulators and the broader public.
- **Governance and management** — embedding data-security and PI-protection responsibility into organizational governance, culture, and decision-making.
- **Transparency and disclosure** — communicating data practices and accepting accountability.
- **Continuous improvement** — review, stakeholder engagement and ongoing enhancement of responsible data practices.

> *Editor: verify specific clauses against the published standard.*

## How it fits the regime

GB/T 46071 sits alongside the binding obligations of the **DSL** and **PIPL** and reframes them through a social-responsibility lens. Where most standards in the series specify *controls*, this one provides a *governance and responsibility* framework — encouraging organizations to treat data security and personal-information protection not merely as compliance obligations but as commitments to data subjects and society.

It complements PIPL's accountability and reporting expectations (including the large-platform reporting duty of Article 58) and the DSL's data-security management duties, and aligns conceptually with the platform and audit standards. For overseas compliance teams, it is a useful reference for ESG/responsibility reporting and for demonstrating a mature, accountable data-governance posture in China, though it does not create technical control requirements of its own.
