Skip to content
DCC · DATA COMPLIANCE CHINA China data law, for overseas counsel.
§ LAW · GB/T 46071

Data Security Technology — Guide to Social Responsibility for Data Security and Personal Information Protection (GB/T 46071-2025).

数据安全技术 数据安全和个人信息保护社会责任指南 (GB/T 46071-2025)

FILED UNDER · Data Security

DCC summary, not a translation. GB/T 46071-2025 is a copyrighted national standard. The structured summary below is DCC’s own paraphrase grounded in the standard’s title and number; specific clauses should be checked against the published text.

Scope

GB/T 46071-2025 provides guidance on social responsibility relating to data security and personal information protection — that is, how organizations should understand and discharge their responsibilities toward data subjects, society and the public when handling data and personal information. It applies to organizations seeking to build data-security and personal-information protection into their social-responsibility and governance practices, and is a reference for stakeholders evaluating such practices.

It is a recommended standard in the “Data Security Technology” (数据安全技术) series, and is advisory/governance-oriented rather than a set of technical control requirements.

Key contents

At a structural level the standard is expected to cover:

  • Principles of social responsibility for data security and personal-information protection — accountability, transparency, ethical and lawful conduct, respect for data-subject rights and the public interest.
  • Responsibility toward stakeholders — data subjects, partners, regulators and the broader public.
  • Governance and management — embedding data-security and PI-protection responsibility into organizational governance, culture, and decision-making.
  • Transparency and disclosure — communicating data practices and accepting accountability.
  • Continuous improvement — review, stakeholder engagement and ongoing enhancement of responsible data practices.

Editor: verify specific clauses against the published standard.

How it fits the regime

GB/T 46071 sits alongside the binding obligations of the DSL and PIPL and reframes them through a social-responsibility lens. Where most standards in the series specify controls, this one provides a governance and responsibility framework — encouraging organizations to treat data security and personal-information protection not merely as compliance obligations but as commitments to data subjects and society.

It complements PIPL’s accountability and reporting expectations (including the large-platform reporting duty of Article 58) and the DSL’s data-security management duties, and aligns conceptually with the platform and audit standards. For overseas compliance teams, it is a useful reference for ESG/responsibility reporting and for demonstrating a mature, accountable data-governance posture in China, though it does not create technical control requirements of its own.

§ RELATED LAWS

See also.

§ COMMENTARY

Briefs on this law.

No briefs filed yet under this law.

§ SUBSCRIBE

The Monday brief.

One short email every Monday. New briefs on Chinese data-compliance rules from the previous week, with the source law cited.

Opt-in only. Unsubscribe anytime by replying "unsubscribe" to any issue.

SUPPORT DCC

Keep the publication free to read. Suggested support is $19.99, or choose your own amount.

Support →