Promulgated by: National Development and Reform Commission (NDRC) and National Data Administration (NDA).
Document No.: Fa Gai Shu Ju Gui [2025] No. 26 (发改数据规〔2025〕26号).
Issued January 8, 2025. Effective March 1, 2025. Five-year validity period.
DCC translation. No official English translation exists. Translated against DCC’s bilingual glossary for terminology consistency with PIPL, DSL, CSL, and related laws.
Chapter I General Provisions
Article 1. These Measures are enacted in accordance with the Cybersecurity Law of the People’s Republic of China, the Data Security Law of the People’s Republic of China, the Personal Information Protection Law of the People’s Republic of China, and other laws and regulations, and pursuant to the Opinions of the CPC Central Committee and the State Council on Building a Fundamental Data System to Better Leverage the Role of Data as a Factor of Production and the Opinions of the General Office of the CPC Central Committee and the General Office of the State Council on Accelerating the Development and Utilization of Public Data Resources, in order to promote the lawful, compliant, and efficient development and utilization of public data resources, build a nationally unified public data resource registration system, and standardize public data resource registration work.
Article 2. These Measures apply to the registration of public data resources and to the supervision and administration thereof carried out within the territory of the People’s Republic of China.
Article 3. For the purpose of these Measures, the following terms have the following meanings:
(I) “Public data resources” refers to data collections of utilization value that are generated by Party and government organs and public institutions at all levels in the course of performing their statutory duties or providing public services.
(II) “Registrants” refers to entities that directly hold or administer public data resources in accordance with their job duties, as well as legal-person organizations that develop and operate public data resources within the scope of authorization in accordance with the law.
(III) “Registration institutions” refers to public institutions established or designated by the national or local data administration authorities that provide public data resource registration services.
(IV) “Registration platform” refers to an information system that supports the full lifecycle service and administration of public data resource registration.
Article 4. Public data resource registration shall safeguard national security and the public interest, protect state secrets, trade secrets, personal privacy, and personal information rights and interests, and follow the principles of legality and compliance, openness and transparency, standardization, and security and efficiency.
Chapter II Registration Requirements
Article 5. Party and government organs and public institutions that directly hold or administer public data resources shall register public data resources that fall within the scope of authorized operation, and are encouraged to register public data resources that have not been included in the scope of authorized operation.
Legal-person organizations authorized to engage in operating activities are encouraged to register the data products and services formed through the processing of authorized public data resources. Public utility enterprises in sectors such as water supply, gas supply, heating, electricity, and public transportation are encouraged to register the public data resources they directly hold or administer, and the products and services formed therefrom.
Article 6. Registration institutions are responsible for implementing public data resource registration, executing the nationally unified registration administration requirements, and providing standardized and convenient registration services in accordance with administrative hierarchy and territorial principles.
Registration institutions shall establish a sound responsibility mechanism for data resource registration administration, perform their data security protection obligations, strengthen the application of data security protection technologies, and properly safeguard registration information.
For public data resource registration by central and state organs and their directly affiliated bodies, and by central enterprises, the National Data Administration shall designate its affiliated public institutions to handle the registration.
Article 7. After business review, registrants shall submit registration applications via the registration platform, provide registration materials truthfully and accurately, and bear responsibility for the truthfulness, completeness, legality, and validity of the registration materials. Where multiple parties are involved, they may submit a joint registration application or, after reaching consensus, have a single party submit the application.
Before applying for registration, registrants shall, on the premise of ensuring security, perform evidence preservation (存证) for public data resources, ensuring traceability of source and controllability of processing.
Chapter III Registration Procedure
Article 8. Public data resource registration shall be conducted through the procedures of application, acceptance, formal review, public announcement, and code issuance.
Article 9. Types of public data resource registration applications mainly include initial registration, change registration, correction registration, and deregistration.
(I) Initial registration. Registrants shall submit application materials in accordance with regulations, including registrant information, lawful and compliant sources of data, the situation of data resources, status of evidence preservation, information on products and services, application scenarios, and data security risk assessment. After conducting authorized operating activities and providing data resources or delivering data products and services, the registrant shall submit the initial registration application within 20 working days. For authorized operations conducted before the Measures take effect, registrants shall complete initial registration within 30 working days after the Measures take effect.
(II) Change registration. Where there are significant updates or major changes to the data source, the situation of data resources, the products and services, or the status of evidence preservation, or where there are major changes to registrant information, the registrant shall promptly apply to the registration institution for change registration.
(III) Correction registration. Where a registrant or interested party believes that information already registered contains errors, the party may apply for correction registration. Upon the registrant’s written consent, or upon evidence proving that the registration information is indeed erroneous, the registration institution shall correct the relevant erroneous information.
(IV) Deregistration. Under any of the following circumstances, the registrant shall apply for deregistration, and the registration institution shall complete deregistration within 10 working days from the date of acceptance:
- The public data resources cannot be restored or have been lost;
- The registrant relinquishes the relevant rights and interests, or the term of the rights has expired;
- The registrant has been terminated due to dissolution, lawful revocation, declared bankruptcy, or other reasons;
- Other circumstances stipulated by laws and regulations.
Article 10. The registration institution shall accept the application within 3 working days from the date of receipt. Where application materials are incomplete or non-conforming, the registration institution shall inform the registrant in one go of the supplements required; the acceptance date shall be calculated from the date the supplemented application is resubmitted. Where acceptance is denied, the reasons shall be promptly explained to the registrant.
Article 11. The registration institution shall conduct formal review of the content of the registration materials and complete the review within 20 working days from the date of acceptance. If review cannot be completed in time, the institution shall explain the reasons to the registrant.
Article 12. Upon completion of formal review, the registration institution shall publicly announce the relevant registration information to society via the registration platform; the announcement period is 10 working days. The content of registration announcement mainly includes the registrant’s name, type of registration, name of registered data, and a brief introduction of the data content.
Where there is an objection to the announced information during the announcement period, the relevant party shall raise the objection under their real name and provide necessary evidence; the registration institution shall review the objection. If the objection is sustained, the registration shall be terminated.
Article 13. Where no objection is raised within the announcement period, the registration institution shall issue a registration result inquiry code to the registrant in accordance with the unified coding specification formulated by the National Data Administration.
Chapter IV Registration Administration
Article 14. The National Data Administration shall strengthen the administration of public data resource registration, promote standardization of registration services, establish and improve the public data resource catalogue on the basis of registration information and the government data directory, and build the national public data resource registration platform — connected to provincial-level public data resource registration platforms — to promote interconnection of registration information. A nationally unified code shall be assigned to registration results across the country, supporting inquiry and sharing of registration information.
Provincial-level data administration authorities shall strengthen integrated construction, take overall responsibility for the use and administration of the public data resource registration platform within their jurisdiction, and strengthen data sharing, application services, and security safeguards.
Article 15. The validity period of registration results is, in principle, three years, calculated from the date of code issuance. For the registration of public data products and services within the scope of authorized operation, where the operation period under the authorization agreement does not exceed three years, the validity period of the registration result shall be the actual operation period.
Upon expiration of the registration result validity period, the registrant may apply for renewal within 60 days prior to expiration in accordance with regulations. Each renewal period shall be no longer than three years, calculated from the day following the expiration of the previous validity period. Where the renewal is not applied for within the prescribed period, the registration institution shall deregister.
Article 16. Registration institutions shall, in accordance with nationally unified registration requirements, optimize service processes and enhance the level of registration convenience services.
Article 17. The National Data Administration shall, on an overall basis, conduct the construction of the registration standards system and the registration work evaluation mechanism. Provincial-level data administration authorities shall, on an overall basis, conduct evaluation of the service level of registration institutions within their jurisdiction.
Chapter V Supervision and Administration
Article 18. National public data resource registration work shall be subject to graded supervision and administration. The National Data Administration is responsible for national public data resource registration work. Provincial-level data administration authorities are responsible for public data resource registration work within their jurisdiction on an overall basis. Data administration authorities at all levels shall, in conjunction with relevant departments, conduct cross-departmental coordinated supervision.
Article 19. Where a registration institution engages in any of the following acts during the registration process, the data administration authority shall take administrative measures, including a regulatory interview (约谈), on-site guidance, or revocation of the registration institution’s qualification:
(I) Conducting false registration; (II) Unauthorized tampering with or forgery of registration results; (III) Unauthorized disclosure of registration information or improper profit from registration information; (IV) Improper performance or refusal to perform duties; (V) Other violations of laws and regulations.
Article 20. Where a registrant engages in any of the following acts, the registration institution shall, after verification, revoke the registration:
(I) Concealment of facts, falsification, or provision of false registration materials; (II) Unauthorized tampering with or forgery of registration results; (III) Illegal use or improper profit from registration results; (IV) Other violations of laws and regulations.
Article 21. Where a registration institution or registrant engages in conduct that violates relevant laws, it shall bear corresponding liability in accordance with the law; where a crime is constituted, criminal liability shall be pursued in accordance with the law.
Chapter VI Supplementary Provisions
Article 22. The data administration authority of each province, autonomous region, and municipality directly under the central government may formulate implementation rules in accordance with these Measures.
Article 23. The National Data Administration is responsible for the interpretation of these Measures.
Article 24. These Measures shall come into force on March 1, 2025, with a validity period of 5 years, and shall be revised and adjusted in due course as the situation warrants.