China issues guidelines on financial services data amid cybersecurity push

China’s top internet regulator just laid down new rules for how financial companies must sort, label, and protect data. The guidelines, issued on June 13 by the Cyberspace Administration of China (CAC), represent the latest brick in Beijing’s growing wall of cybersecurity regulations.

The framework focuses on grading and classification of data within the financial services sector. Every financial entity operating in China now has clearer marching orders on what counts as sensitive data, what counts as really sensitive data, and what they’re supposed to do about each category.

What the guidelines actually require

The new rules zero in on how financial institutions categorize information, with particular emphasis on identifying what regulators call “important data.” That term carries legal weight in China’s regulatory ecosystem, triggering specific compliance obligations around storage, processing, and especially cross-border transfers.

Financial information service providers, including platforms that deliver market data and analysis, fall squarely within the scope.