Guidelines  ·  2026-07-03

China TC260 — Draft Amendment to National Personal Information Security Specification Targeting AI and Deep Synthesis Technologies

GuidelinesHigh impactChina
On 17 June 2026, China's National Information Security Standardisation Technical Committee (TC260) released a proposed draft amendment to the national personal information standard — 'Information Security Technology: Personal Information Security Specification' (GB/T 35273, current version 2020). Key changes include: (1) expanded definitions of sensitive personal information with new AI-specific categories; (2) explicit consent requirements for 'deep synthesis' technologies (AI-generated synthetic media); (3) strengthened compliance expectations for AI systems processing personal data; and (4) provisions addressing legislative privacy conflicts in international data operations. The public consultation period closes 16 August 2026.
China's GB/T 35273 is the de-facto operational companion to the Personal Information Protection Law (PIPL) and is widely used by Chinese regulators as a compliance benchmark. Adding AI and deep-synthesis-specific requirements directly into the national standard — rather than a separate vertical regulation — means AI developers operating in or exporting to China must retrofit consent and data-handling architectures. The deep-synthesis consent provisions also signal alignment with China's existing Deep Synthesis Provisions (2022), hardening them into the foundational data standard.
Submit comments by 16 August 2026. Legal/compliance teams: assess current AI data-processing and deep-synthesis consent flows against the proposed expanded sensitive-data categories. Map gaps for remediation ahead of final adoption.
Sources
IAPP — Notes from the Asia-Pacific region: China's proposed privacy standard update targets AI, sensitive data (2 Jul 2026)TC260 Consultation Page
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →