What happened
On 17 June 2026, China's National Information Security Standardisation Technical Committee (TC260) released a proposed draft amendment to the national personal information standard — 'Information Security Technology: Personal Information Security Specification' (GB/T 35273, current version 2020). Key changes include: (1) expanded definitions of sensitive personal information with new AI-specific categories; (2) explicit consent requirements for 'deep synthesis' technologies (AI-generated synthetic media); (3) strengthened compliance expectations for AI systems processing personal data; and (4) provisions addressing legislative privacy conflicts in international data operations. The public consultation period closes 16 August 2026.
Why it matters
China's GB/T 35273 is the de-facto operational companion to the Personal Information Protection Law (PIPL) and is widely used by Chinese regulators as a compliance benchmark. Adding AI and deep-synthesis-specific requirements directly into the national standard — rather than a separate vertical regulation — means AI developers operating in or exporting to China must retrofit consent and data-handling architectures. The deep-synthesis consent provisions also signal alignment with China's existing Deep Synthesis Provisions (2022), hardening them into the foundational data standard.
Action needed
Submit comments by 16 August 2026. Legal/compliance teams: assess current AI data-processing and deep-synthesis consent flows against the proposed expanded sensitive-data categories. Map gaps for remediation ahead of final adoption.