【TC260】China Releases 18 National Cybersecurity Standards Effective Dec 2026

,

China’s National Information Security Standardization Technical Committee (TC260) has announced the approval of 18 national cybersecurity standards, set to take effect on December 1, 2026. This update reflects China’s strengthening framework, which will substantially impact the security design of digital products, embedded devices, and cloud services entering the market.

💡 Key Covered Domains of the New Standards

The newly approved 18 national standards build up a comprehensive framework, covering critical cybersecurity technical and management fields, including:

  • Core Technology & Cryptography: Cryptographic technology and randomness testing, Quantum Key Distribution (QKD) technology.
  • System & Hardware Security: Embedded operating system security, Network storage security.
  • Identity & Access Control: Identification and access control, Application access requirements for national cyber identity authentication public services.
  • Management & Incident Response: Information Security Management System (ISMS), Security incident investigation.
  • Government & Cloud Applications: Security configuration baseline requirements for government cloud.

🔍 Key Standard Insights: Profound Impacts on Product & System Security

Although these standards are not directly positioned as mandatory product certification requirements at this stage, as national recommended or technical guidelines, they establish the baseline for future compliant product designs. In particular, the following standards are highly relevant to digital product security, embedded devices, and system integration:

  • Cybersecurity Technology—Security Technical Specification for Embedded Operating System: This will directly impact the underlying security architecture of embedded devices such as smart home appliances, Internet of Vehicles (IoV), and industrial control systems.
  • Cybersecurity Technology—Security Technical Requirements for Network Storage: This regulates the security defense mechanisms of network storage hardware during data transmission and static storage.
  • Cybersecurity Technology—Application Access Requirements for National Cyber Identity Authentication Public Service: This defines clear access specifications for applications that need to interface with China’s national-level identity authentication systems.
  • Cybersecurity Technology—Attribute-based Access Control Model and Management Specification & Cybersecurity Technology—Security Configuration Baseline Requirements for Government Cloud: These will significantly raise the compliance threshold for enterprise-level access control and cloud service configurations.

As these standards take effect, they will substantially guide and shape the security design and product lifecycle management of digital products, embedded devices, cloud services, and information systems.

Source: TC260 Official Announcement

The evolution of cybersecurity regulations is a definitive global trend. Whether it is the 18 national standards released by China, the upcoming mandatory EU Cyber Resilience Act (CRA), EN 18031, industrial control security standard IEC 62443, or relevant cybersecurity mandates in the US and Taiwan, they all reinforce the core concept of “Security by Design”.


For further inquiries, please contact:
Email:Charles.liao@theonelab.co
Phone:(02)8601-2828

/by
You might also like
CRA 【EU Cyber】EU Cyber Resilience Act Article 14 Takes Effect in 2026
CRA 【EU Cyber】The EU Cyber Resilience Act’s New Enforcement Phase.
CRA 【EU Cyber】Mandatory EU CRA Reporting for Digital Products Starts September 11, 2026.