Standard Briefing:Stadard ID: GB/T 45392-2025
Stadard Title: Data security technology - Security requirements for automated decision making based on personal information
Price (USD): 359
Lead day (Deliver True-PDF English version): 4 days [Need to translate]
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 45392-2025 | English | 359 |
Add to Cart
|
4 days [Need to translate]
|
Data security technology - Security requirements for automated decision making based on personal information
| Valid |
GB/T 45392-2025
|
PDF Samples:
Basic Data: | Standard ID | GB/T 45392-2025 (GB/T45392-2025) | | Description (Translated English) | Data security technology - Security requirements for automated decision making based on personal information | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.030 | | Word Count Estimation | 18,111 | | Date of Issue | 2025-03-28 | | Date of Implementation | 10/1/2025 | | Issuing agency(ies) | State Administration for Market Regulation, National Standardization Administration | Contents, Scope, and Excerpt:GB/T 45392-2025.Data security technology Security requirements for automated decision-making based on personal information
ICS 35.030
CCSL80
National Standard of the People's Republic of China
Data security technology based on the automation of personal information
Decision security requirements
Released on 2025-03-28
2025-10-01 Implementation
State Administration for Market Regulation
The National Standardization Administration issued
Table of contents
Preface III
1 Range 1
2 Normative references 1
3 Terms and Definitions 1
4 Overview 2
4.1 Automated decision-making process 2
4.2 Computer programs and algorithms used for automated decision-making 3
4.3 Scope of information processed through automated decision making 3
4.4 Security risks of automated decision making 3
5 Safety Principles 4
6 General safety requirements 4
7 Algorithm security requirements 4
7.1 Algorithm Impact Assessment 4
7.2 Algorithm Security Technical Requirements 5
7.3 Algorithm security and reliability requirements 5
7.4 Algorithm Security Human Intervention Requirements 5
7.5 Training and testing data requirements to ensure algorithm security 5
7.6 Technical documentation requirements for algorithm development 6
7.7 Algorithm safe operation requirements 6
7.8 Other requirements 7
8 Feature Generation Safety Requirements 7
8.1 Requirements for processing personal information generated by features 7
8.2 Computational safety requirements for feature generation 8
9 Decision-making security requirements 8
9.1 Basic Requirements 8
9.2 Informative requirements before decision making 8
9.3 Requirements for protecting individual rights in decision-making 9
10 Special security requirements for typical scenarios of automated decision-making 9
10.1 Educational or professional opportunities 9
10.2 Credit or Insurance Assessment 9
10.3 Public governance areas such as social welfare qualifications 9
10.4 Labor relations field10
10.5 Security requirements for automated decision-making for special groups10
10.6 Information push, commercial marketing 10
10.7 Commercial Transactions11
Reference 12
Preface
This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents"
Drafting.
Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents.
This document was proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260).
This document was drafted by. Beijing Institute of Technology, China Academy of Information and Communications Technology, China Electronics Technology Standardization Institute, China Cyberspace Security Research Institute
Review Technology and Certification Center, Beijing Douyin Information Service Co., Ltd., Beijing Baidu Netcom Technology Co., Ltd., Beijing Shangyin Technology Co., Ltd.
Beijing Sankuai Online Technology Co., Ltd., Beike Real Estate (Beijing) Technology Co., Ltd., Shanghai Meishida Business Consulting Co., Ltd., Shanghai Shan
Yong Law Firm, Beijing Jingtian & Gongcheng Law Firm, Beijing Xiaoju Technology Co., Ltd., Beijing Hanhua Feitian Xinan Technology Co., Ltd.,
Ctrip Information Technology (Shanghai) Co., Ltd., Ant Technology Group Co., Ltd., Alibaba (Beijing) Software Services Co., Ltd.,
Beijing Kuaishou Technology Co., Ltd., Beijing Jingdong Shangke Information Technology Co., Ltd., Beijing Weimeng Chuangke Network Technology Co., Ltd., Beijing Tengyun
Tianxia Technology Co., Ltd., Beijing Zhonglun Law Firm, Beijing Foreign Studies University, China University of Political Science and Law, Beijing University of Posts and Telecommunications, Yuncong
Technology Group Co., Ltd., Honor Device Co., Ltd., Beijing DeepQuest AI Basic Technology Research Co., Ltd., OPPO
Guangdong Mobile Communications Co., Ltd.
The main drafters of this document are. Hong Yanqing, Tian Shen, Ge Xin, Wu Mengyi, Zhu Manli, Wang Jinsong, Zhang Chao, Zhao Ranran, Liu Xiaocen, Xue Jing,
Xu Quanquan, Wan Fang, Zhang Linghan, Wang Ding, Peng Gen, Fan Hua, Wang Lei, Chen Tian, He Yanzhe, Liu Ying, Ge Mengying, Wang Jingzhou, Luo Hongwei, Sun Tie, Xu Rui,
Zhang Na, Li Weijing, Liu Rong, Gu Wei, Guo Jianling, Zhou Yang, Wu Jiawei, Hu Naying, Ding Xiaoqiang, Hu Liping, Fu Yanyan, Bai Xiaoyuan, Shi Yuzhen,
Zhao Xiaona, Li Jun, Peng Juntao, Wu Shaoqing, Huang Rong, Fan Ye, Liang Tianxiang.
Data security technology based on the automation of personal information
Decision security requirements
1 Scope
This document proposes basic security principles for automated decision-making based on personal information, and stipulates general security requirements, algorithm security requirements,
Feature generation safety requirements, decision-making safety requirements, and special safety requirements for typical scenarios of automated decision-making.
This document applies to personal information processors that conduct automated decision-making to regulate their algorithm development, feature generation and decision-making activities.
Regulatory authorities and third-party assessment agencies supervise, manage and evaluate automated decision-making.
2 Normative references
The contents of the following documents constitute essential clauses of this document through normative references in this document.
For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to
This document.
GB/T 35273 Information security technology Personal information security specification
GB/T 41391 Information security technology Basic requirements for mobile Internet applications (Apps) to collect personal information
GB/T 41479 Information security technology - Security requirements for network data processing
GB/T 42888-2023 Information security technology machine learning algorithm security assessment specification
3 Terms and definitions
The terms and definitions defined in GB/T 35273 and the following apply to this document.
3.1
The computer program automatically analyzes and evaluates a person's behavior, hobbies, or economic, health, and credit status, and
Decision-making activities.
Note. Automated decision making can be further decomposed into two processes. feature generation and decision making.
3.2
After the personal information is automatically processed by a computer program, it is automatically generated by a computer program about the preferences, occupation,
Information about your financial, health, education, and credit status.
Note. Personal characteristic information does not include personal biometric information.
3.3
Personal information is automatically processed through computer programs, and personal features are extracted, selected, calculated and output.
The process of obtaining the input information needed to make individual decisions.
Note. Abbreviated as “feature generation”.
3.4
decision making
The computer program generates personal characteristic information as input, which can affect the individual's own state, the physical environment in which he lives, and the
......
|