All Products
Search
Document Center

Data Security Center:Mapping between data classification and categorization templates and new national standards

Last Updated:Mar 31, 2026

Data Security Center (DSC) includes a built-in template that maps its data classification and categorization system to the Chinese national standard GB/T 43697-2024 (*Data Security Technology - Rules for Data Classification and Categorization*). This template is enabled by default and helps enterprises meet compliance requirements across their data processing workflows.

Categorization

DSC uses four sensitivity levels (S1–S4) that correspond to the four data levels defined in GB/T 43697-2024.

DSC levelDSC descriptionRegulation levelRegulation description
S1Non-sensitive data. Public disclosure generally causes no harm. Examples: provinces, cities, product names.Level 1 dataA breach, tampering, destruction, or illegal access, use, or sharing does not harm individual or organizational rights and interests.
S2General sensitive data. Not suitable for public disclosure. A breach causes low harm. Examples: names, addresses.Level 2 dataA breach, tampering, destruction, or illegal access, use, or sharing causes general harm to individual or organizational rights and interests.
S3Critical sensitive data. Highly sensitive. A small leak can cause serious harm. Examples: ID certificates, account passwords.Level 3 dataA breach, tampering, destruction, or illegal access, use, or sharing causes serious harm to individual or organizational rights and interests.
S4Core confidential data. Must not be leaked under any circumstances. Examples: genes, fingerprints, irises.Level 4 dataA breach, tampering, destruction, or illegal access, use, or sharing causes particularly serious harm to individual or organizational rights and interests, and may also cause general harm to economic operations, social order, or public interests.

For the full regulation level definitions, see Appendix H General Data Categorization Reference in *Data Security Technology - Rules for Data Classification and Categorization* (GB/T 43697-2024).

Classification

DSC classifies data based on GB/T 43697-2024 by grouping data child classes with similar subjects and subdividing them based on their described objects.

DSC classificationRegulation classification
Personal informationUser data
Company informationBusiness management data
Technical managementSystem O&M data
Business dataBusiness data
Marketing serviceBusiness data
Comprehensive managementBusiness management data

For the full regulation classification definitions, see Table A.1 Reference Examples For Object-based Data Classification in Appendix A of *Data Security Technology - Rules for Data Classification and Categorization* (GB/T 43697-2024).

Classification and feature examples

The following table maps DSC level 1 categories and level 2 child classes to their corresponding standard categories. The regulation reference column links to the applicable appendix in GB/T 43697-2024.

DSC level 1 categoryDSC level 2 child classStandard level 1 categoryStandard level 2 categoryRegulation referenceCategorization example
Personal informationPersonal financial informationPersonal financial informationPersonal financial informationTable B.1 Reference Examples For Personal Information Classification (Appendix B, GB/T 43697-2024)

Personal financial information
Personal informationPersonal health and physiological informationPersonal health and physiological informationMedical and health informationTable B.1 Reference Examples For Personal Information Classification (Appendix B, GB/T 43697-2024)

Personal health and physiological information