China Tightens 4-Tier Financial Data Rules as Banks Face New AI and Cloud Checks
Updated
Updated · startupfortune.com · Jun 13
China Tightens 4-Tier Financial Data Rules as Banks Face New AI and Cloud Checks
3 articles · Updated · startupfortune.com · Jun 13
Summary
Six regulators led by the Cyberspace Administration of China and the central bank issued new guidelines that require financial data to be classified, stored, processed and protected under a four-tier system.
The rules extend China’s 2017-2021 cybersecurity and privacy laws into daily financial operations, treating bank records, payment flows and model inputs as regulated infrastructure rather than ordinary IT assets.
Banks, insurers, brokers, payment firms and their cloud and security vendors may need to map data, tighten access, rewrite contracts and keep more information in China to satisfy audit and localization demands.
AI projects are a key pressure point because firms using customer and market data for fraud, credit or risk models must now justify data sensitivity, access paths and transfer protections more explicitly.
Foreign financial groups and vendors serving China face shrinking gray areas, while domestic providers could gain if procurement decisions increasingly hinge on local compliance and cross-border data certainty.