Notice on Strengthening Data Asset Management in Administrative and Public Institutions

Financial Assets [2024] No. 1

Relevant departments of the Party Central Committee, all ministries and commissions of the State Council and their directly affiliated institutions, the General Office of the Standing Committee of the National People's Congress, the General Office of the National Committee of the Chinese People's Political Consultative Conference, the Supreme People's Court, the Supreme People's Procuratorate, the central committees of various democratic parties, relevant people’s organizations, the finance departments (bureaus) of all provinces, autonomous regions, municipalities directly under the central government, and cities under separate planning, the Finance Bureau of the Xinjiang Production and Construction Corps, and centrally-administered enterprises concerned:

To implement the "Opinions of the CPC Central Committee and the State Council on Establishing a Data Fundamental System and Better Leveraging the Role of Data Elements," strengthen data asset management in administrative and public institutions, fully harness the value of data assets, ensure data asset security, and better support and safeguard the performance of institutional duties and the development of their undertakings, in accordance with the "Regulations on the Management of State-owned Assets in Administrative and Public Institutions" (Decree No. 738 of the State Council) and the "Notice of the Ministry of Finance on Issuing the 'Guiding Opinions on Strengthening Data Asset Management'" (Cai Zi [2023] No. 141), we hereby issue the following notice on strengthening the management of data assets in administrative and public institutions:

I. Clarify management responsibilities and improve the management system.

(1) Clarify responsibilities. Data assets of administrative and public institutions refer to data resources held or controlled by administrative and public institutions at all levels in the course of performing their duties in accordance with the law or providing public services, which are expected to generate management service potential or yield economic benefits. Local financial authorities should, based on local conditions, gradually establish and improve systems and mechanisms for managing data assets, and take charge of their implementation, supervision, and inspection. All departments must earnestly strengthen their own data asset management efforts and provide guidance and oversight over the data asset management work of their subordinate units. Each department’s subordinate units are responsible for the specific management of their own data assets.

(2) Improve and refine the institutional framework. All departments should, based on their operational needs and actual conditions, establish and improve management measures for data assets in administrative and public institutions. They should elaborate on management requirements and clarify operational procedures for key management areas such as data asset rights confirmation, allocation, use, disposal, revenue generation, security, and confidentiality, ensuring that management is standardized, processes are clear, and responsibilities are traceable. Where personal information is involved, processing must be carried out in accordance with the authorities and procedures stipulated by relevant laws and regulations.

II. Standardize management practices and unlock asset value.

(3) Strict allocation procedures shall be implemented. Administrative and public institutions shall primarily allocate data assets through self-collection, production and processing, and acquisition. Strengthen management at the source of data assets: in the course of performing duties in accordance with the law or providing public services, institutions shall independently collect, produce, and process data to form assets in compliance with prescribed scopes, methods, technical standards, and other relevant requirements. For data assets acquired through purchase, institutions shall, based on the needs of fulfilling their legal duties and advancing their institutional development, adhere to the principle of practicing frugality, make scientific allocations in accordance with budgetary management regulations, and comply with applicable government procurement regulations where government procurement is involved.

(4) Standardized Use. In accordance with the "Data Security Law of the People's Republic of China" and other relevant regulations, properly carry out the processing and handling of data assets to enhance their quality and management level. Standardize the authorization of data assets: After undergoing a security assessment and obtaining approval in accordance with asset management authority, the rights to process and use data, as well as the rights to operate data products, may be authorized to operating entities for implementation. Operating entities shall establish a secure and trustworthy operational environment, operate within the scope of authorization, and assume responsibility for the security and compliance of the data. All departments and their affiliated units, when authorizing external parties to use data assets on a paid basis, must strictly follow the approved procedures based on their asset management authority and conduct assessments of related asset rights in accordance with national regulations. The use of data assets for guarantees or the creation of new implicit government debt is prohibited. It is strictly forbidden to exploit the guise of authorized paid use of data assets to artificially inflate fiscal revenue in disguised forms.

(5) Openness and Sharing. Actively promote the open sharing of data assets. On the premise of ensuring public safety and protecting personal privacy, strengthen the aggregation, sharing, and development and opening up of data assets, and fully harness the value of data asset utilization. Increase the supply and use of data assets, and encourage the conditional, free-of-charge use of data assets for public governance and public welfare initiatives. Explore the possibility of conditionally charging fees for the use of data assets in industrial and sectoral development. Data assets that are required by law and regulations to remain confidential shall not be opened to the public. For data assets that are opened and shared in the market, the scope of authorized use must be clearly defined, and authorization for use must be strictly enforced.

(6) Prudent Disposal. All departments and their affiliated units shall, based on the requirements of performing duties in accordance with the law, the needs of institutional development, and the status of data asset utilization, promptly dispose of data assets following collective decision-making and approval procedures, and in accordance with relevant documents such as disposal approval letters. If it is indeed necessary to completely delete or destroy data assets, they shall be thoroughly destroyed using professional technical means in compliance with confidentiality regulations, ensuring that the data cannot be recovered.

(7) Strict Revenue Management. Establish a sound mechanism for the distribution of revenues generated from data assets, and safeguard data asset rights and interests in strict accordance with laws and regulations. Revenues derived from the use of data assets by administrative institutions shall be managed in compliance with relevant provisions governing non-tax government revenues and the centralized collection system for state treasury funds. Revenues generated from the use of data assets by public institutions shall be governed by specific management measures prescribed by the financial authorities at the same level. Except as otherwise provided by the state, revenues from the disposal of data assets held by administrative and public institutions shall be managed in compliance with relevant provisions governing non-tax government revenues and the centralized collection system for state treasury funds. No administrative or public institution or individual may, in violation of state regulations, overcharge, undercharge, fail to collect, underpay, fail to pay, misappropriate, privately divide, intercept, occupy, divert, conceal, or embezzle revenues related to data assets.

(8) Strengthen the foundational work. All departments and their affiliated units shall, in conjunction with the data resource catalog, conduct a comprehensive inventory and verification of data assets. In accordance with national standards such as “Classification and Codes for Fixed Assets and Other Assets” (GB/T 14885-2022), they should enhance the registration of data assets and establish and refine asset information cards within the integrated budget management system.

III. Strictly control risks and ensure data security.

(9) Uphold security. All departments and their affiliated units shall earnestly implement the Overall National Security Concept, strictly comply with legal and regulatory provisions such as the Cybersecurity Law of the People’s Republic of China, the Data Security Law of the People’s Republic of China, and the Personal Information Protection Law of the People’s Republic of China, and put into practice the cybersecurity classification and protection system. They should establish data asset security management systems, as well as monitoring and early-warning mechanisms and emergency response protocols. They should also promote classified and tiered management of data assets, integrate security throughout the entire lifecycle of data assets, effectively prevent and mitigate various data asset security risks, and firmly establish a robust defense line for data asset security. All departments and their affiliated units shall, in accordance with regulations, conduct national data security risk assessments.

(10) Strengthen supervision. All departments and their affiliated units shall enhance oversight of data assets, adhering to a combination of ex-ante, in-process, and post-event supervision, as well as integrating routine supervision with special inspections, thereby establishing a multi-dimensional supervisory network. They shall proactively accept various forms of oversight—including oversight by the People’s Congress, audit oversight, and financial and accounting oversight—to ensure the security and integrity of data assets.

(11) Timely Reporting. All departments and their affiliated units shall gradually incorporate the status of data asset management into their reports on the management of state-owned assets used for administrative and public service purposes.

As an emerging asset type in the digital transformation of the economy and society, data assets are crucial strategic resources for the nation. All departments and their affiliated units must, in accordance with relevant national regulations and the requirements of this notice, earnestly strengthen the management of data assets in administrative and public institutions, explore data asset management models tailored to local conditions, fully realize the value of data as a key production factor, and better leverage the supporting role of data assets in driving the development of the digital economy.

Ministry of Finance, February 5, 2024