标准化视野下数据安全规范体系发展的困境与突破

摘要：

【目的】数据安全规范体系包含法律规范和技术标准两部分内容，以技术标准为核心，二者共同规制整个数据生命周期全链条活动。随着标准化工作的推进与数据安全保障的强化，有必要进一步推动该体系规范功能的发挥。【方法】通过梳理现有数据安全规范体系的主要构成，剖析存在的发展困境。【结果】一方面，在我国数据安全法律规范发展迅速的背景下，标准体系的建设相对滞后，存在标准体系的整合与协调难度较大、应对新兴技术挑战的更新速度有限、标准的落地实施和监督机制有待加强等问题；另一方面，数据安全法律引用标准的情况仍然较为保守，尚未形成直接引用与普遍性引用相结合的完整格局。【结论】在标准化视野下完善数据安全规范体系，既要加快建立健全数据安全标准体系，又要推动数据安全法律对现有标准的直接引用，构建更为紧密的联系与互动。

Abstract:

[Objective] The data security regulatory system comprises both legal norms and technical standards, with the latter serving as the core component. Together, they govern activities across the entire data lifecycle. As standardization efforts advance and data security safeguards intensify, there is a growing need to enhance the regulatory effectiveness of this system. [Methods] By examining the structure of the existing data security regulatory framework, it analyzes the challenges it faces. [Results] It is found that: On one hand, despite the rapid development of data security laws in China, the corresponding standards system lags behind, facing issues such as difficulties in integration and coordination, limited capacity to keep pace with emerging technologies, and insufficient implementation and supervision mechanisms. On the other hand, the referencing of standards within data security legislation remains relatively conservative, lacking a comprehensive framework that combines both direct and widespread adoption of standards. [Conclusion] To improve the data security regulatory system from a standardization perspective, it is essential not only to accelerate the establishment of a robust data security standards system but also to promote the direct incorporation of existing standards into data security laws, thereby fostering stronger linkages and interaction between legal and technical norms.

引用格式：许林波，柳经纬.标准化视野下数据安全规范体系发展的困境与突破[J].标准科学，2025(11):6-15.

基金项目：本文受2021年度国家社会科学基金重大项目“基于法治、国家治理和全球治理的技术法规研究”（项目编号：218ZD192）资助。

作者简介：许林波，法学博士，讲师，硕士生导师，研究方向为标准化法、诉讼法。柳经纬，教授，博士生导师，研究方向为标准化法、民商法。