The Personal Information Security Specification, often called the PIS Specification, is a national standard that provides detailed guidance on how to handle personal information in China. It is not a law but acts as an important compliance reference.

It explains how to obtain consent, limit data collection, protect sensitive information, and handle user rights requests. Many regulators use this standard to judge whether a company follows good practice.

It also clarifies transparency duties, such as providing clear privacy notices. Even though it is technically voluntary, following the PIS Specification helps businesses reduce legal risk and show regulators that they apply responsible data protection measures.