Unified Security Grading Standards Are Essential for the Trusted Deployment of Privacy Computing

Privacy computing is a core technology for trustworthy data circulation, yet the multitude of technical routes leads to uncertainty, incomprehension, and hesitation among enterprises.

On June 5, the Big Data Technology Standard Promotion Committee, the Privacy Computing Alliance, Ant Group, and the National FinTech Evaluation Center jointly held a seminar where industry and standards representatives emphasized the urgent need for a unified security‑capability grading system to help organizations select appropriate solutions and balance safety with performance.

Privacy computing integrates cryptography, artificial intelligence, and computer hardware, producing major approaches such as multi‑party secure computation, federated learning, and trusted execution environments, which are already applied in finance, government, healthcare, energy, and manufacturing.

Because different routes vary greatly in cost, security, and performance, choosing suitable products for specific security requirements has become a major challenge for institutions.

Ant Group’s Vice President and Chief Technology Security Officer Wei Tao stressed that the lack of a common measurement standard makes new technologies “hard to explain” and discourages adoption, calling for a systematic evaluation framework.

Yuan Bo, Deputy Director of the Cloud Computing Institute at the China Academy of Information and Communications Technology and Vice‑Secretary of the Privacy Computing Alliance, argued that data should be classified and graded just like technologies, enabling clear mapping to policies, data types, and scenarios, thereby improving usability.

Industry experts, including a senior algorithm engineer from the China Bank privacy‑computing team and the technical lead of the National FinTech Evaluation Center, highlighted that security grading can provide appropriate protection levels, balance performance, control costs, and identify risks, while also addressing challenges such as low efficiency perceptions and “technology islands.”

Ant Group’s senior privacy‑computing specialist Pan Wuqiong identified four key directions for security grading: quantifying attack‑defense effectiveness, defining granular technical feature metrics, assessing product‑implementation security, and constraining both effectiveness and features.

Looking ahead, the ecosystem is collaborating to establish a universal security‑grading framework, exemplified by the early‑2024 release of the Q/NFEC0001‑2024 "Privacy Computing Product Security Capability Grading Requirements" standard, which categorizes products into five levels based on attack‑defense performance and is the first industry‑wide method applicable across diverse technical routes.