China’s financial sector regulators issued a four-tier data classification and grading framework for financial information services providers under the Data Security Law. This is a regulatory governance development with no technical exploitation vector. Organizations with China-domiciled operations or financial data services touching Chinese markets must classify and govern data according to the new framework; non-compliance carries regulatory risk in China.