{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,17]],"date-time":"2026-06-17T06:55:41Z","timestamp":1781679341441,"version":"3.54.5"},"reference-count":46,"publisher":"MDPI AG","issue":"6","license":[{"start":{"date-parts":[[2026,6,17]],"date-time":"2026-06-17T00:00:00Z","timestamp":1781654400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Department of Science and Technology of Henan Province","award":["241111211100"],"award-info":[{"award-number":["241111211100"]}]},{"DOI":"10.13039\/501100005196","name":"Chinese Academy of Agricultural Sciences","doi-asserted-by":"publisher","award":["Y2026JC09"],"award-info":[{"award-number":["Y2026JC09"]}],"id":[{"id":"10.13039\/501100005196","id-type":"DOI","asserted-by":"publisher"}]},{"award":["Y2026JC09"],"award-info":[{"award-number":["Y2026JC09"]}],"id":[{"id":"https:\/\/ror.org\/0313jb750","id-type":"ROR","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>Data classification and grading is an information governance mechanism through which information resources are categorized, assigned responsibilities, linked to differentiated controls, and updated over time. Using China as the main case, this review examines how classification and grading has been operationalized across regulatory, local public data, and sectoral settings, and where its implementation remains incomplete. This study adopts a structured analytical review design, synthesizing academic studies, national laws and regulatory documents, standards and technical guidance, local public data normative documents, and sectoral implementation instruments, with a focused comparison of governance approaches in China, the United States, and the European Union. The review develops a five-dimensional information governance framework covering information stewardship roles, protected information assets and governance concerns, information categorization criteria and risk logics, differentiated information control mechanisms, and assessment and adaptive updating. The findings show that China has rapidly expanded regulatory and sector-specific arrangements for data classification and grading, especially in public data governance and in sectors such as telecommunications, finance, healthcare, and industry. However, significant operationalization gaps remain, including fragmented standards, weak cross-sector interoperability, uneven information stewardship capacity, limited translation of categories into access, handling, sharing, lifecycle, and audit controls, and underdeveloped feedback and updating mechanisms. By repositioning data classification and grading as information governance rather than only regulatory compliance, this review contributes to research on differentiated data management, information stewardship, and adaptive governance practice.<\/jats:p>","DOI":"10.3390\/info17060602","type":"journal-article","created":{"date-parts":[[2026,6,17]],"date-time":"2026-06-17T05:56:31Z","timestamp":1781675791000},"page":"602","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Data Classification and Grading as an Information Governance Mechanism: A Review of Regulatory Practices, Sectoral Implementation, and Operationalization Gaps in China"],"prefix":"10.3390","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-3133-8188","authenticated-orcid":false,"given":"Feng","family":"Gao","sequence":"first","affiliation":[{"name":"Institute of Economic Analysis and Forecasting, Tianjin Academy of Social Sciences, Tianjin 300191, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1914-0778","authenticated-orcid":false,"given":"Dan","family":"Wang","sequence":"additional","affiliation":[{"name":"Institute of Agricultural Information, Chinese Academy of Agricultural Sciences, Beijing 100081, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9212-4945","authenticated-orcid":false,"given":"Jian","family":"Wang","sequence":"additional","affiliation":[{"name":"Institute of Agricultural Information, Chinese Academy of Agricultural Sciences, Beijing 100081, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-9551-4440","authenticated-orcid":false,"given":"Yuanyuan","family":"Tu","sequence":"additional","affiliation":[{"name":"Institute of Agricultural Information, Chinese Academy of Agricultural Sciences, Beijing 100081, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2026,6,17]]},"reference":[{"key":"ref_1","first-page":"424","article-title":"Data governance: A conceptual framework, structured review, and research agenda","volume":"49","author":"Abraham","year":"2019","journal-title":"Int. J. Inf. Manag."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"148","DOI":"10.1145\/1629175.1629210","article-title":"Designing data governance","volume":"53","author":"Khatri","year":"2010","journal-title":"Commun. ACM"},{"key":"ref_3","first-page":"195","article-title":"On the governance of information: Introducing a new concept of governance to support the management of information","volume":"31","author":"Kooper","year":"2011","journal-title":"Int. J. Inf. Manag."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"101493","DOI":"10.1016\/j.giq.2020.101493","article-title":"Data governance: Organizing data for trustworthy artificial intelligence","volume":"37","author":"Janssen","year":"2020","journal-title":"Gov. Inf. Q."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"98","DOI":"10.1080\/10580530.2019.1589670","article-title":"Critical success factors for data governance: A theory building approach","volume":"36","author":"Alhassan","year":"2019","journal-title":"Inf. Syst. Manag."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Caballero, I., and Piattini, M. (2023). Data Strategy and Policies: The Role of Data Governance in Data Ecosystems. Data Governance, Springer.","DOI":"10.1007\/978-3-031-43773-1"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"100598","DOI":"10.1016\/j.jik.2024.100598","article-title":"Data governance & quality management\u2014Innovation and breakthroughs across different fields","volume":"9","author":"Bernardo","year":"2024","journal-title":"J. Innov. Knowl."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"100447","DOI":"10.1016\/j.infoandorg.2023.100447","article-title":"Data governance and the secondary use of data: The board influence","volume":"33","author":"Black","year":"2023","journal-title":"Inf. Organ."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"100451","DOI":"10.1016\/j.infoandorg.2023.100451","article-title":"Data governance spaces: The case of a national digital service for personal health data","volume":"33","author":"Paparova","year":"2023","journal-title":"Inf. Organ."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"100453","DOI":"10.1016\/j.infoandorg.2023.100453","article-title":"Orchestrating distributed data governance in open social innovation","volume":"33","author":"Gegenhuber","year":"2023","journal-title":"Inf. Organ."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"101566","DOI":"10.1016\/j.giq.2021.101566","article-title":"Open government research over a decade: A systematic review","volume":"38","author":"Tai","year":"2021","journal-title":"Gov. Inf. Q."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"101823","DOI":"10.1016\/j.giq.2023.101823","article-title":"Open government data from a legal perspective: An AI-driven systematic literature review","volume":"40","author":"Kempeneer","year":"2023","journal-title":"Gov. Inf. Q."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"101657","DOI":"10.1016\/j.giq.2021.101657","article-title":"Enhancing the usability and usefulness of open government data: A comprehensive review of the state of open government data visualization research","volume":"39","author":"Ansari","year":"2022","journal-title":"Gov. Inf. Q."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"101983","DOI":"10.1016\/j.giq.2024.101983","article-title":"Open Government Data (OGD) as a catalyst for smart city development: Empirical evidence from Chinese cities","volume":"41","author":"Wang","year":"2024","journal-title":"Gov. Inf. Q."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1177\/2053951720948087","article-title":"Emerging models of data governance in the age of datafication","volume":"7","author":"Micheli","year":"2020","journal-title":"Big Data Soc."},{"key":"ref_16","first-page":"236","article-title":"Bottom-up data trusts: Disturbing the \u201cone size fits all\u201d approach to data governance","volume":"9","author":"Delacroix","year":"2019","journal-title":"Int. Data Priv. Law"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"255","DOI":"10.24908\/ss.v19i2.14409","article-title":"Data trusts and the governance of smart environments: Lessons from the failure of Sidewalk Labs\u2019 urban data trust","volume":"19","author":"Austin","year":"2021","journal-title":"Surveill. Soc."},{"key":"ref_18","first-page":"114","article-title":"Mode change, choice and way forward of data security governance","volume":"4","author":"Fan","year":"2022","journal-title":"E-Government"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"103076","DOI":"10.1016\/j.telpol.2025.103076","article-title":"Personal data protection in China: Progress, challenges and prospects in the age of big data and AI","volume":"49","author":"He","year":"2025","journal-title":"Telecommun. Policy"},{"key":"ref_20","unstructured":"Standing Committee of the National People\u2019s Congress (2026, June 01). Data Security Law of the People\u2019s Republic of China, Available online: https:\/\/www.cac.gov.cn\/2021-06\/11\/c_1624994566919140.htm."},{"key":"ref_21","unstructured":"Standing Committee of the National People\u2019s Congress (2026, June 01). Personal Information Protection Law of the People\u2019s Republic of China, Available online: http:\/\/www.npc.gov.cn\/npc\/c2\/c30834\/202108\/t20210820_313088.html."},{"key":"ref_22","first-page":"79","article-title":"Rule of law guarantee for balancing data security and data utilization","volume":"6","author":"Zheng","year":"2023","journal-title":"People\u2019s Forum Acad. Front."},{"key":"ref_23","first-page":"2","article-title":"Data classification and grading: Research trends, policy standards and practical progress","volume":"9","author":"Yan","year":"2022","journal-title":"Digit. Libr. Forum"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"103240","DOI":"10.1016\/j.ipm.2022.103240","article-title":"Laws and regulations tell how to classify your data: A case study on higher education","volume":"60","author":"Yang","year":"2023","journal-title":"Inf. Process. Manag."},{"key":"ref_25","first-page":"922","article-title":"An overview of the current status of data security governance at home and abroad","volume":"7","author":"Shao","year":"2021","journal-title":"Inf. Secur. Res."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1016\/j.dsm.2021.06.001","article-title":"Data security governance in the era of big data: Status, challenges, and prospects","volume":"2","author":"Sun","year":"2021","journal-title":"Data Sci. Manag."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"103186","DOI":"10.1016\/j.ipm.2022.103186","article-title":"Listen carefully to experts when you classify data: A generic data classification ontology encoded from regulations","volume":"60","author":"Yang","year":"2023","journal-title":"Inf. Process. Manag."},{"key":"ref_28","unstructured":"National Institute of Standards and Technology (2004). Standards for Security Categorization of Federal Information and Information Systems (FIPS PUB 199)."},{"key":"ref_29","unstructured":"National Institute of Standards and Technology (2008). Guide for Mapping Types of Information and Information Systems to Security Categories (Special Publication 800-60, Vol. 1 Rev. 1)."},{"key":"ref_30","unstructured":"National Institute of Standards and Technology (2026). Data Classification Practices (NIST Special Publication 1800-39, Initial Public Draft)."},{"key":"ref_31","unstructured":"European Parliament, and Council of the European Union (2026, June 01). Directive (EU) 2019\/1024 of 20 June 2019 on Open Data and the Re-Use of Public Sector Information (Recast). Official Journal of the European Union. Available online: https:\/\/eur-lex.europa.eu\/eli\/dir\/2019\/1024\/oj\/eng."},{"key":"ref_32","unstructured":"European Parliament, and Council of the European Union (2026, June 01). Regulation (EU) 2022\/868 of 30 May 2022 on European Data Governance and Amending Regulation (EU) 2018\/1724 (Data Governance Act). Official Journal of the European Union. Available online: https:\/\/eur-lex.europa.eu\/eli\/reg\/2022\/868\/oj\/eng."},{"key":"ref_33","unstructured":"European Parliament, and Council of the European Union (2026, June 01). Regulation (EU) 2023\/2854 of 13 December 2023 on Harmonised Rules on Fair Access to and Use of Data and Amending Regulation (EU) 2017\/2394 and Directive (EU) 2020\/1828 (Data Act). Official Journal of the European Union. Available online: https:\/\/eur-lex.europa.eu\/eli\/reg\/2023\/2854\/oj\/eng."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Acev, D., Biyani, S., Rieder, F., Aldenhoff, T.T., Blazevic, M., Riehle, D.M., and Wimmer, M.A. (2025). Systematic analysis of data governance frameworks and their relevance to data trusts. Manag. Rev. Q., advance online publication.","DOI":"10.1007\/s11301-025-00560-2"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"108254","DOI":"10.1016\/j.future.2025.108254","article-title":"Automated parsing method for standards related to data classification and grading","volume":"178","author":"Lai","year":"2026","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"106528","DOI":"10.1016\/j.scs.2025.106528","article-title":"Assessing data governance models for smart cities: Benchmarking data governance models on the basis of European urban requirements","volume":"130","author":"Bozkurt","year":"2025","journal-title":"Sustain. Cities Soc."},{"key":"ref_37","first-page":"303","article-title":"Data governance in smart farming: A systematic review of challenges and gaps","volume":"13","author":"Rouzky","year":"2025","journal-title":"Inf. Process. Agric."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"3892","DOI":"10.24294\/jipd.v8i6.3892","article-title":"Health organization challenges in health data governance implementation: A systematic review","volume":"8","author":"Oktaviana","year":"2024","journal-title":"J. Infrastruct. Policy Dev."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"149875","DOI":"10.1109\/ACCESS.2024.3476373","article-title":"A systematic review of recent literature on data governance (2017\u20132023)","volume":"12","author":"Munk","year":"2024","journal-title":"IEEE Access"},{"key":"ref_40","first-page":"102896","article-title":"Guidelines for GDPR compliance in big data systems","volume":"61","author":"Rhahla","year":"2021","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"102535","DOI":"10.1016\/j.technovation.2022.102535","article-title":"Open data: Lost opportunity or unrealized potential?","volume":"114","author":"Temiz","year":"2022","journal-title":"Technovation"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"e52","DOI":"10.1017\/dap.2024.52","article-title":"The need for climate data stewardship: 10 tensions and reflections regarding climate data governance","volume":"6","author":"Verhulst","year":"2024","journal-title":"Data Policy"},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"12","DOI":"10.5334\/dsj-2025-012","article-title":"Research data governance: The need for a system of cross-organisational responsibility for the researcher\u2019s data domain","volume":"24","author":"Odebrecht","year":"2025","journal-title":"Data Sci. J."},{"key":"ref_44","unstructured":"(2022). Information Security, Cybersecurity and Privacy Protection\u2014Information Security Management Systems\u2014Requirements (Standard No. ISO\/IEC 27001:2022)."},{"key":"ref_45","unstructured":"(2022). Information Security, Cybersecurity and Privacy Protection\u2014Information Security Controls (Standard No. ISO\/IEC 27002:2022)."},{"key":"ref_46","unstructured":"(2024). Data Security Technology\u2014Rules for Data Classification and Grading (Standard No. GB\/T 43697-2024)."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/17\/6\/602\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,6,17]],"date-time":"2026-06-17T06:22:43Z","timestamp":1781677363000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/17\/6\/602"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,6,17]]},"references-count":46,"journal-issue":{"issue":"6","published-online":{"date-parts":[[2026,6]]}},"alternative-id":["info17060602"],"URL":"https:\/\/doi.org\/10.3390\/info17060602","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,6,17]]}}}