GB 46864-2025 Data security technology — Technical requirements for information sanitization of electronic products
1 Scope
This document specifies the basic requirements, functional requirements for the information sanitization of electronic products, as well as the process requirements for information sanitization of used electronic products.
This document is applicable to electronic products with non-volatile storage media that are produced and sold within the territory of China. It is also applicable to electronic product manufacturers, third-party developers of electronic product information sanitization functions, and recycling operators for information sanitization of used electronic products.
This document is not applicable to electronic products that handle state secrets. Electronic products involving state secrets shall be handled in accordance with relevant national confidentiality regulations.
2 Normative references
No normative reference is listed in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
storage media
materials or devices used for data storage
Note 1: Storage media are classified into volatile and non-volatile types based on whether data is retained after power off. Volatile storage media will immediately lose the stored data when the power is off, such as random access memory (RAM) like memory, CPU cache, and video memory. Non-volatile storage media can still retain data for a long time after power off, such as mechanical hard disk drives (HDD), solid-state drives (SSD), eMMC/UFS embedded storage chips, USB flash drives, SD/TF cards, etc.
Note 2: Storage media of electronic products are mainly classified into magnetic media and semiconductor media based on the storage materials and storage principles. Magnetic media are storage media that record data by utilizing the magnetization state of magnetic materials, such as HDD, magnetic tapes, magnetic cards, etc. Semiconductor media are storage media that record data by utilizing the electrical properties of semiconductor materials, such as RAM, SSD, eMMC, UFS, USB flash drives, etc.
3.2
electronic products
software and hardware equipment and their accessories manufactured by using electronic information technology
Note: The electronic products referred to in this document are those that have the function of storing user data and use non-volatile storage media.
3.3
user data
data generated and written by users during the use of electronic products
Note: User data does not include cloud data, data on the usage status and lifespan of electronic products, as well as factory settings of products such as operating systems and pre-installed applications.
3.4
information sanitization
technical processing of data stored in electronic products and makes it inaccessible or unrecoverable
Note 1: The information sanitization in this document refers to the irreversible sanitization of data in the storage media.
Note 2: After information is sanitized, it can prevent the use of technical means to access or restore data.
3.5
data overwrite
fixed or random meaningless data are written into electronic products and overwrite each storage unit related to user data to achieve information sanitization
3.6
block erase
by invoking the instructions of storage media, an erasing operation is performed on the physical blocks of the media to erase all data within the physical blocks.
Note 1: Block erase is typically applicable to semiconductor dielectric electronic products that support hardware erasing instructions. After invoking the instruction, it is usually achieved through methods such as charge release, and its minimum erasing unit is counted in physical blocks.
Note 2: Merely clearing the mapping relationship between logical addresses and physical addresses or marking data as invalid without erasing user data in physical blocks does not fall under block erase.
3.7
destroy
availability of storage media of electronic products is disrupted, by physical or chemical means, to achieve information sanitization
3.8
used electronic products
electronic products that have been used by users and still retain all or part of their use value
3.9
Contents
Foreword II
Introduction III
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Basic requirements
6 Requirements for information sanitization function
7 Requirements for information sanitization process of used electronic products
Bibliography
