
DCO Data Classification Guidance
July 2026
The DCO Data Classification Guidance provides a practical, risk-based model for classifying data according to its sensitivity, confidentiality, legal obligations, and potential impact if disclosed, altered, misused, or lost. Developed as a supporting component of the DCO Interoperability Mechanism for Cross-Border Data Flows and anchored in the DCO Privacy Principles, the Guidance introduces a unified four-tier taxonomy—Restricted, Confidential, Internal, and Public—to help organizations, governments, policymakers, and regulators apply consistent Data handling, access control, and protection measures. By establishing a common language for Data classification, it supports lawful, secure, and trusted Data flows, reduces regulatory uncertainty, and strengthens interoperability across jurisdictions.
The Guidance is designed to serve both as an operational reference for organizations and as a policy reference for governments and regulators. For organizations, it outlines practical implementation steps, including identifying, classifying, labeling, controlling, training on, and reviewing data across its lifecycle, supported by clear governance roles and responsibilities. For governments and regulators, it provides guidance on integrating data classification into legal, regulatory, and sectoral frameworks to promote consistency, compliance, accountability, and alignment with international best practices. While voluntary and adaptable to national contexts, the Guidance offers a common foundation for strengthening digital trust, safeguarding rights and interests, and enabling responsible participation in the Data-driven digital economy.