What Does the New IEEE 3169‑2025 Standard Mean for Privacy‑Preserving Computation Security?

On October 17, 2025, the IEEE Standards Association released IEEE 3169‑2025 “IEEE Standard for Security Requirement of Privacy‑Preserving Computation,” led by Ant Group.

Ant Group first introduced related content in its 2024 “White Paper on General Security Grading for Privacy Computing Products,” proposing a unified security grading standard applicable to multiple technology routes.

The new standard, developed by more than 30 universities, enterprises and research institutes, analyzes security risks in multi‑party computation, federated learning, trusted execution environments and other privacy‑preserving computation techniques, and defines a unified five‑level security protection requirement.

In December 2024, China’s NDRC, National Data Administration and Ministry of Industry and Information Technology issued the “National Data Infrastructure Construction Guidelines,” which identify privacy‑preserving computation as a key support technology for a nationwide data market.

Privacy‑preserving computation includes many technical routes such as MPC, federated learning and TEEs, each with different data‑protection dimensions and security risks, making a common security benchmark essential.

The IEEE 3169‑2025 standard evaluates security based on “attack defense effectiveness” and “information leakage degree,” establishing a unified baseline for all routes.

Level 1: Defends against all external non‑participant attacks (e.g., highly trusted platform).

Level 2: Defends against typical internal participant attacks, including known internal attacks (e.g., low‑sensitivity data, limited malicious intent).

Level 3: Defends against all known internal attacks that could cause substantial impact (e.g., participants with malicious intent).

Level 4: Defends against potential future attacks that may be discovered (e.g., critical data flow scenarios).

Level 5: Defends against any theoretically possible attack (full protection).

The standard also refines “intermediate result information” into “allowed leakage,” “non‑allowed leakage,” and “valuable information,” and adds evaluation metrics such as software reputation, depth‑defense measures, and formal verification.

By using attack‑defense effectiveness and information‑leakage degree, the standard provides a quantitative security grading that can be extended to data‑element circulation technologies, offering a unified security evaluation framework for the data‑flow utilization field.