What the 2023 Chinese Government Database Procurement Standard Means for Vendors

1. Policy Overview

The Ministry of Finance and the Ministry of Industry and Information Technology jointly issued the Database Government Procurement Demand Standard (2023) , establishing a unified benchmark for government database purchases and influencing other sectors. The standard applies to all government departments, mandates split‑package procurement, and distinguishes mandatory ( *) from optional indicators.

Suppliers respond with a commitment letter rather than detailed test reports, and acceptance can be performed by the user or a third‑party agency.

2. Technical Overview (Summary)

The standard defines two families of databases—centralized and distributed—covering 114 indicators grouped into five major categories and 24 sub‑categories.

Two families: 108 indicators for centralized databases, 113 for distributed ones; 107 indicators overlap, with differences mainly in cluster management.

Indicator structure: Functional, reliability, security, service, and compatibility requirements.

Key mandatory indicators: Service capability, compatibility, and stable operation are marked with an asterisk and must be included in procurement documents.

Scoring items: Only a few indicators (hardware compatibility, supply‑chain assurance, disaster‑recovery, and multi‑CPU upgrade compatibility) are allowed as scoring criteria.

3. Detailed Technical Breakdown

3.1 Functional Requirements

Installation & Upgrade: Emphasizes smooth, multi‑CPU compatible upgrades; considered a critical scoring item.

Configuration: Requires clear parameter settings for storage, memory, and role‑based configurations.

SQL Capability: Supports extended data types, GB 18030‑2022 character set, and SQL execution‑plan intervention.

Data Objects: Covers tables, partitions, views, indexes, sequences, triggers, stored procedures; highlights challenges for distributed databases (e.g., limited index support) and the need for online redefinition.

Transaction Ability: Enforces ACID compliance; notes occasional dead‑lock issues in some products.

Operations: Focuses on multi‑dimensional monitoring (host, system, instance, statement) and rapid fault diagnosis, especially for distributed architectures.

Migration: Addresses logical migration (applications, SQL) and data migration, stressing data consistency and comparison tools.

Backup & Recovery: Requires granular backup, multi‑medium support, and fine‑grained recovery capabilities.

Cluster Management: Centralized databases need shared‑storage support; distributed databases require elastic scaling with transparent user experience.

Tools & GUI: Calls for ecosystem tools and graphical management interfaces to lower usage difficulty.

3.2 Reliability Requirements

Stable Operation: Qualitative requirement, often demonstrated through long‑term case studies.

Failover: Demands rapid switchover but does not specify exact RTO/RPO values.

Disaster Recovery: Sets RPO = 0 and RTO < 30 seconds for both same‑city and cross‑city scenarios.

Fault Tolerance: Specifies handling of logical, network, system, and storage failures, including detection and recovery procedures.

3.3 Compatibility Requirements

Software Compatibility: Supports multiple deployment platforms and cloud‑native options.

Hardware Compatibility: Requires support for various CPU architectures, especially domestic CPUs.

Standard Compatibility: Aligns with common database connection standards.

3.4 Service Requirements

Service Period: Defines maintenance, extended service, security service, and minimum guarantee periods.

Delivery Mode: Allows offline media delivery.

Supply‑Chain & Service Assurance: Includes security guarantees, open‑source compliance, on‑site support, and customized services.

3.5 Security Requirements

Basic Security: Mandates security testing, three‑person separation, vulnerability management, and identity authentication.

Enhanced Security: Covers anti‑tampering, full‑state encryption, data masking, and flash‑back recovery, often realized via third‑party solutions.

Overall, the standard provides a comprehensive checklist for vendors to align their database products with government procurement expectations, emphasizing mandatory functional capabilities, strict reliability and disaster‑recovery metrics, broad compatibility, robust service guarantees, and layered security controls.