We fully comply with industry standards, applicable laws, and regulations.

Xiaomi respects and complies with relevant industry standards, laws and regulations. We fully demonstrate the compliance of our practices through regular self-assessment, third-party audits and certifications.

Global Certifications

Our practice has been rigorously tested and is worth the trust of users.
Xiaomi has been widely recognized by global third-party agencies in the field of information security and privacy protection. The authoritative information security and privacy certifications we obtained are the best embodiment of our leading position. These certifications comprehensively cover all components of Xiaomi, including mobile phones, MIUI system, IoT devices, internet applications and services, sales and service sector, and basic infrastructures.
ISO/IEC 27001
ISO/IEC 27018
ISO/IEC 27701
TRUSTe Certification
TrustArc GDPR Validation
NIST Cybersecurity Framework
ioXt SmartCert
TÜV Rheinland Privacy Attestation
BSI IoT Kitemark™
TÜV Rheinland Cybersecurity and Privacy Protection Standard Certificate
UL IoT Security Rating level3(Gold) Certificate

Local Laws and Regulations

Compliance with laws and regulations is our bottom line.Xiaomi operates globally and complies with the local laws and regulations for data protection in all operating regions. Regular reviews and audits ensure that we continue to meet these the legal requirements.

GDPR Compliance

Xiaomi complies with the current EU data protection law, which includes the GDPR. Before GDPR came into effect in 2018, we carried out a dedicated GDPR compliance project, covering all related teams and departments in the company. We finally passed the third-party audit for GDPR, which effectively proves our compliance with GDPR requirements. We also conducted the annual audit or assessment these years, to ensure that our data protection practices comply with GDPR requirements continuously.
The General Data Protection Regulation (GDPR), which went into effect 25 May 2018, creates consistent data protection rules across Europe.
The General Data Protection Regulation (GDPR), which went into effect 25 May 2018, creates consistent data protection rules across Europe.

Our Industry Affiliates

We work with industry leaders and implement best practices.We align and collaborate with industry leaders in the fields of security, privacy, and compliance to ensure that Xiaomi can always keep up with industry best practices.

IoT Security Foundation

Xiaomi joins the IoT Security Foundation (IoTSF) as a corporate member with openness and pragmatism. We follow the security assessment framework of IoTSF, and build our internal security management system and process for IoT products, to ensure that our IoT products are sufficiently secured. Learn more...

International Association of Privacy Professionals

Xiaomi joins the International Association of Privacy Professionals (IAPP) as a gold member. We establish and maintain internal privacy management system in accordance with international standards. More and more professionals and engineers working in Xiaomi have obtained professional qualifications of IAPP, including CIPP/E, CIPM, CIPT and FIP. Learn more...


Xiaomi joins the ioXt Alliance as an implementor member. We follow the baseline security requirements and takes industry leading security practices to our IoT products. By joining the ioXt Alliance, we are committed to creating a safer IoT world. We have enrolled in the ioXt Certification Program and certified Mi 11 Ultra. Learn more...


Xiaomi cooperates with HackerOne, which provides the industry standard for hacker-powered security, to receive and respond to the discovered security vulnerabilities and threats information submitted by the overseas white hats. We have established Xiaomi Security Reward Program on Hackerone and provide dedicated rewards. The program covers all the products and services provided by Xiaomi, including smartphones, IoT devices, apps, and internet services. Learn more...