diff --git a/en/release-notes/changelogs/OpenHarmony_4.0.10.1/changelog-security_access_token.md b/en/release-notes/changelogs/OpenHarmony_4.0.10.1/changelog-security_access_token.md
new file mode 100644
index 0000000000000000000000000000000000000000..e10090e9d1814ef8c0b0370146bec92864082dc4
--- /dev/null
+++ b/en/release-notes/changelogs/OpenHarmony_4.0.10.1/changelog-security_access_token.md
@@ -0,0 +1,24 @@
+# Application Access Control Subsystem Changelog
+
+## cl.sucurity_access_token.1 Changes in the Event Subscription and Cancellation APIs
+
+**Change Impact**
+
+The applications developed based on earlier versions are not affected.
+
+**Key API/Component Changes**
+
+Involved APIs:
+interface/sdk-js/api/@ohos.abilityAccessCtrl.d.ts:
+
+atManager.on
+
+atManager.off
+
+From this version:
+
+Multiple callbacks can be registered if **tokenIDList** and **permissionList** are the same.
+
+The same callback cannot be registered if **tokenIDList** or **permissionList** are overlapped.
+
+If callback is not passed in **atManager.off**, all callbacks under **tokenIDList** and **permissionList** will be unregistered.
diff --git a/en/release-notes/changelogs/OpenHarmony_4.0.10.3/changelog-security_privacy.md b/en/release-notes/changelogs/OpenHarmony_4.0.10.3/changelog-security_privacy.md
new file mode 100644
index 0000000000000000000000000000000000000000..e4e10bb205da3d08343f229576a770989bbbdb46
--- /dev/null
+++ b/en/release-notes/changelogs/OpenHarmony_4.0.10.3/changelog-security_privacy.md
@@ -0,0 +1,24 @@
+# Application Access Control Subsystem Changelog
+
+## cl.sucurity_access_token.1 Changes in the Event Subscription and Cancellation APIs
+
+**Change Impact**
+
+The applications developed based on earlier versions are not affected.
+
+**Key API/Component Changes**
+
+Involved APIs:
+interface/sdk-js/api/@ohos.privacyManager.d.ts:
+
+privacyManager.on
+
+privacyManager.off
+
+From this version:
+
+Multiple callbacks can be registered if **permissionList** is the same.
+
+The same callback cannot be registered if **tokenIDList** is overlapped.
+
+If callback is not passed in **privacyManager.off**, all callbacks under **permissionList** will be unregistered.