[Editor to fill: 200-word domain overview.]
AI Governance.
人工智能治理
Rules and standards for generative AI services, deep synthesis, content labeling, and AI ethics in China.
The legal corpus.
12 laws.
- RULE Interim Measures for the Management of Generative Artificial Intelligence Services 生成式人工智能服务管理暂行办法
- RULE Provisions on the Administration of Algorithmic Recommendation Services for Internet Information Services 互联网信息服务算法推荐管理规定
- RULE Provisions on the Administration of Deep Synthesis of Internet Information Services 互联网信息服务深度合成管理规定
- AI Meteorological Services Measures Measures for Artificial Intelligence Meteorological Application Services 人工智能气象应用服务办法
- RULE Measures for the Labeling of AI-Generated and Composed Content 人工智能生成合成内容标识办法
- FRT Filing Announcement Announcement on Carrying Out the Filing of Facial Recognition Technology Applications 关于开展人脸识别技术应用备案工作的公告
- RULE Interim Measures for the Management of AI Anthropomorphic Interaction Services 人工智能拟人化互动服务管理暂行办法
- GB/T 35273 (2026 draft) Data Security Technology — Personal Information Security Specification (2026 Draft for Comment) 数据安全技术 个人信息安全规范(征求意见稿)
- FRT Measures Administrative Measures for the Application Security of Facial Recognition Technology 人脸识别技术应用安全管理办法
- Digital Virtual Human Measures (Draft) Measures for the Administration of Digital Virtual Human Information Services (Draft for Public Consultation) 数字虚拟人信息服务管理办法(征求意见稿)
- AI Ethics Review Measures (Trial) Measures for the Ethics Review of and Services for Artificial Intelligence Science and Technology (Trial) 人工智能科技伦理审查与服务办法(试行)
- AI Agent Implementation Opinions Implementation Opinions on the Standardized Application and Innovative Development of AI Agents 智能体规范应用与创新发展实施意见
In this domain.
18 briefs.
- § 01 · AI-COMPANION
Doubao, Qwen, and NetEase Pull AI Companions Ahead of July 15 — Is Delisting to 'Stay Safe' the Right Move?
Days before the AI Anthropomorphic Interaction Measures take effect on July 15, 2026, Doubao, Qwen, and NetEase removed agent-style companion features — and at least one AI company had already received a question list from regulators. This translated report from 竞争秩序场 (reporter Wang Jun) maps why the industry calls the rules right in direction but hard in practice: scoping ambiguity around role-play on general-purpose models and UGC agent builders, 'capability regulation' that runs through model training and operations rather than content filters, the psychology-grade judgment needed to spot excessive emotional dependence, and expert warnings that clumsy intervention or perceived surveillance of intimate chats could do its own harm. Includes proposals for public safety-capability toolkits for smaller developers.
- § 02 · AI-COMPANION
Ten Questions Before July 15: A Compliance Q&A on China's AI Anthropomorphic Interaction Measures
Two days before the Interim Measures for the Management of AI Anthropomorphic Interaction Services take effect on July 15, 2026, compliance practitioners Chen Huan and Li Qiyao distill the final text into ten questions AI companies keep asking: what counts as an anthropomorphic interaction service (and what is excluded), the content red lines, training-data duties, mandatory registration fields including age and emergency contacts, the two-hour usage reminder, the ban on virtual intimate relationships for minors, the separate-consent gate on training with sensitive interaction data, the five security-assessment triggers, and the penalty ladder topping out at RMB 200,000 where life and health are harmed.
- § 03 · AI-GOVERNANCE
China's AI-Companion Rule Takes Effect July 15 — A Clause-by-Clause Field Guide to What Actually Changed
China's Interim Measures for AI Anthropomorphic Interaction Services (人工智能拟人化互动服务管理暂行办法) — the world's first dedicated rule on 'companion'-style AI — take effect on 15 July 2026. This DCC brief synthesises three Chinese-language readings published in the days before the effective date: 数据合规肖大国's article-by-article practitioner walkthrough, 网安寻路人 (Hong Yanqing)'s multi-part work on how to scope anthropomorphic interaction (including his 'Sentiment Interaction Event / SIE' indicator system), and AI前沿信息笔记's read of the business-model logic the rule is really aimed at. Three throughlines: (1) what changed between the consultation draft and the final text — real fines were added, a 'continuity (持续性)' qualifier now narrows scope, the emergency-contact duty was widened beyond vulnerable groups, and the mandatory 'human takeover' of at-risk conversations was dropped; (2) the scope question the rule leaves under-specified — which services are 'continuous emotional interaction' at all — and the SIE-style indicator approach practitioners are reaching for to answer it; and (3) the paradigm shift the rule marks, from *content-safety* governance (AI as tool) to *relationship* governance (AI as social role), which finally gives regulators a handle on attention-economy and emotional-dependency business models. For overseas counsel shipping companion, emotional-AI or character-AI products into China: this is the operational checklist and the open-question list, two weeks out.
- § 04 · AI-AGENTS
TC260's Practice Guide on AI-Agent Deployment: A Five-Stage Lifecycle Checklist, Read Against PIPL, DSL, and CSL Obligations
On July 1, 2026 the National Cybersecurity Standardization Technical Committee (TC260) issued the Cybersecurity Standards Practice Guide — Security Guidelines for the Deployment and Use of AI Agents (网络安全标准实践指南——智能体部署使用安全指引), covering the full lifecycle of high-permission, LLM-based personal-assistant agents across five stages: assessment, preparation, deployment, use, and decommissioning, plus a star-rated security checklist (Appendix A) and an organizational management framework including shadow-agent discovery (Appendix B). This DCC brief adapts the HexCode reading published on 数据何规 — itself generated, the account notes, by its own AI agent — which maps each stage onto hard-law anchors: PIPIA duties under PIPL Article 55 and DSL Article 27 risk monitoring at assessment; the GenAI Measures' filed-model requirement and the ban on unverified API relays at preparation; least privilege, directory isolation, CSL Article 21 log retention, and high-risk-operation confirmation lists at deployment; minimum-necessary provision of personal information and long-term-memory management in use; and credential revocation and data disposal at decommissioning. Practice guides are soft law — but in Chinese enforcement practice they calibrate what 'necessary measures' means, and this one is the first lifecycle baseline for the agent era.
- § 05 · GBT-35273
From Consent to Governance: What the 2026 Draft Revision of GB/T 35273 Changes Against the 2020 Standard
On June 17, 2026 the National Cybersecurity Standardization Technical Committee (TC260), with CESI as drafting lead, released for public comment a systematic revision of GB/T 35273 — China's most-cited personal-information standard, the de-facto 'small PIPL.' The draft retitles the standard from 'Information Security Technology' to 'Data Security Technology' and expands its normative references from one standard to eight. DCC reads the revision as a role change, not a clause count: the standard moves from a consent-and-notice manual into a governance-capability framework. The substantive increments against GB/T 35273-2020: a new Chapter 5 importing PIPL Article 13's seven lawful bases as a standalone chapter with hard boundaries on each (contract-necessity, HR, public-disclosure) plus an evidence-chain duty; a sensitive-PI redefinition aligned to PIPL Article 28 with a new aggregation rule (multiple items that together meet the threshold are treated as sensitive as a whole); a formal 'separate consent' definition (3.7) with a negative list; a new eighth basic principle, 'quality assurance' (Chapter 4(f)); dedicated AI clauses on the collection side (6.7), in minimum-necessity (6.1 d–f), in aggregation/training (8.4), and a new generative-AI use clause (8.5.4) with output review and a 15-working-day deletion SLA; a unified-account-system clause (8.6) aimed at one-account-many-products groups; a terminal/IoT collection clause (6.8); a wholly new Chapter 11 on overseas-jurisdiction determination and conflict handling; and a systematized internal-control chapter (13) covering the person in charge of personal information protection, working body, processing-activity records, impact assessment, and a GB/T 46903-anchored compliance audit. Subject-rights response time tightens from 30 days to 15 working days. Clause numbers are from the comment draft and are not final; formal release is expected after 2027.
- § 06 · AI-GOVERNANCE
China's First AI-Ghostwritten 'Seeding Post' Case — a Duty of Care for Generative-AI Providers
China's first unfair-competition case over AI batch-ghostwritten 'seeding posts' (种草笔记 — the staged, first-person product-recommendation notes that drive discovery commerce on Xiaohongshu/RED). On appeal, the Hangzhou Intermediate People's Court ((2025) Zhe 01 Min Zhong No. 3998) held that the operators of an 'AI writing' tool ('AI写作鹅') that let users one-click-generate fake first-person Xiaohongshu notes — fabricating personal experiences and feelings — committed unfair competition under Article 2 (the general clause) of the Anti-Unfair Competition Law. The court built an explicit four-factor duty-of-care test for generative-AI providers (is it generative AI; does it target a specific scenario/another's product as its 'application layer'; is it directional and inducing; is it a paid, for-profit service), citing Articles 4(3), 5(1) and 22 of the Generative AI Services Interim Measures. Because the tool was named after Xiaohongshu, marketed to mass-produce on-brand 'seeding' copy, charged a membership fee, and shipped with no notice or reminder against the foreseeable misuse, the providers were at fault. The appeal court affirmed liability but cut damages from RMB 200,000 to RMB 100,000 on an 'inclusive and prudent' (包容审慎) view of AI, and reversed joint liability for the third defendant that merely hosted the download. DCC OCR'd the full judgment from the source images; this is our case brief for overseas counsel.
- § 07 · AI-GOVERNANCE
China's First 'AI Hallucination' Tort Judgment — GenAI Is a Service, Not a Product, and the Chatbot's '¥100,000 Promise' Binds No One
The Hangzhou Internet Court has decided China's first 'AI hallucination' (AI幻觉) tort case — written into the Supreme People's Court's 2026 work report to the NPC. A user asking a chatbot about college applications was told, across seven rounds, that a non-existent campus existed; when finally shown the official website, the model 'apologised' and 'promised' to pay ¥100,000, even generating a fake lawsuit template telling him to sue. He did. The court dismissed every claim and, in doing so, laid down the first judicial articulation of China's generative-AI liability framework: (1) an AI model is not a civil subject, so its 'promise' is no declaration of intent — and is not attributable to the provider either; (2) generative AI is a service, not a product, so fault liability under Civil Code Article 1165 applies, not product liability's no-fault rule under Article 1202; (3) there is no result-based duty to guarantee accuracy for ordinary inaccurate output — only a process duty of care (conspicuous AI-content labelling plus industry-standard accuracy measures), which the provider had discharged; and (4) no proven damage, no causation. For any company deploying GenAI to the Chinese public, this is the operating liability surface and the evidentiary playbook.
- § 08 · AI-GOVERNANCE
Prompt Stacks and Prompt Governance — Why System-Level Prompts Are Emerging as a Regulatory Lever (and Where They Fall Short)
A Chinese AI-law reading of Neumann, Sargeant and Singh's FAccT 2026 paper Prompt Governance? — and what it means for how China, the EU, and the US treat 'system prompts' as a regulatory object. Li Wenlong (科技利维坦) walks through the four-layer 'prompt stack' (system instructions → system guidelines → developer instructions → user prompts), five properties practitioners need to understand (layered, hidden, natural-language, malleable, loosely coupled to behaviour), and the comparative regulatory landscape: the EU GPAI Code of Practice requires signatories to disclose system prompts to regulators in model reports; the Trump EO 14319 / OMB M-26-04 stops at model / system / data cards and leaves system-prompt disclosure voluntary; the UK's AI Cybersecurity Code says effectively nothing. China's current GenAI safety regime (TC260-003 plus the GenAI Interim Measures) is output-evaluation-based — filing and pre-launch scoring, with no architectural hook into system prompts. Li predicts a Brussels Effect: system-prompt disclosure to regulators will become a global compliance baseline, analogous to the DPIA in data law. For overseas counsel: this is what is coming, what to start archiving now, and why 'what you write' in a system prompt is not 'what the model executes.'
- § 09 · AI-GOVERNANCE
Zhu Xiaofeng — Who Pays When GenAI Causation Is Unclear? Applying Civil Code Article 1254 by Analogy
Zhu Xiaofeng (Central University of Finance and Economics Law School) takes on the GenAI causation black hole — when a personal-information harm clearly arises from a GenAI service but specific causation among model designer, model provider, model user, and data provider cannot be established, who pays? Zhu's structural answer: when conventional construction-element-analysis and Article 998 interest-balancing both fail (and they do), apply Civil Code Article 1254's 'unclear-causation' rule by analogy — the same rule used for falling-object-from-building cases. The doctrinal scaffolding: communication-safety theory, gain-and-risk allocation theory, causation proof + harm prevention. Critically: each potential injurer compensates the full damage; among themselves, allocation is proportional, with judges determining specific amounts case-by-case. Highly relevant for multinationals deploying GenAI in China — the proposed framework restructures the operating liability surface.
- § 10 · AI-AGENTS
Mapping the AI Agent Risk Surface — A Ten-Category Taxonomy Under China's New 智能体新规
China's Cyberspace Administration jointly issued the Implementation Opinions on Standardized Application and Innovation Development of AI Agents (the '智能体新规' or 'Agent Rules') on May 8, 2026 — the first dedicated regulatory document on AI agents anywhere in the world. This DCC brief works through the ten-category risk taxonomy that practitioners are now using to map the agent attack surface: goal hijacking, tool misuse, identity/permission abuse, supply-chain compromise, unintended code execution, memory and context poisoning, inter-agent communication insecurity, cascade failures, human-machine trust exploitation, and rogue agents. With the agent risk mapped, the brief works the legal-liability vector: how each risk maps to administrative, civil, and criminal exposure under existing PIPL, CSL, Anti-Unfair Competition, and trade-secret regimes. Closes with the Guangzhou Internet Court's recent dual-authorization ruling against an open-source agent that bypassed a chat platform's risk controls — the first Chinese case to articulate the dual-authorization principle for AI agents accessing third-party platforms.
- § 11 · AI-AGENTS
Operationalizing AI Agent Governance — A Ten-Step Internal Control Framework
Part 2 of DCC's brief on the Chinese Agent Rules (《智能体规范应用与创新发展实施意见》, May 2026). After mapping the ten-category risk taxonomy in Part 1, this brief works through the ten-step internal governance framework practitioners are now building to operationalize agent compliance: cross-functional governance organization + agent asset inventory; use-case admission and classification (L1 read-only / L2 limited-write / L3 sensitive-data / L4 high-impact); security assessment and AI red-team testing; identity authorization and permission control (with the under-discussed 'permission inheritance' trap); data protection; tool and protocol security; human-in-the-loop design; supply-chain security; continuous monitoring; and AI-specific incident response. Closes with five operational priorities for teams that need to start now without waiting for the 'big-and-comprehensive' regime build.
- § 12 · AI-GOVERNANCE
Open-Source Does Not Mean Open Data — Zhang Ping on Training-Data Compliance for Open-Source AI
Peking University Law School professor Zhang Ping, writing in 人民论坛 (People's Tribune), takes apart two misconceptions that have dominated the Chinese open-source AI discussion: that 'open source' means training data has no copyright protection, and that 'algorithm open-source' compels 'training data publication.' Both false. Zhang lays out the structural distinction: 'open source is conditional authorization under license' — applied to model weights, not to the training corpus, which is a legally independent object. She then maps the full-chain compliance risk (acquisition / processing / output) and proposes a four-tier differentiated governance framework that finance, healthcare, and government AI deployments can actually use to map their training-data inventory against compliance gates.
- § 13 · FOREIGN-INVESTMENT-SECURITY-REVIEW
Why China Used Foreign Investment Security Review on Manus — Not Tech or Data Export
Hong Yanqing on Beijing's banning of Meta's Manus acquisition. The regulator's choice of pathway — Foreign Investment Security Review, not Technology or Data Export — signals a shift from 'transaction-level' to 'capability-level' oversight of frontier AI projects, with implications for any overseas tech investment touching China.
- § 14 · TOKENS
Cold Water on 'Token Trading' — Wang Qinglan on the NDA's High-Quality Data Set Initiative
In March 2026, the National Data Administration released the *Implementation Plan for Promoting High-Quality Industry Data Set Construction (Draft for Public Consultation)*, which explores a 'token (词元) based value system' and 'token trading as a new transaction mode' for high-quality data sets. The Chinese AI policy community immediately heralded the move as 'revolutionizing data trading.' Wang Qinglan pours cold water: token is a measuring unit, not a magic transformer. AI tokens are not crypto tokens. The bottleneck in China's data-element market isn't measurement — it's supply, rights clarity, compliance cost, and data silos.
- § 15 · FACIAL-RECOGNITION
When Is Facial Recognition in a Public Place 'Necessary for Public Security'? Hong Yanqing's Four-Element Framework
Hong Yanqing on how to operationalize PIPL Article 26's 'necessary for public security' principle for public-place video surveillance and facial recognition. His framework: a four-step necessity test, tiered risk regime with a published prohibited list, three-fold technical controls, and a lifecycle closure mechanism — drawing on EU AI Act and US state-level practice.
- § 16 · AI-GOVERNANCE
Where China's Draft AI Anthropomorphic-Interaction Measures Need Work — A Scholar's Reform Map
Li Wenlong (科技利维坦) walks through the directions in which he would amend China's draft Interim Measures for the Administration of AI Anthropomorphic Interaction Services (人工智能拟人化互动服务管理办法) — the country's first dedicated rule on 'companion'-style AI. His critique is structural, not cosmetic: the core definition of '拟人化 (anthropomorphisation)' is too broad because it anchors on human-like expression rather than the real harm (relational dependency); the invented concept of '交互数据 (interaction data)' should be deleted and folded back into PIPL rather than blanket-prohibited; Chapter 2 mixes three incompatible duty types and should be split; the '1M registered / 100k MAU' security-assessment trigger is borrowed from other regimes and does not track real risk; and the training-data duties are horizontal obligations misplaced in a vertical rule. For overseas counsel building companion-AI or emotional-AI products for the China market: this is a map of where the draft is likely to move, and which duties fall on deployers versus base-model providers.
- § 17 · AI-GOVERNANCE
AI Agents and the Limits of Consent — When 'Authorisation' Stops Being One Click
Li Wenlong (科技利维坦) takes the Doubao phone assistant — an AI that 'reads your screen' and acts across apps — and asks whether the consent/authorisation mechanism that traditional data law leans on can survive the agent era. His four challenges: the app-bounded 'private' environment dissolves as data and permissions move across apps (with Nissenbaum's Contextual Integrity as the only real conceptual anchor, and far from operational); agents that *act* (not just retrieve) push informed consent past the point of failure already reached by personalised ads; purpose limitation collapses because an agent chooses its own path, means and decisions from a low-information instruction, edging into automated decision-making; and ultra vires agency shifts liability from user to platform, with China's 'hallucination case' and the Air Canada case as the only thin precedents. For overseas counsel building or advising on agentic AI in China: a map of why 'authorisation' is becoming a problem of agency, system control, liability allocation and autonomy — not a checkbox — and why transparency is now a prerequisite, not a feature.
- § 18 · AI-GOVERNANCE
Reverse Interoperability: Li Wenlong's Frame for the Doubao On-Device Agent Fight
ByteDance's Doubao phone assistant — preinstalled at the device layer to operate other apps on a user's behalf — was met with pop-up blocks from WeChat and others citing security and risk-control. Li Wenlong (科技利维坦) argues the dispute is, at bottom, a question of how China's competition-law toolkit (反不正当竞争法 / 反垄断法) absorbs the idea of interoperability — and specifically what he calls 'reverse interoperability (反向互操作性)'. The classic interoperability problem is a platform refusing to open up, with antitrust used as a market remedy to force access. Doubao inverts it: interoperability is fully achieved at the device level, and the legal question becomes whether the law should restrict 'over-interoperation.' Li maps interoperability's journey from the Microsoft case through GDPR data portability and the DMA to the agent era, distinguishes the Doubao fight from the decade-old 3Q War, and predicts on-device-agent governance will look less like classic antitrust and more like the ex-ante, conditional-use compliance model emerging for AI training data. For overseas counsel: a structural read on the platform-access war that on-device AI agents are about to intensify.