Skip to content
DCC · DATA COMPLIANCE CHINA China data law, for overseas counsel.
§ LAWS

AI & Algorithms · 人工智能与算法.

13 entries. The horizontal layer for models and algorithms, built mainly by the CAC and TC260 — algorithmic recommendation and its filing regime, deep synthesis, generative-AI services, AI content labeling, anthropomorphic-interaction rules, facial-recognition technology application, and automated-decision security — cutting across every sector of the general regime.

← All sectors / 全部分区

§ DEPARTMENTAL RULES

Departmental Rules .

部门规章 · CAC, MIIT, MPS and others

  • § 01

    Interim Measures for the Management of Generative Artificial Intelligence Services

    生成式人工智能服务管理暂行办法

    China's flagship generative-AI regulation — the first comprehensive national regulation of GenAI services anywhere in the world. Covers content compliance, training data quality, personal-information handling, security assessment and algorithm filing, real-name verification, and labeling. Applies to GenAI services provided to the Chinese public; some obligations are conditioned on consumer-facing deployment.

    CAC + 6 ministries (NDRC, MOE, MOST, MIIT, MPS, NRTA) Effective 2023-08-15
  • § 02

    Provisions on the Administration of Algorithmic Recommendation Services for Internet Information Services

    互联网信息服务算法推荐管理规定

    The first comprehensive Chinese regulation of recommendation algorithms. Establishes the algorithm filing regime, requires opt-out mechanisms, regulates personalized pricing and targeted advertising, sets special protections for minors and the elderly, and bans practices like price discrimination based on user characteristics. Applies to all algorithmic recommendation services available to the Chinese public.

    CAC, MIIT, MPS, SAMR Effective 2022-03-01
  • § 03

    Provisions on the Administration of Deep Synthesis of Internet Information Services

    互联网信息服务深度合成管理规定

    Regulates deepfakes and AI-driven content synthesis — the precursor to the GenAI Measures and the AI Content Labeling Measures. Requires real-name verification, content moderation, prominent labeling of synthesized content, prohibits use for fraud or disinformation, and establishes the deep synthesis service algorithm filing regime.

    CAC, MIIT, MPS Effective 2023-01-10
  • § 04 · AI Meteorological Services Measures

    Measures for Artificial Intelligence Meteorological Application Services

    人工智能气象应用服务办法

    Departmental rule (China Meteorological Administration / CAC Order No. 45) regulating the provision of meteorological application services using artificial intelligence. It establishes inclusive-prudential and tiered-classified supervision, sets out support-and-promotion measures (AI–meteorology fusion, basic databases and themed datasets, computing-power infrastructure, standards and talent), and imposes service norms: providers must obtain meteorological data through lawful channels carrying a meteorological-data identity tag, add AI-generated-content labels, and may not publish to the public weather forecasts, severe-weather warnings or meteorological-disaster early-warning signals other than those issued by meteorological-authority stations. It also requires algorithm filing and security assessment for services with public-opinion or social-mobilization capacity, and addresses data security, cross-border data transfer and penalties (fines up to RMB 50,000). Effective June 1, 2025.

    China Meteorological Administration; Cyberspace Administration of China Effective 2025-06-01
  • § 05

    Measures for the Labeling of AI-Generated and Composed Content

    人工智能生成合成内容标识办法

    The newest of China's AI rules — mandatory labeling for AI-generated and AI-composed content, including text, images, audio, video, and virtual scenes. Distinguishes between 'visible/audible labels' (for end users) and 'implicit labels' (metadata/watermarks for platforms). Applies to all platforms providing GenAI or deep synthesis services in China, with corresponding obligations on app stores and content distribution platforms.

    CAC, MIIT, MPS, NRTA Effective 2025-09-01
  • § 06 · FRT Filing Announcement

    Announcement on Carrying Out the Filing of Facial Recognition Technology Applications

    关于开展人脸识别技术应用备案工作的公告

    This May 2025 CAC announcement operationalizes the filing duty established under Article 15 of the Facial Recognition Technology Application Security Measures (CAC and MPS Order No. 19), which takes effect June 1, 2025. Personal information handlers that store facial information of 100,000 or more persons processed via facial recognition technology must file with the provincial-level cyberspace administration authority in their locality; those already at that threshold before June 1, 2025 have until July 14, 2025 to complete the initial filing. Filing is conducted exclusively online through the Personal Information Protection Business System at grxxbh.cacdtsc.cn, and any material change to filed information triggers a 30-working-day update obligation. Overseas counsel advising clients with operations or consumer-facing systems in China should note that the threshold is low by global standards and applies across sectors, making this a compliance priority for any deployment of biometric authentication, access control, or consumer identification at scale.

    Cyberspace Administration of China (CAC) Effective 2025-05-28
  • § 07

    Interim Measures for the Management of AI Anthropomorphic Interaction Services

    人工智能拟人化互动服务管理暂行办法

    China's first regulation specifically targeting AI 'anthropomorphic interaction' — services where users converse with AI personas (virtual companions, chatbot relationships, character AI). Establishes registration requirements, age-verification and minor-protection obligations, mandatory disclaimers that users are interacting with AI, content moderation duties, and prohibitions on exploiting emotional vulnerabilities. Effective July 15, 2026. The first such regime globally.

    CAC, NDRC, MIIT, MPS, SAMR Effective 2026-07-15
  • § 08 · FRT Measures

    Administrative Measures for the Application Security of Facial Recognition Technology

    人脸识别技术应用安全管理办法

    The dedicated CAC + MPS rule for facial-recognition technology applications, implementing PIPL Articles 26 and 28–32 and the Civil Code privacy chapter. Covers the three governing principles of minimum-use, voluntary choice, and minimum-storage; the filing regime for processors handling face data of more than 100,000 persons; mandatory PIPIA, signage, prohibition on FRT in private spaces (changing rooms, bathrooms, hotel rooms); preference for authoritative ID-verification channels over independent FRT collection; and the inter-agency coordination structure under CAC + MPS.

    Cyberspace Administration of China (CAC) and Ministry of Public Security (MPS) Effective 2025-06-01
  • § 09 · AI Ethics Review Measures (Trial)

    Measures for the Ethics Review of and Services for Artificial Intelligence Science and Technology (Trial)

    人工智能科技伦理审查与服务办法(试行)

    China's first dedicated departmental rule on AI-specific science-and-technology ethics review, issued jointly by MIIT, NDRC, MOE, MOST, NHC, PBOC, the CAC, and three other bodies. It requires every organization running qualifying AI research or development to stand up an ethics committee spanning technical, application, ethics, and legal expertise, and routes proposals through general, expedited, or emergency review tracks against six review criteria: wellbeing, fairness, controllability, transparency, traceability, and privacy. Its sharpest feature is a closed list of three high-risk activity categories — strongly influential human-machine fusion systems, algorithms with public-opinion mobilization capability, and highly autonomous automated decision systems in safety-critical settings — that must clear a mandatory expert re-review on top of the ordinary committee sign-off. Violations are enforced through the underlying CSL, DSL, PIPL, and Science and Technology Progress Law rather than through standalone penalties in this rule. Overseas counsel advising China-facing AI developers should treat this as the operational rulebook for internal AI ethics governance structures, not merely an academic-research formality.

    Ministry of Industry and Information Technology (MIIT) and nine other departments Effective 2026-03-20
  • § 10 · Platform Pricing Rules

    Rules on Pricing Conduct by Internet Platforms

    互联网平台价格行为规则

    A joint NDRC/SAMR/CAC rule (29 articles, five-year mandate) that regulates how e-commerce and service platforms set, display, and compete on price. It is fundamentally a pricing and anti-monopoly instrument, not a data-protection one — but Article 15 is the first pricing-level ban on algorithmic price discrimination against existing users (大数据杀熟), barring platforms from using data and algorithms to charge different prices for the same good or service under equivalent transaction conditions based on a consumer's willingness or ability to pay, or their consumption preferences and habits, without the consumer's knowledge. Article 24 also requires platforms to fold personal-information handling and algorithm filing into their internal price-compliance system. DCC catalogues it as background for briefs on algorithmic pricing and platform data practices, not as a standalone data-protection statute.

    National Development and Reform Commission (NDRC), State Administration for Market Regulation (SAMR), and Cyberspace Administration of China (CAC) Effective 2026-04-10
  • § 11 · AI Agent Implementation Opinions

    Implementation Opinions on the Standardized Application and Innovative Development of AI Agents

    智能体规范应用与创新发展实施意见

    CAC, NDRC, and MIIT's joint policy blueprint for AI agents (智能体) — autonomous systems that perceive, remember, decide, and act — sets 38 initiatives to grow the industry while keeping it 'safe and controllable.' Most of the document is industrial promotion outside DCC's scope, but Part Three sets the first governance-specific requirements for agents: boundaries between decisions users must make themselves, decisions requiring user authorization, and decisions an agent may make autonomously; agent-specific technical duties on data security, personal information protection, and anti-data-poisoning defenses; and a tiered, risk-based governance framework that layers filing, testing, and product-recall obligations onto agent deployments in sensitive sectors. It is a policy opinion, not a binding rule with penalty provisions, but it signals where CAC's next agent-specific rulemaking is headed. Overseas counsel advising on agentic AI products aimed at the China market should treat it as an early map of the compliance architecture to come.

    Cyberspace Administration of China (CAC), National Development and Reform Commission (NDRC), and Ministry of Industry and Information Technology (MIIT) Effective 2026-05-08
§ NATIONAL STANDARDS

National Standards .

国家标准 · GB/T, TC260

  • § 01 · GB/T 45392

    Data Security Technology — Security Requirements for Automated Decision-Making Based on Personal Information (GB/T 45392-2025)

    数据安全技术 基于个人信息的自动化决策安全要求 (GB/T 45392-2025)

    GB/T 45392-2025 is a recommended national standard setting security requirements for automated decision-making (自动化决策) that is based on personal information. It operationalizes PIPL's automated-decision-making rules — transparency, fairness, the prohibition on unreasonable differential treatment, opt-out for personalized push and marketing, and the right to an explanation and to refuse decisions made solely by automated means. It is a 2025 'Data Security Technology' series standard that complements the algorithmic-recommendation regime.

    Standardization Administration of China; National Information Security Standardization Technical Committee (TC260)
§ DRAFTS IN CONSULTATION

Drafts in Consultation .

征求意见稿

  • § 01 · Digital Virtual Human Measures (Draft) · DRAFT

    Measures for the Administration of Digital Virtual Human Information Services (Draft for Public Consultation)

    数字虚拟人信息服务管理办法(征求意见稿)

    CAC's first dedicated regime for 'digital virtual humans' — human-driven or computation-driven digital avatars used to deliver Internet information services. The 27-article draft assigns obligations across five roles in the value chain (providers, technical-support parties, users, content-distribution platforms, and the real person behind a human-driven avatar) and bans a defined list of harmful conduct alongside a persistent, on-screen 'digital human' labeling duty. Its most consequential feature for overseas counsel: withdrawing consent to use of one's biometric data for avatar creation obliges the provider not just to delete the data but to affirmatively deregister the digital virtual human itself. It also bars virtual 'intimate relationships' marketed to minors and restricts manipulative retention tactics in AI anthropomorphic interaction. Comments closed May 6, 2026; the effective date is still blank in the draft.

    Cyberspace Administration of China (CAC)
§ SUBSCRIBE

The Monday brief.

One short email every Monday. New briefs on Chinese data-compliance rules from the previous week, with the source law cited.

Opt-in only. Unsubscribe anytime by replying "unsubscribe" to any issue.

SUPPORT DCC

Keep the publication free to read. Suggested support is $19.99, or choose your own amount.

Support →