China Draft AI Law

Applies To

Overview

China has been developing a comprehensive AI law at the national legislative level through the National People's Congress Standing Committee (NPC-SC). The drafting process has proceeded in parallel with China's existing piecemeal AI regulatory instruments, including the Interim Measures for the Management of Generative AI Services, the Provisions on the Management of Algorithmic Recommendations, and the Measures for the Management of AI-Generated Content. Unlike these sector-specific or technology-specific regulations, the proposed AI law is intended to provide a unified legal framework governing the full lifecycle of AI, from research and development through deployment and post-market monitoring. While no official draft text has been publicly released as of mid-2025, legislative planning documents and NPC-SC work plans have confirmed the law is in active development. Expected provisions include a risk classification system, obligations for AI providers and users, data governance requirements, liability allocation, and State supervision mechanisms. The law is anticipated to interact with and potentially supersede or consolidate aspects of existing AI-specific regulations. Enterprises operating in China or providing AI products and services to Chinese customers should treat the draft law as a material legislative risk requiring active monitoring. The timeline for finalisation and enactment remains uncertain.

Key Requirements

• •No binding obligations have been issued under this instrument as it has not yet been enacted
• •Expected to establish a tiered risk classification system for AI systems, analogous in structure to the EU AI Act
• •Anticipated to impose obligations on AI developers, providers, and deployers covering safety assessment, registration, documentation, and ongoing monitoring
• •Likely to include explicit liability provisions allocating responsibility among AI supply chain participants
• •Expected to require State approval or notification for high-risk AI systems prior to deployment
• •Anticipated data governance requirements will interact with existing obligations under the Personal Information Protection Law (PIPL) and Data Security Law (DSL)
• •Public sector and critical infrastructure AI applications expected to face heightened requirements

What Your Organization Must Do

• →Designate a regulatory intelligence function to monitor NPC-SC legislative work plans and official Xinhua announcements for draft text publication and consultation periods
• →Map your organisation's China AI supply chain now, identifying which entities will likely qualify as developers, providers, or deployers under anticipated definitional structures
• →Conduct a preliminary risk tiering exercise against your China AI portfolio using the EU AI Act and existing Chinese AI regulations as proxies for anticipated classification logic
• →Engage local legal counsel in China to participate in any public consultation periods once a draft is released, given the strategic importance of comment submissions
• →Review contractual arrangements with Chinese AI vendors and partners to identify where liability allocation clauses may need revision once the law's liability provisions are confirmed
• →Incorporate China AI law monitoring into enterprise regulatory horizon scanning reports presented to the chief compliance officer and board risk committee