How do we comply with China's AI regulations?

China's AI regulatory framework is not a single law — it is a stack of purpose-specific regulations, each administered by the Cyberspace Administration of China (CAC), that layer on top of each other depending on the type of AI system involved. Understanding which layer applies to which product is the first compliance task.

The Algorithm Recommendation Regulations (算法推荐管理规定, effective March 2022) govern any service that uses algorithmic recommendation to select or rank content shown to users — including news feeds, product recommendations, and search results. Providers must file with the CAC through the algorithm filing system, disclose the existence of recommendation algorithms to users, and provide an opt-out mechanism. This regulation applies broadly across consumer-facing AI products, not just generative AI.

The Deep Synthesis Regulations (互联网信息服务深度合成管理规定, effective January 2023) govern any service that generates or significantly alters images, audio, video, or text using AI — including text-to-image, voice cloning, face swapping, and AI-generated avatars. Providers must watermark or label synthetic content, require real-name verification for users generating synthetic media of real people, and maintain logs sufficient to identify who generated specific synthetic content. The scope is broad: if your product allows users to generate or significantly modify media, these rules apply.

The Generative AI Service Regulations (生成式人工智能服务管理暂行办法, effective August 2023) are the most operationally demanding for AI providers. Services offering publicly accessible generative AI capabilities — including text generation, code completion, image generation, and multimodal outputs — must complete a security assessment before launch, register with the CAC, and comply with an ongoing set of content and safety obligations. The regulations explicitly apply to foreign services accessible to users in China.

The Measures for the Administration of AI-Generated Synthesized Content (AI生成内容管理措施, 2024 draft, implementing provisions ongoing) add further content governance requirements for AIGC specifically, reinforcing labeling, provenance tracking, and user disclosure obligations across all generative AI outputs.

For organizations deploying generative AI services accessible to Chinese users, the security assessment (安全评估) is the most substantial compliance obligation. This is not a self-certification — it is a documented review that must cover training data sources and their compliance with Chinese content requirements, content filtering and safety testing mechanisms with evidence of their effectiveness, user authentication and real-name verification implementation, data storage and protection measures compliant with Chinese data laws, and mechanisms for handling user complaints and government data requests.

The security assessment must be completed and filed with the CAC before the service is made publicly accessible. The CAC reviews the filing and may request additional information or modifications. Organizations that provide false or incomplete information in the assessment face significant penalties. International organizations should expect the process to require Mandarin-language documentation and, for complex services, engagement with a China-qualified legal advisor who can navigate CAC requirements.

The algorithm filing system (算法备案) is separate from the security assessment and applies more broadly, including to non-generative AI recommendation systems. Filings must be renewed annually and updated when significant changes are made to the algorithm. The CAC publishes a public register of filed algorithms, so a filed algorithm is visible to the public and to regulators. Failure to file is publicly detectable and has been the basis for regulatory enforcement.

For organizations headquartered outside China, the practical challenge is that CAC processes are designed for domestic entities. International companies typically engage a Chinese legal entity, a WFOE (wholly foreign-owned enterprise), or a local partner to act as the filing entity. The filing entity takes on legal responsibility for compliance, which has implications for how the international parent structures the relationship.

Content obligations under China's AI regulations are more extensive than in most Western frameworks, reflecting the CAC's dual role as a technical safety regulator and a content regulator. AI-generated content must not threaten national security, undermine socialist values, spread disinformation, or harm social order — obligations that go significantly beyond the safety and accuracy requirements in EU or US frameworks. Compliance programs must account for this content dimension, not just technical safety.

Labeling obligations apply broadly: AI-generated images must carry a visible watermark or disclosure label. AI-generated audio and video must carry audible or visible labels. AI-generated text in certain contexts (news, information services) must be disclosed. The technical standards for labeling have been developed by the CAC and associated bodies, and organizations must implement compliant labeling rather than ad hoc disclosure. For multi-modal generative AI products, labeling must apply to each output type independently.

User data obligations intersect with the Personal Information Protection Law (PIPL) and the Data Security Law, which impose localization, minimization, and consent requirements on personal data processed in China. For AI systems trained on or processing Chinese user data, these laws require that certain categories of data remain stored within China and that cross-border transfers undergo a formal security assessment under PIPL. Organizations using globally unified AI infrastructure must assess whether their architecture complies with Chinese data localization obligations or whether a separate Chinese deployment is required.

Ongoing compliance requires a named China compliance owner who monitors CAC guidance, responds to regulatory inquiries, manages annual algorithm filing renewals, and maintains the security assessment on file. The CAC updates technical standards and interpretive guidance frequently, and requirements that were clear at the time of initial filing may be revised. Building a monitoring process — including subscriptions to CAC official publications and engagement with local counsel — into the compliance program from the start is significantly cheaper than scrambling to catch up after a regulatory inquiry.