China AI Note

Mainland China –

• Cybersecurity Law of the People's Republic of China (“Cybersecurity Law”) [IN FORCE]

• Data Security Law of the People's Republic of China (“Data Security Law”) [IN FORCE]

• Personal Information Protection Law of the People's Republic of China (“PIPL”) [IN FORCE]

• Administrative Measures on Internet-based Information Services [IN FORCE]

• Administrative Provisions on Recommendation Algorithms in Internet-based Information Services [IN FORCE]

• Administrative Provisions on Deep Synthesis in Internet-based Information Services [IN FORCE]

• Interim Measures for the Management of Generative Artificial Intelligence Services [IN FORCE]

• Technology Ethics Review Measures (Trial) [IN FORCE]

• Regulation on Network Data Security Management [IN FORCE]

• Measures for the Labeling of AI-Generated Synthetic Content [IN FORCE]

• The mandatory national standard GB 45438-2025, Cybersecurity Technology—Labeling Method for Content Generated by Artificial Intelligence [IN FORCE]

• TC260-003 guidelines, Basic Security Requirements for Generative Artificial Intelligence Service [IN FORCE]

• The recommended national standard GB/T45654—2025, Cyber Security Technology—Basic Security Requirements for Generative Artificial Intelligence Service [IN FORCE]

In China, AI is governed through a layered and risk-based regulatory framework rather than as a single consolidated legal category. This regime is anchored in generally applicable foundation laws, including the Cybersecurity Law, Data Security Law, and Personal Information Protection Law (PIPL), which impose baseline obligations on data handling, system security, and cross-border transfers.
Building upon this foundation, China has developed a suite of targeted administrative rules to address specific technological functions. While the Generative AI Measures establish the primary framework for content safety and security assessments, they are supported by more granular regulations. The typical examples are the Administrative Provisions on Deep Synthesis, which govern AI-generated materials that could obscure reality, and the AI Content Labeling Measures (set to take effect in September 2025). The latter, supported by mandatory national standards (e.g., GB 45438-2025), introduces differentiated explicit and implicit labeling obligations to ensure AI-generated content is identifiable to the public.
Furthermore, regulatory attention has recently shifted toward advanced interactive risks. The Interim Measures for the Management of Anthropomorphic AI Interactive Services (draft for comments), released in late 2025, signal a new focus on AI systems that simulate human emotions, personalities, or social interactions. These draft rules aim to mitigate risks such as user manipulation, emotional dependency, and cognitive autonomy. Collectively, these measures, along with requirements for Algorithm Filing and Technology Ethics Reviews, create a dense compliance web that operationalizes high-level principles.
Beyond these requirements, sector-specific regulators (e.g., in the education, healthcare, and automotive sectors) continue to publish specialized guidelines to outline unique risk profiles in sensitive domains. In the longer term, a unified Artificial Intelligence Law remains under legislative discussion to provide greater coherence across these diverse instruments, though its final introduction timeline remains uncertain.
Regarding the attribution of liability to legal entities for AI-generated outputs or errors, China has yet to establish a specialized statutory regime. Instead, liability is determined pursuant to the principles of general tort law and the Civil Code. Courts and regulators increasingly evaluate whether service providers have fulfilled their duty of care and implemented reasonable technical safeguards, such as proactive monitoring and remediation mechanisms, rather than relying solely on boilerplate disclaimers. Notably, under Article 69 of the PIPL, a fault-presumption standard applies if the AI-related harm involves personal information infringement.
Beyond these cross-sectoral requirements, some sector-specific regulators (e.g., in the education and healthcare sectors) have also published specialized guidelines. These guidelines outline unique risk profiles and specific applications associated with AI applications in sensitive domains.
Regarding the attribution of liability to legal entities for AI-generated outputs, decisions, or errors, China has yet to establish a specialized statutory regime. Instead, liability is determined pursuant to the principles of general tort law, with the specific circumstances of each case dictating the allocation of responsibility.

According to the 2025 Legislative Work Plan issued by the State Council of the PRC, a unified AI Act is unlikely to be introduced in the near future. China is instead continuing to advance legislative efforts aimed at promoting the healthy development of AI. Several AI-related regulations have completed the public consultation process but have not yet been formally issued, and are expected to be promulgated in the near future following the incorporation of feedback received during consultation. Key pending AI-related regulations include:

• Measures for the Administration of AI Science and Technology Ethics (Trial) (“AI Ethics Measures”) were published in August 2025, setting out ethics review requirements for AI scientific and technological activities, including the responsible entities, registration and reporting obligations, key review focus areas, and review procedures. The AI Ethics Measures are intended to apply to AI scientific R&D activities conducted within mainland China that may pose ethical risks in areas such as life and health, human dignity, the ecological environment, public order, and sustainable development, as well as other activities that are legally required to undergo AI ethics review.

• Interim Measures for the Administration of Anthropomorphic Interaction AI Services (“Anthropomorphic Interaction AI Measures”), released in December 2025, specifically target AI anthropomorphic interaction services, i.e., products or services that simulate human personality traits, thinking patterns and communication styles to engage in emotional interaction with users through text, images, audio or video. The draft measures require providers to implement user notification and intervention mechanisms aimed at mitigating risks of user confusion, emotional dependence, or physical harm (including self-harm or suicide).

Given that the design, deployment, and application of AI inherently implicate critical compliance areas such as cybersecurity, data security, and personal information protection, higher-level statutes—such as the PIPL, the Cybersecurity Law, and the Data Security Law—stipulate overarching obligations that extend beyond AI-specific rules. These foundational laws mandate the strict protection of personal data, cybersecurity, and data security throughout the AI lifecycle.
Additionally, traditional legal frameworks governing intellectual property and fair competition—primarily established within the Civil Code of the People's Republic of China, the Copyright Law of the People's Republic of China, and the Anti-Unfair Competition Law of the People's Republic of China —apply equally to AI operations.
In China, AI-specific regulations apply the principles of these laws by setting clear rules for the AI industry. For example, requirements for algorithm transparency and content labeling are simply designed to protect users' right to know. Similarly, the duty to block illegal content just continues China's long-standing content safety standards.

Under the Generative AI Measures and the PIPL, any generative AI services offered to the public within the territory of the People's Republic of China must comply with relevant Chinese laws. In practice, if an AI system is easily accessible and usable in China without restrictions (such as IP blocks or phone number verification), it may be deemed as targeting the Chinese market and thus subject to mandatory regulatory requirements of Chinese AI laws.
Due to this "targeting" standard, cross-border AI deployments must adhere to Chinese regulations whenever their service scope involves China—even if the training data, computing resources, and model infrastructure are located across multiple foreign jurisdictions.

In China, the Cyberspace Administration of China (CAC) serves as the primary regulator for both personal information protection and AI supervision within Mainland China. Local CAC branches have enforced several AI-related cases grounded in AI-specific legislation. A notable example is the November 2024 "Qinglang" special campaign—Combating the Abuse of AI Technology—jointly launched by the CAC and other authorities. Enforcement highlights include: (i) generative AI products providing public services without the required filing or registration; (ii) the dissemination or sale of tutorials and tools for unauthorized generative AI development; (iii) inadequate management of training data; and (iv) the propagation of AI-generated illegal content, such as rumors.
Notably, AI-specific legislation does not directly specify the liabilities for specific illegal or criminal activities. Instead, these regulations require penalties in accordance with other relevant laws and regulations, such as the Cybersecurity Law, the Data Security Law, and the PIPL. Furthermore, they emphasize that criminal liabilities should be pursued if the violation constitutes a crime.
Chinese courts have adjudicated several landmark AI cases, primarily focusing on intellectual property (IP) rights (e.g., the copyrightability of AI outputs and protection of personality/voice rights), personal information infringements, and "AI-assisted cheating" involving computer system interference. Unlike administrative enforcement, the legal basis for these civil rulings typically rests on general statutes rather than AI-specific rules.
In summary, China has established a functional liability framework in the administrative sphere by linking AI-specific legislation with foundational laws like the PIPL. However, in the realm of civil liability, the legal landscape remains reliant on general frameworks such as the Civil Code.

Currently, there are no laws or regulations specifically addressing the allocation of liability for harm caused by AI systems. Therefore, the responsibility for harm caused by an AI system is determined based on the principles of general civil tort law and the specific circumstances of each case.
According to the Civil Code, the party responsible for damage is determined based on the fault that caused the harm. This fault can be attributed to the developer, the deployer, and the user. If multiple parties contribute to the damage, they are held individually liable for their respective share. In cases where determining individual responsibility is impossible, joint and several liability may be imposed. The victim’s fault or events such as force majeure may partially or completely absolve the party responsible for the damage.
In general, the Civil Code permits parties to limit or exclude liability by contract reasonably. However, any clause that purports to exclude liability for personal injury, or for property damage caused by wilful misconduct or gross negligence, will be deemed invalid. In the context of AI products or services, service terms pre-drafted by service providers probably constitute standard terms. If the provider fails to draw the users’ attention to and adequately explain liability limitation or exclusion clauses, such clauses may be deemed not incorporated into the contract. Moreover, where such clauses unreasonably exclude or mitigate the provider’s liability, increase the users’ liability, or restrict the users’ principal rights, they may be held invalid.
There is ongoing debate within the academic and practical communities regarding the liability for defective AI systems, which remains one of the most significant unresolved questions in that allocation framework.

• One view is that product liability under the Product Quality Law should apply. On this approach, AI developers would be held liable for damage caused by defects in their products on a no-fault basis, unless they can rely on a statutory defence, such as the defect being undetectable with current scientific and technical knowledge.

• Others believe that the aforementioned approach may lead to an unlimited expansion of liability, potentially hindering technological innovation. As an alternative, they advocate a fault-based regime, under which AI developers would be liable for infringement of others’ civil rights only to the extent of their fault, with fault-presumption or strict liability applied only in limited circumstances expressly provided by law.

In China, AI-related requirements under applicable laws and regulations are further clarified through national standards and technical guidelines, which complement the existing legal and regulatory framework. Such standards and documents may be either mandatory or recommended in nature. These guidelines facilitate the interpretation and implementation of applicable laws and regulations, support AI service providers in assessing the compliance of their services, and serve as a reference for competent authorities when evaluating the safety of services in regulatory procedures such as LLM launch filings, thereby effectively bridging gaps not fully addressed by binding rules.
For example, in the case of generative AI services, which are a key regulatory focus in China, relevant standards and guidelines are typically issued by the National Information Security Standardization Technical Committee (TC260), including but not limited to:

• The mandatory national standard GB 45438-2025, Cybersecurity Technology – Labeling Method for Content Generated by Artificial Intelligence, was released in February 2025 and took effect on September 1, 2025. As a supporting standard to the Measures for the Labeling of AI-Generated Synthetic Content, it specifies detailed methods and provides examples for labeling various types of AI-generated content, including explicit labels for AI-generated content and interactive interfaces, as well as implicit labels embedded in the metadata of AI-generated files.

• The Basic Security Requirements for Generative Artificial Intelligence Service (“TC260-003 guidelines”) released on February 29, 2024, specifies the basic security requirements for generative AI services. This guideline serves as an important reference in the security assessment process during the LLM launch filing and covers aspects such as training data security, model security, security measures, and criteria for security assessments.

• The recommended national standard GB/T45654-2025, Cyber Security Technology - Basic Security Requirements for Generative Artificial Intelligence Service, was released in April 2025 and took effect on November 1, 2025. It further refines the requirements set out in the TC260-003 guidelines and introduces several additional provisions, such as security mechanisms for on-device large models, requirements for refusal to answer inappropriate questions, and specifications for the regular updates of test question banks.

In light of the regulatory focus on generative AI services in China, applicable laws and regulatory guidance set out specific requirements for the safety management of training data used to develop or optimise such services. Under Article 7 of the Generative AI Measures, providers conducting training data processing activities are required to: (i) use data and underlying models from lawful sources; (ii) refrain from infringing the intellectual property rights of others; (iii) where personal information is involved, obtain valid consent or otherwise rely on a lawful basis under applicable laws and regulations; (iv) improve data quality and enhance the authenticity, accuracy, objectivity and diversity of training data; and (v) comply with other applicable legal and regulatory requirements. In addition, the TC260-003 guidelines further elaborate on these requirements by setting out more detailed safety expectations across source security, content safety, and annotation security. In practice, generative AI service providers are required to assess the safety of training data against these requirements in the context of LLM launch filings.
Inferences, profiles or predictions generated by AI should comply with applicable content safety and ethical requirements, and should not be unlawful, discriminatory, or infringe the lawful rights and interests of others. For algorithmic services used to recommend general content to users, the Algorithm Recommendation Regulations require providers to strengthen the management of user models and user labels, and prohibit the use of illegal or harmful information as user interests or labels for recommendation purposes. In addition, the TC260-003 guidelines require providers of generative AI services with heightened safety requirements—such as automated control, medical information services, psychological counselling, and critical information infrastructure—to adopt measures to prevent the generation of inaccurate content (i.e., content that significantly deviates from scientific consensus or mainstream understanding) or unreliable content (i.e., content that, while not materially incorrect, fails to provide meaningful assistance to users).
Under PRC law, automated decision-making (ADM) is regulated from the perspectives of personal information protection and algorithm governance. According to Article 73 of the PIPL, ADM refers to activities carried out through computer programs that automatically analyse and evaluate an individual’s behavioural patterns, interests, or economic, health or credit status, and make decisions accordingly. Where ADM involves personal information, the PIPL requires that: (i) ADM is conducted in a transparent and fair manner, and individuals are not subject to unreasonable differential treatment in transaction terms, such as pricing; (ii) for information push or commercial marketing, individuals should be provided with non-personalised options or a convenient opt-out mechanism; and (iii) where decisions made by ADM have a material impact on individuals’ rights and interests, individuals have the right to request an explanation and to refuse decisions solely made by ADM. In addition, algorithms used to support ADM—such as those for personalised recommendations, ranking, and dispatching decisions (e.g., route planning and resource allocation)—are regulated under the Algorithm Recommendation Regulations, and relevant service providers are required to complete algorithm filing with the CAC.

In the employment context, existing AI-related regulations primarily focus on the impact on workers’ rights. Under Article 20 of the Algorithm Recommendation Regulations, where algorithms are used to provide work allocation or scheduling, service providers are required to (1) safeguard workers’ lawful rights and interests, including the right to remuneration and rest; and (2) establish and refine algorithmic mechanisms governing employee management, including but not limited to order allocation, remuneration structure and payment, working hours, rewards and penalties.
In addition, the use of AI in hiring, performance management, and other employment-related decision-making must avoid discriminatory outcomes. Judicial practice has made clear that factors such as region or gender, where unrelated to the inherent requirements of the working role, cannot serve as a basis for employment decisions. Reliance on such factors may constitute unlawful employment discrimination. The use of AI systems in these contexts may further amplify such discriminatory effects, and therefore requires appropriate human oversight and intervention in practice.
Moreover, where employers use AI to make decisions that have a material impact on candidates or employees or, such as hiring, performance evaluation, or termination, they are required to ensure compliance with ADM requirements under the PIPL. This includes providing individuals with the right to request an explanation and to challenge such decisions, as well as the right to opt out of decisions made solely through ADM and to request human intervention as an alternative.

Under PRC law, AI exposes growing strain within existing legal frameworks, particularly with respect to the ownership of AI-generated content and the allocation of liability for AI-related harm.

• Ownership of AI-Generated Content. The current Copyright Law is premised on a human authorship paradigm. However, the rise of AI challenges this foundation. In particular, whether AI-generated content qualifies as a “work” under copyright law, and whether the relevant rights should be attributed to the developer, the user, or another party, remains unsettled in judicial practice. Divergent approaches have emerged across cases, reflecting underlying uncertainty as to how existing copyright doctrines should accommodate AI-generated content.

• Liability Allocation for Harm Caused by Defective AI Systems. Traditional tort law typically requires a clear line of causation between conduct and harm. By contrast, the “black box” nature of AI systems makes it difficult for victims to establish causation between the acts or omissions of developers or service providers and the resulting damage. As noted in Question B5, both academic and practical debates remain ongoing as to the appropriate liability framework. In particular, there is no consensus on whether such cases should be addressed under traditional fault-based liability, or strict liability regimes from product liability.