Chapter 1: Regulatory Overview
1.1 China's Approach to AI Regulation
China has adopted a sectoral, regulation-by-regulation approach to governing artificial intelligence. Unlike the European Union's single comprehensive AI Act, China has enacted a series of targeted, binding regulations addressing specific AI technologies and use cases: algorithmic recommendation, deep synthesis (deepfakes), generative AI, and AI content labeling. Each regulation carries the force of law and is actively enforced.
This approach is characterised by speed and specificity. China was among the first jurisdictions in the world to enact binding AI-specific regulations, beginning in 2022. The regulatory framework is built on top of three foundational data and cybersecurity laws — the Cybersecurity Law (2017), the Data Security Law (2021), and the Personal Information Protection Law (2021) — which together provide the baseline for data governance, cross-border transfer, and individual rights.
There is no single comprehensive AI law in China as of June 2026. However, reports indicate that a unified AI Law is under development by legislative authorities. Until such a law is enacted, compliance requires navigating the existing web of sectoral regulations, national standards, and administrative measures.
1.2 Regulatory Timeline
| Date | Instrument | Status |
|---|---|---|
| 1 June 2017 | Cybersecurity Law (Wangluo Anquan Fa) | In force |
| 1 September 2021 | Data Security Law (Shuju Anquan Fa) | In force |
| 1 November 2021 | Personal Information Protection Law (Geren Xinxi Baohu Fa) | In force |
| 1 March 2022 | Provisions on the Management of Algorithmic Recommendations in Internet Information Services (Hulianwang Xinxi Fuwu Suanfa Tuijian Guanli Guiding) | In force |
| 10 January 2023 | Provisions on the Management of Deep Synthesis in Internet Information Services (Hulianwang Xinxi Fuwu Shenceng Hecheng Guanli Guiding) | In force |
| 15 August 2023 | Interim Measures for the Management of Generative Artificial Intelligence Services (Shengchengshi Rengong Zhineng Fuwu Guanli Zanxing Banfa) | In force |
| 1 September 2025 | Provisions on Labeling of AI-Generated Synthetic Content (Rengong Zhineng Shengcheng Hecheng Neirong Biaoshi Banfa) | In force |
| 1 November 2025 | GB/T 44732-2024: Basic Safety Requirements for Generative AI Services (national standard) | In effect |
| 1 November 2025 | GB/T 44914-2024: Safety Requirements for AI-Generated Synthetic Content (national standard) | In effect |
| 1 November 2025 | GB/T 44842-2024: Labeling Method for AI-Generated Synthetic Content (national standard) | In effect |
| 1 January 2026 | Cybersecurity Law amendment (Article 42-A: automated content management obligations) | In force |
| August 2025 | "AI+" Initiative (State Council action plan for AI integration across industries) | Policy guidance |
1.3 Key Regulatory Bodies
Cyberspace Administration of China (CAC / Guojia Hulianwang Xinxi Bangongshi): The lead regulator for AI governance. CAC administers algorithm filing, generative AI service assessments, deep synthesis oversight, and content labeling compliance. CAC issued the Algorithm Recommendation Provisions, Deep Synthesis Provisions, Generative AI Interim Measures, and Content Labeling Rules.
Ministry of Industry and Information Technology (MIIT / Gongye he Xinxihua Bu): Oversees telecommunications, internet infrastructure, and industrial AI applications. Co-regulator on algorithm and generative AI matters. Responsible for AI standards development alongside TC260.
Ministry of Science and Technology (MOST / Kexue Jishu Bu): Leads AI research and development policy, ethics guidelines, and innovation programmes. Published the New Generation AI Ethics Code (2021).
State Administration for Market Regulation (SAMR / Guojia Shichang Jiandu Guanli Zongju): Enforces competition law, product quality, and advertising standards as they apply to AI systems. Co-regulator on algorithm and generative AI matters.
National Information Security Standardization Technical Committee (TC260 / Quanguo Xinxi Anquan Biaozhunhua Jishu Weiyuanhui): Develops national standards (GB/T series) for AI safety, content labeling, and data security. The three GB/T standards effective November 2025 were developed by TC260.
Ministry of Public Security (MPS / Gongan Bu): Enforces cybersecurity and data security provisions. Investigates criminal violations.
1.4 Scope of Application
The Generative AI Interim Measures apply to the provision of generative AI services to the public within the territory of the People's Republic of China (Article 2). The Algorithm Recommendation Provisions and Deep Synthesis Provisions similarly apply to the provision of relevant internet information services within China.
Key scope considerations:
- Services provided to the public within China are covered, regardless of where the provider is incorporated
- Services used solely for internal purposes (not provided to the public) are generally outside the scope of the Generative AI Measures but may still fall under the Cybersecurity Law, Data Security Law, and PIPL
- Research and development activities that do not result in public-facing services have lighter obligations under the Generative AI Measures (Article 2)
- Foreign AI services accessible to users in China are subject to these regulations in principle, though enforcement mechanisms for purely offshore providers remain evolving
1.5 Relationship Between Regulations
The four core AI regulations are cumulative, not alternative. A generative AI service that uses algorithmic recommendation and produces synthetic content may be subject to all four instruments simultaneously:
- Algorithm Recommendation Provisions — if the service uses algorithms to recommend content to users
- Deep Synthesis Provisions — if the service generates or edits text, images, audio, or video
- Generative AI Interim Measures — if the service provides generative AI capabilities to the public
- Content Labeling Rules — if the service produces AI-generated or AI-modified content
The three foundational laws (CSL, DSL, PIPL) apply as baseline obligations in all cases.
Want to monitor your AI compliance automatically? Try AIOS — your AI compliance OS. https://mmoww.net/ai/app/
Quick Decision Matrix
Use this matrix to determine your AI compliance obligations.
| Your Situation | Risk Level | Priority Action | Go To |
|---|---|---|---|
| Deploying AI that affects employment decisions | High | Impact assessment required | Chapter 3 |
| Using AI for customer-facing services | Medium-High | Transparency obligations apply | Chapter 4 |
| Internal AI tools (analytics, automation) | Medium | Document and monitor | Chapter 5 |
| AI in regulated sector (finance, health) | High | Sector-specific rules apply | Chapter 3 |
| Procuring AI from third-party vendor | Medium | Vendor due diligence needed | Chapter 5 |
| Just exploring AI for the first time | Low | Start with governance framework | Chapter 2 |
5-second answer: If your AI system makes decisions that affect people, you have compliance obligations. Start with Chapter 2 for the regulatory framework, then Chapter 3 for your specific obligations.