Regulación de IA en China

Why "China regulates AI with a heavy hand" misses what actually matters The most common framing of Chinese AI regulation describes it as state-heavy, content-controlled, and disconnected from the rights-based AI regulation evolving in Europe and North America. The framing…

Resumen ejecutivo

Why «China regulates AI with a heavy hand» misses what actually matters

The most common framing of Chinese AI regulation describes it as state-heavy, content-controlled, and disconnected from the rights-based AI regulation evolving in Europe and North America. The framing captures part of the political context and misses the operational reality. China has built the most operationally mature AI regulatory regime in the world. Its instruments are specific, layered, and enforceable. They produce real compliance behavior. They are followed not just by domestic Chinese AI providers but by every multinational company that serves Chinese consumers, processes Chinese data, or operates AI services accessible from Chinese territory.

The dominant narrative reads Chinese AI regulation as politically motivated content control wearing the clothes of technical regulation. The reading captures one dimension and obscures the others. China’s regulatory framework was built deliberately, in successive waves, to address AI as it actually evolves rather than as a single abstract category. The 2021 Algorithmic Recommendation Provisions addressed concerns about social media recommendation algorithms. The 2022 Deep Synthesis Provisions addressed deepfakes and synthetic media. The 2023 Generative AI Measures addressed large language models and generative content services. The 2025 AIGC Labelling Measures addressed the operational gap between content generation and consumer recognition. Each layer was designed for the specific technology it regulates. The architecture matches the technology stack.

What Chinese AI regulation actually is, then, is a technology-stack-aware regulatory regime with three structural features that distinguish it from EU comprehensive regulation, US executive-order architecture, and UK principles-based delegation. First, it regulates by technology layer rather than by risk category. Where the EU AI Act creates four risk tiers across all AI uses, China creates separate instruments for recommendation algorithms, deep synthesis, and generative AI, each with provisions tailored to that technology’s specific characteristics. Second, it operates through mandatory ex-ante registration. The Algorithm Registry requires AI services with «public opinion or social mobilization capabilities» to register algorithm mechanisms, undergo security assessment, and obtain approval before launch. This is a stronger form of regulatory gatekeeping than any other major jurisdiction operates. Third, it integrates AI regulation with the foundational data protection regime (CSL, DSL, PIPL) and with content control regimes administered by CAC. AI compliance in China cannot be separated from data compliance and content compliance; they form a single regulatory continuum.

For international organizations, the practical implication is that Chinese AI regulation is operationally consequential regardless of political views about it. A multinational AI provider serving Chinese consumers must comply with the AIGC Measures and AIGC Labelling Measures regardless of where it is incorporated. A multinational deployer of AI tools in Chinese subsidiaries must satisfy the Algorithmic Recommendation Provisions and Deep Synthesis Provisions where applicable. Chinese AI regulation is the substantive operational reality of the Chinese AI market; engagement requires understanding it on its own terms.

The rest of this reference treats the regime as the operational system it is, with three layers of instrument and the foundational laws that anchor them.

The three foundational laws

Chinese AI regulation does not stand alone. It rests on three foundational data and cybersecurity laws that any AI service operating in China must comply with simultaneously.

Cybersecurity Law (CSL), enacted June 2016, effective June 2017. Establishes general cybersecurity obligations for network operators, including AI service providers. Requires real-name registration, data localization for critical information infrastructure operators, security assessments for cross-border data transfers, and vulnerability disclosure. The October 2025 amendment, effective 1 January 2026, introduces explicit AI governance provisions: support for foundational AI research, algorithm development, infrastructure construction, ethical standards, and safety oversight. The amendment elevates AI governance from regulation-by-regulation to first-tier statutory anchor.

Data Security Law (DSL), enacted June 2021, effective September 2021. Regulates data processing activities with emphasis on data classification (general, important, core), risk assessment, and protection of national security-relevant data. Critical for AI training data: any organization training models on Chinese data must satisfy DSL classification, retention, and cross-border transfer requirements.

Personal Information Protection Law (PIPL), enacted August 2021, effective November 2021. The most direct Chinese analog to the GDPR. Regulates personal information processing including consent, purpose limitation, data subject rights, automated decision-making, and cross-border transfers. AI services processing personal information must satisfy PIPL alongside AI-specific instruments.

These three laws form the substrate of any Chinese AI compliance program. The AI-specific instruments build on them rather than replacing them.

The three AI-specific regulations

1. Algorithmic Recommendation Provisions (December 2021, effective 1 March 2022)

The Provisions on the Administration of Algorithmic Recommendation in Internet Information Services were issued by the CAC together with MIIT, MPS, and SAMR. The Provisions address algorithmic recommendation services — the algorithms that deliver personalized content, products, and search results in social media, e-commerce, news aggregation, video, and similar contexts.

Principal obligations:

  • Algorithm registration with the CAC for services with «public opinion or social mobilization capabilities»
  • Algorithm transparency to users, including disclosure that algorithmic recommendation is in use, the basic operating principles, and the targeting logic
  • User control rights: ability to turn off targeted recommendations, delete tags used to personalize recommendations, and obtain explanations for algorithmic decisions with major impact
  • Anti-addiction provisions, particularly for minors, addressing engagement-maximizing algorithms
  • Anti-discrimination provisions prohibiting differential pricing and other discriminatory outcomes
  • Worker protection provisions for algorithms managing platform workers (delivery riders, gig economy)

The Provisions were the first AI-specific regulatory instrument anywhere in the world to address recommendation algorithms comprehensively. They predate the EU Digital Services Act provisions on recommendation algorithm transparency by approximately two years.

2. Deep Synthesis Provisions (November 2022, effective 10 January 2023)

The Administrative Provisions on Deep Synthesis in Internet-based Information Services were issued by the CAC together with MIIT and MPS. The Provisions address deep synthesis technology — AI used to create or edit images, video, audio, text, and virtual scenes.

Principal obligations:

  • Algorithm registration for deep synthesis services
  • Content marking (labelling) of synthesized content with non-intrusive identifiers and metadata
  • Real-name verification of users of deep synthesis services
  • Consent requirements for deep synthesis involving real persons (face swap, voice cloning, virtual personification)
  • Prohibition of deep synthesis use for content that endangers national security, social stability, or fundamental rights
  • Security assessment before launching new deep synthesis functions or services
  • Log retention of generated content and user activity for traceability

The Provisions were the first comprehensive deepfake regulation globally. They have been used as a regulatory template by other jurisdictions (Korea, Vietnam, parts of US state law) that have addressed deepfakes since.

3. Generative AI Measures (July 2023, effective 15 August 2023)

The Interim Measures for the Management of Generative AI Services (also referred to as the AIGC Measures) were issued by the CAC together with NDRC, Ministry of Education, MOST, MIIT, MPS, and NRTA. The Measures address public-facing generative AI services — services that generate text, images, audio, video, or other content using AI models.

Principal obligations:

  • Pre-launch security assessment for services with public opinion or social mobilization capabilities
  • Algorithm registration with the CAC
  • Content compliance: generated content must comply with Chinese law, respect socialist values, avoid content that undermines state power or social stability
  • Training data requirements: data sources must be lawful, intellectual property must be respected, personal information processing must satisfy PIPL
  • User notification that generative AI is in use
  • Transparency: providers must publish information about model name, filing number, and intended use
  • Producer responsibility: providers bear the responsibilities of internet content producers for AI-generated output
  • Differentiation by service type: enterprise-internal generative AI and research-only generative AI are explicitly excluded from the public-facing service obligations

The AIGC Measures were the first comprehensive generative AI regulation globally, predating the EU AI Act’s General-Purpose AI provisions by more than a year. Hundreds of services have been registered since launch, including DeepSeek, Baidu ERNIE Bot, Tencent Hunyuan, Alibaba Qwen, ByteDance Doubao, and many smaller services. The CAC publishes the Algorithm Registry list.

The 2025–2026 layer: labelling, standards, and statutory consolidation

The period from March 2025 through February 2026 has produced a substantial new layer of AI-specific instruments that operationalize and extend the earlier regulations.

AIGC Labelling Measures (March 2025, effective 1 September 2025). The CAC’s labelling rules require providers to add explicit labels (visible text, audio, image, or video markers) to AI-generated content that may cause public confusion, and implicit labels (metadata embedded in the file identifying the service provider and content ID) to all AI-generated content. Online distributors must verify and reinforce labels. App distribution platforms must require disclosure of AI-generated content services. Users posting AI-generated content must declare it and use the labelling functions provided. The Labelling Measures close the operational gap between the Deep Synthesis Provisions (which required marking but lacked operational specifics) and the AIGC Measures (which required transparency but lacked technical implementation).

National security standards (effective 1 November 2025):

  • GB/T 45654–2025Cybersecurity Technology: Basic security requirements for generative AI service. Establishes security requirements for generative AI services covering training data security, model security, and operational security measures.
  • GB/T 45652–2025Security specification for generative AI pre-training and fine-tuning data. Sets requirements and evaluation criteria for the security of datasets used in pre-training and fine-tuning.
  • GB/T 45674–2025Generative AI data annotation security specification. Outlines security requirements for data labelling processes used in training generative AI models.
  • GB 45438–2025Methods for marking AI-generated content. Provides practical implementation guidance for the labelling obligations under the AIGC Labelling Measures. (Mandatory standard.)

These national standards are the technical operationalization of the AIGC Measures. Compliance with the standards is the substantive way Chinese organizations demonstrate compliance with the AIGC Measures.

Cybersecurity Law amendment (approved by the NPC Standing Committee October 2025, effective 1 January 2026). Introduces explicit AI governance provisions into the foundational cybersecurity statute. Provides statutory anchoring for foundational AI research support, algorithm development, infrastructure construction, ethical standards, and safety oversight. The amendment elevates AI from regulation-level to statute-level recognition.

Patent Examination Guidelines (revised November 2025 by the China National Intellectual Property Administration, effective 1 January 2026). Reaffirms that inventors must be natural persons and prohibits the designation of AI systems as inventors. Strengthens disclosure requirements for AI-related inventions, requiring patent specifications to clearly describe model architectures, training processes, and key parameters.

Livestreaming E-commerce Measures (issued December 2025 by SAMR and CAC, effective 1 February 2026). Requires AI-generated human images or videos used in livestreaming e-commerce to be clearly labelled and continuously disclosed to consumers. Extends the AIGC Labelling Measures to a specific commercial context.

The cumulative effect is that, as of May 2026, China has the most operationally complete AI regulatory regime in the world. Every major AI technology layer has its own instrument; every instrument has its own implementation standard; the foundational laws anchor the whole regime; the CAC operates the Registry that gates market entry.

The Algorithm Registry as operational gatekeeper

The Algorithm Registry is the central operational mechanism of Chinese AI regulation. Understanding what it is and how it operates matters for any organization with Chinese AI exposure.

What it is. A mandatory filing system operated by the CAC where AI services with «public opinion or social mobilization capabilities» must register algorithm mechanisms, undergo security assessment, and obtain approval before launch. The registry covers algorithmic recommendation services, deep synthesis services, and generative AI services that meet the threshold.

What «public opinion or social mobilization capabilities» means. AI services that can generate, distribute, or amplify content reaching the public; services that can influence public discourse, social behavior, or political views; services with significant user base or content reach. The threshold is broad and captures most public-facing AI services. Enterprise-internal AI tools, research-only AI, and certain narrowly scoped services may fall outside the threshold.

The registration and security assessment process. Providers submit algorithm mechanism descriptions, training data information, security measures, content moderation arrangements, and user interaction designs. The CAC reviews the submission and conducts security assessment. Failed assessment prevents launch; existing services failing assessment require rectification or removal. Successful registration produces a filing number that providers must display on their service.

The published list. The CAC publishes the Algorithm Registry list, including service names, filing numbers, providers, and basic descriptions. As of 2026, hundreds of services are registered, including the major Chinese AI platforms (DeepSeek, Baidu ERNIE Bot, Tencent Hunyuan, Alibaba Qwen, ByteDance Doubao, iFlytek Spark, Moonshot AI, Zhipu AI, MiniMax, others).

Implications for international providers. International AI services accessible to Chinese consumers fall within the Registry’s scope if they meet the public opinion or social mobilization threshold. The operational reality is that most major Western AI services (ChatGPT, Claude, Gemini) are not officially available in mainland China, partly because the Registry process requires data residence and content compliance arrangements that conflict with the providers’ global operating models. International providers serving Chinese consumers do so either through partnerships with registered Chinese providers or by satisfying Registry requirements directly.

Enforcement and penalties

Enforcement is administered principally by the CAC, supplemented by sectoral regulators (MIIT for industrial uses, MPS for security uses, SAMR for market conduct, NRTA for broadcasting, others). Three enforcement modalities operate.

Routine enforcement. Continuous CAC monitoring of registered services, including content review, algorithm operation review, and user complaint handling. Non-compliance triggers compliance orders, requirement of rectification, fines, service suspension, or registration revocation.

Special enforcement campaigns. The CAC periodically launches special campaigns targeting specific AI compliance issues. The Qinglang («Clean Internet») campaign announced February 2025 specifically targeted AI misuse, including unauthorized AI-generated content, AI-assisted fraud, AI-generated misinformation, and abuse of AI for illegal activities. Special campaigns produce concentrated enforcement activity and frequently result in service suspensions.

Criminal enforcement. Serious AI-related violations involving national security, public order, or significant harm can trigger criminal liability under the Criminal Law of the PRC. AI-assisted fraud, AI-generated content used for political subversion, and AI-enabled identity fraud have all produced criminal cases.

Civil litigation. Personal rights infringement (image, voice, reputation) and intellectual property infringement involving AI-generated content are actionable through civil litigation. The Beijing Internet Court issued the first AI-generated voice infringement ruling in 2024, ordering compensation. The Supreme People’s Court included AI-generated voice cases in its 2025 «Typical Cases» recognizing AI-generated voices as protected personality rights.

Intersections with other regimes

Five intersections shape how Chinese AI regulation operates within the broader international architecture.

EU AI Act. Different in structure but operationally interactive. Multinational AI providers must satisfy both regimes if they serve EU and Chinese markets. Some provisions converge — generative AI labelling under both, transparency for AI-human interaction, content provenance — while others diverge — the EU’s risk-based four-tier classification has no Chinese counterpart, and China’s content compliance obligations have no direct EU analog. International AI vendors operating in both markets typically build separate compliance programs aligned at the management system level.

G7 Hiroshima Process. China is not a G7 member and is not part of the Hiroshima framework. The Hiroshima Code of Conduct’s voluntary structure does not bind Chinese providers, though Chinese frontier developers (DeepSeek, Baidu, ByteDance, Alibaba) operate at scales comparable to G7 frontier developers and face their own domestic regulatory obligations that exceed Hiroshima’s voluntary commitments in operational terms.

Council of Europe Framework Convention on AI. China is not a Council of Europe member, did not participate in the Convention’s negotiation, and is not a signatory. The Convention’s rights-based approach is structurally different from the Chinese state-centric model.

OECD AI Principles. China is not an OECD member but adheres to the broader principles articulated by the OECD definition of AI system in some technical standards work. The Chinese definition of «generative AI technology» (under the AIGC Measures) is operationally compatible with the OECD definition though framed differently.

ISO/IEC 42001. China actively participates in ISO/IEC standards work through SAC (Standardization Administration of China). Several Chinese national standards (the GB/T 45000-series for generative AI security) are aligned with international ISO/IEC standards work. ISO/IEC 42001 is recognized in some Chinese sectoral compliance contexts, though it does not substitute for AIGC Measures or Algorithm Registry requirements.

## ⚖️ How Zertia operates within the Chinese AI regulatory regime

Built for China AI regulation compliance from day one

Accreditations and memberships: 🎖️ ANAB-accredited (US) · 🎖️ UKAS process (UK) · 🎖️ ENAC process (EU) · 🏛️ IAPP member · 🏛️ INCITS member · 🏛️ UKAI member · 📜 EU AI Pact signatory

Zertia is an ANAB-accredited AI management system certification body, with offices in Boston, Madrid, and London. Chinese AI regulation is structurally different from the EU, UK, US, and Canadian regimes Zertia clients more typically operate in. We engage with Chinese regulation primarily through three operational channels: supporting multinational clients with Chinese subsidiaries or Chinese market exposure, providing ISO/IEC 42001 certification that aligns management system structure with Chinese sectoral expectations, and integrating Chinese compliance evidence into broader multi-jurisdictional AI governance programs.

Certification — ISO/IEC 42001, AIUC-1, ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 22301. ISO/IEC 42001 certification provides the management system structure that integrates Chinese AI compliance with EU AI Act, US state AI laws, UK regulation, and Council of Europe Convention obligations. For multinational clients with Chinese subsidiaries or Chinese market exposure, ISO/IEC 42001 is the cross-jurisdictional denominator that makes Chinese compliance work integrate with the rest of the AI governance program. ISO/IEC 27001 and ISO/IEC 27701 support compliance with the Chinese Cybersecurity Law and Personal Information Protection Law respectively. AIUC-1 provides agent-level technical assurance for AI vendors deploying agents into procurement environments where Chinese compliance is a material factor.

Regulatory frameworks — EU AI Act Conformity Assessment, NIST AI RMF Attestation, ISO/IEC 23894 Risk Assessment, Algorithmic Impact Assessment, Pre-Certification Assessment. Algorithmic Impact Assessments are structured to evaluate the cross-jurisdictional implications of AI deployment, including where Chinese AI Measures, Deep Synthesis Provisions, and Algorithmic Recommendation Provisions apply alongside EU and US obligations. We do not represent clients before Chinese regulators directly; we provide the assurance and documentation infrastructure that supports clients’ Chinese local counsel and compliance teams.

Audit — AI Management System audits, High-Risk AI System audits, AI Model audits, EU AI Act audits, NIST AI risk audits. Independent audits structured to support multinational clients’ integrated AI governance programs across EU, UK, US, Canadian, and Chinese exposures, with audit evidence that supports Chinese local compliance work without substituting for it.

Training — AI Governance, Data Governance, Privacy Governance through Zertia Academy. Programmes treat Chinese AI regulation explicitly for clients with Chinese exposure, including the foundational laws (CSL, DSL, PIPL), the AI-specific instruments (Algorithmic Recommendation, Deep Synthesis, Generative AI Measures), the AIGC Labelling Measures, the national security standards, and the Algorithm Registry process. Particularly relevant for legal, compliance, and risk teams in multinationals with Chinese subsidiaries, AI vendors with Chinese consumer exposure, and procurement teams evaluating Chinese AI providers.

Zertia operates from Boston, Madrid, and London, with ANAB accreditation in the United States and active accreditation processes with UKAS (United Kingdom) and ENAC (Spain/EU). Member of IAPP, INCITS, and UKAI. Signatory to the EU AI Pact.

🎯 Take action

🔍 Diagnose your CAC exposure 📊 Build the management backbone
Pre-Certification Assessment → ISO/IEC 42001 Certification →
Independent diagnosis of CAC algorithm filing exposure, AIGC labelling requirements, and GB standards alignment for organisations operating in or selling into China. The accredited management system that operationalises Chinese algorithmic governance requirements into auditable practice, integrating CAC obligations with international AI governance.

Discuss Chinese AI compliance integration in multi-jurisdictional governance programs →

Regulación que entiendes es regulación que puedes convertir en ventaja competitiva.

¿No estás seguro de si este marco aplica a tu organización? Hablemos.