China's AI rules: what multinational enterprises must know

China's AI regulatory stack is among the most operational in Asia — not aspirational guidelines, but filing requirements, content duties, and security assessments that block launch if incomplete. Multinationals serving Chinese users or operating joint ventures must treat China as a separate governance track, not a copy of EU or US policy.

Generative AI measures

Interim measures for generative AI services require providers to uphold socialist values, prevent illegal content, respect intellectual property, and protect personal information. Providers must complete security assessments and algorithm filings before public-facing launch. Training data legitimacy and labeling of AI-generated content are explicit duties.

Algorithm recommendation and filing regime

Algorithms with public opinion attributes or recommendation functions face Cyberspace Administration of China (CAC) filing obligations. Enterprises must document algorithm purpose, mechanism overview, and self-assessment reports. Changes to models or recommendation logic may trigger re-filing.

Deep synthesis and labeling

Provisions on deep synthesis require conspicuous labeling of AI-generated content and technical measures to prevent misuse. Customer-facing agents that produce text, image, or voice outputs need disclosure workflows built into runtime policy — not bolted on after launch.

Data and cross-border transfer

Personal Information Protection Law (PIPL) and data export security assessments constrain moving Chinese user data offshore for model training or inference. Governance intake must record data residency, cross-border flows, and localization of inference — inputs for regional risk tiering.

Governance architecture for China

• Separate deploy pipeline or policy namespace for China-region agents
• Content safety controls and human review for public outputs
• Filing and assessment artifacts stored in audit trail before go-live
• Runtime logging aligned with security assessment commitments

openRegal's jurisdiction-tagged intake and regional runtime policy help multinationals run one global governance program with China-specific gates — without letting ungoverned deploys bypass local requirements.