Requires AI-generated content in China to meet a series of criteria, including accuracy, intellectual property protection, and respect for individual privacy; also requires AI developers to perform security assessments on their generative AI systems and submit those assessments to regulators.
Analysis summaries, actor details, and coverage mappings were LLM-classified and may contain errors.
This is a binding regulatory instrument with mandatory obligations, enforcement mechanisms, and specific penalties for non-compliance. The document uses mandatory language throughout and establishes clear legal responsibilities for AI service providers.
The document has good coverage of approximately 12-14 subdomains, with strong focus on toxic content (1.2), privacy compromise (2.1), security vulnerabilities (2.2), false information (3.1), disinformation/surveillance (4.1), fraud/manipulation (4.3), overreliance (5.1), power centralization (6.1), competitive dynamics (6.4), governance failure (6.5), and lack of robustness (7.3). Coverage is concentrated in content safety, privacy protection, misinformation prevention, and system reliability domains.
This is an external regulation that applies horizontally across all sectors where generative AI services are provided to the public in China. The document does not target specific industries but rather regulates the provision of generative AI services regardless of sector. The primary sector governed is Information (technology companies providing AI services), but the regulations apply to any organization providing generative AI services in any sector.
The document comprehensively covers all AI lifecycle stages from planning through operational monitoring. It addresses design requirements (Article 4), data collection and processing (Articles 7-8), model building (Articles 3, 7), verification and validation (Article 6), deployment (Articles 6, 9-10), and ongoing operation and monitoring (Articles 11-19). The emphasis is particularly strong on the deployment and operational monitoring stages.
The document explicitly focuses on generative AI, defining it in Article 2 as 'technologies generating text, image, audio, video, code, or other such content based on algorithms, models, or rules.' It does not distinguish between frontier AI, general purpose AI, or task-specific AI, nor does it mention foundation models, compute thresholds, or open-weight models. The scope is broad, covering all generative AI products and services provided to the public in China.
Cyberspace Administration of China (state cyberspace and information department), Chinese central government
The document is formulated by Chinese government authorities based on existing Chinese laws. Article 1 states it is formulated 'on the basis of the Cybersecurity Law of the People's Republic of China, the Data Security Law of the People's Republic of China, the Personal Information Protection Law of the People's Republic of China, and other such laws and administrative regulations.'
Cyberspace Administration of China (state cyberspace and information department), relevant responsible departments, public security authorities
Multiple articles establish enforcement authority with the Cyberspace Administration of China and related government departments. Article 6 requires security assessments to be submitted to the state cyberspace and information department. Article 20 explicitly grants enforcement powers to impose penalties.
Cyberspace Administration of China (state cyberspace and information department), relevant responsible departments, users (who have reporting rights)
The document establishes monitoring responsibilities for government departments and also empowers users to report violations. Article 17 requires providers to provide information to authorities. Article 18 grants users the right to report non-compliant content.
Organizations or individuals that use generative AI to provide services such as chat, text, image, or audio generation (providers); including those providing programmable interfaces (APIs)
The document explicitly targets providers of generative AI services. Article 2 defines the scope as applying to 'research, development, and use of products with generative AI functions, and to the provision of services to the public.' Article 5 specifically defines the target entities as 'Organizations or individuals that use generative AI to provide services.'
15 subdomains (10 Good, 5 Minimal)