China: Structured Regulation with a Focus on Safety and Control

China has built one of the world's most comprehensive AI regulatory frameworks through a layered approach of targeted regulations rather than a single omnibus law. The Cyberspace Administration of China (CAC) leads enforcement across multiple binding rules: the Algorithm Recommendation Regulation (effective March 2022), the Deep Synthesis (Deepfake) Provisions (January 2023), the Generative AI Measures (August 2023), and most recently the amended Cybersecurity Law (January 2026), which formally integrates AI into national law for the first time. Rather than pursuing a single comprehensive AI law — which was removed from the legislative agenda in 2025 — Beijing has opted for an agile, sector-specific strategy that allows rapid regulatory response to emerging AI risks while keeping compliance costs manageable for domestic companies. This approach reflects China's dual objectives: maintaining social stability and state oversight while positioning itself as a global AI superpower.

The most significant recent development is the October 2025 amendment to China's Cybersecurity Law (CSL), effective January 1, 2026, which marks the first time AI governance has been codified at the national law level. The amendments mandate support for algorithm R&D, promote AI infrastructure development including training data and computing power, and establish requirements for AI ethics reviews and security risk assessments. New AI-generated content labeling rules took effect on September 1, 2025, requiring implicit labeling of all AI-generated content and explicit labeling where applicable. Draft regulations on AI companion chatbots were released in late 2025, addressing addiction and psychological harm concerns. The National Data Administration has announced over 30 new standards for public data, AI agents, and datasets expected throughout 2026. China has also shifted from pursuing a comprehensive standalone AI law to prioritizing pilots, industry standards, and targeted rules — a strategic pivot that signals a preference for regulatory flexibility over rigid legislation.

China's AI regulations apply broadly to any entity developing, deploying, or providing AI services within mainland China. This includes domestic technology giants like Alibaba, Baidu, Tencent, and ByteDance, as well as foreign companies operating in the Chinese market. The Generative AI Measures specifically target providers of generative AI services available to the public, requiring algorithm filing, training data compliance, and content safety measures. The deep synthesis rules affect anyone creating or distributing AI-generated media content. Financial institutions, healthcare providers, educational platforms, and e-commerce companies using algorithmic recommendation systems all face specific compliance obligations under the algorithm regulation. Foreign AI companies serving Chinese users must comply with data localization requirements and may need to establish local entities. The amended CSL extends AI-related obligations to critical information infrastructure operators, imposing heightened security assessment requirements.

China's AI governance framework is built on several interconnected principles: socialist core values alignment, requiring AI outputs to reflect state-approved content standards; algorithmic transparency, with mandatory algorithm filing and registration through the CAC's algorithm registry; data sovereignty, enforcing strict data localization and cross-border transfer restrictions under the Data Security Law and Personal Information Protection Law; content safety, prohibiting AI from generating content that undermines state security, promotes terrorism, or spreads disinformation; user rights protection, giving individuals the right to opt out of algorithmic profiling and request explanations of algorithmic decisions; and innovation promotion, balancing regulation with active state support for AI research through national strategy programs and computing infrastructure investment. Unlike the EU's rights-based framework, China's approach prioritizes state security and social order alongside individual protections, creating a governance model that is both more interventionist and more adaptive to emerging risks.

For companies operating in China, compliance requires navigating multiple overlapping regulatory regimes. Algorithm providers must register with the CAC's algorithm filing system and undergo security assessments for services that influence public opinion or mobilize populations. Generative AI service providers must obtain approval before launching public-facing services, conduct training data compliance reviews, implement real-time content filtering, and provide clear AI disclosure to users. The amended CSL introduces new penalties for AI-related violations, with fines up to RMB 50 million or 5% of annual revenue for critical infrastructure operators. Foreign companies face additional challenges around data localization — training data containing personal information of Chinese citizens must be stored domestically, and cross-border transfers require government security assessments. However, China also offers significant incentives: national AI development zones in cities like Beijing, Shanghai, and Shenzhen provide tax benefits, computing subsidies, and streamlined licensing. Companies that can successfully navigate the regulatory landscape gain access to the world's largest AI market by user base.

Several key developments will shape China's AI regulatory trajectory in 2026. Watch for the implementation details of the amended Cybersecurity Law's AI provisions, particularly how security assessments for AI systems will be conducted in practice. The National Data Administration's 30+ planned standards for AI agents, datasets, and data infrastructure will provide crucial operational guidance for companies. Draft rules on AI companion chatbots — addressing emotional manipulation, addiction, and minor protection — are expected to be finalized by mid-2026. Provincial-level AI governance pilots, particularly in Beijing's AI regulatory sandbox and Shanghai's comprehensive governance experiment, will test enforcement approaches that may scale nationally. China's stance on international AI governance cooperation, especially through the Global AI Governance Initiative and bilateral discussions with the EU and ASEAN, will signal how Beijing positions its model against the EU AI Act framework. Finally, the question of whether China will eventually pursue a comprehensive AI law remains open — the legislative pause appears strategic rather than permanent, and a draft could resurface once the current standards-and-pilots approach has been tested.