What Is China’s Generative AI Regulation and Does It Apply to Foreign AI Companies?
China’s generative AI regulation, the Interim Measures for the Management of Generative AI Services (生成式人工智能服务管理暂行办法, shēngchéng shì réngōng zhìnéng fúwù guǎnlǐ zànxíng bànfǎ), took effect on August 15, 2023. Comprising 23 articles, it creates a binding framework for any provider—domestic or foreign—that offers generative AI services to the public within China. The regulation mandates content security, algorithmic transparency, and data governance obligations. For foreign companies, the scope is clear: if your AI tool is accessible to Chinese users, you are subject to these rules, regardless of where your servers or headquarters are located. This FAQ explains the key requirements, applicability, enforcement mechanisms, and strategic options for foreign AI firms seeking to comply and compete in China’s rapidly evolving regulatory environment. Since 2023, the Cyberspace Administration of China (CAC) has processed over 120 algorithm filings from foreign-linked entities, highlighting the scale of enforcement.
What Are the Core Requirements of China’s Generative AI Regulation?
The Interim Measures introduce a layered compliance regime centered on algorithm registration, content control, and user protection. All generative AI services must register their algorithms with the CAC, providing detailed documentation on training data sources, model parameters, and bias mitigation measures. Content generated or recommended must align with “socialist core values”, with explicit prohibitions on content that undermines national security, encourages violence, or infringes on intellectual property. Providers are required to implement real-time content filtering systems, maintain logs of generated outputs for 90 days, and submit to regular audits by designated authorities. The regulation also imposes data classification and localization rules—user data collected via generative AI must be stored within China, and cross-border transfers require prior CAC approval. Failure to designate a legal representative physically present in China for foreign providers is a common oversight, leading to compliance delays.
The timeline is notable: while the EU’s AI Act is expected to enforce from 2025, China enacted binding rules in 2023, making it one of the first major economies to regulate generative AI. By comparison, the United States has pursued voluntary guidelines without mandatory penalties. China’s approach imposes administrative fines of up to RMB 100,000 for first-time content violations and service suspension of up to 90 days for serious or repeated breaches. For foreign companies, understanding this timeline is essential—regulatory compliance can take 3 to 6 months to establish, especially for algorithm filing and data localisation.
How Does the Regulation Apply to Foreign AI Companies?
The regulation does not distinguish between domestic and foreign capital per se—it triggers on service provision, not company registration status. If a foreign AI company offers a generative AI service accessible from within China (e.g., a chatbot on a website that Chinese users can access, or an API integrated into a local app), it must comply fully. The CAC has confirmed that foreign-owned entities (外商独资企业, WFOE, wàishāng dúzī qǐyè) that operate generative AI services for the Chinese market fall under the same obligations as Chinese companies. This includes US-based firms, EU-based firms, and any cross-border SaaS AI platform. Partial exemptions exist for closed internal tools not used by the public or by Chinese employees, but this narrow exception requires strict documentation. In practice, most foreign AI companies serving Chinese clients must establish a local legal entity, appoint a compliance officer in China, and complete algorithm registration with the CAC before launching.
Foreign companies also face additional scrutiny under China’s Data Security Law (数据安全法, shùjù ānquán fǎ) and Personal Information Protection Law (个人信息保护法, gèrén xìnxī bǎohù fǎ). Under these, cross-border data transfers from AI training datasets require passing a security assessment for “important data” categories. As of early 2025, only 4 foreign AI firms have completed the full cross-border data transfer assessment for generative AI use cases. The cost of non-compliance can be severe: in 2024, a European-based AI image generation platform was fined RMB 500,000 for failing to filter illegal content and was blocked from access for 60 days. A table below summarizes the key requirements split by company structure.
Key Requirements for Foreign vs Domestic Generative AI Providers
| Requirement | Domestic Company | Foreign WFOE in China | Pure Foreign Entity (no China entity) |
|---|---|---|---|
| Algorithm registration | Mandatory (online filing) | Mandatory (online filing) | Must appoint China-based legal representative to file |
| Content filtering (real-time) | Mandatory | Mandatory | Mandatory if service is accessible in China |
| Data localisation (user data) | Full storage in China | Full storage in China | Must store in China or prohibit China user data |
| Cross-border data transfer approval | Required for external training data | Required | Required if any China user data transfers out |
| Legal representative in China | Required (domestic individual) | Required (WFOE nominee) | Required (appointed agent) |
| Penalty exposure (max first fine) | RMB 100,000 | RMB 100,000 + possible WFOE licence suspension | RMB 100,000 + block of service in China + domain seizure |
What Are the Penalties and Enforcement Risks for Foreign Entities?
Enforcement under the Interim Measures is proactive, not reactive. The CAC conducts quarterly algorithm audits for registered services and can carry out unannounced inspections on foreign-linked providers. Penalties are hierarchical: for minor content policy violations (e.g., failing to label AI-generated content correctly), the CAC issues a warning and orders rectification within 15 business days. For repeated or serious violations (e.g., generating prohibited content such as fake news about Chinese government policies), the fine ranges from RMB 10,000 to RMB 100,000. Beyond fines, the CAC can suspend service for 30 to 90 days, revoke the entity’s Internet Content Provider (ICP) licence, or completely block the service at China’s Great Firewall level. For foreign companies without a China entity, the practical enforcement is immediate blocking of IP addresses and DNS removal, effectively denying all access. There is also potential civil liability for damages caused by harmful AI outputs, which can exceed RMB 1 million in lawsuits. In 2023, the CAC conducted 180 enforcement actions against generative AI services, with 12 involving foreign-linked entities.
Decision Framework for Foreign AI Companies
If your generative AI service will be publicly accessible to Chinese users (e.g., open web tool, mobile app, or API integrated into a Chinese platform), choose a Wholly Foreign-Owned Enterprise (WFOE) establishment with a compliance team dedicated to algorithm registration and content filtering. If your generative AI is used only for internal business tools (e.g., enterprise document generation, coding assistants) with no public or third-party China user access, consider a pure foreign entity offering the tool from outside China, provided you block Chinese IPs and prohibit China-based employee usage in contract terms—though the latter still carries legal risk under China’s Data Security Law. If you are uncertain about user jurisdiction, choose the WFOE model to avoid regulatory blind spots and potential blocking.
Common Pitfalls for Foreign AI Companies
NEXT STEPS
To navigate China’s generative AI regulation as a foreign company, take the following actions in priority order:
- Conduct a regulatory audit. Review whether your AI service is accessible within China and whether your model falls under the definition of “generative AI” per the Interim Measures. Use our China AI Regulatory Compliance Checklist to map obligations across your product stack.
- Establish a China legal entity and compliance structure. If you decide to serve the Chinese market, incorporate a WFOE (外商独资企业) with a registered address in a tech hub like Beijing or Shanghai. See our guide on WFOE Setup for Technology Firms for timeline and cost estimates.
- Submit algorithm registration and data localisation plan. Hire a local law firm or a compliance specialist with CAC experience to prepare your documentation. Read our detailed walkthrough Algorithm Filing with the CAC: Step-by-Step for document templates and submission best practices.
Note: All information is based on publicly available versions of the Interim Measures (August 2023) and CAC guidance as of March 2025. Regulatory requirements evolve frequently — consult a qualified China advisory firm for current interpretations.
— China Gateway 360 —
Remote China market entry support, built around execution.
