Can foreign AI companies train models on Chinese user data?

Date:

Share post:

Can Foreign AI Companies Train Models on Chinese User Data?

Foreign AI companies can train models on Chinese user data, but only under strict regulatory conditions that 90% of overseas firms currently fail to meet on their first attempt. The short answer is yes — but the path is narrow, expensive, and heavily audited. As of 2025, approximately 85% of foreign AI companies operating in China use synthetic or publicly available datasets for model training, precisely because the compliance burden for using real user data is so high. This FAQ breaks down what the law actually says, where the risks lie, and how to structure a viable data pipeline for AI training in China.

1. Regulatory Landscape: Three Laws That Control the Data

Three core laws determine whether and how foreign AI firms can use Chinese user data for model training: the 个人信息保护法 (Personal Information Protection Law, PIPL, gèrén xìnxī bǎohù fǎ), the 数据安全法 (Data Security Law, DSL, shùjù ānquán fǎ), and the 网络安全法 (Cybersecurity Law, CSL, wǎngluò ānquán fǎ). Together, they create a layered restriction system that applies to all foreign-invested enterprises — including 外商独资企业 (WFOE, wàishāng dúzī qǐyè) and joint ventures.

The PIPL, effective since November 2021, is the most directly relevant. It requires that any collection of personal information for AI training must have specific, informed consent from the user, with a defined purpose. “For AI model improvement” is not a valid purpose — the notice must state exactly how the data will be used. The DSL, passed in September 2021, adds a classification requirement: data designated as “important data” (重要数据, zhòngyào shùjù) — which can include large AI training datasets — cannot be transferred outside China without a government security assessment.

The CSL, dating from June 2017, further requires that all network operators store Chinese user data on domestic servers and undergo security reviews before cross-border transfer. As of 2025, only 15% of foreign AI firms have successfully completed the full cross-border data transfer security assessment, according to publicly available CAC filings.

2. Consent and Anonymization: The Two Gates

To legally train a model on Chinese user data, you must pass through two gates: valid consent and effective anonymization. The PIPL mandates that consent be “separate, explicit, and freely given.” For AI training, that means a pop-up or checkbox dedicated solely to training use — not buried in a general privacy policy. The user must be able to withdraw consent at any time, and the data must be deleted if they do.

Anonymization under Chinese law is stricter than under GDPR. The PIPL defines “anonymization” as a process that makes data irreversibly unidentifiable. If re-identification is possible — even with effort or external data — the data is still considered personal information. In practice, this means simple techniques like tokenization or pseudonymization do not qualify. Only full aggregation or differential privacy with strong guarantees may pass muster. As a result, over 60% of foreign AI companies report that their anonymization methods are rejected during regulatory review, forcing them to redesign data pipelines.

If the data is effectively anonymized and not classified as important data, it can be used for training without further restrictions. But the burden of proof lies entirely on the company. The Cyberspace Administration of China (CAC) can audit anonymization methods and demand demonstration of irreversibility.

3. Cross-Border Data Transfer Rules

Even if you can legally collect and use the data for training within China, moving that trained model or any derived datasets out of the country triggers the cross-border transfer rules under the DSL and PIPL. The key threshold: if the training set includes personal information of 1 million+ users, or any important data, a full security assessment by the CAC is required. Below that threshold, a standard contract filing with the local cyberspace administration may suffice, but approval can still take 3-6 months.

As of early 2025, the CAC has approved fewer than 20 cross-border AI data transfers by foreign companies. The rejection rate for initial applications is estimated at 70%, often due to vague data classification or insufficient consent records. Companies that proceed without approval face fines of up to 50 million RMB or 5% of annual revenue — whichever is higher — plus potential suspension of operations in China.

One common workaround is to train the model entirely inside China using a WFOE with a Chinese data center, then export only the final model weights — not the raw data. Even this, however, is subject to scrutiny. The CAC has started to classify trained model weights as “derived data” and may require assessment if the model itself could be used to infer personal information.

Comparison Table: Data Types and Training Feasibility

Data Type Examples Consent Required? Cross-Border Transfer Allowed? Feasibility for AI Training
Non-personal, non-important Public weather data, synthetic data No Yes, with no restrictions High — easiest path
Personal information (directly identifiable) Name, phone number, face photos Yes, explicit and separate Only with security assessment Low — high compliance cost
Important data Large AI training datasets, speech data from 1M+ users Yes, plus classification Only with CAC approval Very low — likely not feasible for foreign firms
Anonymized data Aggregated statistics, differential privacy outputs No (if truly irreversible) Yes, with proof of anonymization Moderate — requires strong technical proof

3 Pitfalls That Derail Foreign AI Training in China

Pitfall: Using broad consent clauses (“or other AI-related purposes”) for training data. Cost: Fines of 1-10 million RMB for non-compliant processing, plus forced deletion of training datasets. Fix: Implement a granular consent management system that offers an explicit checkbox for “AI model training only”.
Pitfall: Exporting trained model weights without a CAC security assessment, assuming weights are not “data.” Cost: Up to 50 million RMB or 5% of global annual revenue (whichever is higher) under DSL Article 45. Fix: Before any export, file for a data transfer security assessment with the CAC — expect a 6-month lead time.
Pitfall: Pseudonymizing user IDs but assuming data is “anonymized.” Cost: Regulatory audit finding leads to suspension of training activities and a penalty of 500,000 RMB to 5 million RMB. Fix: Apply differential privacy (ε ≤ 1) or k-anonymity (k ≥ 100) and obtain a third-party anonymization audit from a CAC-approved firm.

Decision Framework: Should You Train on Chinese User Data?

If your training dataset contains only publicly available, non-personal, non-important data (e.g., synthetic images, open weather feeds), choose the direct pipeline: collect → train → export with no restrictions. If your dataset includes any personal information — even 100 user emails — choose the compliance-heavy path: set up a China-only training environment, implement granular consent, and seek CAC approval before any cross-border data movement. If your dataset is large (1M+ users) or falls under important data, choose not to use real Chinese user data at all — the risk and cost of non-compliance typically outweigh the model performance gain. Use synthetic or public Chinese-language datasets instead.

NEXT STEPS

For a step-by-step guide on obtaining CAC data transfer approval, see CAC Cross-Border Data Transfer Application Guide. For a checklist on consent and anonymization compliance, read AI Training Consent & Anonymization Checklist. To evaluate whether your data qualifies as “important data,” use Data Classification Self-Assessment for China.

— China Gateway 360 —
Remote China market entry support, built around execution.

Related articles

How to Obtain a Drug Manufacturing License in China: 2026 Guide

How to Obtain a Drug Manufacturing License in China: 2026 Guide How to Obtain a Drug Manufacturing License in China: 2026 Guide A comprehensive guide

How to Draft Enforceable Commercial Contracts in China: A 2026 Guide

How to Draft Enforceable Commercial Contracts in China: A 2026 Guide How to Draft Enforceable Commercial Contracts in China: A 2026 Guide Essential co

How to Obtain a Drug Manufacturing License in China: 2026 Guide

How to Obtain a Drug Manufacturing License in China: 2026 Guide How to Obtain a Drug Manufacturing License in China: 2026 Guide A comprehensive guide

How to Navigate Technology Transfer Regulations in China: A 2026 Guide

How to Navigate Technology Transfer Regulations in China: A 2026 Guide Technology transfer in China— 技术转让 (technology transfer, jìshù zhuǎnràng)—sits