China Data Update: New Data Security Grading Rules for AI Training Data Published — Key Takeaways

Date:

Share post:

China Data Update: New Data Security Grading Rules for AI Training Data Published — Key Takeaways

The Cyberspace Administration of China (CAC) published the “Data Security Grading Guidelines for AI Training Data” (人工智能训练数据安全分级指南, réngōng zhìnéng xùnliàn shùjù ānquán fēnjí zhǐnán) on March 15, 2025, introducing a mandatory four-tier classification system that categorizes all training datasets into Levels 1 through 4. The rules directly impact over 2,800 registered AI companies in China and impose new compliance obligations on foreign-invested enterprises operating in the sector, including all 外商独资企业 (WFOE, wàishāng dúzī qǐyè) and joint ventures training models on Chinese data.

The new framework replaces the earlier voluntary 2023 draft with binding legal force, backed by penalties under the Data Security Law (数据安全法, shùjù ānquán fǎ) of up to 10 million RMB for non-compliance. Compared to the 2023 pilot that covered only 120 companies, the 2025 expansion applies to all entities processing training data within China — a 23x increase in regulatory scope. The transition period is just 60 days, meaning full compliance is required by May 14, 2025.

Overview of the New Grading Framework

The Grading Guidelines introduce a mandatory classification system that all AI companies must apply to their training datasets before model development or fine-tuning begins. Classification is based on a combination of data source sensitivity, volume, and potential harm from misuse. The CAC requires companies to register their data grading results with local cyberspace offices within 30 days of the rules taking effect.

Previously, companies self-assessed under the 2023 guidelines with no formal enforcement mechanism. The 2025 rules shift to mandatory filing, with external audits required for any dataset classified as Level 3 or above. This brings AI training data under the same compliance framework already applied to critical information infrastructure (CII) operators under the 2021 Data Security Law.

AI Training Data Grading Levels — Compliance Requirements
Level Description Example Data Types Compliance Requirements Penalty for Violation
Level 1: General Public data with no personal or sensitive content Open web text, published scientific papers, public government data Basic logging and semi-annual reports Up to 100,000 RMB fine
Level 2: Important Anonymized personal data or non-sensitive business data Customer purchase history (anonymized), aggregated usage stats, product catalog data Data Protection Impact Assessment (DPIA) required, annual audits Up to 1 million RMB fine
Level 3: Critical Sensitive personal data or proprietary business data Biometric data, financial transaction records, health records (anonymized), proprietary model training logs DPIA + CAC approval, external audit every 6 months, dedicated data security officer Up to 5 million RMB or suspension of operations
Level 4: Core State secrets, national security data, or data linked to critical infrastructure Government classified data, military data, CII operational data, cross-border sensitive datasets Prohibited for AI training unless specific national security exception is granted Up to 10 million RMB + criminal liability

Compliance Requirements by Data Level

Companies must classify all training datasets before any processing begins. For Level 1 datasets, the burden is minimal: maintain a processing log and submit a brief semi-annual report. However, Level 2 datasets require a formal Data Protection Impact Assessment (DPIA) — a process that typically takes 4–6 weeks and costs between 50,000 and 150,000 RMB in external consultancy fees, based on current market rates from CAC-approved auditors.

Level 3 datasets introduce the most significant operational change. Companies must appoint a dedicated data security officer (数据安全官, shùjù ānquán guān) who holds a senior management position and is personally liable for compliance. External audits must be conducted every 6 months, with results filed to the local CAC office within 15 business days. For foreign-invested enterprises, this often means renegotiating data access agreements with Chinese partners, as any Level 3 data used by a WFOE triggers additional cross-border data transfer restrictions under the 2022 Data Transfer Security Assessment Measures.

Level 4 is effectively a ban for most commercial AI training. Only state-authorized entities with explicit national security exceptions can process Core-level data, and such exceptions require approval from the State Council directly — a process that has been granted only 3 times since 2022, all to defense-sector research institutes.

Impact on Foreign-Invested AI Enterprises

For foreign executives making China decisions, the grading rules introduce a new compliance layer that directly affects model development timelines and costs. A WFOE building a large language model (LLM) for Chinese-language customer service, for example, will likely need to classify its training data as Level 2 or Level 3 — depending on whether any personal data slips through anonymization filters.

The key operational impact is threefold:

  • Pre-training data audit costs: Expect to budget 100,000–300,000 RMB per dataset for classification and auditing, up from near-zero under the previous voluntary regime.
  • Data sourcing restrictions: All foreign-invested entities must now verify that any data purchased from domestic providers has been pre-classified according to the new grading system. Failure to do so risks using misclassified Level 3 data, which can trigger fines of up to 5 million RMB and operational suspension.
  • Cross-border data transfer barriers: Any training data classified as Level 2 or above that is stored on servers outside mainland China must undergo a Data Transfer Security Assessment — a process taking 3–6 months and requiring positive CAC determination.

Compared to the 2023 regime, where foreign companies could self-declare data as “low risk” with minimal documentation, the 2025 rules eliminate discretion. The CAC has stated it will conduct random audits of at least 20% of registered AI companies per year, with higher scrutiny for foreign-invested entities — defined as any company with >25% foreign ownership or controlling influence.

Implementation Timeline and Enforcement

The guidelines take effect on March 15, 2025, with a transition period ending May 14, 2025. Companies must file their initial data grading reports with local CAC offices by April 14, 2025 — just 30 days from publication. Full compliance, including DPIA completion for Level 2–3 data and external audit scheduling for Level 3, must be achieved by the end of the transition period.

Enforcement will be phased. From May 14 to August 14, 2025, the CAC will issue warnings and 30-day corrective orders for first-time violations. After August 14, 2025, fines and suspension powers will be exercised fully. The CAC has signaled that violations involving Level 3 data with personal information will be treated as aggravated offenses, with penalties starting at the upper end of the range.

For foreign-invested enterprises specifically, the CAC has clarified that any violation may trigger review under the Foreign Investment Security Review Mechanism (外商投资安全审查机制, wàishāng tóuzī ānquán shěnchá jīzhì), adding a potential business disruption risk beyond the direct fine.

What This Means for Your Development Pipeline

The grading rules will likely slow AI model development cycles by 8–12 weeks for most foreign-invested companies, as pre-training data classification and DPIA processes are added to the workflow. Companies with existing AI products already deployed in China are not exempt — they must classify all previously used training data and complete remediation by November 14, 2025 for models currently in operation.

Internal compliance teams should prioritize three actions: (1) inventory all training datasets currently held or planned, (2) engage a CAC-approved auditor to pre-assess Level 2–3 classification risks, and (3) revise data sourcing contracts with Chinese partners to include mandatory grading certifications. Budget for a 30–50% increase in data compliance overhead for AI projects in 2025 compared to 2024.

NEXT STEPS

  1. Conduct a data grading audit: Begin inventorying all training datasets immediately. Use our AI Training Data Grading Checklist to map every dataset to the new four-tier system and identify high-risk Level 3 candidacies before the April 14 filing deadline.
  2. Review cross-border data flows: If your WFOE uses offshore servers for any training data that may include personal information, request a Cross-Border Data Transfer Assessment Guide to determine whether new CAC approvals are needed under the 2025 rules.
  3. Engage a CAC-approved auditor early: Avoid the Q2 rush. Book an external audit slot now to ensure your Level 2 and 3 datasets are assessed before the August 14 penalty phase begins. Contact us at our advisory team for auditor referrals and fixed-price compliance packages starting at 80,000 RMB per dataset.

— China Gateway 360 —
Remote China market entry support, built around execution.

Related articles

How to Comply with China’s ESG Reporting Requirements: 2026 Guide for Foreign Companies

How to Comply with China's ESG Reporting Requirements: 2026 Guide for Foreign Companies By 2026, over 4,500 companies operating in China — including a

How to Advertise on Chinese Social Media Platforms Compliantly: 2026 Guide

How to Advertise on Chinese Social Media Platforms Compliantly: 2026 Guide Advertising on Chinese social media platforms in 2026 requires navigating a

How to Advertise Health and Beauty Products in China: 2026 Compliance Guide

How to Advertise Health and Beauty Products in China: 2026 Compliance Guide Advertising health and beauty products in China in 2026 requires navigatin

How to Advertise Health and Beauty Products in China: 2026 Compliance Guide

How to Advertise Health and Beauty Products in China: 2026 Compliance Guide Advertising health and beauty products in China in 2026 requires navigatin