Why It Matters
AI is reshaping how companies manage their workforce in China — from automated CV screening to payroll processing and performance analytics. But one thing has not changed: legal liability still sits squarely with the employer. For foreign-invested enterprises (FIEs) under cost pressure, the temptation to automate HR is strong. However, China’s regulatory environment places specific constraints on how far that automation can go.
The Legal Framework
China does not have a single “AI in HR” law. Instead, employers must navigate at least four overlapping regulatory regimes:
- Personal Information Protection Law (PIPL, 2021): Employee data processing requires separate consent from general business data. Biometric data used for attendance or surveillance triggers additional compliance requirements under the “sensitive personal information” category.
- Employment law (Labor Contract Law, 2007, amended 2018): Automated termination or disciplinary decisions based on algorithmic outputs remain legally unenforceable without human review. A 2024 Shanghai court ruling rejected a company’s AI-based performance assessment as grounds for termination, citing lack of procedural fairness.
- Algorithmic transparency rules (2022): Recommendation algorithms used for recruitment — candidate scoring, job matching, CV ranking — must be filed with the CAC if they reach a certain user threshold.
- Generative AI rules (2023, expanded 2026): AI tools used for HR content generation (job descriptions, offer letters, employee communications) must carry appropriate content labels and undergo safety reviews.
Where the Risks Are Highest
Our analysis of recent enforcement actions and court rulings identifies three high-risk areas for FIE employers:
- Automated screening bias: China’s 2025 Equal Employment Opportunity guidelines explicitly prohibit algorithm-based discrimination by gender, age, ethnicity, or hukou (household registration). Automated CV screening tools that filter by these criteria — even implicitly — create direct legal exposure.
- Payroll automation errors: China’s tax and social insurance calculation system varies by city and changes frequently. In 2025, Shanghai adjusted its social insurance contribution base twice. Automated systems that miss these adjustments create underpayment liability — and the employer, not the software vendor, bears the penalty.
- Performance monitoring without consent: AI-powered productivity tracking (keystroke logging, screen capture, attention monitoring) in China requires explicit, informed employee consent under PIPL. A 2025 Jiangsu case fined a company 500,000 yuan (~$69,000) for deploying workplace surveillance software without proper notification.
What You Should Do
The cost of getting AI HR compliance wrong in China is not limited to fines. In a 2025 Shenzhen case, a foreign electronics manufacturer faced a six-month suspension of its HR system — including payroll processing — after a vendor’s AI screening tool was found to have collected facial recognition data without separate consent. The company’s entire China payroll was delayed for two weeks while manual backups were established. The lesson: your vendor’s compliance gap is your compliance gap.
A practical starting point for vendor assessment: request a copy of your HR platform’s algorithm filing receipt with the CAC (required for recommendation algorithms above a de minimis threshold), confirm data storage location and cross-border transfer documentation, and verify that the vendor’s privacy policy specifically addresses employee data (not just customer data). In a benchmark conducted by Dezan Shira & Associates in early 2026, 7 out of 12 commonly used HR SaaS platforms in China lacked PIPL-compliant employee data processing terms — yet all 12 claimed “full China compliance” in their marketing materials.
For FIEs using or considering AI HR tools in China, here is the practical checklist:
- Audit your AI HR vendors: Review what data your HR platform collects, where it is stored, and whether it crosses borders. Cloud-based HR systems hosted outside China trigger PIPL cross-border transfer rules — a separate compliance obligation.
- Implement human-in-the-loop review: Any decision with employment consequences — termination, demotion, bonus reduction — must include documented human review. Algorithmic outputs are advisory, not determinative.
- Update employee consent forms: Ensure that employee privacy notices and consent forms specifically authorize AI-driven processing. General “for HR purposes” language does not meet PIPL’s specificity requirement.
- Document your algorithm: If your HR tool uses recommendation algorithms for recruitment or promotion, verify whether you need to file with the CAC. The threshold is lower than most companies assume.
One Data Point
The number to remember: 500,000 yuan — the fine imposed on a single Jiangsu company in 2025 for deploying AI productivity monitoring without proper employee consent. That is not the ceiling; it is the floor. Repeat violations under China’s data protection regime can reach 5% of annual revenue.
— China Gateway 360 —
Remote China market entry support, built around execution.
For related compliance guidance, see China BCI Medical Device Classification: A Regulatory Guide for Foreign Investors.
Cross-border data rules also affect HR data: China Cross-Border Data Transfer Rules: 2026 Compliance Guide.
