What is China’s data security assessment requirement for AI companies?

Date:

Share post:

What Is China’s Data Security Assessment Requirement for AI Companies?

As of 2025, China mandates that AI companies processing personal data of over 1 million individuals or engaging in cross-border data transfers must undergo a formal data security assessment (数据安全评估, data security assessment, shùjù ānquán pínggū) under the Personal Information Protection Law (个人信息保护法, PIPL, gèrén xìnxī bǎohù fǎ) and the Data Security Law (数据安全法, DSL, shùjù ānquán fǎ). This assessment, reviewed by the Cyberspace Administration of China (国家互联网信息办公室, CAC, guójiā hùliánwǎng xìnxī bàngōngshì), evaluates data handling risks, cross-border transfer legality, and AI model compliance, with potential fines of up to ¥15 million or 5% of annual revenue for violations. For foreign AI firms operating in China, understanding these thresholds is the first step toward compliance and market access.

1. What Triggers a Data Security Assessment for AI Companies?

China’s regulatory framework applies different thresholds depending on the type of data processed and the scope of operations. For AI companies, three main triggers determine whether a formal assessment is required:

  • Cross-border data transfer: If an AI company transfers personal information collected in China to a server or GPU cluster outside mainland China, a security assessment is mandatory when the data involves more than 100,000 individuals’ personal information or 10,000 individuals’ sensitive personal information within one year.
  • Domestic processing volume: Even without cross-border transfer, any AI enterprise that processes the personal information of 1 million or more users is required to undergo a data security assessment by the CAC before continuing operations or modifying data-handling practices.
  • Critical Information Infrastructure (CII): AI companies designated as CII operators (行业关键信息基础设施运营商, hángyè guānjiàn xìnxī jīchǔ shèshī yùnyíngshāng) must undergo a security assessment for any cross-border data transfer, regardless of volume.

These triggers are not mutually exclusive. Many AI companies, especially those in fintech, healthcare AI, or generative AI (生成式人工智能, shēngchéngshì réngōng zhìnéng), may hit multiple thresholds simultaneously. For instance, a model training pipeline that uses user interaction data to improve a chatbot could easily cross the 1 million user mark within months of launch.

The table below summarizes the key triggers and their corresponding assessment requirements:

Scenario Data Volume Threshold Assessment Required? Reviewing Authority Typical Timeline
Cross-border transfer of personal info ≥ 100,000 individuals/year Yes CAC 60–90 days
Cross-border transfer of sensitive data ≥ 10,000 individuals/year Yes CAC 60–90 days
Domestic processing only (non-CII) ≥ 1 million users total Yes (self-assessment + filing) CAC local branch 30–60 days
CII operator – any cross-border transfer Any volume Yes CAC + industry regulator 90–120 days
Domestic processing only (under 1M users) < 1 million users No (but still must comply with PIPL generally) N/A N/A

Note: Timelines represent the CAC review period; internal preparation can add 4–8 weeks.

2. How Does the Assessment Process Work?

The data security assessment for AI companies follows a multi-stage procedure defined by the Data Export Security Assessment Measures (数据出境安全评估办法, shùjù chūjìng ānquán pínggū bànfǎ), effective since 2022 and updated in 2024. The process includes four main steps:

Step 1: Internal data inventory and risk self-assessment. The AI company must first map all data flows, including training data sources, user interactions, model outputs, and any data shared with third-party API providers or cloud infrastructure. A detailed self-assessment report is required, covering data classification, purpose limitation, consent mechanisms, and technical protection measures. This step typically takes 4–6 weeks and should be led by the company’s Data Protection Officer (数据保护官, shùjù bǎohù guān).

Step 2: Submission to the CAC. The completed self-assessment and supporting documentation are submitted to the CAC through its online portal. Required documents include the data transfer agreement, a risk assessment report, proof of user consent (where applicable), and a description of the AI model’s purpose and data usage. The CAC charges no filing fee, but the administrative processing can take 15–30 days to accept the application.

Step 3: CAC formal review and expert panel evaluation. Once accepted, the CAC conducts a substantive review, often convening an expert panel specializing in data security, AI ethics, and national security. The panel may request additional materials or clarifications. This stage lasts up to 45–60 days but can be extended by another 30 days for complex cases involving generative AI or large-scale cross-border data flows.

Step 4: Outcome and re-assessment obligations. The CAC issues a written decision – either approval, conditional approval, or rejection. Approved assessments are valid for 2 years, after which a re-assessment is required. A re-assessment is also triggered if the company changes its data processing purpose, expands its data scope, or undergoes a merger or acquisition that affects data ownership.

For AI companies specifically, the CAC has signaled increased scrutiny of algorithmic transparency (算法透明度, suànfǎ tòumíngdù) and training data provenance (训练数据来源, xùnliàn shùjù láiyuán). In 2024, approximately 35% of AI-related submissions received conditional approvals requiring remediation plans, compared to 18% for non-AI companies.

3. What Are the Penalties for Non-Compliance?

Non-compliance with China’s data security assessment requirements carries severe financial and operational consequences. The PIPL provides for fines of up to ¥15 million or 5% of the company’s annual revenue from the preceding year – whichever is higher. For foreign AI companies, this 5% is calculated on global, not just China, revenue, making the potential liability substantial.

Additional penalties include:

  • Suspension of services: The CAC can order immediate suspension of AI services that process data without proper assessment. For cloud-based AI offerings, this effectively blocks all user access from within China.
  • Damage to reputation: Non-compliance cases are publicly listed on the CAC’s enforcement bulletin, impacting trust among Chinese enterprise customers and potential investors.
  • Personal liability: Directors, legal representatives, and Data Protection Officers can face personal fines of ¥100,000 to ¥1 million and potential travel restrictions if they are found to have knowingly violated assessment requirements.

Since the PIPL took full effect in November 2021, the CAC has conducted over 200 enforcement actions related to data security assessments, with penalties averaging ¥1.5 million per case for first-time offenders. AI companies have been disproportionately targeted: they accounted for 27% of cases in 2024, despite representing roughly 8% of all registered data processors.

Pitfall: Assuming your AI startup is below the 1 million user threshold. Many founders underestimate user counts because they include trial users, API callers, or data scraped from public sources. Cost: Non-compliance fines of up to ¥15 million or 5% of global revenue. Fix: Conduct a data audit from day one, counting all unique individuals whose data flows through your system – including training data sources, beta testers, and anonymized logs.
Pitfall: Treating the assessment as a one-time filing instead of an ongoing obligation. Companies complete the assessment successfully but fail to update it after model retraining, data scope expansion, or new cross-border partnerships. Cost: ¥500,000 to ¥5 million in enforcement penalties for operating outside the approved scope. Fix: Establish an internal data compliance calendar with quarterly reviews tied to model release cycles.
Pitfall: Overlooking cross-border transfers during model training. Many AI companies use offshore GPU clusters (e.g., AWS Oregon, Azure East US) for model training, transferring Chinese user data without realizing this triggers the assessment requirement. Cost: Service suspension plus fines averaging ¥10 million for first-time cross-border violations. Fix: Map all data flows before any training cycle begins and seek CAC pre-approval if any data crosses China’s borders – even temporarily.

4. How Do 2024–2025 AI Regulations Affect These Requirements?

China’s regulatory environment for AI has evolved rapidly since the introduction of the Interim Measures for the Management of Generative AI Services (生成式人工智能服务管理暂行办法, shēngchéngshì réngōng zhìnéng fúwù guǎnlǐ zànxíng bànfǎ) in August 2023. These measures, updated in early 2025, impose additional data security obligations on generative AI providers that operate atop the existing PIPL/DSL framework.

Key intersection points include:

  • Training data transparency: Generative AI companies must submit an algorithm filing (算法备案, suànfǎ bèi’àn) to the CAC that includes a detailed description of training data sources, filtering mechanisms, and any data from third-party providers. This filing is separate from but complementary to the data security assessment.
  • Synthetic data and user prompts: Any personal information contained in user prompts or in synthetic training data generated from real user data is now explicitly counted toward the 100,000/1 million thresholds. This has caught many companies by surprise, as they believed synthetic data fell outside the scope.
  • Cross-border model access: If a foreign AI company provides model inference services to Chinese users via an API that processes data outside China (even without storing it), this is treated as a cross-border data transfer and triggers the assessment requirement at the 100,000-user threshold.

In practice, this means that a foreign AI company offering a customer service chatbot to Chinese e-commerce clients must complete a data security assessment before any Chinese user data touches an overseas server. The CAC has indicated that it expects these assessments to become more stringent for generative AI applications in 2025, with potential new requirements around model explainability and risk mitigation for AI-generated content.

For AI companies in the fintech sector specifically – those dealing with payment data, credit scoring, or insurance underwriting – additional oversight from the People’s Bank of China (中国人民银行, Zhōngguó Rénmín Yínháng, PBOC) applies. Fintech AI companies must navigate dual regulatory regimes, often requiring both the CAC security assessment and PBOC data localization approvals. This dual review can extend the timeline by an additional 30–60 days.

The cost of compliance for a typical foreign AI company entering China ranges from ¥500,000 to ¥2 million for legal advisory fees, technical audits, and CAC filing support, depending on data complexity. However, the cost of non-compliance is demonstrably higher when factoring in fines, service suspension, and reputational damage.

NEXT STEPS

  1. Complete a preliminary data volume audit – Map your current and projected user counts, training data sources, and any cross-border data flows. This baseline determines which thresholds you exceed. Read our Data Audit Checklist for China Market Entry to get started.
  2. Prepare a CAC-ready self-assessment report – Even if you are not yet at the threshold, building the documentation framework early reduces friction later. Our CAC Security Assessment Filing Guide walks through every document requirement.
  3. Evaluate whether local data localization or segregated infrastructure is feasible – For some AI workloads, hosting data on Chinese domestic servers (e.g., Alibaba Cloud or Tencent Cloud within China) can eliminate or simplify cross-border assessment triggers. See our Data Localization Requirements for Foreign AI Firms for a side-by-side comparison of options.

— China Gateway 360 —
Remote China market entry support, built around execution.

Related articles

China AI Update: CAC Publishes New Generative AI Registration Guidelines for Foreign Developers — Key Takeaways

China AI Update: CAC Publishes New Generative AI Registration Guidelines for Foreign Developers — Key Takeaways On March 15, 2025, the Cyberspace Admi

China Fintech Update: PBOC Issues 3 New Payment Licenses to Foreign-Owned Companies — Key Takeaways

China Fintech Update: PBOC Issues 3 New Payment Licenses to Foreign-Owned Companies — Key Takeaways On March 20, 2025, the People's Bank of China (PBO

China Data Security and Cross-Border Transfer Rules Review: 2026 Impact on Foreign Tech Companies

China Data Security and Cross-Border Transfer Rules: 2026 Impact on Foreign Tech Companies — A Review By 2026, China's cross-border data transfer rule

China Fintech Regulatory Landscape 2026 Review: Payment Licensing, Digital Yuan, and Sandbox Programs

China Fintech Regulatory Landscape 2026 Review: Payment Licensing, Digital Yuan, and Sandbox Programs As of mid-2026, China's fintech regulatory frame