What is China’s Generative AI Regulation and Does It Apply to Foreign AI Companies?
China’s generative AI regulation, formally the Interim Measures for the Management of Generative AI Services (生成式人工智能服务管理暂行办法, shēngchéng shì réngōng zhìnéng fúwù guǎnlǐ zànxíng bànfǎ), took effect on August 15, 2023, imposing strict content control and algorithm transparency rules on any service offering generative AI to the public in China, with fines reaching up to RMB 100,000 for violations. As of early 2025, over 100 large language models (LLMs) have been registered with China’s Cyberspace Administration (CAC), with approved models requiring what is essentially a “generative AI license” — a combination of algorithm filing, security assessment, and ongoing content compliance. This FAQ explains what the regulation requires and, critically, whether it reaches foreign AI companies operating in or targeting China.
What Does China’s Generative AI Regulation Actually Mandate?
The regulation applies to any generative AI service (生成式人工智能服务, shēngchéng shì réngōng zhìnéng fúwù) that generates text, images, audio, video, or code and is available to the public in China, whether via app, website, API, or embedded software. The key obligations fall into three buckets:
- Algorithm Filing (算法备案, suànfǎ bèi’àn) — All generative AI algorithms used in China must be registered with the CAC via the Internet Information Service Algorithm Filing System. This requires disclosing the algorithm’s purpose, training data sources, output logic, and safeguards against illegal content.
- Security Assessment (安全评估, ānquán pínggū) — Before launch, the AI model must undergo a safety review by the CAC or a designated third party, checking for compliance with socialist core values, privacy protection, and handling of sensitive topics.
- Real-Time Content Moderation — Services must implement filters to prevent generation of content that subverts state power, promotes terrorism, incites ethnic hatred, or violates decency. This includes text and image classifiers that run on every output.
Penalties for non-compliance escalate quickly: a first violation draws a warning and fine of up to RMB 10,000; repeated or serious violations can fetch fines of RMB 10,000 to RMB 100,000 plus suspension of service. If the violation involves criminal activity (e.g., spreading fake news that causes social panic), criminal liability may apply under China’s Cybersecurity Law and Criminal Law — a risk foreign companies cannot afford to take.
Does the Regulation Apply to Foreign AI Companies?
The short answer is yes, if your service is available to users in China. The regulation applies extraterritorially: it covers any service provider, regardless of where the company is incorporated, that offers generative AI to the Chinese public. This includes:
- Foreign companies running a consumer app in China (e.g., a chatbot, image generator, or coding assistant accessible on Chinese app stores).
- Foreign companies providing AI-powered APIs or SDKs to Chinese developers who then use them in public-facing services.
- Foreign-owned subsidiaries in China that offer generative AI internally or to Chinese customers (e.g., a 外商独资企业, wàishāng dúzī qǐyè, deploying an AI assistant for customer service).
However, there are exceptions:
- If your AI service is not accessible from within China (e.g., a US-only app with geoblocking) or is used solely for R&D with no Chinese end users, you are not subject to the regulation.
- If your AI service is used for internal enterprise operations (e.g., an internal code generation tool for employees of a foreign WFOE in China), the regulation applies only if the tool outputs content visible to the public. Internal-only tools with strict access controls may fall outside the scope, but the CAC has been ambiguous on this point, and many foreign WFOEs are filing algorithms proactively to avoid future risk.
Key Requirements and Penalties at a Glance
| Requirement | Applies to Foreign Cos? | Penalty for Non-Compliance | Timeline |
|---|---|---|---|
| Algorithm Filing | Yes, if service is available in China | Warning + fine of RMB 10,000–100,000 | Before public launch; ongoing updates within 10 days of algorithm changes |
| Security Assessment | Yes, if service is available in China | Service suspension until assessment is passed | Before public launch; re-assessment required for major version changes |
| Real-Time Content Moderation | Yes, if service is available in China | Fine + service suspension + criminal liability for serious cases | Continuous during service operation |
| User Data Localization | Yes, if Chinese users are served | Fine of RMB 10,000–500,000 under China’s Personal Information Protection Law | Ongoing; storage in China required |
| Annual Compliance Audit | Yes, if service is available in China | Fine + negative compliance record affecting future approvals | Annual submission by March 31 |
Decision Framework for Foreign AI Companies
Use this framework to decide your compliance approach based on your business model:
If your generative AI service is directly targeted at Chinese consumers or enterprises (e.g., a WeChat mini-program chatbot, a China-hosted app, or an API sold to Chinese developers): Choose full compliance. This means incorporating in China via a 外商独资企业 (wàishāng dúzī qǐyè), completing algorithm filing and security assessment, implementing real-time content filters, and registering annual audits. The cost (RMB 200,000–500,000 for legal, filing, and technical compliance) is a prerequisite for the China market.
If your AI service is for overseas users only, with strict geoblocking and no Chinese users allowed (e.g., a US-only app with no IP access from China): Choose no current compliance needed, but monitor the regulatory landscape. China’s CAC has signaled it may widen extraterritorial reach to include any AI that could influence Chinese users via cross-border usage. Prepare a contingency plan — including an algorithm filing template — in case enforcement shifts.
If you are a foreign company with a wholly owned Chinese subsidiary that uses AI internally (e.g., an internal content generation tool for marketing): You may choose partial compliance — internal tools that never output to the public are technically exempt, but the CAC’s definition of “public” is broad. Many foreign WFOEs file their internal algorithms as a low-cost insurance policy (RMB 30,000–80,000 for legal and system integration) to avoid future inspection issues.
Common Pitfalls for Foreign AI Companies Entering China
NEXT STEPS
- Assess your AI service’s China exposure. Map whether any of your generative AI products or APIs are accessible from China. Use our China Generative AI Regulation Guide to determine if filing is mandatory.
- Set up a China legal entity. All foreign AI companies serving Chinese users must operate through a licensed entity. Read our Foreign AI Company China Compliance Checklist for step-by-step setup.
- Complete algorithm filing and security assessment. These are the two non-negotiable steps. Our China AI Algorithm Filing Walkthrough outlines the process, documentation requirements, and expected timeline.
— China Gateway 360 —
Remote China market entry support, built around execution.
