Cybersecurity Law (CSL)
2017-06-01Law · NPC-SC
China's foundational cybersecurity statute; underlies later AI rules.
Data
Open rule page → China — Top-Level Rules
China's AI Regulation · Evolution Timeline
Drag or scroll horizontally; click any node to reveal its summary. Colors encode legal tier.
Tiers: Law Admin Reg. Dept. Rule Normative Doc Tech Standard
2017 2018 2019 2020 2021 2022 2023 2024 2025 2026
Click any node above for summary.
Next-Generation AI Development Plan
2017-07-20Normative doc · State Council
The origin of China's national AI strategy.
Strategy
Open rule page → Next-Generation AI Governance Principles
2019-06-17Normative doc · AI Committee
First official articulation of "agile governance" as a paradigm.
EthicsStrategy
Open rule page → Data Security Law (DSL)
2021-09-01Law · NPC-SC
Establishes data classification + cross-border review framework.
Data
Open rule page → Personal Information Protection Law (PIPL)
2021-11-01Law · NPC-SC
China's GDPR-equivalent; includes automated-decision and de-identification clauses.
Data
Open rule page → Algorithm Recommendation Provisions
2022-03-01Dept rule · CAC + 3 ministries
The starting point of China's algorithm governance; introduces algorithm filing.
RiskLabeling
Open rule page → Deep Synthesis Provisions
2023-01-10Dept rule · CAC + 2 ministries
Among the world's earliest dedicated deepfake regulations.
Labeling
Open rule page → Generative AI Interim Measures
2023-08-15Dept rule · CAC + 6 ministries
World's first regulation dedicated to generative AI services.
GPAIRiskData
Open rule page → Sci-Tech Ethics Review Measures
2023-12-01Dept rule · MOST + 9 ministries
Establishes dual-track ethics review; includes AI catalog.
Ethics
Open rule page → Regulation on Minors Online Protection
2024-01-01Admin regulation · State Council
State-Council-level legal basis for the "minors mode" design.
Minors
Open rule page → TC260-003-2024 GenAI Safety Requirements
2024-03-01Technical standard · TC260
Recommended in name, de-facto mandatory; the technical template for filing.
GPAIRiskData
Open rule page → AI Safety Governance Framework 1.0
2024-09-09Normative doc · CAC / TC260
Mark of the shift from scenario-based to systemic AI governance.
RiskEthics
Open rule page → AI Content Labeling Measures
2025-09-01Dept rule · CAC + 3 ministries
World's earliest mandatory dual-track (explicit + implicit) content-labeling regime.
Labeling
Open rule page → GB 45438-2025 Labeling National Standard
2025-09-01Technical standard · national (mandatory)
Mandatory national standard; effective the same day as the Labeling Measures.
Labeling
Open rule page → AI Safety Governance Framework 2.0
2025-09-15Normative doc · CAC / TC260
Extended 1.0; adds dedicated GPAI + frontier-model chapters.
GPAIRisk
Open rule page → Digital Virtual Human Services Measures (Draft)
2026-04-03Dept rule · Draft for comment
Sister rule to Anthropomorphic Measures; covers virtual anchors / digital employees.
LabelingEthics
Open rule page → Anthropomorphic Interaction Services Measures
2026-07-15Dept rule · CAC + 4 ministries
World's first regulation dedicated to AI companion / virtual-partner services.
RiskMinorsEthics
Open rule page → The Legal Hierarchy at a Glance
Section titled “The Legal Hierarchy at a Glance”Chinese regulation of AI is not a single “AI Act” but a superposition of rules across five hierarchical levels (位阶). Distinguishing among these levels matters: the various “Interim Measures” (暂行办法) and “Administrative Provisions” are departmental rules — whether issued by a single ministry or jointly by several ministries — they are neither laws of the National People’s Congress (NPC) nor administrative regulations of the State Council.
| Level | Enacting Body | Typical Form | Examples on This Site |
|---|---|---|---|
| 1. Laws | National People’s Congress and its Standing Committee | …Law (《…法》) | CSL · DSL · PIPL |
| 2. Administrative regulations | State Council | …Regulations (《…条例》) | Regulations on the Protection of Minors Online |
| 3. Departmental rules | State Council ministries, individually or jointly | …Measures / …Provisions / …Interim Measures | Algorithm Recommendation Provisions · Deep Synthesis Provisions · Generative AI Interim Measures · Labeling Measures · Anthropomorphic Interaction Services Measures 🆕 · Science & Tech Ethics Review Measures |
| 4. Normative documents | Ministries / dedicated committees | Framework / Principles / Guidelines | Safety Governance Framework 1.0/2.0 · New-Generation AI Governance Principles |
| 5. Technical standards | Standardization committees (TC260 etc.) / SAMR (for GB national standards) | GB / GB/T / TC260-XXX | TC260-003-2024 · GB 45438-2025 |
⚠️ Key caveat: Level 3 — “departmental rules” — is the operative front line of Chinese AI governance. Instruments such as the Interim Measures for the Management of Generative AI Services — the very word “Interim” (暂行) notwithstanding — have the legal hierarchy of a departmental rule (Level 3), not a State Council administrative regulation (Level 2). When scholars refer to “China’s AI rules,” this is predominantly what they mean.
Why Departmental Rules Play the Leading Role
Section titled “Why Departmental Rules Play the Leading Role”A paper-style explanation (drawing on Zhang Linghan 张凌寒, Xue Lan 薛澜, and others):
- Responsive administrative lawmaking: Departmental rules can be issued in months to a year — far faster than NPC statutes (several years) or State Council regulations (typically over a year).
- Agile, coordinated governance paradigm: China has opted for a “scenario-specific + rapid iteration” model, which maps naturally onto the flexibility of departmental rulemaking.
- Joint issuance across ministries: AI governance cuts across the Cyberspace Administration of China (CAC / content), the Ministry of Industry and Information Technology (MIIT / industry), the Ministry of Public Security (MPS / security), the National Radio and Television Administration (NRTA / audiovisual), the Ministry of Science and Technology (MOST / R&D), and more. “Joint issuance” is the institutional solution to cross-ministry coordination.
- The Central Cyberspace Affairs Commission (a Party Central Committee coordinating body) provides a forum for adjudicating directional conflicts.
The cost: Departmental rules sit at a relatively low rung on the hierarchy → firms find it hard to gauge the stability of rules and the elastic edges of enforcement → predictability is an intrinsic tension of the Chinese model.
Each Rule (by Hierarchy + Effective Date)
Section titled “Each Rule (by Hierarchy + Effective Date)”Level 1 · Laws (NPC and NPC-SC)
Section titled “Level 1 · Laws (NPC and NPC-SC)”- Cybersecurity Law (CSL) — effective 2017-06-01
- Data Security Law (DSL) — effective 2021-09-01
- Personal Information Protection Law (PIPL) — effective 2021-11-01
Level 2 · Administrative Regulations (State Council)
Section titled “Level 2 · Administrative Regulations (State Council)”- Regulations on the Protection of Minors Online — effective 2024-01-01
Level 3 · Departmental Rules (single ministry or joint issuance)
Section titled “Level 3 · Departmental Rules (single ministry or joint issuance)”AI-specific:
- Provisions on the Administration of Algorithm Recommendation in Internet Information Services — effective 2022-03-01 · CAC jointly with MIIT, MPS, and SAMR
- Provisions on the Administration of Deep Synthesis Internet Information Services — effective 2023-01-10 · CAC, MIIT, MPS (three-ministry joint issuance)
- Interim Measures for the Management of Generative AI Services — effective 2023-08-15 · CAC jointly with NDRC, MOE, MOST, MIIT, MPS, NRTA (seven-ministry joint issuance)
- Measures for the Identification of AI-Generated and Synthesized Content — effective 2025-09-01 · CAC, MIIT, MPS, NRTA (four-ministry joint issuance)
- Interim Measures for the Administration of AI Anthropomorphic Interaction Services — effective 2026-07-15 · CAC, NDRC, MIIT, MPS, SAMR (five-ministry joint issuance) 🆕 released 2026-04-10
- Measures for the Administration of Digital Virtual Human Information Services (Draft for Comment) — draft for public comment · CAC · released 2026-04-03 (sister rule to the Anthropomorphic Measures)
Cross-cutting:
- Trial Measures for Science and Technology Ethics Review — effective 2023-12-01 · MOST-led, ten ministries jointly
Level 4 · Normative Documents (policy documents short of departmental rules)
Section titled “Level 4 · Normative Documents (policy documents short of departmental rules)”- New-Generation AI Development Plan (2017) · State Council · Guofa [2017] No. 35 — starting point of China’s top-level AI strategy
- New-Generation AI Governance Principles (2019) · National New-Generation AI Governance Expert Committee — first official articulation of “agile governance”
- Global AI Governance Initiative (2023-10) · proposed by Xi Jinping at the Third Belt and Road Forum — China’s external AI governance stance
- AI Safety Governance Framework 1.0 (2024) / 2.0 (2025) · CAC / TC260 — marks the shift from scenario-specific to systemic governance
Level 5 · Technical Standards
Section titled “Level 5 · Technical Standards”- TC260-003-2024 Basic Security Requirements for Generative AI Services — voluntary in name but de facto mandatory (filing threshold)
- GB 45438-2025 Cybersecurity Technology — Labeling Method for AI-Generated and Synthesized Content — a mandatory national standard, effective the same day (2025-09-01) as the Labeling Measures
Tie-in to Methodology
Section titled “Tie-in to Methodology”This site’s classification of “hard law vs. soft law” is independent of legal hierarchy. For example:
- TC260-003 is a technical standard (Level 5, nominally voluntary = soft law) but carries de facto hard constraint (it is the filing threshold).
- The AI Safety Governance Framework is a normative document (Level 4, soft law) yet strongly shapes corporate compliance practice.
See Methodology §2 · Hard-law/soft-law classification.
Subnational Level
Section titled “Subnational Level”- Shenzhen Special Economic Zone Regulations on Promoting the AI Industry (2022) — China’s first subnational AI-industry legislation; pioneered a “low-risk AI pilot-first” approach.
Rules Explicitly Excluded from Standalone Pages (by AI-proximity screening)
Section titled “Rules Explicitly Excluded from Standalone Pages (by AI-proximity screening)”The following rules exist and are important but their AI proximity is insufficient to warrant a dedicated Rule page here. They are referenced via cross-links from related Rule pages:
- Regulations on the Security Protection of Critical Information Infrastructure (2021), Regulations on the Administration of Network Data Security (2025): general data / infrastructure rules.
- Measures for the Security Assessment of Outbound Data Transfers, Measures for Standard Contracts on Outbound Transfers of Personal Information, Provisions on Promoting and Regulating Cross-Border Data Flows, Measures for Cybersecurity Review: general cross-border rules → cross-referenced on the PIPL / DSL pages.
- Anti-Telecom and Online Fraud Law (2022), Law on Progress of Science and Technology (2021), Provisions on the Governance of the Online Information Content Ecosystem (2019): not AI-specific.
- Measures for Identifying Internet Service Providers with Large Numbers of Minor Users… (2026-02), Guidelines for Building the Mobile Internet Minors Mode (2023): not AI-specific → cross-referenced on the Regulations on the Protection of Minors Online page.
See Methodology §1 · Inclusion criteria.
Five-Tier Hierarchy · Visualization
Section titled “Five-Tier Hierarchy · Visualization”China's AI Governance · Five-Tier Legal Hierarchy
Click a tier to expand its rules. Higher tier (smaller number) = greater legal force.
2
Administrative Regulations
3
Departmental Rules
4
Normative Documents
5