Interim Measures for the Management of Generative Artificial Intelligence Services
China's Interim Measures govern public-facing generative AI services, mandating content safety, lawful training data, content labeling, security assessment, and real-name verification. Enforcement is led by the Cyberspace Administration of China.
Overview
The Interim Measures for the Management of Generative Artificial Intelligence Services took effect in August 2023. They were issued jointly by the Cyberspace Administration of China (CAC) and several other ministries. They were among the first national rules in the world to specifically govern generative AI such as large language models and image generators offered to the public.
The Measures aim to balance support for the AI industry with strict control over content, data, and security. They sit within China's broader internet-governance regime, alongside earlier rules on recommendation algorithms and deep synthesis (deepfakes).
Who It Applies To
The Measures apply to providers that use generative AI to offer services to the public within mainland China, including services accessed through APIs. Research and development that does not provide services to the public is generally outside scope. Providers based outside China that offer generative AI services to Chinese users can also be affected, and authorities may take measures against non-compliant cross-border services.
Key Requirements
Generated content must reflect core socialist values and must not contain prohibited categories such as content endangering national security or inciting subversion. Training data must come from legitimate sources and respect intellectual property and personal information rules. Providers must label AI-generated content, conduct security assessments and file algorithm records with the CAC for services with public-opinion or social-mobilization capacity, implement real-name verification, and establish mechanisms for handling illegal content and user complaints.
Penalties for Non-Compliance
Non-compliant providers can be ordered to make corrections, face warnings, suspension of services, and removal of apps. Where conduct violates other laws, including the Cybersecurity Law, Data Security Law, or Personal Information Protection Law, additional administrative penalties or criminal liability may apply.
How to Comply
Providers should implement content-moderation pipelines tuned to Chinese legal categories, verify the legality and provenance of training data, and label generative outputs. They must complete required security self-assessments and algorithm filings before launch where applicable, deploy real-name user verification, and maintain rapid takedown and reporting processes. Coordinating compliance with PIPL and the Data Security Law is essential.