Who this is for: Compliance officers, legal counsel, AI system operators serving Chinese markets, multinational companies with Chinese operations, and GRC architects managing cross-border AI governance.
Multiple Regulations, Enforced Now. China's AI regulatory framework is not a single law but a stack of five sector-specific regulations enforced by the Cyberspace Administration of China (CAC) and supported by TC260 national standards. Unlike the EU AI Act's unified framework, China's approach layers regulations by technology type. All five are currently in effect.
Contents
1. Overview 2. The Five Regulations 3. Obligation-to-Procedure Mapping 4. Detailed Procedure Cards 5. Quick Reference 6. Quick Start 7. References1. Overview
China regulates AI through a layered, sector-specific approach rather than a single comprehensive framework. Five regulations, each targeting a different aspect of AI technology, collectively form the regulatory stack that operators must navigate. The Cyberspace Administration of China (CAC) serves as the primary enforcement authority, with TC260 (National Information Security Standardization Technical Committee) providing supporting national standards.
The regulatory stack covers:
- Algorithmic recommendation transparency and user control -- operators must disclose algorithm behavior and provide opt-out mechanisms
- Deepfake and synthetic content identification and labeling -- mandatory watermarking and content provenance for AI-generated media
- Generative AI service safety and content review -- training data compliance, algorithm filing, and pre-release safety review
- AI system risk classification and safety governance -- national standards for risk assessment and safety management
- Domestic AI chip certification and security assessment -- trusted technology programs and processor security review
Unlike the EU AI Act, which consolidates AI governance into a single legislative instrument, China's approach requires operators to comply with multiple overlapping regulations simultaneously. Each regulation was introduced independently and carries its own enforcement mechanisms. For multinational companies, this means mapping compliance obligations across the full stack rather than against a single framework.
2. The Five Regulations
| Regulation | Effective | Scope | Enforcer |
|---|---|---|---|
| Provisions on Management of Algorithmic Recommendations | March 2022 | Algorithmic transparency, user opt-out rights, recommendation labeling | CAC |
| Provisions on Management of Deep Synthesis | January 2023 | Deepfakes, synthetic content, mandatory watermarking and labeling | CAC |
| Interim Measures for Management of Generative AI Services | August 2023 | GenAI services, training data compliance, content review, algorithm filing | CAC + MIIT + MPS |
| AI Safety Governance Framework (TC260) | September 2024 | Risk classification, safety assessment, national AI safety standards | TC260 / SAC |
| AI Chip Security Assessment (expanded) | 2026 (ongoing) | Domestic AI processor certification, trusted technology program | CAC + MIIT |
3. Obligation-to-Procedure Mapping
Each obligation across the five regulations maps to SWT3 witness procedures that produce cryptographically anchored evidence of compliance.
| Chinese Regulatory Obligation | SWT3 Procedure | What It Witnesses | Evidence Produced |
|---|---|---|---|
| Algorithmic Transparency | AI-TRANS.1 | Algorithm decision path disclosure | Factor A: algorithm type, Factor B: transparency method, Factor C: disclosure scope |
| Content Labeling and Watermarking | AI-WATERMARK.1 | AI-generated content marking | Factor A: content type, Factor B: watermark method, Factor C: verification status |
| Training Data Compliance | AI-DATA.1 | Training data provenance and lawfulness | Factor A: dataset identifier, Factor B: provenance hash, Factor C: quality score |
| Content Marking and Identification | AI-MARK.1 | Output identification as AI-generated | Factor A: marking method, Factor B: content hash, Factor C: persistence status |
| User Consent and Opt-Out | AI-CONSENT.1 | User consent for algorithmic processing | Factor A: consent type, Factor B: consent recorded, Factor C: opt-out available |
| Non-Discrimination in Algorithms | AI-FAIR.1 | Bias detection and fairness metrics | Factor A: protected attribute, Factor B: metric result, Factor C: threshold applied |
| Audit Trail and Algorithm Filing | AI-AUDIT.1 | Audit log integrity and completeness | Factor A: log source, Factor B: integrity hash, Factor C: retention period |
4. Detailed Procedure Cards
Algorithmic Transparency
Regulation requires: Operators of algorithmic recommendation services must inform users of the basic principles, purposes, and main operating mechanisms of their algorithms. Users must be given options to turn off algorithmic recommendations.
How SWT3 addresses it: The witness_transparency() call captures the algorithm type, the transparency method used to disclose algorithm behavior, and the scope of disclosure. Each attestation proves that transparency measures were active at the time of service delivery.
AI-TRANS.1 anchors demonstrate that algorithmic transparency is operational. Factor A identifies the algorithm type. Factor B records the transparency method. Cross-reference with user-facing documentation to verify that disclosures match actual algorithm behavior.
Content Watermarking
Regulation requires: AI-generated content, including deepfakes and synthetic media, must be labeled and watermarked using methods that are difficult to remove. Content platforms must detect and flag unlabeled AI-generated content.
How SWT3 addresses it: The witness_watermark() call captures the content type, watermarking method applied, and verification status. This creates an immutable record that content was properly watermarked before distribution.
AI-WATERMARK.1 anchors should accompany every content generation event. Factor B identifies the watermarking method (visible, invisible, metadata). Factor C confirms verification passed. Gaps in watermark anchors indicate content that may have been distributed without required labeling.
Training Data Compliance
Regulation requires: Generative AI service providers must use lawfully obtained training data, respect intellectual property rights, and obtain personal data consent where required. Data sources must be documented and auditable.
How SWT3 addresses it: The witness_data_provenance() call captures the dataset identifier, a provenance hash of the training data, and a quality score. This creates verifiable evidence that data governance processes were followed and data sources are traceable.
AI-DATA.1 anchors should predate AI-INF.1 anchors for the corresponding model. Factor B (provenance hash) allows verification that training data has not been altered. Factor C documents the quality standard applied.
Content Identification
Regulation requires: AI-generated text, images, audio, and video must be clearly identified as AI-generated at the point of delivery. Identification must be persistent and resistant to removal.
How SWT3 addresses it: The witness_content_marking() call records the marking method, a hash of the marked content, and the persistence status of the marking. Each anchor proves that content was identified as AI-generated before reaching end users.
AI-MARK.1 anchors prove marking compliance for each content output. Factor A identifies the method (metadata tag, visible label, embedded watermark). Factor C confirms persistence (1=persistent, 0=removable).
User Consent and Opt-Out
Regulation requires: Users must be informed when algorithmic recommendations are being applied and must have the ability to opt out. Personal data processing for AI purposes requires explicit consent in most contexts.
How SWT3 addresses it: The witness_consent() call records the consent type, whether consent was obtained, and whether opt-out capability is available. This creates timestamped evidence of consent management for each user interaction context.
AI-CONSENT.1 anchors demonstrate consent was obtained before processing. Factor B (consent recorded = 1) is the key compliance indicator. Factor C confirms opt-out is available per the Algorithm Recommendation provisions.
Non-Discrimination in Algorithms
Regulation requires: Algorithmic recommendation systems must not discriminate based on user characteristics such as region, age, occupation, or health status. Algorithms must not be used to unreasonably restrict users' choices.
How SWT3 addresses it: The witness_fairness() call records which attribute was tested, the fairness metric result, and the threshold applied. Regular fairness attestation creates an auditable record of non-discrimination monitoring.
AI-FAIR.1 anchors at regular intervals demonstrate ongoing fairness monitoring. Factor A identifies the attribute tested. Factor B contains the metric result. Gaps indicate periods without fairness testing.
Audit Trail and Algorithm Filing
Regulation requires: Generative AI service providers must file their algorithms with the CAC Algorithm Registry. Operators must maintain audit logs of AI system behavior and make records available for regulatory inspection.
How SWT3 addresses it: The witness_audit() call records the log source, an integrity hash of the audit log, and the retention period. This creates a chain of evidence proving that audit trails are maintained and tamper-evident.
AI-AUDIT.1 anchors prove audit logging is active and intact. Factor B (integrity hash) demonstrates logs have not been modified. Cross-reference retention period (Factor C) against the applicable regulation's requirements.
5. Quick Reference
| Examiner Question | Where to Look |
|---|---|
| Are algorithms registered with the CAC? | AI-AUDIT.1 anchors confirm algorithm filing and audit trail integrity. Cross-reference with CAC Algorithm Registry filings. |
| Is AI-generated content properly labeled? | AI-WATERMARK.1 and AI-MARK.1 anchors. Factor B identifies the watermarking method. Factor C confirms verification passed. |
| Can users opt out of algorithmic recommendations? | AI-CONSENT.1 anchors. Factor C confirms opt-out capability is available (1=yes). |
| What is the provenance of training data? | AI-DATA.1 anchors. Factor A identifies the dataset. Factor B (provenance hash) proves data integrity. |
| How is algorithmic fairness ensured? | AI-FAIR.1 anchors at regular intervals. Factor A identifies the attribute tested. Factor B contains the metric result. |
| Are transparency disclosures provided to users? | AI-TRANS.1 anchors. Factor B records the transparency method. Verify disclosures match actual algorithm behavior. |
6. Quick Start
pip install swt3-ai
# Initialize with your tenant
swt3 init --profile default --tenant YOUR_TENANT
# Run the demo to see witness anchors generated
python -m swt3_ai.demo
# Or use TypeScript
npm install @tenova/swt3-ai
npx swt3-init --profile default
Full SDK documentation: sovereign.tenova.io/docs
Create a free account: sovereign.tenova.io/signup
7. References
- Provisions on Management of Algorithmic Recommendations in Internet Information Services (CAC, effective March 2022)
- Provisions on Management of Deep Synthesis of Internet Information Services (CAC, effective January 2023)
- Interim Measures for Management of Generative AI Services (CAC, effective August 2023)
- AI Safety Governance Framework (TC260 National Information Security Standardization Technical Committee, 2024)
- SWT3 UCT Registry -- 94 AI procedures across 48 namespaces
- SWT3 Bidirectional Framework Crosswalks -- 97 procedures mapped to 24 frameworks
- EU AI Act Crosswalk -- comparable unified framework approach
- SDK Documentation -- Python, TypeScript, and 4 additional language SDKs