China proposes new rules to govern human-like AI

28 January 2026

The Cyberspace Administration of China issued draft interim measures for public consultation from 27 December 2025 to 25 January 2026. The draft measures set out a proposed framework to target AI products and services that simulate human personalities and emotions, a move aimed at reining in fast-growing sectors such as AI companionship and virtual idols.

General compliance obligations

The draft framework seeks to impose sweeping compliance obligations on providers by focusing on risks unique to anthropomorphic AI services, including:

  • barring providers from generating or disseminating content that endangers national security or involves illegal religious activities, obscenity, gambling, violence, or the insult or defamation of others;
  • barring providers from offering services that make materially misleading promises, undermine social relationships, harm users’ physical health, dignity or mental well-being, or induce irrational decision-making;
  • requiring providers to establish internal systems covering algorithm and ethics reviews, content moderation, cybersecurity, data and personal information protection, anti-fraud measures, and emergency response planning;
  • requiring providers to deploy safe and controllable technical safeguards, with content-management tools and staffing aligned with the service’s scale, business model, and user base;
  • requiring providers to incorporate mental-health protections, emotional-boundary guidance, and dependency-risk warnings. Designs intended to replace real-world social interaction, manipulate user psychology or encourage addiction and emotional reliance would be prohibited;
  • requiring that providers must be capable of identifying user status and intervene when signs of distress or addiction emerge;
  • requiring that services offer deliver de-escalation responses, encourage help-seeking behaviour and provide access to professional support where high-risk indicators threaten users’ life, health, or property. Emergency protocols would require human takeover of conversations and prompt notification of guardians or emergency contacts when users express suicidal or self-harmful intent; and
  • requiring heightened protections to be applied in relation to vulnerable groups, including a minors’ mode with time limits and content filters and guardian consent for underage companionship services. Providers should also guide elderly users to designate emergency contacts and are not allowed to provide services that simulate elderly relatives or personal relationships.

Data security, rights

To strengthen training-data governance, the proposed framework would require providers to use datasets aligned with “socialist core values and traditional Chinese culture”, while implementing data cleaning, labelling, anti-tampering measures, and diversity controls. It would also mandate an opt-in regime for the use of user interaction data and sensitive personal information in model training, requiring separate user consent unless otherwise permitted by law.

Providers must also protect interaction data through encryption, security audits, and access controls, and obtain explicit authorisation before sharing such data with third parties, with separate guardian consent required in minors’ mode.

Providers would be required to offer data-deletion mechanisms, including allowing guardians to request the removal of minors’ historical interaction data.

In addition, providers should fulfil disclosure obligations to safeguard users’ right to informed consent, including clear identity disclosures, dynamic reminders, usage alerts after two consecutive hours and accessible mechanisms for exit, complaints, and reporting.

Security review, algorithm filing

The proposed framework would require companies to conduct security assessments and file reports with cyberspace regulators when anthropomorphic functions launch or materially change, user thresholds are met, or risks to national security, public interests, or lawful rights emerge. The threshold is set at more than one million registered users or 100,000 monthly active users.

Reference materials

The draft interim measures is available on the Cyberspace Administration of China website www.cac.gov.cn.