Hael
Sign inRequest a demo
FRAMEWORK

China AI compliance, generated from your own systems.

China does not have one horizontal AI Act. It has three operative regulations administered by the Cyberspace Administration of China (CAC), layered on top of the PIPL, Data Security Law and Cybersecurity Law. Compliance is filings, labelling and security assessment — not risk tiers.

Coverage updated2 min ago
Coverage · China Generative AI / Algo
Framework coverage
86%
Coverage
14
Obligations mapped
+4% wk
6
Files on record
Live · synced 2 min ago · 7-day trend
Recent activity
Annex IV v4Approved
FRIA v2Approved
Monitoring plan v1Draft
THE OBLIGATION

Three regulations and one labelling regime. The Interim Measures on Generative AI Services, the Algorithmic Recommendation Provisions, the Deep Synthesis Provisions, and the 2025 mandatory labelling rules together define a filing-and-content control regime.

The Interim Measures for the Management of Generative Artificial Intelligence Services (生成式人工智能服务管理暂行办法, in force 15 August 2023) apply to providers offering generative AI services to the public in mainland China. Providers must ensure lawful training data (no IP infringement, no unlawful personal data), label AI-generated content, conduct algorithmic filings, and — where the service has 'public-opinion-shaping or social-mobilisation potential' — complete a CAC security assessment before going live.

The Internet Information Service Algorithmic Recommendation Management Provisions (in force 1 March 2022) require algorithm filings for services with public-opinion or social-mobilisation potential, user-facing transparency about how algorithms work and what user data feeds them, the ability for users to switch off algorithmic personalisation, and prohibitions on excessive price discrimination and addiction-inducing designs targeting minors.

The Provisions on the Administration of Deep Synthesis of Internet Information Services (in force 10 January 2023) impose security-assessment, identity-verification, content-labelling and notification duties on services that produce or significantly alter biometric or other realistic content using deep-synthesis technology — including synthetic voice, face replacement and full-body synthesis.

The Measures for the Mandatory Labelling of AI-Generated Synthetic Content (in force 1 September 2025) require both human-visible labels and machine-readable metadata on AI-generated content, with downstream-distribution obligations on platforms. Non-compliance attracts CAC enforcement under the existing Cybersecurity Law / PIPL / Data Security Law penalty architecture.

At a glance
Applies toProviders of generative AI services, algorithmic-recommendation services and deep-synthesis services to users in mainland China — including foreign providers whose services are accessed from China where the access is not blocked
Your likely roleGenerative-AI service provider, algorithm provider, or deep-synthesis service provider — duties differ by regulation and by whether the service has 'public-opinion-shaping or social-mobilisation potential'
Key deadlineGenerative AI Interim Measures: in force 15 Aug 2023. Algorithm Provisions: 1 Mar 2022. Deep Synthesis Provisions: 10 Jan 2023. Mandatory Labelling Measures: 1 Sep 2025. All operative.
Penalty exposureWarnings, corrective orders, public announcement of non-compliance, fines (up to ¥100,000 per violation under the regulations; far higher under the PIPL / DSL / CSL architecture they overlay), service suspension and rectification orders. Criminal liability for severe cases involving prohibited content, data export breaches or PIPL violations.
ARTEFACTS

The files this framework actually requires.

China's regime is filing-and-evidence: CAC algorithm filing, security assessment where triggered, content-labelling implementation, and the records to prove each.

Files · Evidence pack
PDFCAC Algorithm Filing Packv2updated 2 min agoApproved
PDFGenerative-AI Security Assessment (where triggered)v2updated 14 MayApproved
PDFTraining-Data Lawfulness & Provenance Recordv3updated 11 MayApproved
PDFAI-Generated Content Labelling Implementationv2updated 04 MayApproved
PDFDeep-Synthesis Identity-Verification & Notificationv1updated 02 MayDraft
PDFPIPL Cross-Border Transfer & DSL Data-Classification Recordv1updated 28 AprDraft

GRC tools tell you these are missing. Hael generates them — from each system's real configuration.

THE DIFFERENCE

A checklist tells you what's missing. Hael puts it on record.

China is a filing, labelling and assessment regime — not a risk-tier regime. Hael generates the evidence the CAC actually opens.

Typical GRC tool
CAC Algorithm Filing Packupload required
Generative-AI Security Assessment (where triggered)upload required
Training-Data Lawfulness & Provenance Recordupload required
AI-Generated Content Labelling Implementationupload required
Deep-Synthesis Identity-Verification & Notificationupload required
PIPL Cross-Border Transfer & DSL Data-Classification Recordupload required

Tracks the gap. You still author every document.

Hael
CAC Algorithm Filing Packv2Generated 2 min agoview
Generative-AI Security Assessment (where triggered)v2Generated · Approvedview
Training-Data Lawfulness & Provenance Recordv3Generated · Approvedview
AI-Generated Content Labelling Implementationv2Generated · Approvedview
Deep-Synthesis Identity-Verification & Notificationv1Generated · Draftview
PIPL Cross-Border Transfer & DSL Data-Classification Recordv1Generated · Draftview

Generated from each system's real configuration, versioned, and kept current as it changes.

HOW HAEL WORKS

Discover, classify, produce — for China Generative AI / Algo.

01DISCOVER

Find the systems in China Generative AI / Algo scope, including embedded third-party AI.

Inventory · 14 systems
Credit scoring enginehigh
HR screening bothigh
Salesforce Einsteinlimited
02CLASSIFY

Assess each against China Generative AI / Algo's risk tiers and obligations.

Risk tier
Prohib.HighLimitedMin.
Role: ProviderArt. 9 · 11 · 14
03PRODUCE

Generate the China Generative AI / Algo records, versioned and current.

Generated files
Annex IV v4Approved
FRIA v2Approved
Monitoring v1Draft
COVERAGE

Every obligation, mapped to the control that satisfies it.

Rows are the framework's clauses.

Columns are the controls and files that satisfy them.

Cells update as the underlying configuration changes.

Coverage Map
Obligation → Control
6 obligations · 5 controls
86%
covered
Filing
Sec. Asst.
Data Rec.
Labelling
PIPL
Gen-AI Interim Measures Art. 7 (training data)
Gen-AI Interim Measures Art. 17 (security assessment)
Algorithm Provisions (filing)
Deep Synthesis Provisions (labelling)
Mandatory Labelling Measures (2025)
PIPL / DSL / CSL overlay
Gen-AI Interim Measures Art. 7 (training data)
Filing
v3 · sealed
MAPPING

Clause by clause.

Obligation
What it requires
Hael control / file
Status
Gen-AI Art. 7Lawful training data; IP and personal-data compliance; provenanceTraining-Data RecordApproved
Gen-AI Art. 17Pre-launch security assessment for services with public-opinion/social-mobilisation potentialSecurity AssessmentApproved
Algorithm Provisions § 24Algorithm filing for in-scope servicesCAC Algorithm FilingApproved
Deep Synthesis § 16-17Visible labelling + identity verification + notification of subjectsDeep-Synthesis PackApproved
Labelling Measures (2025)Visible label + machine-readable metadata on AI-generated contentLabelling ImplementationApproved
PIPL / DSL / CSLLawful basis, cross-border transfer mechanism, data classificationPIPL Cross-Border RecordIn progress
REUSE

Author once. Satisfy many.

China's regime does not map cleanly onto EU-style risk tiers, but the substantive training-data, labelling and security-assessment evidence reuses the same source as the EU AI Act Annex IV file, the Korea AI Basic Act technical documentation, and a GDPR DPIA. The records differ in format; the underlying facts do not.

→ shared evidenceKorea AI Basic ActEU AI ActGDPRNIST AI RMF
Trust & Security
SOC 2 Type IIISO/IEC 27001EU & US data residencySSO / SCIMEncryption in transit & at restAudit logging

Make your China-facing AI surface CAC-fit.

Bring a generative-AI, algorithmic-recommendation or deep-synthesis service that touches Chinese users. We'll register it, identify which of the three regulations applies, and show the filing, security-assessment and labelling artefacts Hael would generate.