China PIPL + CAC AI rules for AI agents

Q: When does the Personal Information Protection Impact Assessment trigger?

PIPL Article 55 lists five trigger conditions for a Personal Information Protection Impact Assessment. Handling of sensitive personal information. Use of personal information for automated decision-making. Entrusting handling to a third party, providing personal information to another handler, or disclosing personal information. Cross-border provision of personal information. Other handling activities with a significant influence on individuals. Article 56 specifies the content. The assessment evaluates whether the purpose and method of handling are lawful, legitimate, and necessary; the impact on the rights and interests of individuals and the security risks; and whether the protective measures taken are lawful, effective, and adapted to the degree of risk. The report and the handling record must be preserved for at least three years.

Q: Do the CAC Generative AI Measures apply to closed-API LLMs?

Article 2 of the Interim Measures for the Management of Generative Artificial Intelligence Services applies to the provision of generative AI services to the public within the territory of the People's Republic of China. The measures explicitly do not apply where industry organisations, enterprises, educational and scientific research institutions, or public cultural organisations research, develop, and apply generative AI technology, but do not provide generative AI services to the public inside China. A closed enterprise API consumed only by internal users of one organisation falls outside the public-service scope. A closed API that wholesales generative AI to third-party Chinese businesses for downstream public deployment is captured through the downstream provider.

01 · THE PIPL STACK

The stack, top to bottom.

The Personal Information Protection Law was adopted at the thirtieth session of the Standing Committee of the Thirteenth National People's Congress on 20 August 2021, and entered into force on 1 November 2021. Eight chapters. Seventy-four articles. The chapter sequence reads as a complete privacy regime in miniature.

Chapter I is general provisions. Chapter II is the rules of personal information handling, including the lawful bases and the obligations attached to each. Chapter III is the rules of cross-border provision of personal information. Chapter IV is the rights of individuals in personal information handling activities. Chapter V is the obligations of personal information handlers. Chapter VI is the departments performing personal information protection duties. Chapter VII is legal liability. Chapter VIII is supplementary provisions.

The vocabulary diverges from GDPR in two places that matter. PIPL uses personal information handler where GDPR uses controller. The Chinese term carries the same load. PIPL also separates personal information from sensitive personal information in Article 28, with sensitive defined as information that, once leaked or illegally used, may easily lead to harm to the dignity of natural persons or harm to personal or property security. The definition specifies biometric identification, religious belief, specifically designated status, medical health, financial accounts, individual location tracking, and personal information of minors under the age of fourteen. Sensitive personal information triggers separate consent under Article 29, a stricter necessity test under Article 28, and a mandatory impact assessment under Article 55(1).

Article 3 fixes extraterritorial scope. The law applies to personal information handling activities of natural persons inside the territory of the People's Republic of China. It also applies to handling activities outside the territory where the purpose is to provide products or services to natural persons inside China, where the activity analyses or assesses the behaviour of natural persons inside China, or where other circumstances provided by law or administrative regulation apply. An offshore AI agent that profiles a Chinese resident is inside the regime regardless of where the agent itself runs.

"The text is the statute. The artefact is the deliverable. Everything between is engineering."Warrant Compliance · 2026-05-11

02 · ART. 24 · AUTOMATED DECISION-MAKING

The China analog to GDPR Article 22.

Where personal information processors use personal information to make automatic decisions, the transparency of decision-making and the fairness and justice of the results shall be ensured, and shall not impose unreasonable differential treatment on individuals in terms of transaction price and other transaction conditions.

Where business marketing and information push are carried out through automatic decision-making, options not based on personal characteristics shall be provided at the same time, or a convenient way for individuals to reject shall be provided.

Where automatic decision-making has a significant impact on the rights and interests of individuals, the individual has the right to require the personal information processor to give an explanation, and to reject a decision made by the personal information processor solely through automatic decision-making. PIPL · Article 24 · 1 November 2021

Three paragraphs, three distinct obligations. Paragraph one is a substantive duty on the handler. Transparency of the decision-making and fairness of the result are not procedural niceties, they are conditions of lawfulness. The prohibition on unreasonable differential treatment in transaction price is the targeted-pricing rule, written in 2021 in response to the dynamic-pricing complaints against domestic ride-hail and travel-booking platforms. Algorithmic price discrimination against repeat customers is a PIPL violation on the face of Article 24(1).

Paragraph two is the marketing carve-out. Information push and commercial marketing carried out by automated decision-making must offer either an option not based on personal characteristics, or a convenient refusal mechanism. The construction parallels Article 21 of GDPR but is broader. PIPL captures recommender systems as a category, not just profiling-based direct marketing.

Paragraph three creates the individual right. Where the automated decision has a significant impact on the individual's rights and interests, the individual has the right to demand an explanation, and the right to refuse a decision made solely through automated means. The threshold word is significant, not the solely or substantially formulation of GDPR Article 22. PIPL anchors the right to the impact on the individual rather than to the degree of human involvement.

Article 24 is read with Article 73(2), which defines automated decision-making as the activity of using computer programs to automatically analyse or assess personal behaviours, habits, interests, or hobbies, or financial, health, credit, or other status, and make decisions based thereupon. The definition is broad enough to capture any LLM-driven agent that produces a decision, a recommendation, or a score affecting a Chinese resident. Article 24 attaches the moment an AI agent crosses that line.

The Generative AI Measures supplement Article 24 with a parallel transparency duty in Article 11 of the Measures: providers must make the limitations of the service known to users, must minimise the collection and retention of personal information, must not unlawfully retain identifying records, and must promptly accept and act on user requests for access, correction, and deletion.

03 · ART. 38-43 · CROSS-BORDER TRANSFER

The cross-border regime, three lawful routes.

Chapter III governs the cross-border provision of personal information. The architecture is built on Article 38, which lists the four conditions under which personal information collected and generated inside the territory of China may be transferred outside. The four conditions reduce to three operative routes plus a residual.

§ 38(1)(i)

Pass a security assessment organised by the State cybersecurity and informatisation department. ROUTE 1 · the CAC Security Assessment. Mandatory for critical information infrastructure operators, important data, and high-volume personal information exporters.

§ 38(1)(ii)

Undergo personal information protection certification by a specialised body in accordance with provisions of the State cybersecurity and informatisation department. ROUTE 2 · the PI Protection Certification. Issued by a CAC-recognised third-party body. Used by multinational groups for intra-group transfers.

§ 38(1)(iii)

Conclude a contract with the foreign receiving party in accordance with the standard contract formulated by the State cybersecurity and informatisation department. ROUTE 3 · the CAC Standard Contract. The most common route in practice, filed with the provincial CAC within ten working days.

§ 38(1)(iv)

Other conditions provided in laws or administrative regulations, or by the State cybersecurity and informatisation department. RESIDUAL · the catch-all that lets future CAC instruments add routes without statutory amendment.

Article 39 sits underneath all three routes. Before a transfer, the handler must inform the individual of the name and contact details of the foreign recipient, the purpose and method of handling, the categories of personal information transferred, and the means by which the individual may exercise their rights against the foreign recipient. Separate consent is required. Generic consent embedded in a terms of service does not satisfy.

Article 40 fixes the mandatory-assessment perimeter. Critical information infrastructure operators and personal information handlers handling personal information reaching quantities provided by the State cybersecurity and informatisation department must store personal information collected and generated within the territory inside the territory. If they must provide it outside, they must pass the CAC Security Assessment. The quantity thresholds were raised by the Regulations on Promoting and Regulating Cross-Border Data Flows promulgated 22 March 2024. The current thresholds are one million personal information data subjects for the mandatory Security Assessment, and one hundred thousand to one million for the Standard Contract or Certification. Transfers of non-sensitive personal information of fewer than one hundred thousand data subjects in a calendar year are exempt from all three routes.

Articles 41 to 43 close the chapter with three guardrails. Article 41 prohibits providing personal information stored inside the territory to foreign judicial or law enforcement authorities without approval of the competent Chinese authority. Article 42 authorises the CAC to designate foreign organisations and individuals that infringe Chinese citizens' personal information rights into a restricted list and to take corresponding measures. Article 43 is the reciprocity clause: where any country or region adopts discriminatory prohibitions, limitations, or similar measures against the People's Republic of China in personal information protection, the People's Republic of China may take reciprocal measures.

The reciprocity clause is dormant in practice but live in posture. It is the China-side reflection of the EU's GDPR Article 45 adequacy logic, with the polarity reversed.

04 · ART. 55-56 · PIPIA

The Personal Information Protection Impact Assessment.

Article 55 lists five conditions under which a Personal Information Protection Impact Assessment is mandatory.

§ 55(1)

Handling sensitive personal information. TRIGGER · any biometric, health, financial, location, or minor data.

§ 55(2)

Using personal information to conduct automated decision-making. TRIGGER · every Article 24 system requires a PIPIA before deployment.

§ 55(3)

Entrusting handling, providing personal information to other handlers, or disclosing personal information. TRIGGER · vendor processing, joint controllers, and public disclosure.

§ 55(4)

Providing personal information to recipients outside the territory of the People's Republic of China. TRIGGER · the PIPIA is a prerequisite to filing the CAC SCC.

§ 55(5)

Other handling activities with a significant impact on personal rights and interests. TRIGGER · the residual that captures novel high-risk processing.

Article 56 specifies the content of the assessment. The PIPIA evaluates whether the purpose and method of handling are lawful, legitimate, and necessary. It evaluates the impact on the rights and interests of individuals and the security risks. It evaluates whether the protective measures taken are lawful, effective, and adapted to the degree of risk. The assessment report and the handling record must be preserved for at least three years.

The three-year retention floor is not a compliance theatre clause. Article 64 empowers the personal information protection authority to enter the premises of the handler, examine relevant contracts and records, copy materials, and request a PIPIA in the course of an investigation. A PIPIA produced six months ago and overwritten by a model-version refresh leaves no defence. The pattern that survives an Article 64 inquiry is a PIPIA that versions with the model, the data flow, and the recipient set.

05 · ART. 66 + 73-74 · PENALTIES

The penalty escalator, Article 66.

Article 66 establishes a two-tier penalty regime. The first tier applies to ordinary violations. The first-tier penalties are an order to correct, a warning, confiscation of unlawful gains, an order to suspend or terminate the service of the violating application, and a fine of not more than RMB 1 million on the handler. Direct persons in charge and other directly liable persons may be fined RMB 10,000 to RMB 100,000.

The second tier is reserved for grave violations. The second-tier ceiling reaches not more than RMB 50 million or not more than 5 percent of the previous year's annual turnover, whichever is higher. The fine on direct persons in charge is RMB 100,000 to RMB 1 million. Additional measures include order to suspend related operations, order to terminate operations, revocation of relevant business permits, and a prohibition on the person from serving as a director, supervisor, senior manager, or person in charge of personal information protection of relevant enterprises for a defined period.

¥1M· FIRST TIER

ORDINARY VIOLATION

Up to RMB 1 million on the handler, RMB 10,000 to RMB 100,000 on direct persons in charge. Order to correct.

¥50M· OR 5%

GRAVE VIOLATION

Up to RMB 50 million or 5 percent of prior-year turnover, whichever higher. RMB 1 million on persons in charge. Director bar.

Article 73 defines the load-bearing terms. Personal information handler, the actor that autonomously decides the purposes and methods of handling. Automated decision-making, the activity of using computer programs to automatically analyse or assess personal behaviours, habits, interests, or hobbies, or financial, health, credit, or other status, and make decisions based thereupon. De-identification, the process of handling personal information so that it cannot identify a specific natural person without recourse to additional information. Anonymisation, the process of handling personal information so that it cannot identify a specific natural person and cannot be reversed.

Article 74, the closing supplementary article, fixes the entry into force at 1 November 2021. The statute has not been amended since enactment.

The grave-violation tier has been live in enforcement. The CAC's penalty against the Didi Global ride-hail platform in July 2022, imposed under PIPL and the Cybersecurity Law in combination, totalled RMB 8.026 billion. The Didi action was the first public confirmation that the percentage-of-turnover ceiling is operational and that the CAC will sequence PIPL with the Cybersecurity Law and the Data Security Law where appropriate.

06 · CAC GENERATIVE AI MEASURES

The Generative AI Measures, effective 15 August 2023.

The Interim Measures for the Management of Generative Artificial Intelligence Services were issued jointly by the Cyberspace Administration of China and six other ministries on 13 July 2023, and entered into force on 15 August 2023. Twenty-four articles across five chapters. The Measures are the first horizontal AI regulation aimed at the public-service tier of generative AI in China.

Article 2 fixes scope. The Measures apply to the use of generative AI technology to provide services to the public within the territory of the People's Republic of China. They do not apply where industry organisations, enterprises, educational and scientific research institutions, or public cultural organisations research, develop, and apply generative AI technology, but do not provide services to the public inside China. Closed enterprise APIs consumed only by internal employees fall outside the public-service scope. The moment a closed model is wholesaled to a downstream provider that serves the Chinese public, the downstream provider is bound by the Measures.

Article 4 sets the substantive content rules. Providers must uphold core socialist values, must not generate content that incites subversion or undermines national unity, must take measures to prevent discrimination based on ethnicity, belief, country, region, gender, age, occupation, or health, must respect intellectual property and business ethics, must not engage in unfair competition through algorithmic monopoly, must respect the lawful rights and interests of others, and must, based on the characteristics of the service, take effective measures to improve the transparency of the generative AI service and the accuracy and reliability of generated content.

Article 7 is the training-data provision. Providers shall carry out pre-training, optimisation training, and other training-data processing activities in accordance with law. The article enumerates five specific obligations. Use training data and basic models with a lawful source. Not infringe intellectual property rights enjoyed by others in accordance with law. Where personal information is involved, obtain consent of the individual or otherwise comply with provisions of laws and administrative regulations. Take effective measures to improve the quality of training data, and increase the truthfulness, accuracy, objectivity, and diversity of training data. Comply with relevant requirements of the Cybersecurity Law, the Data Security Law, the Personal Information Protection Law, and other laws and administrative regulations, as well as the relevant provisions of competent departments.

Article 8 governs manual data labelling. Where manual labelling is used in the training of generative AI technology, the provider shall formulate clear, specific, and feasible labelling rules that conform to the requirements of these Measures, shall conduct quality assessment of data labelling, and shall conduct necessary training of labelling personnel, raise their legal compliance awareness, and supervise their labelling work.

Article 11 is the user-side privacy regime layered on top of PIPL. Providers shall comply with PIPL on the handling of users' input information and use records. They shall not collect personal information that is not necessary for providing the service, shall not unlawfully retain user input information that may identify the user, and shall not unlawfully provide users' input information and use records to others. Providers shall lawfully and promptly accept and address requests from individuals to access, copy, correct, supplement, or delete their personal information.

Article 17 is the filing requirement. Where a generative AI service has public opinion attributes or capacity for social mobilisation, the provider shall carry out a security assessment in accordance with the relevant provisions of the State, and shall complete algorithm filing, modification of filing, or cancellation of filing procedures in accordance with the Provisions on the Administration of Algorithmic Recommendation Internet Information Services. The filing is administered by the CAC. As of May 2026 the CAC publishes the algorithm filing register publicly, and the list of registered generative AI services has grown to several hundred entries since the Measures took effect.

Articles 12 and 16 cross-reference the Deep Synthesis Provisions. Article 12 requires providers to identify generated content in accordance with those Provisions. Article 16 instructs CAC and relevant departments to strengthen the management of generative AI services on the basis of a graded supervisory framework. The Generative AI Measures are not self-contained, they slot into a stack with PIPL beneath and the Deep Synthesis Provisions alongside.

07 · DEEP SYNTHESIS PROVISIONS

Deep Synthesis Provisions, effective 10 January 2023.

The Provisions on the Administration of Deep Synthesis of Internet Information Services were issued jointly by the CAC, the Ministry of Industry and Information Technology, and the Ministry of Public Security on 25 November 2022, and entered into force on 10 January 2023. Twenty-five articles across five chapters. They precede the Generative AI Measures by seven months and govern the broader category of synthetic content.

Article 23 defines deep synthesis technology as the use of generative or synthesis-class algorithms, including but not limited to deep learning and virtual reality, to produce text, images, audio, video, or virtual scenes. The definition enumerates six categories: text generation and editing including chatbot conversation and writing in the style of a real person; voice generation and editing including text-to-speech and voice conversion; non-voice audio generation; biometric feature editing including face generation, face swap, and face manipulation; non-biometric image and video editing; and digital person and virtual scene generation.

Article 16 is the implicit labelling rule. Providers of deep synthesis services shall add a tag to the generated content that does not affect the user's use of the service, in accordance with the relevant provisions of the State, and shall preserve relevant log records. The tag is the traceability mark, embedded in the file or surfaced via metadata, designed for forensic identification rather than user notification.

Article 17 is the explicit labelling rule. Where a deep synthesis service may cause confusion or mis-identification by the public, the provider shall make a conspicuous label on the generated content in a reasonable position to alert the public to the synthetic nature. The five categories of service explicitly enumerated are intelligent dialogue and intelligent writing that simulates the style of a natural person, synthetic human voice and voice imitation that significantly changes personal identification, face generation and replacement and manipulation, immersive virtual scenes that significantly change the original information, and other generative or significantly altering functions.

Article 19 imposes the filing duty on deep synthesis service providers and technical supporters with public opinion attributes or capacity for social mobilisation. The filing follows the Algorithmic Recommendation Provisions, the same registry that the Generative AI Measures Article 17 hooks into. The combined effect is that a single algorithm filing record can support obligations under three separate CAC instruments.

The CAC has continued to refine the labelling regime. On 14 September 2024 the CAC issued a draft Measures for the Identification of AI-Generated Synthetic Content for public comment, which proposes both a visible label and a machine-readable identifier embedded in the content metadata. The draft was undergoing inter-agency review at the time of writing. The directional signal is unambiguous: the labelling perimeter is widening, not narrowing.

08 · CROSS-JURISDICTION MAP

PIPL Article 24 against GDPR Article 22 and DPDP Section 11.

The three statutes converge on the same problem and diverge on the structure of the answer. The convergence is the recognition that automated decision-making creates an asymmetry of information and power between the algorithm operator and the individual. The divergence is what the legislature does about it.

GDPR Art. 22

Right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects the data subject. Three exemptions: contractual necessity, authorisation by Union or Member State law, and explicit consent. Right to obtain human intervention, to express a point of view, and to contest the decision. POSTURE · prohibition with carve-outs. Anchored to solely automated and to legal or similarly significant effects.

PIPL Art. 24

Positive duty of transparency and fairness on the handler. Prohibition on unreasonable differential treatment in transaction terms. Opt-out for marketing and information push. Individual right to demand explanation and to refuse a decision made solely through automated means where the decision has a significant impact on the individual's rights and interests. POSTURE · positive duty plus individual right. Anchored to significant impact on rights and interests, not to solely automated.

DPDP § 11

Right of the Data Principal to access information about personal data being processed, processing activities, and the identities of all Data Fiduciaries and Data Processors with whom personal data has been shared. The Indian DPDP Act of 2023 does not contain a free-standing Article 22 analog. The closest hook is the Data Principal's right of correction and erasure under Section 12 plus the grievance redressal mechanism under Section 13. POSTURE · access and correction, no general right to refuse solely-automated decisions. The Indian system relies on sectoral instruments such as the RBI FREE-AI principles for AI-specific fairness duties.

For a longer reading of GDPR Article 22 see entry № 18 on GDPR Article 22. For the DPDP regime and its interaction with sectoral AI guidance see entry № 24 on the India DPDP Act. For the US health-data privacy parallel see HIPAA read against AI agents. For the architectural problem of running one agent against all three statutes simultaneously see entry № 29 on one agent, many jurisdictions.

09 · FIELD MAPPING

Where Warrant maps PIPL and CAC.

OBLIGATION	WHAT EVIDENCE MUST SHOW	WARRANT EVIDENCE FIELD
PIPL Art. 24	Automated decision-making transparency, fairness, opt-out, and significant-impact disclosure.Disclosure of the decision logic, the non-personalised alternative, and the refusal pathway.	trace.actions[].pipl_art24_disclosure
PIPL Art. 28-29	Separate consent for sensitive personal information; necessity test.Per-action consent record bound to the sensitive-PI category.	trace.actions[].sensitive_pi_consent
PIPL Art. 38-43	Cross-border transfer mechanism in force at the time of transfer.Security Assessment ID, Certification ID, or SCC filing receipt.	metadata.cross_border_mechanism
PIPL Art. 39	Pre-transfer notice to the individual and separate consent.Recipient identity, purpose, categories, rights-exercise pathway.	trace.actions[].cross_border_notice
PIPL Art. 55-56	PIPIA performed before the qualifying activity; record preserved three years.Versioned PIPIA bound to the model version and data-flow snapshot.	metadata.pipia_id
CAC GenAI Art. 4	Content-safety filtering and discrimination-prevention measures.Pre-output filter outcomes, refusal-rate roll-up, demographic parity checks.	trace.actions[].content_safety_outcome
CAC GenAI Art. 7	Training data provenance, lawfulness, and quality.Dataset manifest, lawful-source attestation, PI-consent or basis tag.	metadata.training_data_provenance
CAC GenAI Art. 11	User-input PI minimisation and access-correction-deletion handling.Retention period, deletion-request log, access-request audit trail.	trace.actions[].user_input_handling
CAC GenAI Art. 17	Security assessment and algorithm filing for services with public opinion attributes.Filing reference number, scope-of-service description, last filing modification date.	metadata.cac_algorithm_filing_id
Deep Synthesis Art. 16	Implicit traceability mark on generated content; log records preserved.Watermark presence flag, embedding method, log retention pointer.	trace.actions[].watermark_check
Deep Synthesis Art. 17	Conspicuous label on synthetic content that may cause confusion or mis-identification.Visible-label placement, label text, surface where the label was rendered.	trace.actions[].visible_label_check

Sample APAC evidence package · Warrant registerINDEPENDENTLY VERIFIABLE WITHOUT CONTACTING WARRANT

→ /v/7de85ceaeac42a47

10 · FAQ

Questions a compliance officer asks first.

Does PIPL apply to AI agents serving non-Chinese customers?

PIPL Article 3 extends extraterritorial reach. The law applies where the activity is conducted within the territory of the People's Republic of China. It also applies to handling activities outside the territory where the purpose is to provide products or services to natural persons inside China, where the activity analyses or assesses the behaviour of natural persons inside China, or where other circumstances provided by law or administrative regulation apply. A non-Chinese AI agent that processes the personal information of a Chinese resident, or that profiles a Chinese resident, falls inside the regime. Article 53 requires the offshore handler to designate a dedicated entity or representative inside China and to file that designation with the relevant authority.

What is the CAC SCC route in practice?

The Standard Contract route under PIPL Article 38(1)(iii) requires the handler to execute the official CAC template contract with the foreign recipient. The signed contract, paired with the completed PIPIA, is filed with the provincial-level CAC within ten working days of the contract's effective date. The March 2024 CAC Regulations on Promoting and Regulating Cross-Border Data Flows raised the volume thresholds. The SCC filing is required for transfers of non-sensitive personal information of between one hundred thousand and one million data subjects, or for transfers of sensitive personal information of fewer than ten thousand data subjects, in either case counted from 1 January of the calendar year. Above one million non-sensitive subjects or ten thousand sensitive subjects, the mandatory CAC Security Assessment under Article 38(1)(i) applies.

How does PIPL Article 24 differ from GDPR Article 22?

GDPR Article 22 grants a right not to be subject to a decision based solely on automated processing, with three exemptions including explicit consent and contractual necessity. PIPL Article 24 is structured differently. Paragraph one imposes positive duties of transparency, fairness, and non-discrimination on the handler. Paragraph two requires a non-personalised alternative or convenient refusal mechanism for marketing and information push. Paragraph three creates an individual right to demand an explanation and to refuse a decision made solely through automated decision-making where the decision has a significant influence on the individual's rights and interests. PIPL is broader on transparency and narrower on the absolute prohibition.

When does the PIPIA trigger?

PIPL Article 55 lists five trigger conditions. Handling sensitive personal information. Using personal information for automated decision-making. Entrusting handling to a third party, providing personal information to another handler, or disclosing personal information. Cross-border provision of personal information. Other handling activities with a significant influence on individuals. Article 56 specifies content: lawfulness and necessity of purpose, impact on rights and security risks, adequacy of protective measures. The report and the handling record must be preserved for at least three years.

Do the CAC Generative AI Measures apply to closed-API LLMs?

Article 2 applies to the provision of generative AI services to the public within the territory of the People's Republic of China. The measures explicitly do not apply where industry organisations, enterprises, educational and scientific research institutions, or public cultural organisations research, develop, and apply generative AI technology, but do not provide generative AI services to the public inside China. A closed enterprise API consumed only by internal users of one organisation falls outside the public-service scope. A closed API that wholesales generative AI to third-party Chinese businesses for downstream public deployment is captured through the downstream provider.

What is the watermarking standard under Article 8?

Article 8 of the Interim Measures governs training-data tagging, not output watermarking. Output labelling for synthetic content is governed by the Deep Synthesis Provisions (effective 10 January 2023), which the Generative AI Measures cross-reference. Article 16 of the Deep Synthesis Provisions requires the provider to attach a tag to the generated content that does not affect the user's use of the service, the implicit traceability mark. Article 17 requires a conspicuous label drawing the public's attention to the synthetic nature of the content for services that may cause confusion or mis-identification, including dialogue, written content, voice synthesis, face manipulation, and immersive scene generation. In September 2024 the CAC published a draft Measures for the Identification of AI-Generated Synthetic Content that, once finalised, will add a machine-readable identifier requirement in addition to the visible label.

How does PIPL interact with the Cybersecurity Law and the Data Security Law?

The Cybersecurity Law of 2017 establishes the perimeter for network operators and critical information infrastructure operators. The Data Security Law of September 2021 establishes the classification scheme for data by national-security sensitivity and creates the obligation to categorise data into general, important, and core categories. PIPL, effective two months later, regulates the subset of data that is personal information. The three statutes are read together. A handler of personal information that is also classified as important data faces the Data Security Law transfer regime in parallel with the PIPL transfer regime under Articles 38 to 43, and a critical information infrastructure operator is bound to a mandatory CAC security assessment under PIPL Article 40 regardless of volume.

Can a non-Chinese controller satisfy PIPL via the CAC Standard Contract?

The SCC route under PIPL Article 38(1)(iii) is one of three mechanisms a personal information handler may use to transfer personal information outside China. The SCC sits between the offshore recipient and the handler that holds the data in China. A non-Chinese controller that holds the data outside China was never inside the cross-border regime in the first place; it is bound directly by PIPL through Article 3's extraterritorial extension and by the Article 53 obligation to designate a representative inside China. The SCC is the right instrument when the offshore controller has a Chinese affiliate or vendor that handles personal information inside China and needs to transfer it outward. The two patterns must not be confused.

11 · READ THE SOURCE

Read the source directly.

Authored by Warrant Compliance, the regulatory-analysis function at Warrant. [email protected]. Editorial commentary on regulatory text. Not legal advice. The official text of the Personal Information Protection Law is only available in Chinese. The verbatim quotations of PIPL Articles in this entry are drawn from unofficial English translations published by DigiChina (Stanford University) and the personalinformationprotectionlaw.com project, cross-referenced against the official Chinese text published by the Standing Committee of the National People's Congress on 20 August 2021. Translation choices have been preserved where possible to allow direct cross-reference. In case of conflict between the translation and the official Chinese text, the Chinese text prevails.

PIPL + CAC, line by line.