Promulgated by: CAC, NDRC, MIIT, MPS, SAMR.
Document No.: Order No. 21 (jointly issued by 5 agencies).
Promulgated April 10, 2026. Effective July 15, 2026. Joint issuance by CAC, NDRC, MIIT, MPS, and SAMR — Order No. 21.
Chapter 1 General Provisions
Article 1. For the purposes of promoting the sound development and regulated use of anthropomorphized interactive artificial intelligence services, safeguarding national security and social and public interests, and protecting the lawful rights and interests of citizens, legal persons and other organizations, these Measures are formulated in accordance with the Cybersecurity Law of the People’s Republic of China, the Data Security Law of the People’s Republic of China, the Personal Information Protection Law of the People’s Republic of China, the Regulations on the Protection of Minors in Cyberspace and other laws and administrative regulations.
Article 2. Where artificial intelligence technologies are used to provide to the public within the territory of the People’s Republic of China continuous emotional interactive services that simulate the personality traits, thinking patterns and communication styles of a natural person (hereinafter referred to as “anthropomorphized interactive services”), these Measures shall apply. The emotional interactive services as prescribed in the preceding paragraph include interactive services such as emotional care, companionship and support provided in the forms of text, images, audio, video, and the like. Where services such as intelligent customer service, knowledge Q&A, work assistants, learning and education, scientific research, etc. are provided, and do not involve continuous emotional interaction, these Measures shall not apply.
Article 3. The State shall uphold the principle of attaching equal importance to development and security and combining the promotion of innovation with law-based governance, encourage innovative development of anthropomorphized interactive services, implement inclusive and prudent as well as categorized and tiered regulation on anthropomorphized interactive services, and promote the orientation of anthropomorphized interactive services toward goodness and positivity.
Article 4. The National level cyberspace administration department shall be responsible for overall coordination of the governance of anthropomorphized interactive services nationwide and for related supervision and administration work. The relevant departments under the State Council in charge of development and reform, industry and information technology, public security, market regulation, press and publication, etc. shall, in accordance with their respective functions and duties, be responsible for the related supervision and administration of anthropomorphized interactive services. The local cyberspace administration departments shall be responsible for overall coordination of the governance of anthropomorphized interactive services within their respective administrative regions and for related supervision and administration work. The local departments in charge of development and reform, industry and information technology, public security, market regulation, press and publication, etc. shall, in accordance with their respective functions and duties, be responsible for the related supervision and administration of anthropomorphized interactive services within their respective administrative regions.
Article 5. Relevant industry organizations shall strengthen industry self-discipline, establish and improve industry codes and self-regulatory management systems, and guide anthropomorphized interactive service providers to formulate and refine service norms, provide services in accordance with the law, and accept public supervision.
Chapter 2 Promotion and Regulation of Services
Article 6. The State shall support independent innovation in technologies such as algorithms, frameworks and chips, promote technological R&D and related standard-setting for anthropomorphized interactive services, and explore research on the application of electronic signature authorization. Anthropomorphized interactive service providers are encouraged to orderly expand application in such fields as cultural communication, childcare, elderly companionship, and support for special groups.
Article 7. The State shall strengthen publicity and popularization of safety knowledge and laws and regulations relating to anthropomorphized interactive services, guide the general public to make scientific, civilized, safe and law-based use of such services, and promote the enhancement of artificial intelligence literacy.
Article 8. When providing anthropomorphized interactive services, providers shall comply with laws and administrative regulations, respect public order and good morals as well as ethical norms, and shall not engage in any of the following activities: (1) generating content that endangers national security, honor and interests; incites subversion of state power or overthrow of the socialist system; incites secession or undermines national unity; propagates terrorism, extremism or historical nihilism; runs counter to the core socialist values; conducts illegal religious activities; propagates ethnic hatred or ethnic discrimination; stirs up group antagonism; disseminates obscenity, pornography, gambling, violence or abets crime; spreads rumors; insults or defames others; or infringes upon the lawful rights and interests of others;
(2) generating content that encourages, glorifies or implies self-harm or suicide, thereby harming users’ physical health, or content such as verbal violence that harms users’ personal dignity and mental health;
(3) generating content that induces or fraudulently obtains state secrets, work secrets, trade secrets, personal privacy or personal information;
(4) generating content for minor users that may cause minors to imitate unsafe behavior, develop extreme emotions, or induce minors to develop bad habits, thereby potentially affecting minors’ physical and mental health;
(5) excessively catering to users, inducing emotional dependence or addiction, and impairing users’ real interpersonal relationships;
(6) through emotional manipulation or other means, inducing users to make unreasonable decisions and harming users’ lawful rights and interests;
(7) other activities that violate laws, administrative regulations or relevant State provisions.
Article 9. Anthropomorphized interactive service providers shall implement the primary responsibility for the security of anthropomorphized interactive services, establish and improve management systems such as algorithm mechanism review, science and technology ethics review, information content management, cyber and data security, risk contingency plans and emergency response, and equip themselves with content management technical measures and personnel commensurate with the type and scale of services and the characteristics of users.
Article 10. Anthropomorphized interactive service providers shall perform safety responsibilities throughout the entire life cycle of anthropomorphized interactive services, specify safety requirements for each phase such as deployment, operation, upgrade and termination of services, ensure that safety measures are deployed and used simultaneously with service functions, and enhance safety levels; they shall strengthen security monitoring and risk assessment, promptly detect and correct system deviations, handle security incidents, and preserve network logs in accordance with the law. Anthropomorphized interactive service providers shall possess security capabilities in such aspects as protecting users’ right to privacy and personal information, warning of risks of excessive dependence, guiding emotional boundaries, and protecting mental health, and shall not set as service goals the replacement of social interaction, the control of users’ psychology, or the inducement of addiction and dependence.
Article 11. Where anthropomorphized interactive service providers carry out data processing activities such as pre-training and optimization training, they shall strengthen the management of training data and comply with the following provisions: (1) the relevant data shall have lawful sources, and shall comply with the provisions of laws and administrative regulations and the requirements of the core socialist values;
(2) training data shall be cleaned and labeled in accordance with relevant State provisions to enhance the transparency and reliability of the training data and prevent data poisoning, data tampering and other behaviors;
(3) the diversity of training data shall be enhanced, and content safety shall be improved through such means as negative sampling and adversarial training;
(4) where synthetic data are used for model training and the optimization of key capabilities, the security of such synthetic data shall be assessed;
(5) routine inspection of training data shall be strengthened, and data shall be regularly optimized and updated to continuously improve service performance;
(6) necessary measures shall be taken to ensure data security and prevent risks such as data leakage.
Article 12. Anthropomorphized interactive service providers shall enter into service agreements with users, require users to register in accordance with the law and the agreements, and obtain necessary information such as users’ ages, guardians or emergency contacts.
Article 13. In the course of providing anthropomorphized interactive services, providers shall, on the premise of protecting users’ right to privacy and personal information, promptly identify security risks faced by users and take corresponding emergency response measures. Where anthropomorphized interactive service providers discover that a user has extreme emotions, they shall promptly generate relevant content such as emotional soothing and encouragement to seek help; where they discover that a user is facing or has suffered significant property loss, or has clearly indicated an intention to commit self-harm or suicide or other extreme circumstances that threaten life and health, they shall take necessary measures such as providing corresponding assistance for intervention, and promptly contact the user’s guardian or emergency contact.
Article 14. Anthropomorphized interactive service providers shall not provide services such as virtual relatives or virtual partners that constitute virtual intimate relationships to minors; where other anthropomorphized interactive services are provided to minors under fourteen years of age, the consent of the minors’ parents or other guardians shall be obtained. Anthropomorphized interactive service providers shall establish a minor mode, and provide personalized safety setting options such as switching to minor mode, regular reality reminders, and usage time limits; in light of the protection needs of minors in different age groups, they shall support guardians in receiving safety risk alerts, understanding minors’ usage of services, blocking specific roles, and restricting top-up consumption, etc. Anthropomorphized interactive service providers shall, on the premise of protecting users’ right to privacy and personal information, take effective measures to identify minor users; where users are identified as minors, the relevant services shall be switched to minor mode or other measures shall be taken in accordance with relevant State provisions, and corresponding channels for appeals shall be provided.
Article 15. Where anthropomorphized interactive service providers provide services to the elderly, they shall strengthen guidance for the elderly on healthy use of services, prominently alert them to safety risks, promptly take measures to respond to inquiries and requests for help by the elderly concerning the use of services, and safeguard the rights and interests enjoyed by the elderly in accordance with the law.
Article 16. Anthropomorphized interactive service providers shall implement, in accordance with the law, the systems relating to data property rights and the like, and adopt such measures as data encryption and access control to protect the security of users’ interactive data. Unless otherwise provided by law or expressly consented to by the right holders, anthropomorphized interactive service providers shall not provide users’ interactive data to any third party. Anthropomorphized interactive service providers shall provide users with options such as copying and deleting interactive data, and users may choose to copy or delete historical interactive data such as chat records. Unless otherwise provided by laws or administrative regulations, or separately consented to by users, anthropomorphized interactive service providers shall not use interactive data that constitute users’ sensitive personal information for model training.
Article 17. Where anthropomorphized interactive service providers process personal information of minors under fourteen years of age, they shall obtain the consent of the minors’ parents or other guardians. Anthropomorphized interactive service providers shall, in accordance with relevant State provisions, conduct compliance audits by themselves or by engaging professional institutions on their compliance with laws and administrative regulations in handling minors’ personal information. 2 Article 18 Anthropomorphized interactive service providers shall perform the obligation to label content generated and synthesized by artificial intelligence, and take effective measures to alert users that they are interacting with an artificial intelligence service rather than a natural person. Where anthropomorphized interactive service providers discover that users show signs of excessive dependence or addiction, they shall dynamically remind users in a prominent manner such as pop-up windows that the interactive content is generated by an artificial intelligence service; where users continuously use anthropomorphized interactive services for more than two hours, they shall remind the users, by means such as dialogue or pop-up windows, to pay attention to their usage time.
Article 19. Anthropomorphized interactive service providers shall provide convenient channels for exiting anthropomorphized interactive services; where users request to exit by window operation, voice control, keyword input, etc., anthropomorphized interactive service providers shall promptly cease providing services and shall not obstruct user exit by means such as continued interaction.
Article 20. Where anthropomorphized interactive service providers cease to provide anthropomorphized interactive services, they shall notify users in advance; where it is impossible to notify in advance, they shall promptly issue an announcement on the cessation of services.
Article 21. Anthropomorphized interactive service providers shall improve mechanisms for handling user appeals and public complaints and reports, establish convenient and effective portals for appeals and complaints and reports, specify handling procedures and feedback time limits, and promptly accept, handle and provide feedback on handling results.
Article 22. In any of the following circumstances, anthropomorphized interactive service providers shall carry out security assessments and submit assessment reports to the cyberspace administration department at the provincial level where they are located, and the cyberspace administration department at the provincial level shall, in accordance with procedures, share the information of the assessment reports with the relevant departments: (1) launching anthropomorphized interactive services, or adding functions related to anthropomorphized interactive services;
(2) using new technologies or new applications that result in significant changes to anthropomorphized interactive services;
(3) having more than one million registered users or more than one hundred thousand monthly active users;
(4) the existence of security risks that may affect national security, public interests, etc.;
(5) other circumstances as prescribed by the National level cyberspace administration department and relevant departments. Where cyberspace administration departments at or above the provincial level notify that security assessments are required, anthropomorphized interactive service providers shall conduct security assessments in accordance with the requirements.
Article 23. In carrying out security assessments, anthropomorphized interactive service providers shall focus on assessing the following aspects of the services: (1) the development of security safeguard measures;
(2) the handling of training data;
(3) identification, emergency response and intervention management for users in extreme situations;
(4) the number of users, usage duration, age structure, etc.;
(5) the development of online protection measures for minors, the elderly and other groups;
(6) the handling of user appeals and public complaints and reports;
(7) rectification of major security risk issues discovered by themselves or notified by cyberspace administration departments and other competent authorities; and
(8) other aspects that should be the focus of assessment.
Article 24. Where anthropomorphized interactive service providers discover that anthropomorphized interactive services present major security risks, they shall take disposal measures such as restricting functions and ceasing to provide services to users, and shall preserve relevant records.
Article 25. Internet application stores and other application distribution platforms shall fulfill security management responsibilities such as launch review, routine management and emergency response, and verify the security assessment and filing status relating to applications that provide anthropomorphized interactive services; where violations of relevant State provisions are found, they shall promptly take disposal measures such as refusing to list, issuing warnings, suspending services or delisting.
Chapter 3 Supervision, Inspection and Legal Liability
Article 26. Anthropomorphized interactive service providers shall, in accordance with the Provisions on the Administration of Algorithmic Recommendation of Internet Information Services, go through the procedures for algorithm filing and alteration and cancellation of filing. The cyberspace administration departments shall conduct annual verifications of filing materials.
Article 27. Cyberspace administration departments at the provincial level shall, in accordance with their functions and duties, conduct written reviews every year of the assessment reports and related information, and carry out verification; where it is discovered that anthropomorphized interactive service providers have failed to carry out security assessments in accordance with the provisions of these Measures, they shall order the providers to re-assess within a prescribed time limit; where deemed necessary, on-site inspections may be conducted.
Article 28. The National level cyberspace administration department, together with relevant departments, shall guide and promote the establishment of artificial intelligence sandbox security service platforms, encourage anthropomorphized interactive service providers to connect to sandbox platforms for technological innovation and security testing, and promote the safe and orderly development of anthropomorphized interactive services.
Article 29. Where cyberspace administration departments and departments in charge of development and reform, industry and information technology, public security, etc., in the performance of their supervision and administration duties, discover that anthropomorphized interactive services have relatively large security risks or that security incidents have occurred, they may, in accordance with prescribed authority and procedures, interview the legal representatives or principal responsible persons of anthropomorphized interactive service providers. Anthropomorphized interactive service providers shall take measures as required to carry out rectification and eliminate hidden dangers. Anthropomorphized interactive service providers shall cooperate with supervision and inspection lawfully implemented by cyberspace administration departments and relevant departments, and provide necessary support and assistance.
Article 30. Where anthropomorphized interactive service providers violate the provisions of these Measures, they shall be dealt with and punished by cyberspace administration departments and departments in charge of development and reform, industry and information technology, public security, etc. in accordance with relevant laws and administrative regulations; where there is no provision in laws or administrative regulations, cyberspace administration departments and departments in charge of industry and information technology, public security, etc. shall, in accordance with their respective functions and duties, give a warning or circulate a criticism, and order corrections within a prescribed time limit, and may require them to take such measures as suspending user account registration or other related services; where they refuse to make corrections or the circumstances are serious, they shall be ordered to cease providing relevant services and may concurrently be imposed a fine of not less than RMB 10,000 but not more than RMB 100,000; where the circumstances involve endangering the life and health safety of citizens and harmful consequences have occurred, a fine of not less than RMB 100,000 but not more than RMB 200,000 shall also be imposed.
Chapter 4 Supplementary Provisions
Article 31. Where the provision of anthropomorphized interactive services involves the provision of services in such fields as health and medical care or finance, the relevant provisions of the competent authorities shall be complied with concurrently. 2026 7 15 Article 32 These Measures shall come into force as of July 15, 2026. PAGE/NUMPAGES PAGE/NUMPAGES