Where China's Draft AI Anthropomorphic-Interaction Measures Need Work — A Scholar's Reform Map

Editor’s Note — DCC.

This brief summarises 《AI拟人化互动服务管理暂行办法可以考虑修改的 几个方向》by Li Wenlong (李汶龙) on the 科技利维坦 channel — a set of reform proposals he submitted as feedback on China’s draft Interim Measures for the Administration of AI Anthropomorphic Interaction Services (人工智能拟人化互动服务管理办法). The draft is China’s first rule aimed specifically at “companion”-style AI — systems built to simulate human personality and hold emotional conversations. Li is broadly positive about the draft (“a quality piece of quasi-legislation”), so this is not a takedown; it is a structural critique from someone who thinks the rule matters and wants it to work. DCC is running it because the draft has no clean foreign analogue, and because Li’s reform map is the most concrete public guide to where the text is likely to move. The takeaway for overseas counsel: if you are building emotional or companion AI for the China market, watch the definition clause — it decides whether your product is in scope at all — and watch the deployer-versus-model-provider split, because the draft currently risks putting training-data duties on parties who never trained a model.

Why this rule is different

Most of China’s data and AI rulebook — from the Personal Information Protection Law down through the algorithm and generative-AI measures — is built around data governance: collection and processing, algorithmic transparency, fairness, accountability. The anthropomorphic-interaction draft opens a different front that Li calls relationship governance (关系治理). The thing it is trying to control is not primarily a data flow; it is a relationship between a user and a system designed to be felt as a companion. That shift is why Li treats the rule as “concept-heavy” (很吃概念): the existing normative vocabulary does not map cleanly onto it, and the draft therefore lives or dies on how well it defines its new terms.

His proposals divide into six directions.

1. The core definition is too broad

The draft defines “anthropomorphisation (拟人化)” in Article 2 as simulating “human personality traits, thinking patterns and communication styles … and conducting emotional interaction with humans.” Li’s objection: because of how the clause reads, the weight falls on the first half — simulating human traits — rather than the operative second half, emotional interaction. That over-widens scope, sweeping in any tool with a human-like register.

He argues the Western framing of “companion AI” (陪伴型AI) gets closer to the regulatory essence: the problem is not simulation — talking like a human has been an internal driver of computing since Turing — it is over-dependence. Anthropomorphisation, in the psychological sense, is the user projecting intent, emotion and agency onto a non-human system, which triggers over-trust, relational attachment and behavioural compliance. The techniques that actually manufacture that risk are specific design choices: persona-setting, long-term memory, data retention, proactively initiating conversation, emotional expression — all deployed to deepen trust and emotional investment until it becomes relational attachment (关系依附).

Li’s fix: anchor the definition on “emotional companionship as the primary functional goal,” using a denser term — he floats “companion-style interaction service,” “emotion-oriented interaction service,” “anthropomorphic companionship interaction service” — so the rule binds to relational-dependency risk rather than to human-like expression, and does not capture the large class of tools that merely sound human without creating any binding risk.

2. Delete “interaction data” — don’t blanket-prohibit it

The draft’s second conceptual innovation is “interaction data (交互数据)” — created mainly to capture the prompts, interaction behaviour, persona settings and occasionally uploaded files that are most valuable for model training and tuning (what Western privacy policies loosely call “content”). Whether such data may be used for model R&D is, Li notes, the single most contested question in GDPR-style AI regulation right now.

He argues against the draft’s instinct to prohibit its use outright in this measure, for three reasons:

• It isn’t unique to companion AI. Carving out a special prohibition here leaves every other kind of generative AI unaddressed, and is hard to reconcile with PIPL.
• The global trend is the other way. Across the dozen-plus jurisdictions Li tracked over the past year, the direction is toward easing — treating model R&D as a lower-tier risk than the consent-governed services (personalised advertising, facial recognition) — often via a legitimate-interest basis. China’s PIPL pointedly did not adopt a legitimate-interest ground, which makes a blanket prohibition here even more dissonant with the parent statute.
• It creates a “default-illegal” posture. Absent legislation or precedent, prohibiting a still-contested processing purpose in a departmental measure manufactures presumptive illegality with shaky legal basis.

His recommendation: delete the “interaction data” concept and its articles, or reduce it to a factual description (“chat logs and other historical interaction information generated in the course of using the service”) and return the whole question to the existing PIPL personal-information-processing rules.

More broadly, Li warns that the mechanism will “spin in the air” unless the draft supplies measurable, operable, verifiable base concepts — for relational structure, manipulation mechanisms, risk triggers and liability boundaries — and that definitions belong at the front of the instrument, not in an appendix, because they set scope.

3. Split Chapter 2 — it mixes three kinds of duty

Chapter 2 (“Service Norms”) currently blends three rule types with different risk logic and different compliance paths:

1. behavioural prohibitions and content red-lines;
2. capability-building and organisational duties (detection capability, emergency mechanisms, content moderation, staffing);
3. product and interaction-design duties (exit mechanisms, reminder mechanisms, a minors mode).

Mixing them — and interleaving governance tools (security assessment, early warning, sandbox) with substantive duties — makes the chapter hard to read and hard to action, and will blur enforcement. Li proposes splitting it into (i) product/interaction-design duties; (ii) vulnerable-group protection (minors, the elderly, psychologically vulnerable users, plus intervention mechanisms); and (iii) risk assessment, monitoring and correction — and adding a new chapter on platform responsibility and ecosystem governance that pins down what app-distribution platforms owe in listing review, misjudgement correction and collaborative governance.

4. Make “tiered and classified regulation” real

The general provisions promise “inclusive and prudent, tiered and classified regulation (包容审慎、分类分级监管),” but the structure never delivers a risk grading or differentiated duties. Li wants that operationalised so the burden is proportionate:

• Reserve the heavy duties for the real risk class. Interaction-design and risk-monitoring duties should fall mainly on services whose primary function is emotional companionship with a relational-binding mechanism; pure-tool, customer-service and OA scenarios should get lighter general duties (basic transparency, an exit right) plus case-by-case triggers. California and New York offer referenceable paths here.
• Don’t put model duties on deployers. Many companion services do not train a base model — they call a third-party model or API and have limited control over training data or base-model safety. Imposing training-data-governance duties or model-training prohibitions on those deployers is unreasonable and unenforceable, and invites form-over-substance compliance and liability mismatch. Deployers should owe controllable product-design, prompting, exit and complaint duties; base-model and key-capability providers should be reached through collaborative liability and capability-boundary disclosure.
• Build in elasticity. Over-rigid rules become “structural illegality.” His example: Article 13’s flat ban on “simulating an elderly user’s relatives or specific related persons” is aimed at protecting older users, but anchoring the duty on simulation would wrongly hit fictional role-play, literary and dramatic characters, and user-set fictional identities; what should be prohibited is impersonating a real, specific natural person to induce trust, transfers or control. Regulatory sandboxes, much-discussed, still lack any stable organisational mechanism — and a sandbox without real ceded space, concrete risk relief and safe-harbour is just a slogan.

5. Handle “path dependency” carefully

The draft leans on tools migrated from earlier regimes. Two cautions:

• The borrowed toolbox may not fit. The security-assessment trigger — registered users ≥ 1 million / monthly actives ≥ 100,000 — is lifted from other contexts and does not track this risk: a companion service can be very niche yet very high-risk. Li proposes a tailored “significant operational change (显著运行变化)” concept with qualitative and quantitative indicators — e.g., within three consecutive calendar months, registered users / MAU / average daily use up more than 50% year-on-year or quarter-on-quarter; a marked rise in the share of single users averaging over four hours of continuous daily use; or a marked rise in the share triggering manual intervention, risk warnings or complaints.
• Restatement dilutes focus. The general-duty enumerations (e.g., Articles 8–9) largely repeat obligations that already exist and do not create new ones; piling them in makes it harder for companies to identify what is genuinely new and harder for regulators to enforce precisely. Better to connect horizontal requirements by reference (“comply with the relevant provisions”) and reserve the article space for this measure’s distinctive relational-risk controls.

6. Profiling and emotion inference cut against PIPL

Li’s sharpest data-protection warning: protecting vulnerable users through precise identification and intervention requires more profiling — and a well-intentioned rule can become a pretext for exactly the high-risk processing (continuous emotion inference, psychological profiling, automated decision-making) that PIPL’s data-minimisation principle (最小必要原则) and sensitive-personal- information rules are meant to restrain. His position: intervention duties should bite only in genuinely high-risk situations — a user clearly signalling suicide, self-harm or serious harm, or explicitly requesting mental-health support — and the rule should not push providers into default continuous emotional monitoring.

A coda on legal coherence

Li’s own biggest concern — and, he notes wryly, the one practice cares least about — is system coherence. The draft contains at least two rule sets: one genuinely novel (identifying, intervening in and preventing anthropomorphism-driven dependency), and one of general data/AI duties, part of which merely restates existing law and part of which maps onto nothing — de facto quasi-legislation. Articles 10 and 15 on training-data governance, for instance, are horizontal obligations that belong in the generative-AI framework or a dedicated training-data norm, not embedded in a vertical companion-AI rule (especially where the deployer never trained the model). And the security-assessment articles (21–22) have an unclear pedigree — some trace them to the “new technology / new application” assessment, some to algorithm-governance guidance — which, Li argues, is exactly the kind of ambiguity a principled, PIPL-anchored interpretation should resolve.

Why overseas counsel should care

• Scope turns on one clause. Whether your product is regulated as “anthropomorphic interaction” depends entirely on the Article 2 definition. If Li’s narrowing prevails, plain assistants and tools that merely sound human fall out; companion products built for emotional attachment stay firmly in.
• Know which layer you are. The deployer-versus-model-provider split is the live drafting question. A company that only fine-tunes or calls an API should be pressing — as Li does — for product-design duties rather than training-data duties.
• The PIPL baseline still governs. Where the measure is silent or over-reaches, Li’s repeated answer is to fall back to PIPL — minimisation, sensitive-PI rules, and the absence of a legitimate- interest ground. That is the stable layer under a moving draft.

This brief also connects to DCC’s note on system prompts as a regulatory instrument, Li’s other piece on where AI rulemaking is hooking into model internals.

DCC sources

• Original: 李汶龙 (Li Wenlong), 《AI拟人化互动服务管理暂行办法可以 考虑修改的几个方向》, 科技利维坦 WeChat Official Account (source).
• Rule under discussion: Interim Measures for the Administration of AI Anthropomorphic Interaction Services (draft).
• Related Chinese instruments referenced: the Personal Information Protection Law (minimisation, sensitive-PI rules, absence of a legitimate-interest ground) and the Generative AI Services Interim Measures.

This is an editorial summary, not a translation of Li Wenlong’s piece. The reform proposals and framings are his; any simplification, error of emphasis, or operational extrapolation is DCC’s. Not legal advice.