{"id":110506,"date":"2025-08-06T14:13:03","date_gmt":"2025-08-06T14:13:03","guid":{"rendered":"https:\/\/my.legal500.com\/guides\/?post_type=comparative_guide&#038;p=110506"},"modified":"2025-08-19T11:12:38","modified_gmt":"2025-08-19T11:12:38","slug":"china-tmt","status":"publish","type":"comparative_guide","link":"https:\/\/my.legal500.com\/guides\/chapter\/china-tmt\/","title":{"rendered":"China: TMT"},"content":{"rendered":"","protected":false},"template":"","class_list":["post-110506","comparative_guide","type-comparative_guide","status-publish","hentry","guides-tmt","jurisdictions-china"],"acf":[],"appp":{"post_list":{"below_title":"<div class=\"guide-author-details\"><span class=\"guide-author\">Han Kun Law Offices<\/span><span class=\"guide-author-logo\"><img src=\"https:\/\/my.legal500.com\/guides\/wp-content\/uploads\/sites\/1\/2022\/03\/Han-Kun.png\"\/><\/span><\/div>"},"post_detail":{"above_title":"<div class=\"guide-author-details\"><span class=\"guide-author\">Han Kun Law Offices<\/span><span class=\"guide-author-logo\"><img src=\"https:\/\/my.legal500.com\/guides\/wp-content\/uploads\/sites\/1\/2022\/03\/Han-Kun.png\"\/><\/span><\/div>","below_title":"<span class=\"guide-intro\">This country specific Q&amp;A provides an overview of TMT laws and regulations applicable in China<\/span><div class=\"guide-content\"><div class=\"filter\">\r\n\r\n\t\t\t\t<input type=\"text\" placeholder=\"Search questions and answers...\" class=\"filter-container__search-field\">\r\n\t\t\t<\/div>\r\n\r\n\t\t\t\r\n\r\n\r\n\t\t\t<ol class=\"custom-counter\">\r\n\r\n\t\t\t\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Software \u2013 How are proprietary rights in software and associated materials protected?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Proprietary rights in software and associated materials mainly include copyright and patent rights. Software copyright is mainly protected through the <em>Copyright Law<\/em> and the<em> Regulation on Computer Software Protection<\/em>. Software patent right is mainly protected under <em>Patent Law<\/em>, as the <em>Patent Examination Guidelines<\/em> explicitly state that computer program products are included in product claims. Additionally, if the software is not publicly disclosed, it can be protected as a trade secret under Article 9 of the <em>Anti-Unfair Competition Law<\/em>, provided that it meets the required criteria for confidentiality, value, and protective measures.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Software \u2013 In the event that software is developed by a software developer, consultant or other party for a customer, who will own the resulting proprietary rights in the newly created software in the absence of any agreed contractual position?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In the absence of a contractual agreement, the developer retains the proprietary rights related to both the patent and the copyright of the software. According to Article 859 of the <em>Civil Code<\/em>, unless otherwise specified by law or agreed upon by the parties, the right to apply for a patent for an invention or creation developed under a commissioned development agreement belongs to the developer or researcher. Regarding copyright, Article 19 of the <em>Copyright Law<\/em> and Article 11 of the <em>Regulation on Computer Software Protection<\/em> specify that, in the absence of a written contract or when the contract does not specify ownership, the copyright is vested in the developer.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Software \u2013 Are there any specific laws that govern the harm \/ liability caused by Software \/ computer systems?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Several laws govern the harm or liability caused by software or computer systems. Chapter 6 of the <em>Cybersecurity Law<\/em> sets responsibilities and penalties for network service providers whose products, including software and computer systems, cause harm \u2014 primarily in the form of fines. In severe cases that constitute a crime, liability may be pursued under Article 286 of the <em>Criminal Law<\/em>. While there are no specific laws covering all types of harm caused by software, broader legal frameworks offer fallback protection. The Tort Liability section of the <em>Civil Code<\/em>, the <em>Product Quality Law<\/em>, and the <em>Law of the People&#8217;s Republic of China on the Protection of Consumer Rights and Interests<\/em> ensure that users are safeguarded from damages caused by defective software or systems.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Software \u2013 To the extent not covered by (3) above, are there any specific laws that govern the use (or misuse) of software \/ computer systems?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Article 22 of the<em> Cybersecurity Law<\/em> establishes requirements for network products and services, including software and computer systems, mandating adherence to national standards, the implementation of immediate corrective actions for security vulnerabilities, and the maintenance of continuous security. The <em>Regulation on the Management of Security Vulnerabilities in Network Products<\/em> provides additional guidance on handling such issues. Additionally, Articles 285 and 286 of the <em>Criminal Law<\/em> specify crimes related to unlawful conduct involving software or computer systems, including illegal access, data theft, and system disruption, along with penalties for those found guilty of such offenses. These laws ensure both security and accountability in the use of software and computer systems.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Software Transactions (Licence and SaaS) \u2013 Other than as identified elsewhere in this overview, are there any technology-specific laws that govern the provision of software between a software vendor and customer, including any laws that govern the use of cloud technology?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>China does not have a dedicated technology-specific law governing software provision or cloud services. Instead, relevant rules are spread across multiple laws. Software licensing is mainly governed by the <em>Civil Code, Copyright Law<\/em>, and <em>Regulation on Computer Software Protection<\/em>. The provision of software-related services, including cloud-based services, falls under the <em>Cybersecurity Law, the Data Security Law, the Personal Information Protection Law<\/em>, and other sectoral regulations, such as the <em>Measures for Security Assessment of Cloud Services<\/em> and the <em>Interim Measures for Generative AI Services<\/em>.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Software Transactions (License and SaaS) \u2013 Is it typical for a software vendor to cap its maximum financial liability to a customer in a software transaction? If \u2018yes\u2019, what would be considered a market standard level of cap?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Yes, it is typical for software vendors to cap their maximum financial liability. A common market standard is to limit liability to the total fees or twice the amount paid by the customer under the agreement. For consumer-facing (ToC) software, the cap is often lower\u2014such as a refund of the most recent subscription fee. For free software, vendors typically include disclaimers to exclude liability, to the extent allowed by applicable laws.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Software Transactions (License and SaaS) \u2013 Please comment on whether any of the following areas of liability would typically be excluded from any financial cap on the software vendor\u2019s liability to the customer or subject to a separate enhanced cap in a negotiated software transaction (i.e. unlimited liability): (a) confidentiality breaches; (b) data protection breaches; (c) data security breaches (including loss of data); (d) IPR infringement claims; (e) breaches of applicable law; (f) regulatory fines; (g) wilful or deliberate breaches.<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Under Chinese law, liability for personal injury or for property damage caused by wilful misconduct or gross negligence cannot be excluded or capped\u2014any such limitation would be unenforceable. Whether a liability cap applies to these high-risk areas\u2014such as confidentiality breaches, data protection or data security violations (including data loss), intellectual property infringement, breaches of applicable law, and regulatory fines\u2014is subject to negotiation, but such liabilities are typically not capped in practice.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Software Transactions (License and SaaS) \u2013 Is it normal practice for software source codes to be held in escrow for the benefit of the software licensee? If so, who are the typical escrow providers used? Is an equivalent service offered for cloud-based software?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Source code escrow is occasionally used in on-premises license transactions, particularly where the vendor is responsible for ongoing maintenance, updates, or custom development. It serves to protect the licensee in the event that the vendor becomes bankrupt, breaches the agreement, or unreasonably terminates service. However, under Chinese law, if the licensor enters bankruptcy, the administrator may unilaterally terminate the license agreement. In such cases, even if the escrowed code is released, the licensee may no longer have the right to use it, which limits the practical effectiveness of escrow. For SaaS, source code is generally not escrowed; instead, some parties consider escrowing system images or deployment materials to ensure business continuity, though such practices are not yet widespread.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Software Transactions (License and SaaS) \u2013 Are there any export controls that apply to software transactions?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Software containing technology listed in the <em>Catalogue of Prohibited and Restricted Technology Exports<\/em> or the <em>Dual-Use Item Export Control List<\/em> may require government approval. In addition, for general software exports, vendors must comply with the<em> Measures on Management and Statistics of Software Export<\/em>, which require registration of the export contract on the designated platform and obtaining a Software Export Contract Registration Certificate.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">IT Outsourcing \u2013 Other than as identified elsewhere in this questionnaire, are there any specific technology laws that govern IT outsourcing transactions?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>For banking and insurance institutions, compliance regarding IT outsourcing with these sector-specific rules is mandatory, irrespective of general technology laws. IT outsourcing in other regulated sectors (e.g., healthcare, critical infrastructure) may also face additional constraints under China\u2019s overarching data security, cybersecurity, and personal information protection regimes.<\/p>\n<p>Notably, the Measures for the <em>Regulation of Information Technology Outsourcing Risks of Banking and Insurance Institutions<\/em> mandates the following key principles for IT outsourcing:<\/p>\n<ul style=\"padding-left: 0\">\n<li>Prohibition of Core Responsibility Outsourcing: Institutions shall not outsource their information technology management responsibilities or cybersecurity primary accountability.<\/li>\n<li>Strategic Control: Outsourcing must not hinder core capability development, and institutions must actively retain mastery of critical technologies.<\/li>\n<li>Risk-Cost-Benefit Balance: Institutions must maintain equilibrium among outsourcing risks, costs, and benefits.<\/li>\n<li>Security Safeguards: Ensure network\/information security and enhanced protection of personal information.<\/li>\n<li>Oversight Emphasis: Prioritize ex-ante controls and real-time supervision during outsourcing execution.<\/li>\n<li>Continuous Improvement: Regularly refine outsourcing strategies and risk management measures.<\/li>\n<\/ul>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">IT Outsourcing \u2013 Please summarise the principal laws (present or impending), if any, that protect individual staff in the event that the service they perform is transferred to a third party IT outsource provider, including a brief explanation of the general purpose of those laws.<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In China, there is no specific legislation targeting such service transfers.\u00a0 It, however, will be the entity that outsources the service to be ultimately responsible for the IT services provided under its title, but not the individual staff.\u00a0 The outsourcing entity may hold the third-party IT outsource provider as a consequence and the individual staff will only be responsible internally for tasks within their work scope.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Telecommunications \u2013 Please summarise the principal laws (present or impending), if any, that govern telecommunications networks and\/or services, including a brief explanation of the general purpose of those laws.<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The principal regulations on telecommunications in China include the <em>Telecommunications Regulations of the People&#8217;s Republic of China<\/em> (the \u201c<strong>Telecom Regulations<\/strong>\u201d), the <em>Administrative Measures for the Licensing of Telecommunications Business<\/em> (the \u201c<strong>Licensing Measures<\/strong>\u201d), the <em>Classification Catalogue of Telecommunications Services<\/em> (the \u201c<strong>Catalog<\/strong>\u201d), and the<em> Administrative Provisions for Foreign-funded Telecommunications Enterprises<\/em> (the \u201c<strong>FITE Provisions<\/strong>\u201d).<\/p>\n<p>Telecom Regulations provides a framework of governing telecommunication services in China. It categorizes telecommunication businesses into basic telecommunications businesses (the \u201c<strong>BTS<\/strong>\u201d) and value-added telecommunications businesses (the \u201c<strong>VAT<\/strong>\u201d) and requires different licenses for each type of services. The Catalog provides definition on the different types of telecommunication businesses with detailed descriptions.<\/p>\n<p>In addition, the Licensing Measures sets out the requirements and procedures for applying for, approving, using and managing telecommunication businesses licenses, and the FITE Provisions elaborates regulations on how foreign-funded telecommunications enterprises shall engage in telecommunications services activities within China.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Telecommunications \u2013 Please summarise any licensing or authorisation requirements applicable to the provision or receipt of telecommunications services in your country. Please include a brief overview of the relevant licensing or authorisation regime in your response.<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The Catalog sets out specific features and descriptions of each type of telecommunication services, and telecommunication service providers shall obtain the corresponding license before operating business. The application and approval requirements for different types of licenses may vary, for example, compared to VAT, BTS requires the telecommunication operator to have a state-owned equity or shareholding of not less than 51%.<\/p>\n<p>Meanwhile, China also has strict restrictions on foreign-invested companies operating VAT services, with the foreign shareholding ratio not exceeding 50% in principle, unless otherwise provided for by laws and regulations. It is worth noting that China has recently launched a pilot program to relax the foreign equity ratio restrictions for some VAT businesses, which may indicate a gradual easing of China&#8217;s stance on telecommunication business.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Telecommunications \u2013 Please summarise the principal laws (present or impending) that govern access to communications data by law enforcement agencies, government bodies, and related organisations. In your response, please outline the scope of these laws, including the types of data that can typically be requested, how these laws are applied in practice (e.g., whether requests are confidential, subject to challenge, etc.), and any legal or procedural safeguards that apply.<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>China does not have a consolidated law governing the access to communications data by competent agencies. Instead, the relevant provisions are scattered in different laws and regulations, and they do not specify detailed data types. For example, Article 65 of the <em>Telecom Regulations<\/em> provides that for reasons of national security or the investigation of criminal offenses, public security organs, national security organs, or people&#8217;s procuratorates may inspect telecommunications content in accordance with the procedures prescribed by law. Article 35 of the <em>Data Security Law<\/em> also sets out that the security organs may obtain data for the purpose of protecting national security or investigating crimes according to law.<\/p>\n<p>Laws and regulations also set restrictions on such access by authorities. For example, according to Article 35 of the <em>Data Security Law<\/em>, the authority must follow strict procedures for approval and access data in accordance with the law. In addition, Article 28 of the <em>Provisions on Procedures for Administrative Law Enforcement by Cyberspace Authorities<\/em> provides that only in the event that the evidence may be destroyed or lost, or difficult to obtain in the future, and upon the approval of the person in charge of the cyberspace authority, law enforcement officers may register and retain in advance the data storage devices involved in the suspected violation.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Mobile communications and connected technologies \u2013 What are the principle standard setting organisations (SSOs) governing the development of technical standards in relation to mobile communications and newer connected technologies such as digital health or connected and autonomous vehicles?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The main competent authorities are the Ministry of Industry and Information Technology (MIIT) and the State Administration for Market Regulation (SAMR).<\/p>\n<p>For example, the Department of Science and Technology of MIIT and the Standardization Administration of China (SAC) under SAMR usually work with research institutes such as the China Academy of Information and Communications Technology (CAICT) and the China Electronics Standardization Institute (CESI), and join hands with other industry associations, technology enterprises and research institutions to issue cutting-edge technical standards related to mobile communications and connected technologies. These include mandatory national standards, recommended national standards, and guiding technical documents.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Mobile communications and connected technologies \u2013 How do technical standards facilitating interoperability between connected devices impact the development of connected technologies?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Technical interoperability standards, developed through the integration of authoritative guidance from regulators, technical expertise from research institutes (e.g., CAICT, CESI), and practical feedback from industry, are fundamental to the advancement of connected technologies. By ensuring compatibility across diverse devices and systems, these standards eliminate fragmentation, enabling seamless collaboration between 5G networks, IoT sensors, smart devices, and emerging domains like connected vehicles and digital health tools. This interoperability is crucial for accelerating the large-scale deployment and adoption of these technologies across industries and in daily life.<\/p>\n<p>Mandatory national standards establish baseline requirements for safety, security, and quality, thereby safeguarding public interests and maintaining market order. Meanwhile, recommended standards and guiding documents offer flexibility, encouraging technological innovation by allowing enterprises to explore new solutions within a standardized framework. The development of such standards also involves careful consideration of intellectual property rights, often governed by principles like Fair, Reasonable, and Non-Discriminatory (FRAND) licensing, to ensure widespread adoption and innovation.<\/p>\n<p>Overall, such a standardized system balances regulation and innovation, fosters industry collaboration, reduces technical barriers, mitigates R&amp;D risks by providing clear technical pathways and development costs, and ultimately drives the healthy and sustainable growth of connected technologies.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Data Protection \u2013 Please summarise the principal laws (present or impending), if any, that govern data protection, including a brief explanation of the general purpose of those laws.<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The <em>Cybersecurity Law <\/em>(\u201c<strong>CSL<\/strong>\u201d) as effective from 2017, the <em>Data Security Law<\/em> (\u201c<strong>DSL<\/strong>\u201d) as effective from 1 September 2021 and the <em>Personal Information Protection Law<\/em> (\u201c<strong>PIPL<\/strong>\u201d) which took effect on 1 November 2021 constitute the three fundamental legislations in the data protection regime which together form an overarching framework governing data processing and cybersecurity issues.<\/p>\n<p>The CSL provides the foundational cybersecurity architecture for data protection, while the DSL establishes a hierarchical data security classification system applicable to virtually all data processing operations. Unlike the security-centric requirements under the CSL and the DSL, the PIPL focuses on personal data protection and on safeguarding the rights of data subjects. The PIPL is China\u2019s comprehensive law on personal data protection.<\/p>\n<p>The <em>Regulations on the Administration of Network Data Security,<\/em> which came into effect on January 1, 2025, further refines the regulatory requirements for data protection.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Data Protection \u2013 What is the maximum sanction that can be imposed by a regulator in the event of a breach of any applicable data protection laws?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Under the DSL, failure to comply with data protection obligations can result in fines ranging from RMB 50,000 to RMB 2,000,000. The highest penalty for illegal cross-border transfer of important data can be up to RMB 10,000,000. In cases where core data protection is violated and national sovereignty, security, and development are at risk, the fine may reach RMB 10,000,000, and criminal liability may also be imposed.<\/p>\n<p>Under the PIPL, the maximum penalty for violating personal information protection laws can be RMB 50,000,000 or 5% of the data handler\u2019s annual turnover from the previous year. Infringements related to personal information protection can also lead to criminal liability under the Criminal Law.<\/p>\n<p>Apart from sanctions imposed on the data handlers, the person directly in charge and other directly liable persons may face fines of up to RMB 1,000,000. In the case of severe personal information infringement, a decision may be made to prohibit the said persons from acting as directors, supervisors, senior executives and persons-in-charge of personal information protection of relevant enterprises within a certain period of time.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Data Protection \u2013 Do technology contracts in your country typically refer to external data protection regimes, e.g. EU GDPR or CCPA, even where the contract has no clear international element?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>China has established a comprehensive data protection legal regime, imposing more stringent guidelines than its global counterparts in many aspects. As a result, it is generally not customary to refer to foreign data protection regulations unless there is an international connection in the technology contracts.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Cybersecurity \u2013 Please summarise the principal laws (present or impending), if any, that govern cybersecurity (to the extent they differ from those governing data protection), including a brief explanation of the general purpose of those laws.<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The CSL, as the fundamental legislation in the field of cybersecurity, systematically establishes legal requirements for several core issues, including without limitation: protection obligations for operators of critical information infrastructure (CIIOs), the Multiple Level Protection Scheme of cybersecurity, compliance management requirements for critical network equipment and special-purpose cybersecurity products, emergency response to cybersecurity incidents,\u00a0 the governance of network information contents, etc.<\/p>\n<p>The specific requirements for these issues are stipulated in the corresponding administrative regulations, departmental rules, and national standards, such as <em>Security Protection Regulations for Critical Information Infrastructure, GB\/T 22239-2019 Information security technology &#8211; Baseline for classified protection of cybersecurity, GB 42250-2022 Information security technology\u2014Security technical requirements of specialized cybersecurity products, Administrative Measures for Cybersecurity Incident Reporting (Draft), Provisions on the Ecological Governance of Network Information Contents<\/em>, etc.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Cybersecurity \u2013 What is the maximum sanction that can be imposed by a regulator in the event of a breach of any applicable cybersecurity laws?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Under the CSL, CIIOs that fail to meet cybersecurity protection obligations or network operators engaging in activities that jeopardize cybersecurity may be fined up to RMB 1,000,000. Severe violations could lead to criminal liability under the Criminal Law.<\/p>\n<p>The draft amendment to the CSL, published in March 2025, proposes increasing the maximum fine to RMB 10,000,000. The draft is still under discussion and development.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Artificial Intelligence \u2013 Which body(ies), if any, is\/are responsible for the regulation of artificial intelligence?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The Cyberspace Administration of China (CAC) is the primary regulatory authority for artificial intelligence within Mainland China.<\/p>\n<p>In addition, several other government bodies are involved in supervising various aspects of AI development and use, including but not limited to the following:<\/p>\n<ul style=\"padding-left: 0\">\n<li>MIIT promotes the integration of AI into industrial development and technological innovation by formulating standards, launching innovation programs, and promoting representative use cases.<\/li>\n<li>The Ministry of Public Security (MPS) is primarily responsible for investigating and handling cases involving the misuse of AI, particularly those related to criminal activities.<\/li>\n<li>The Ministry of Science and Technology (MST) plays a key role in promoting secure AI research and development, while also guiding the ethical and sustainable growth of AI technologies.<\/li>\n<\/ul>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Artificial Intelligence \u2013 Please summarise the principal laws (present or impending), if any, that govern the deployment and use of artificial intelligence, including a brief explanation of the general purpose of those laws.<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Under the PRC legal framework, the deployment and use of artificial intelligence are governed by several key regulations, including but not limited to:<\/p>\n<ul style=\"padding-left: 0\">\n<li><strong><em>Administrative Provisions on Recommendation Algorithms in Internet-based Information Services <\/em><\/strong>(effective March 1, 2022), which regulate online services commonly powered by recommendation algorithms\u2014many involving AI technologies such as generative, synthetic, and decision-making algorithms. The regulations aim at creating a transparent and fair algorithmic environment, requiring transparency in algorithmic logic, labeling of AI-generated content, establishing user complaint and reporting mechanisms, and algorithm filing, etc.<\/li>\n<li><strong><em>Administrative Provisions on Deep Synthesis in Internet-based Information Services <\/em><\/strong>(effective January 10, 2023), which focus on regulating the use of deep synthesis technologies (such as deepfakes) that may mislead or confuse users. Key requirements include clear labeling of synthetic content, mechanisms for clarifying misinformation, user log retention, and algorithm filing obligations.<\/li>\n<li><strong><em>Interim Measures for the Management of Generative Artificial Intelligence Services<\/em><\/strong><em> (\u201c<strong>Generative AI Measures<\/strong>\u201d)<\/em>, effective since August 15, 2023, apply to providers of generative AI services to the public in Mainland China. The <em>Generative AI Measures<\/em> address content safety, fairness, non-discrimination, and regulatory filing requirements for generative AI services, while also referencing obligations set out in other regulations concerning personal information protection, IP rights, and content labeling, etc.<\/li>\n<\/ul>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Artificial Intelligence \u2013 Are there any specific legal provisions (present or impending) in respect of the deployment and use of Large Language Models and\/or generative AI (including agentic AI)?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Yes. Generative AI has become a central focus of algorithm governance in the PRC, with key regulations including the <em>Generative AI Measures<\/em> and the <em>Measures for the Labeling of AI-Generated Synthetic Content (&#8220;<strong>AI Content Labeling Measures<\/strong>&#8220;).<\/em><\/p>\n<p>The <em>Generative AI Measures<\/em> designate generative AI service providers as the primary parties responsible for compliance. Providers should adopt effective measures to meet regulatory obligations throughout the development and deployment of generative AI services, including but not limited to:<\/p>\n<ul style=\"padding-left: 0\">\n<li>Upholding socialist core values (i.e., avoiding the generation of prohibited or politically sensitive content);<\/li>\n<li>Taking effective measures to prevent discrimination;<\/li>\n<li>Respecting intellectual property rights and business ethics;<\/li>\n<li>Safeguarding others&#8217; legitimate rights and interests; and<\/li>\n<li>Enhancing the transparency, accuracy, and reliability of AI-generated content.<\/li>\n<\/ul>\n<p>In addition, providers of generative AI services with \u201cpublic opinion attributes or social mobilization capabilities\u201d are required to undergo security assessments and complete algorithm filings with the CAC. In practice, the security assessment is carried out through the filing or registration of large language models (LLMs) with the local CACs, which is a separate process from algorithm filing.<\/p>\n<p><em>AI Content Labeling Measures<\/em>, issued on March 7, 2025 and set to take effect on September 1, 2025, further specify the labeling requirements for AI-generated content. The <em>AI Content Labeling Measures<\/em> introduce differentiated explicit labeling obligations for various types of AI-generated content, and require service providers to embed implicit labels containing prescribed information into the metadata of the AI-generated files.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Artificial Intelligence \u2013 Do technology contracts in your jurisdiction typically contain either mandatory (e.g. mandated by statute) or recommended provisions dealing with AI risk? If so, what issues or risks need to be addressed or considered in such provisions?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The <em>Generative AI Measures <\/em>require providers of generative AI services to establish service terms with users, clarifying the rights and obligations of both parties. The <em>AI Content Labeling Measures<\/em> further stipulate that service providers should clearly specify provisions related to AI-generated content labeling in their service terms, in order to enhance transparency.<\/p>\n<p>Although current regulations do not mandate other specific provisions that must be included in service terms, providers of generative AI services commonly incorporate the following provisions into their service terms to fulfill their legal obligations:<\/p>\n<ul style=\"padding-left: 0\">\n<li><strong>Content Safety Management<\/strong>: Users are prohibited from inputting or inducing the output of content that is illegal or harmful under PRC law. The provider reserves the right to take appropriate actions and to report the incident to the relevant regulatory authorities in the event of unlawful conduct.<\/li>\n<li><strong>Disclosure of Technological Limitations<\/strong>: Providers typically include statements explaining the limitations of generative AI technologies and guide users toward a rational and lawful understanding and use of such technologies, particularly to prevent minors from becoming overly reliant on or addicted to generative AI services.<\/li>\n<li><strong>Complaint and Reporting Mechanism<\/strong>: Service terms typically outline the procedures and response timelines for handling complaints and reports related to generative AI services, ensuring that user feedback is received and addressed in accordance with AI-related regulations.<\/li>\n<\/ul>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Artificial Intelligence \u2013 Do software or technology contracts in your jurisdiction typically contain provisions regarding the application or treatment of copyright or other intellectual property rights, or the ownership of outputs in the context of the use of AI systems?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Yes, the ownership and intellectual property rights (particularly copyright) in AI-generated outputs are typically governed by contract terms. Whether AI-generated content qualifies for copyright protection depends on the degree of human creative contribution involved in its production. Chinese courts generally recognize such content as a protected work, with copyright vesting in the user, if the user demonstrates sufficient originality through actions such as inputting specific prompts or adjusting parameters. The Hangzhou Internet Court, in a virtual digital avatar case, held that the developer&#8217;s aesthetic choices regarding AI-generated content constituted creation, affirming that copyright belonged to the developer.<\/p>\n<p>Conversely, content generated without substantial human involvement currently receives no copyright protection under Chinese law (e.g., automatically generated statistical data). Contracts typically stipulate that such outputs constitute the subject of &#8220;property interests&#8221; belonging to the client or platform, with corresponding usage rights granted accordingly.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Blockchain \u2013 What are the principal laws (present or impending), if any, that govern (i) blockchain specifically (if any) and (ii) digital assets, including a brief explanation of the general purpose of those laws?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Blockchain is primarily regulated through the <em>Provisions on Blockchain Information Services<\/em>, which require service providers to complete regulatory filings, authenticate users (using real names), and implement content controls.<\/p>\n<p>Digital assets are highly regulated. According to the<em> Notice on Further Preventing and Dealing with Speculation Risks in Virtual Currency Trading<\/em>, virtual currencies such as Bitcoin and ETH are not legal tender and cannot be used for circulation or as a means of payment. All cryptocurrency-related business activities\u2014including trading, exchanges, and overseas platforms serving Chinese users\u2014are deemed illegal financial activities. This prohibition is enforced by multiple financial and cybersecurity regulators. At the same time, China supports state-led digital currency initiatives such as the e-CNY (digital yuan), under the central bank\u2019s oversight.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Search Engines and Marketplaces \u2013 Please summarise the principal laws (present or impending), if any, that govern search engines and marketplaces, including a brief explanation of the general purpose of those laws.<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Under PRC law, search engines are primarily regulated by the<em> Administrative Provisions on Internet Information Search Services<\/em>, the <em>Telecommunications Regulations<\/em>. The Administrative Provisions on Internet Information Search Services impose obligations on search engine operators to implement content security management measures, protect personal information, clearly label paid search results, and ensure advertising compliance, etc. Search engine operators should also obtain the necessary licenses, such as the B25 value-added telecommunications license for &#8220;information search and query services&#8221;, where foreign ownership in entities operating such value-added telecommunications services may not exceed 50%.<\/p>\n<p>Online marketplaces are subject to regulations, including the <em>E-Commerce Law<\/em> and the <em>Consumer Protection Law<\/em>. These platforms must obtain any required administrative licenses, safeguard consumers\u2019 rights to be informed and to make choices, fulfil personal information protection obligations, retain records of products, services, and transactions for no less than 3 years, provide consumers with options that are not based on personal profiling, and ensure advertising compliance.<\/p>\n<p>In addition, both search engine and marketplace operators are required to comply with competition laws, including the <em>Anti-Unfair Competition Law<\/em> and the <em>Interim Provisions on Preventing Unfair Competition in the Online Market<\/em>.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Social Media \u2013 Please summarise the principal laws (present or impending), if any, that govern social media and online platforms, including a brief explanation of the general purpose of those laws?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The operation of social media and online platforms shall be in line with the Administrative Measures for Internet Information Services and the Provisions on the Ecological Governance of Network Information Contents, which mandate content moderation, user identity verification, and the suppression of \u201charmful\u201d or politically sensitive content. The operators should also obtain the necessary licenses, such as the B25 value-added telecommunications license for information services.<\/p>\n<p>Platform operators shall also abide by the CSL and PIPL to fulfill their obligations of personal information and cybersecurity protection.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Social Media \u2013 What is the maximum sanction that can be imposed by a regulator in the event of a breach of any applicable online safety laws?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The fines for operating social media platforms without a proper license may be up to RMB 1,000,000. The maximum penalty for violating personal information protection laws can be RMB 50,000,000 or 5% of the data handler\u2019s annual turnover from the previous year.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Spatial Computing \u2013 Please summarise the principal laws (present or impending), if any, that govern spatial computing, including a brief explanation of the general purpose of those laws?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>No specific laws tailored exclusively to spatial computing have been established yet. It is mainly regulated by existing legal frameworks.<\/p>\n<p>For example, the PIPL governs the collection, storage, transmission, and sharing of sensitive personal data\u2014such as iris scans, fingerprints, and physiological indicators\u2014collected through spatial computing technologies.<\/p>\n<p>In addition, intellectual property is regulated by relevant laws. The <em>Patent Law, Copyright Law<\/em>, and <em>Trademark Law<\/em> protect patents related to spatial computing (such as 3D engines and VR\/AR technologies), copyrights (like software and algorithms), and trademarks (such as virtual IPs). These laws prevent unauthorized use of such intellectual property, maintaining an innovative environment and market order.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Quantum Computing \u2013 Please summarise the principal laws (present or impending), if any, that govern quantum computing and\/or issues around quantum cryptography, including a brief explanation of the general purpose of those laws?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>There are no specific laws exclusively governing quantum computing. According to mainstream academic opinion, existing legal frameworks may evolve as follows: In intellectual property, patent laws and guidelines need adjustments for quantum inventions\u2014new novelty standards, special procedures, and prior art databases\u2014to regulate patents, protect innovation, and clarify infringement liability; for privacy and security, protocols should be updated and quantum-resistant encryption (e.g., post-quantum cryptography) promoted to counter threats to systems like RSA, safeguarding data in communications and finance; liability rules (e.g., product liability) require tweaks to address quantum systems\u2019 probabilistic nature and multi-party involvement via new standards, clarifying responsibility for errors or damages; and in evidence, new standards for quantum-generated evidence (e.g., sensor data) and adjusted evidentiary rules are needed to ensure validity and fairness in legal proceedings. These adaptations balance innovation, security, and rights, forming a quantum-era legal framework.<\/p>\n<p>As for quantum cryptography, the <em>Cryptography Law of the People&#8217;s Republic of China<\/em> is the core law regulating the application and management of cryptography. It classifies cryptography into three categories: core cryptography, ordinary cryptography, and commercial cryptography, which are used to protect state secrets, critical information infrastructure, and the information security of market entities, respectively. Supporting laws include the Regulation on the <em>Administration of Commercial Cryptography<\/em>, etc.<\/p>\n<p>With the development and maturity of quantum cryptography technology, revisions to relevant laws have also been discussed. In 2023, China established a Working Group on Post-Quantum Cryptography Strategy, Policy and Law, which is responsible for coordinating technical and legal issues related to quantum cryptography.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Datacentres \u2013 Does your jurisdiction have any specific regulations that apply to data centres?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Under PRC legal framework, Internet Data Centre (IDC) business refers to the use of corresponding computer room facilities to provide users with placement, maintenance on behalf of the user, system configuration, and management services for their servers and other internet or network-related equipment through outsourcing and leasing. IDC businesses also include Internet Resource Collaboration Service (IRCS) business. Typical IRCS business includes providing data storage, internet application development environments, deployment of internet applications, operation, and management services.<\/p>\n<p>IDC businesses are primarily regulated by the Telecom Regulations. Operators of data centres must obtain a B11 IDC license. A pilot program has been launched in dedicated provinces to relax the 50% foreign equity ratio restrictions for data centre businesses.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">General \u2013 What are your top 3 predictions for significant developments in technology law in the next 3 years?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p><strong>Further Refinement and Development of AI Legislation<\/strong><\/p>\n<p>The legal framework for artificial intelligence (AI) will continue to evolve. In addition to current content labelling requirements, more legislative measures are expected to be introduced to regulate AI\u2019s practical applications across various industries. These regulations will likely cover issues such as the transparency and fairness of AI algorithms and may also address the ownership of copyrights and related intellectual property rights concerning AI-generated content. Furthermore, it is anticipated that the Artificial Intelligence Law may be formally enacted within the next 1-2 years, providing clearer legal guidance for this sector.<\/p>\n<p><strong>Advances in Personal Data Anonymization Standards<\/strong><\/p>\n<p>With the growth of the mobile internet, companies have accumulated vast amounts of user and product data, and the utilization of this data has become central to driving business innovation and development. Particularly, the advancement of AI technology requires large volumes of training data, which has led companies to intensify efforts in data collection and analysis. However, the PIPL imposes strict requirements on the collection and use of personal data. Thus, balancing the legal use of data with privacy protection has become a critical issue for the industry. We anticipate that legislators will explore detailed regulatory guidelines for data de-identification and anonymization through regulations or national standards, seeking to balance the need for data protection with the demand for data exchange.<\/p>\n<p><strong>Further Detailing of the Regulation of Important Data<\/strong><\/p>\n<p>Important data and core data are unique concepts under China&#8217;s data protection law. Currently, regulatory authorities are exploring important data governance through establishing identification standards and collecting important data catalogs from enterprises. As data protection efforts continue to progress, it is expected that future regulatory rules will be further refined, ultimately forming a regulatory system equivalent to personal data protections.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">General \u2013 Do technology contracts in your country commonly include provisions to address sustainability \/ net-zero obligations or similar environmental commitments?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In China&#8217;s technology contracts, incorporating sustainability commitments such as Environmental, Health and Safety (EHS) and net-zero emissions has become a significant trend, driven by both the \u201c2030 Carbon Peaking and 2060 Carbon Neutrality\u201d goals and international regulations.\u00a0 Currently, particularly in large multinational enterprises and state-owned enterprise projects, such environmental clauses have transcended \u201cmoral advocacy\u201d to become binding \u201ccontractual breach triggers\u201d. Contracts failing to embed quantifiable sustainability commitments (e.g., renewable energy usage ratios, energy efficiency targets) not only face increasingly stringent legal compliance risks but may also be eliminated from the market due to non-compliance with supply chain requirements. However, constrained by costs and implementation capabilities, environmental clauses in small-to-medium projects typically remain principle-based commitments.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\r\n<div class=\"word-count-hidden\" style=\"display:none;\">Estimated word count: <span class=\"word-count\">6032<\/span><\/div>\r\n\r\n\t\t\t<\/ol>\r\n\r\n<script type=\"text\/javascript\" src=\"\/wp-content\/themes\/twentyseventeen\/src\/jquery\/components\/filter-guides.js\" async><\/script><\/div>"}},"_links":{"self":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/comparative_guide\/110506","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/comparative_guide"}],"about":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/types\/comparative_guide"}],"wp:attachment":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/media?parent=110506"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}