China has been in a heat wave since we stepped into June, and for companies falling short on artificial intelligence and data privacy compliance, the regulatory climate is just as intense. As temperatures rise, so does the pressure on organizations to meet increasingly stringent legal and regulatory standards.
In recent weeks, China's key regulatory authorities — including the Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security, the People's Bank of China, the State Administration for Market Regulation and their regional counterparts — have launched a series of enforcement campaigns. These efforts are focused on a range of digital concerns, including mobile apps, generative AI technologies, internet fraud, cyberbullying, facial recognition systems, biometric data processing and cybersecurity risks.
In Shanghai, the CAC identified that several generative AI platforms failed to conduct mandatory security impact assessments. This oversight led to the generation of content involving pornography, violence, money laundering and violations of personal data rights. As a result, some companies were required to carry out comprehensive corrective actions and their AI services were suspended pending review.
Regulators in Beijing have requested AI companies and service providers strengthen compliance across the entire AI life cycle — including the filing of large language models, training data evaluation, content monitoring, regulating application programming interfaces, accountability of AI in health care and finance fields, and protection of children's information. Nearly 100 noncompliant AI accounts were recently shut down. With China's AI labeling rules set to take effect in October, the CAC is urging service providers to implement proper labeling for AI-generated content, including text, images, audio and video.
Beyond AI-specific measures, Beijing regulators are also intensifying their focus on consumer-facing sectors such as smart parking, online food delivery, hotel booking, education, entertainment ticketing, online medical platforms and even digital fuel stations. A recent random audit of 197 mobile apps — affecting more than 50,000 business operators — revealed various issues, including failure to disclose privacy policies, unauthorized collection of personal information, lack of adequate security measures, and improper API authorization processes. In response, the CAC plans to conduct routine inspections and has introduced a whistleblower hotline. A public blacklist of violators will also be published periodically.
Similar enforcement actions are underway in other major cities and provinces, including Tianjin, Guangdong, Zhejiang and Jiangsu, reinforcing a coordinated national approach.
These developments indicate a clear and consistent trajectory: China's regulators are significantly strengthening governance around AI and personal data protection. This trend is expected to continue. It is vital for businesses to stay informed of regulatory trends and take timely actions to align with compliance expectations.
Barbara Li, CIPP/E, is a partner at Reed Smith.
This article originally appeared in the Asia-Pacific Dashboard Digest, a free weekly IAPP newsletter. Subscriptions to this and other IAPP newsletters can be found here.