Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022)

China

v2024

5 domains

48 controls

Regulations governing algorithmic recommendation services (2022) and security assessment of generative AI services (2023), with amendments introduced in 2024 expanding oversight of AI‑generated content and recommendation algorithms.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (5)

Algorithm Recommendation

19 controls

Controls in the Algorithm Recommendation domain of Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022) — 19 controls
Code	Title	Description
CN-ALG-A10	No Illegal Keywords in User Profiles	Providers must not record illegal or undesirable keywords into user interest profiles or use them as criteria for recomm...
CN-ALG-A11	Feed Ecology and Mainstream Value Orientation	Providers must strengthen the ecological management of recommendation feeds, establish manual intervention and user self...
CN-ALG-A12	Ranking and Transparency Practices	Providers are encouraged to optimise transparency and explainability of search, ranking, selection, push and display rul...
CN-ALG-A14	Prohibition on Algorithmic Manipulation	Providers must not use algorithms to falsely register accounts, manipulate accounts, fabricate transactions/likes, manip...
CN-ALG-A15	No Unfair Restriction of Competitors	Providers must not use algorithms to unreasonably restrict other internet information service providers, or to impede or...
CN-ALG-A16	Algorithm Transparency Disclosure to Users	Providers must inform users in a conspicuous manner that they provide algorithmic recommendation services and publicise...
CN-ALG-A17	User Choice and Opt-Out	Providers must offer users options not targeted at their personal characteristics or a convenient way to switch off algo...
CN-ALG-A18	Protection of Minors	Providers serving minors must fulfil minor-protection duties, facilitate minors' healthy use through suitable service mo...
CN-ALG-A19	Protection of Elderly Users	Providers serving the elderly must protect their lawful interests, account for their travel, medical, consumption and ot...
CN-ALG-A20	Worker Protection (Gig Economy)	Providers offering work-scheduling services to workers must protect their lawful interests in remuneration, rest and wor...
CN-ALG-A21	Consumer Protection (No Price Discrimination)	Providers selling goods or services to consumers must protect consumers' fair-trading rights and must not use algorithms...
CN-ALG-A22	Complaint and Reporting Mechanism	Providers must establish convenient complaint and public-reporting entry points, disclose the handling process and timef...
CN-ALG-A24	Algorithm Filing	Providers with public-opinion attributes or social-mobilisation capacity must, within ten working days of providing serv...
CN-ALG-A26	Display of Filing Number	Providers that have completed filing must indicate their filing number in a conspicuous position on their website, appli...
CN-ALG-A27	Algorithm Security Assessment	Providers with public-opinion attributes or social-mobilisation capacity must carry out a security assessment in accorda...
CN-ALG-A28	Audit Cooperation and Log Retention	Providers must cooperate with cyberspace and other authorities' supervision and inspection, give explanations, retain re...
CN-ALG-A7	Algorithm Security Management System	Algorithmic recommendation service providers must establish and improve management systems and technical measures for al...
CN-ALG-A8	Periodic Algorithm Review (Anti-Addiction)	Providers must regularly review, evaluate and verify algorithm mechanisms, models, data and application outcomes, and mu...
CN-ALG-A9	Illegal and Harmful Information Handling	Providers must strengthen information-content management, establish feature libraries to identify illegal and undesirabl...

Cross-Cutting

2 controls

Controls in the Cross-Cutting domain of Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022) — 2 controls
Code	Title	Description
CN-CSL-MLPS	MLPS and Cybersecurity Obligations	The CAC AI regime is grounded in the Cybersecurity Law, Data Security Law and Personal Information Protection Law. Netwo...
CN-PIPL-A24	Automated Decision-Making Transparency (PIPL)	Where the recommendation/generation services process personal information through automated decision-making, the Persona...

Deep Synthesis

11 controls

Controls in the Deep Synthesis domain of Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022) — 11 controls
Code	Title	Description
CN-DS-A10	Content Moderation and Violation Database	Providers must strengthen management of deep synthesis content, take technical or manual measures to review user inputs...
CN-DS-A14	Training Data Security and Biometric Consent	Providers and technical supporters must strengthen training-data management and ensure data security; where training dat...
CN-DS-A15	Security Assessment of Editing Functions	Providers and technical supporters offering functions such as biometric editing of faces/voices or generation/significan...
CN-DS-A16	Technical Marking of Synthetic Content	Providers must add technical markings (e.g. implicit identifiers) to information content generated or edited using deep...
CN-DS-A17	Conspicuous Labelling of Synthetic Content	For deep synthesis services that may cause public confusion or mistaken identity (e.g. intelligent dialogue, synthetic h...
CN-DS-A18	No Tampering with Synthesis Identifiers	No organisation or individual may use technical means to delete, alter or conceal the deep synthesis markings required b...
CN-DS-A19	Deep Synthesis Filing	Deep synthesis service providers with public-opinion attributes or social-mobilisation capacity must complete filing and...
CN-DS-A20	Security Assessment Before New Functions	When developing and launching new products, applications or functions with public-opinion attributes or social-mobilisat...
CN-DS-A6	Prohibited Use of Deep Synthesis	No organisation or individual may use deep synthesis services to produce, copy, publish or transmit information prohibit...
CN-DS-A7	Deep Synthesis Security Management System	Deep synthesis service providers must establish and improve management systems for user registration, algorithm-mechanis...
CN-DS-A9	Real-Name Verification	Deep synthesis service providers must authenticate the real identity of users based on mobile phone number, identity doc...

Ethics

1 controls

Controls in the Ethics domain of Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022) — 1 controls
Code	Title	Description
CN-ETH-REV	Science and Technology Ethics Review	Both the Deep Synthesis Provisions (Art. 7) and the Algorithmic Recommendation Provisions (Art. 7) require providers to...

Generative AI Measures

15 controls

Controls in the Generative AI Measures domain of Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022) — 15 controls
Code	Title	Description
CN-GAI-A10	Target Users and Minor Anti-Addiction	Providers must clarify and disclose the applicable users, occasions and purposes of the service, guide users to lawful u...
CN-GAI-A11	Protection of User Input and Records	Providers must fulfil personal-information protection duties for user input information and usage records; must not coll...
CN-GAI-A12	Labelling of Generated Content	Providers must label generated images, videos and other content in accordance with the Provisions on the Management of D...
CN-GAI-A13	Safe, Stable and Continuous Service	Providers must provide safe, stable and continuous service throughout the service period, safeguarding users' normal use...
CN-GAI-A14	Illegal Content Disposal and Reporting	On discovering illegal content, providers must promptly stop generation and transmission, take disposal measures such as...
CN-GAI-A15	Complaint and Reporting Mechanism	Providers must establish a sound complaint and reporting mechanism, set up easy-to-use entry points, disclose the proces...
CN-GAI-A16	Categorised and Graded Supervision	Relevant competent authorities (cyberspace, development/reform, education, science/technology, industry/IT, public secur...
CN-GAI-A17	Security Assessment and Algorithm Filing	Providers of generative AI services with public-opinion attributes or social-mobilisation capacity must carry out a secu...
CN-GAI-A19	Regulatory Inspection Cooperation	Providers must cooperate with competent-authority supervision and inspection, explain as required the sources, scale and...
CN-GAI-A2	Scope of Application	Applies to the provision of generative AI services to the public within China to generate text, images, audio or video....
CN-GAI-A21	Legal Liability for Violations	Violations are dealt with under the Cybersecurity Law, Data Security Law, Personal Information Protection Law, Law on Sc...
CN-GAI-A4	Content Compliance and Prohibited Content	Service provision and use must uphold core socialist values and must not generate content that incites subversion of sta...
CN-GAI-A7	Training Data Lawfulness	Providers must use training data from lawful sources, not infringe intellectual property, obtain consent where personal...
CN-GAI-A8	Data Annotation Rules	Where data annotation is carried out during development, providers must establish clear, specific and operable annotatio...
CN-GAI-A9	Provider Responsibility for Outputs	The provider bears responsibility as the producer of online information content and as the personal-information processo...

Your Compliance Coverage

If you comply with Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022), you already cover:

NIST AI Risk Management Framework (AI RMF 1.0)

38%

18 controls mapped

Compare →

OECD Recommendation on Artificial Intelligence (2024 Update)

23%

11 controls mapped

Compare →

GDPR

3 controls mapped

Compare →

+ 2 more: ISO 27701:2019 (2%), NIST SP 800-53 Rev 5 (2%)

See all 5 mapped frameworks ↓

Maps to 5 other frameworks

48 total controls

NIST AI Risk Management Framework (AI RMF 1.0)

18 source controls mapped|11 target controls covered

38%

OECD Recommendation on Artificial Intelligence (2024 Update)

11 source controls mapped|4 target controls covered

23%

GDPR

3 source controls mapped|4 target controls covered

ISO 27701:2019

1 source controls mapped|1 target controls covered

NIST SP 800-53 Rev 5

1 source controls mapped|1 target controls covered

Compare Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022) with NIST AI Risk Management Framework (AI RMF 1.0)

Frequently Asked Questions

What is Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022)?

Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022) is a compliance framework from China with 5 domains and 48 controls. Regulations governing algorithmic recommendation services (2022) and security assessment of generative AI services (2023), with amendments introduced in 2024 expanding oversight of AI‑generated content and recommendation algorithms. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022) have?

Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022) has 48 controls organised across 5 domains. The largest domains are Algorithm Recommendation (19 controls), Generative AI Measures (15 controls), Deep Synthesis (11 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022) map to?

Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022) maps to 5 other compliance frameworks. The top mapping partners are NIST AI Risk Management Framework (AI RMF 1.0) (38% coverage), OECD Recommendation on Artificial Intelligence (2024 Update) (23% coverage), GDPR (6% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022) compliance?

Start your Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Administrative Measures for the Security Assessment of Generative AI Services (2023) and Algorithmic Recommendation Management Provisions (2022) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 48 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.

Get Started Free →

Free forever — no credit card required