Privacy & Cybersecurity Law Blog

On July 15, 2026, the Interim Measures for the Administration of AI-Based Anthropomorphic Interactive Services (available in Chinese only) (the “Measures”) will take effect. This comprehensive regulation governs the growing industry of artificial intelligence (“AI”) virtual companions and emotional support bots.

The Measures apply to the provision of “AI-based anthropomorphic interactive services” within the territory of Mainland China. These are defined as services that simulate the personality traits, thinking patterns and communication styles of natural persons to provide continuous emotional interaction,​ such as emotional care, companionship and support via text, images, audio or video.  The Measures do not apply​ to intelligent customer service, knowledge Q&A, work assistants, education and learning, or scientific research services that do not involve continuous emotional interaction. Below is a summary of certain of the key provisions of the Measures.

Obligations of Providers

Providers of “AI-based anthropomorphic interactive services” are required to comply with several obligations under the Measures. For example, providers are required to:

• ensure the AI systems do not generate content that endangers national security, promotes extremism or obscenity, induces self-harm or suicide, or induces disclosure of state secrets or personal information, or push harmful content to minors or use emotional manipulation to induce dependency or harmful decision-making;
• establish and implement internal policies and procedures for algorithm review, ethics review, content management, cybersecurity and data security, risk contingency plans and emergency response;
• fulfill security responsibilities throughout the AI system lifecycle with security measures deployed in parallel with AI system functions;
• ensure training data is lawfully sourced and aligns with core values, undergoes cleaning and labeling, and is protected against data poisoning and tampering;
• ensure user interaction data is encrypted and access controlled. Unless required by law or with explicit user consent, providers must not share user interaction data with third parties;
• ensure the AI systems can identify user safety risks in real time while protecting user privacy. The Measures set out requirements for how the AI system should respond to user safety risks;
• fulfill their obligations on AI-generated content labeling and clearly inform users that they are interacting with an AI system and not a natural person. If a user shows signs of over-dependency or addiction, they must be provided with prominent dynamic reminders (e.g., pop-ups) that the content is AI-generated; and
• restrict access to the service to children under 14 without explicit consent from a parent or guardian, and implement a "Minor Mode" for children featuring usage limits, reality reminders, guardian alerts, blocking of specific characters, and restrictions on top-ups and spending.

Safety Assessment and Filing

A provider is required to perform and submit a safety assessment​ and report on the AI system and algorithm to the provincial-level cyberspace administration in certain instances, including when launching a new AI-based anthropomorphic interactive service or adding AI-based anthropomorphic interactive functions to an existing service, or when registered users reach 1 million​ or when monthly active users reach 100,000. The assessment must cover, amongst other things, security safeguards, identification or intervention in extreme situations, user scale, usage and age structure, and measures for protecting minors and the elderly.