China’s Interim Measures for the Administration of Anthropomorphic AI Interaction Services: A New Phase in the Regulation of Human–AI Interaction

Scope of application

Pursuant to Article 2 of the Measures, the regulatory scope covers services that “utilize AI technologies to simulate human personality traits, thinking patterns, and communication styles for the purpose of providing continuous emotional interaction to users within the territory of China”. Such services may take the form of text, images, audio, video, or other modalities, and typically include functions such as emotional care, companionship, or psychological support.

The determination of whether a service falls within the scope of the Measures is based on three key elements, namely (a) the simulation of human-like personality traits, (b) the continuity of interaction, and (c) the presence of emotional engagement. Among these, continuity is the decisive factor. If a product or service is designed to engage in sustained emotional interaction with users over time, it is likely to be subject to regulation. By contrast, services that do not involve ongoing emotional interaction, such as customer service tools, knowledge-based Q&A systems, workplace assistants, educational platforms, or scientific research applications, are expressly excluded.

Core compliance requirements: “Red Lines” for service providers

Service qualifications and foundational compliance obligations

The Measures impose a number of foundational compliance obligations on service providers, beginning with existing regulatory requirements such as algorithm governance. Providers are expected to complete algorithm filing, modification, and deregistration procedures in accordance with the relevant rules, and remain subject to periodic regulatory verification.

In addition, the Measures introduce specific circumstances under which a security assessment must be conducted and submitted to the competent authorities. These include, among others:

• launch of anthropomorphic interaction services, or addition of related functionalities;
• significant changes to such services due to the use of new technologies or applications;
• more than 1 million registered users or over 100,000 monthly active users;
• potential risks affecting national security or the public interest; and
• other circumstances as stipulated or notified by the competent authorities.

The scope of such security assessments is extensive, covering areas such as the adequacy of security safeguards, governance of training data, mechanisms for identifying and responding to extreme user scenarios, user demographics and behavioral patterns, protection measures for vulnerable groups such as minors and the elderly, complaint-handling processes, and remediation of identified risks.

The Measures also require service providers to enter into user agreements and implement user registration mechanisms, including the collection of necessary personal information such as age, guardian details, and emergency contact information.

Protection of minors

The regulation of minors constitutes one of the most stringent aspects of the Measures. A robust framework combining both prohibitive and protective requirements is introduced. In particular, service providers are strictly prohibited from offering services involving virtual intimate relationships, such as virtual companions or family members, to minors. In addition, where anthropomorphic interaction services are provided to users under the age of 14, the consent of a parent or guardian is mandatory.

Beyond these restrictions, service providers are required to establish dedicated “minor modes” with functionalities such as usage time limits, regular reminders to return to real-world interactions, and enhanced parental controls. These provisions reflect regulators’ heightened concern regarding the psychological and behavioral impact of AI-driven emotional interaction on minors.

User rights protection and risk intervention

The Measures further require providers to adopt a proactive approach to user protection, particularly in identifying and responding to potential risks. Service providers must be capable of detecting extreme emotional states in users and are expected to provide timely support and de-escalation. In circumstances where users may face risks such as self-harm, suicidal behavior, or significant financial loss, providers must implement tiered intervention measures, which may include escalation protocols and contacting designated guardians or emergency contacts. These obligations underscore the regulatory expectation that anthropomorphic AI services should incorporate mechanisms to safeguard user well-being, rather than merely respond to user inputs passively.

Content control, data and privacy protection

The Measures introduces a set of “content control” obligations for providers of anthropomorphic AI interaction services, requiring them to ensure that generated outputs comply with applicable Chinese laws, regulations, public morals and ethical standards. It also imposes restrictions on the generation of content that could solicit or extract sensitive information, including state secrets, commercial secrets, or personal data.

In relation to data governance, the Measures establish comprehensive requirements governing both training data and user interaction data. Providers must ensure that training data is sourced lawfully and processed in accordance with applicable regulations, including appropriate data cleaning and labeling. They are also required to enhance the transparency and reliability of training data, implement safeguards against data poisoning or tampering, and promote diversity in datasets through methods such as adversarial training.

Importantly, the use of user interaction data for model training is subject to strict restrictions. Where such data constitutes sensitive personal information, it may not be used without separate and explicit user consent. In the case of users under the age of 14, parental or guardian consent must be obtained prior to processing their personal information.

These requirements align closely with China’s existing data protection regime, including the Personal Information Protection Law, and highlight the increasing integration of AI regulation with broader data governance obligations.

For multinational companies, these requirements reinforce the need to align AI deployment strategies in China with localised data governance and model training practices, rather than relying on globally standardised approaches.

Platform and distribution responsibilities

The Measures also place responsibility on platform operators and distribution channels. Application stores are required to verify whether service providers have completed necessary security assessments and algorithm filings, and must refuse listing or take appropriate action against non-compliant applications, including issuing warnings, suspending services, or removing apps from distribution. In parallel, service providers must establish user complaint and reporting mechanisms, with clearly defined procedures and response timeframes, in order to ensure accountability and responsiveness to user concerns.

Considerations for foreign companies

When providing anthropomorphic AI interaction services in China, foreign companies should focus on the following key regulatory and operational considerations:

• Algorithm filing and model-related requirements

Assess whether the service triggers China’s algorithm record-filing regime, as well as any large model filing or security assessment requirements.

• Implications for cross-border deployment models

These regulatory requirements may impose practical constraints on cross-border operations, including limitations on data flows and overall system architecture.

• ICP licensing and online service qualification

Evaluate whether ICP licensing or record-filing requirements are triggered, particularly where services are accessible within China or involve localised interfaces or content delivery.

• Other regulatory frameworks

The Measures operate within a broader regulatory regime encompassing data protection, cybersecurity, and content governance rules, all of which may affect product design, data handling practices, and user interaction models.

Against this backdrop, conducting a comprehensive regulatory mapping exercise is advisable to identify and navigate the relevant regulatory requirements.

Conclusion and takeaways

It is noteworthy that the Measures are not restrictive in nature. They reflect a broader regulatory approach that seeks to balance innovation and risk management, combining the promotion of technological development with strengthened governance. Chinese Regulators explicitly encourage the exploration of anthropomorphic AI services in areas such as cultural communication, childcare, elderly care, and support for vulnerable populations. At the same time, the Measures delineate clear boundaries to ensure that such technologies remain aligned with public interest and ethical standards.

From a practical perspective, companies operating in this space should take immediate steps to assess whether their products or services fall within the scope of the Measures, based on their actual functionality and user interaction mechanisms. This should be followed by a compliance review and gap analysis to identify potential areas requiring remediation. Given the breadth and depth of obligations introduced by the Measures, early engagement with compliance planning will be critical. For international companies in particular, early-stage product scoping, localisation, and regulatory alignment will be essential to avoid costly redesign or compliance retrofitting.

For further information on how the Measures may affect your organization, please reach out to the authors or your usual Hogan Lovells contact.

Authored by Sherry Gong, Charmian Aw, Jessie Xie, and Ciara O'Leary.