Overview & Analysis
The Provisions on the Administration of Deep Synthesis of Internet Information Services are China's foundational regulation for governing deep synthesis technology — covering the use of deep learning, virtual reality, and other generative synthesis algorithms to produce text, images, audio, video, virtual scenarios, and digital humans. The Provisions establish a three-tier accountability framework covering deep synthesis service providers, technical support providers, and users — each with distinct obligations. Core requirements include real-name user authentication, two-layer content labeling (invisible technical identifiers plus prominent visible labels for confusion-causing services), training data security management, biometric information safeguards, security assessments for high-risk functions, and algorithm filing for services with public opinion attributes or social mobilization capabilities. The Provisions also prohibit the production and dissemination of false news and the deletion or alteration of required labels by any party.
As AI applications and generative content become more prevalent, transparency in synthetic content is critical. These Provisions are highly relevant to AI projects involving content generation — particularly those that produce text, audio, images, video, or immersive virtual environments. Companies must label AI-generated content clearly to prevent public misunderstanding and avoid the spread of false information. The Provisions also established the foundational labeling framework (Articles 16 and 17) that is directly referenced in the Measures for Labeling AI-Generated Synthetic Content (2025), making them an essential precursor document for understanding the full labeling regime. For multinational companies, compliance management is especially important in scenarios involving biometric information editing, deepfakes, virtual characters, and cross-border content dissemination.
Service Providers
Primary responsibility for information security, real-name authentication, content review, labeling, rumor refutation, complaint mechanisms, training data security, algorithm filing, and security assessments.
Technical Support Providers
Same training data security, technology management, labeling, and algorithm filing obligations as service providers. Must also cooperate with regulatory supervision.
Service Users
Must not produce/disseminate prohibited or false news content. Must not delete, alter, or conceal required labels. Must comply with information security obligations set out in service agreements.
The Provisions are relevant to all AI applications that use deep synthesis technology in China — whether generating text, images, audio, video, virtual scenarios, or digital humans. Both service providers and the technical support providers supplying underlying models or tools carry compliance obligations.
1. AI Generating News, Advertising & Social Media Content
AI-generated news, advertisements, or social media content must be explicitly labeled to prevent misleading the public. Article 17 requires prominent labeling in appropriate positions for services such as intelligent dialogue, intelligent writing, and other text generation that simulates natural persons where confusion is possible. The prohibition on using deep synthesis services to produce or disseminate false news information is absolute — and any news information generated through deep synthesis may only be reposted from state-approved internet news sources.
2. Virtual Reality & Metaverse Content Generation
Article 17 specifically lists immersive virtual scenes as a category requiring prominent labeling where public confusion or misidentification is possible. Users in these applications should be clearly informed that they are engaging with synthetic content. Additionally, under Article 15, security assessments are required before launching tools that generate or edit content involving national security, national image, national interests, or public interests — which may apply to certain VR/metaverse commercial applications.
3. AI Voice Synthesis, Face Replacement & Deepfake Technologies
Categories 2 and 4 of deep synthesis technology — speech generation/conversion and facial generation/replacement/manipulation — are the highest-risk areas under these Provisions. Article 15 requires security assessments before launching tools that generate or edit facial features, voice, or other biometric information. Article 14 requires separate consent from individuals whose biometric information is edited. Article 17 mandates prominent labeling. And Article 19 requires algorithm filing for services with public opinion or social mobilization reach.
4. AI Creation Platforms and Automated Content Tools
AI creative platforms — automated writing, intelligent dialogue generation, voice synthesis tools — must prominently label content as deep synthesis where confusion is possible. Under Article 7, providers must establish management systems covering user registration, algorithm review, ethics review, content review, data security, personal information protection, anti-fraud, and emergency response. Article 8 requires publicly disclosed management rules and platform conventions, and service agreements must specify information security obligations for users.
5. Cross-Border Content Dissemination & Global AI Platform Integration
When AI-generated content involves cross-border data flows, especially the dissemination of sensitive information, companies must ensure that generated content complies with legal and data protection requirements. Labeling is not only a compliance measure but also an important safeguard for user privacy and data security. App distribution platforms must verify the security assessment and filing status of deep synthesis applications before listing them, creating a pre-market compliance gate that applies to any platform distributing deep synthesis tools in China.
These Provisions provide multinational companies with a clear framework for AI project operation in China, especially regarding transparency and compliance of AI-generated content. To successfully advance AI projects, companies need to strengthen management of generated content and ensure strict adherence to legal and industry regulations.
Ensure Transparent Labeling of All Generated Content by Type
Managers must ensure that all AI-generated content — text, images, audio, video, virtual scenarios — is labeled prominently where confusion is possible. Article 17 lists five specific service types requiring prominent visible labels, and Article 16 requires invisible technical identifiers on all generated content regardless of confusion risk. Build type-specific labeling into every content generation pipeline. Files that users can download, copy, or export must retain the required labels. No party may delete, alter, or conceal labels once applied.
Build Robust Review and Monitoring Mechanisms for Generated Content
Article 10 requires review of both input data and synthesis results through technical or manual means. Managers should ensure that content generated by AI is thoroughly reviewed to prevent the spread of illegal and harmful information. Companies must build feature databases for identifying illegal and harmful information, establish rumor-refutation mechanisms (Article 11), and create rapid response procedures. Any illegal or harmful content discovered must be handled promptly, records retained, and reports filed with cyberspace administrations.
Conduct Security Assessments Before Launching High-Risk Functions
Article 15 requires security assessments — either independently conducted or by a professional institution — before providing tools that generate or edit facial features, voice, or other biometric information, or tools generating content involving national security, national image, or public interests. Article 20 adds a requirement for security assessment before launching new products, applications, or functions with public opinion attributes or social mobilization capabilities. These assessments must be completed before launch, not after, and cannot be treated as post-deployment formalities.
Ensure Partners Comply with Labeling and Compliance Requirements
Multinational companies must ensure that external partners — AI platforms, creation tools, technical support providers — comply with these Provisions. Technical support providers carry the same training data, algorithm review, labeling, and filing obligations as service providers. App distribution platforms must verify compliance status before listing any deep synthesis application. Regular audits of partner compliance should be embedded into vendor management processes, and contractual compliance obligations should be specified for all technology partners providing deep synthesis capabilities used in China operations.
Through transparent content labeling, enhanced data management, rigorous security assessments, and cross-border compliance, companies can not only comply with Chinese legal requirements but also enhance platform credibility and improve user experience. The Provisions form the foundational layer of China's deep synthesis regulatory stack — a layer that every subsequent content-labeling and generative AI regulation in the series builds upon directly.
Complete Legislative Text
Table of Contents
Local cyberspace administration departments shall be responsible for overall coordination within their respective administrative regions. Local telecommunications regulatory authorities and public security authorities shall be responsible for supervision and administration within their respective administrative regions according to their duties.
Deep synthesis service providers and users shall not use deep synthesis services to produce, reproduce, publish, or disseminate false news information. Where news information generated or published through deep synthesis services is reposted, it shall be reposted in accordance with the law from internet news information sources approved by the State.
They shall establish and improve feature databases for identifying illegal and harmful information, refine standards, rules, and procedures, and record and retain relevant network logs.
Where illegal or harmful information is discovered, providers shall take disposal measures in accordance with the law, retain relevant records, and promptly report to cyberspace administration and relevant authorities; they shall also take measures against relevant users in accordance with law and agreements, such as warnings, function restrictions, service suspension, or account closure.
Where functions for editing biometric information such as facial features or voice are provided, users shall be prompted to inform the individuals concerned and obtain their separate consent in accordance with the law.
Where models, templates, or tools providing the following functions are offered, security assessments shall be conducted independently or by entrusted professional institutions in accordance with the law:
(1) generating or editing biometric information such as facial features or voice;
(2) generating or editing non-biometric information involving special objects or scenarios related to national security, national image, national interests, or public interests.
(Note: This article establishes the mandatory invisible/technical labeling requirement referenced in the 2025 AI Content Labeling Measures.)
(1) services such as intelligent dialogue or writing that simulate natural persons in generating or editing text;
(2) services such as synthetic voice or voice imitation that generate or significantly alter personal identity characteristics;
(3) services such as facial generation, replacement, manipulation, or pose control that generate or significantly alter identity characteristics in images or videos;
(4) services such as immersive virtual scenes;
(5) other services capable of generating or significantly altering information content.
For services beyond the above categories, providers shall offer prominent labeling functions and prompt users to apply such labels.
(Note: This article establishes the prominent labeling framework referenced in the 2025 AI Content Labeling Measures.)
Technical support providers shall comply with the same requirements.
Filed providers shall prominently display filing numbers and disclosure links on their websites or applications.
Where significant information security risks are identified, authorities may require measures such as suspension of information updates, user registration, or related services, and providers shall implement rectification measures accordingly.
Where violations constitute breaches of public security administration, administrative penalties shall be imposed; where a crime is constituted, criminal responsibility shall be pursued.
(1) Technologies for generating or editing text content such as article generation, style transformation, and question-answer dialogue;
(2) Technologies for generating or editing speech content such as text-to-speech, voice conversion, and voice attribute editing;
(3) Technologies for generating or editing non-speech content such as music generation and ambient sound editing;
(4) Technologies for generating or editing biometric features in images and videos such as facial generation, replacement, attribute editing, manipulation, and pose control;
(5) Technologies for generating or editing non-biometric features in images and videos such as image generation, enhancement, and restoration;
(6) Technologies for generating or editing digital humans and virtual scenarios such as 3D reconstruction and digital simulation.
"Deep synthesis service providers" refer to organizations or individuals that provide deep synthesis services.
"Deep synthesis technical support providers" refer to organizations or individuals that provide technical support for such services.
"Deep synthesis service users" refer to organizations or individuals that use such services to produce, reproduce, publish, or disseminate information.
"Training data" refers to labeled or benchmark datasets used to train machine learning models.
"Immersive virtual scenarios" refer to highly realistic virtual environments generated or edited using deep synthesis technology for user interaction or experience.
互联网信息服务深度合成管理规定
(2022年11月25日公布,自2023年1月10日起施行,第12号令)
来源:中国网信网
目 录
地方网信部门负责统筹协调本行政区域内的深度合成服务的治理和相关监督管理工作。地方电信主管部门、公安部门依据各自职责负责本行政区域内的深度合成服务的监督管理工作。
深度合成服务提供者和使用者不得利用深度合成服务制作、复制、发布、传播虚假新闻信息。转载基于深度合成服务制作发布的新闻信息的,应当依法转载互联网新闻信息稿源单位发布的新闻信息。
深度合成服务提供者应当建立健全用于识别违法和不良信息的特征库,完善入库标准、规则和程序,记录并留存相关网络日志。
深度合成服务提供者发现违法和不良信息的,应当依法采取处置措施,保存有关记录,及时向网信部门和有关主管部门报告;对相关深度合成服务使用者依法依约采取警示、限制功能、暂停服务、关闭账号等处置措施。
深度合成服务提供者和技术支持者提供人脸、人声等生物识别信息编辑功能的,应当提示深度合成服务使用者依法告知被编辑的个人,并取得其单独同意。
深度合成服务提供者和技术支持者提供具有以下功能的模型、模板等工具的,应当依法自行或者委托专业机构开展安全评估:
(一)生成或者编辑人脸、人声等生物识别信息的;
(二)生成或者编辑可能涉及国家安全、国家形象、国家利益和社会公共利益的特殊物体、场景等非生物识别信息的。
(一)智能对话、智能写作等模拟自然人进行文本的生成或者编辑服务;
(二)合成人声、仿声等语音生成或者显著改变个人身份特征的编辑服务;
(三)人脸生成、人脸替换、人脸操控、姿态操控等人物图像、视频生成或者显著改变个人身份特征的编辑服务;
(四)沉浸式拟真场景等生成或者编辑服务;
(五)其他具有生成或者显著改变信息内容功能的服务。
深度合成服务提供者提供前款规定之外的深度合成服务的,应当提供显著标识功能,并提示深度合成服务使用者可以进行显著标识。
深度合成服务技术支持者应当参照前款规定履行备案和变更、注销备案手续。
完成备案的深度合成服务提供者和技术支持者应当在其对外提供服务的网站、应用程序等的显著位置标明其备案编号并提供公示信息链接。
网信部门和有关主管部门发现深度合成服务存在较大信息安全风险的,可以按照职责依法要求深度合成服务提供者和技术支持者采取暂停信息更新、用户账号注册或者其他相关服务等措施。深度合成服务提供者和技术支持者应当按照要求采取措施,进行整改,消除隐患。
构成违反治安管理行为的,由公安机关依法给予治安管理处罚;构成犯罪的,依法追究刑事责任。
深度合成技术,是指利用深度学习、虚拟现实等生成合成类算法制作文本、图像、音频、视频、虚拟场景等网络信息的技术,包括但不限于:
(一)篇章生成、文本风格转换、问答对话等生成或者编辑文本内容的技术;
(二)文本转语音、语音转换、语音属性编辑等生成或者编辑语音内容的技术;
(三)音乐生成、场景声编辑等生成或者编辑非语音内容的技术;
(四)人脸生成、人脸替换、人物属性编辑、人脸操控、姿态操控等生成或者编辑图像、视频内容中生物特征的技术;
(五)图像生成、图像增强、图像修复等生成或者编辑图像、视频内容中非生物特征的技术;
(六)三维重建、数字仿真等生成或者编辑数字人物、虚拟场景的技术。
深度合成服务提供者,是指提供深度合成服务的组织、个人。
深度合成服务技术支持者,是指为深度合成服务提供技术支持的组织、个人。
深度合成服务使用者,是指使用深度合成服务制作、复制、发布、传播信息的组织、个人。
训练数据,是指被用于训练机器学习模型的标注或者基准数据集。
沉浸式拟真场景,是指应用深度合成技术生成或者编辑的、可供参与者体验或者互动的、具有高度真实感的虚拟场景。
