Overview & Analysis
The Ethical Norms for the New Generation Artificial Intelligence is a foundational Chinese AI governance policy that aims to embed ethics into the entire lifecycle of AI, rather than treating ethics as an after-the-fact compliance issue. The document expressly covers four categories of AI-related activity — management, R&D, supply, and use — and organizes its guidance around six core principles: enhancing human well-being, promoting fairness and justice, protecting privacy and security, ensuring controllability and trustworthiness, strengthening accountability, and improving ethical literacy. In practical terms, it asks organizations to address risks such as bias, discrimination, privacy leakage, loss of human control, and unclear responsibility while still advancing AI innovation.
Its importance lies in the fact that, although it is not itself a standalone comprehensive AI statute, it functions as a policy baseline for how China expects responsible AI to be governed. Professional legal and regulatory analyses consistently describe China's AI framework as a mix of high-level policy principles, targeted AI rules, and broader cybersecurity, data, and privacy law. That makes this policy highly relevant in practice: it signals how regulators and internal reviewers are likely to assess issues such as lawful and high-quality training data, transparency, explainability, bias mitigation, user notice and consent, exit rights, emergency response, and allocation of responsibility. More recent developments also suggest that these ethics expectations are becoming increasingly operationalized and more closely tied to binding oversight.
This policy is relevant across nearly all major enterprise AI activities in China, especially where AI involves personal information, automated decision-making, customer- or employee-facing services, generated content, safety or fairness risks, or integration with third-party models, data, or platforms. Because the policy applies not only to R&D but also to management, supply, and use, it is relevant both to companies that build AI and to companies that procure and deploy AI built by others.
1. Training Models, Fine-Tuning Models, or Preparing Training Data
The policy is directly relevant to data collection, storage, use, processing, transfer, provision, and disclosure, and it emphasizes data quality, legality, privacy protection, and bias prevention. In practice, this means a company should not only ask whether data is technically useful, but also whether it is lawfully sourced, sufficiently reliable, and unlikely to produce discriminatory outcomes.
2. Embedding AI into Products or Services for Customers, Employees, or the Public
If AI is used in products, platforms, customer service, recommendation tools, risk engines, content generation, or other service workflows, the policy requires clear user notice about the role and limits of AI, protection of informed consent rights, and simple ways to opt out or use alternatives. Enterprises should not treat AI as an invisible back-end feature where it materially affects user rights, judgment, or experience.
3. AI in Hiring, Performance Management, Credit, Pricing, or Review Decisions
These are the kinds of scenarios where the policy's fairness, non-discrimination, transparency, and accountability principles matter most. Companies should be able to show that the model is not obviously biased, that results are not completely opaque, that meaningful human oversight remains in place for important decisions, and that affected individuals have some review, appeal, or exit path.
4. Procuring, Integrating, or Operating Third-Party AI Tools
The policy applies not only to developers but also to suppliers and users. So even if a multinational is not training a foundation model itself and is only buying AI capabilities from a local or global vendor, it still needs to examine ethics risks, user-rights protections, emergency mechanisms, and responsibility allocation during vendor selection, contracting, testing, launch, and operations.
5. Deploying AI in High-Risk, Sensitive, or Heavily Regulated Contexts
The policy becomes especially important where AI may affect personal safety, property, privacy, public interests, or regulated sectors such as healthcare, education, finance, industrial safety, or critical infrastructure. In those contexts, the ethics norms are likely to operate together with data, cybersecurity, sectoral, transparency, and risk assessment requirements, which means companies need more robust review, documentation, intervention, and escalation mechanisms.
The key takeaway is that AI ethics in China should be treated as something that starts at the governance, design, procurement, launch, and operations stages — not as a legal cleanup exercise at the end. Companies can maintain speed by converting the policy into a lightweight but disciplined operating model: classify use cases by risk, apply standardized reviews, assign ownership, preserve records, and escalate only the higher-risk cases.
Treat the Policy as a Governance Framework, Not Just a Values Statement
Senior management should not read the policy as merely aspirational. Translate it into a short list of operational questions: Does the AI use personal information? Could it affect individual rights or opportunities? Does it automate hiring, pricing, recommendations, credit, review, or safety decisions? Is it public-facing in China? Does it rely on third-party models or data? Build these into project intake to identify higher-risk projects early.
Build a Tiered Governance Model
Apply risk tiers rather than one long approval cycle. Low-risk internal productivity tools can move through fast-track templates; medium-risk uses should involve business, data, model, and legal review; high-risk projects should receive enhanced scrutiny including bias testing, human intervention design, incident planning, user communication, and management sign-off. This matches the policy's emphasis on agile governance and risk prevention.
Put Data Provenance, Quality & Rights at the Front of the Project
In many China AI projects, the biggest risk is not the model itself but the data. Require teams to explain early where training or inference data comes from, what legal basis supports its use, whether it goes beyond the original purpose, whether quality can be validated, and whether it could generate unfair outcomes for particular groups. Use minimum-necessary data, maintain traceability, and ensure data sources can be replaced if challenged.
Preserve Meaningful Human Control in Design
The policy explicitly emphasizes the human right to choose, exit, and terminate AI operation. Make this a design requirement: Which decisions require human review? Where must a human override exist? How does a user know they are interacting with AI? How can employees suspend a model in abnormal situations? Can the vendor support intervention and logs? If those control points are designed upfront, the company meets regulatory expectations and avoids unhealthy model dependence.
Make Transparency Serve Both User Communication & Internal Defensibility
Push for two kinds of transparency. Externally, users should understand what the AI is doing, its limits, whether it may be wrong, and how to opt out. Internally, the organization should preserve a clear record of model purpose, data sources, testing results, known limitations, accountable owners, and escalation paths. This is not just about future audits — it is what allows the company to respond credibly if there is a complaint, an inaccurate outcome, or a safety incident.
Integrate AI Ethics into Vendor Management
Where a company uses local foundation models, SaaS AI tools, algorithm APIs, external datasets, or system integrators, embed ethics-related requirements into vendor governance. Key questions include whether the vendor explains training data and use limitations, supports bias and quality testing, provides logs and audit support, accepts remediation obligations, and clearly allocates intellectual property and liability. Do not assume the vendor absorbs all risk.
Prepare for Failure Scenarios Before Launch
The policy requires emergency mechanisms, real-time monitoring, response to user feedback, and loss-mitigation planning. Insist that every important AI project have a one-page incident playbook before go-live: Who can pause the system? What thresholds trigger human takeover? How are bias, harmful outputs, data leakage, or systemic errors escalated? How will the company respond to customers, employees, or regulators? Mature AI governance means detecting, explaining, containing, and correcting problems quickly.
Keep Global Principles, but Localize Execution for China
A common multinational problem is that headquarters has broad global AI principles while China teams face different regulatory language, product contexts, and vendor ecosystems. The best answer is usually a China implementation layer under the global framework: which projects require local China review, which templates must be documented in Chinese, which supplier questions require extra diligence, and which public-facing China services need enhanced assessment.
The practical goal is not "zero-risk AI," but a repeatable, scalable, and explainable governance model that lets low-risk projects move fast while identifying and controlling high-risk ones early. The Ethical Norms point in exactly that direction: human-centered development, fairness, privacy, human control, accountability, monitoring, and timely correction. When those principles are translated into workflows, templates, and decision gates, multinationals are in a much stronger position to scale AI responsibly in China.
Complete Normative Text
Table of Contents
(1) Management activities mainly refer to AI-related strategic planning, formulation and implementation of policies, regulations and technical standards, resource allocation, and supervision and review.
(2) R&D activities mainly refer to scientific research, technological development, and product development related to AI.
(3) Supply activities mainly refer to production, operation, and sales related to AI products and services.
(4) Use activities mainly refer to procurement, consumption, and operation related to AI products and services.
(I) Enhancing human well-being. Adhere to a people-centered approach, follow shared human values, respect human rights and fundamental human interests, and comply with national or regional ethical standards. Uphold the priority of public interest, promote harmonious human–machine interaction, improve livelihoods, enhance the sense of gain and happiness, promote sustainable economic, social, and ecological development, and build a community with a shared future for mankind.
(II) Promoting fairness and justice. Adhere to inclusiveness and accessibility, effectively protect the lawful rights and interests of all relevant parties, promote equitable sharing of AI benefits across society, and foster social fairness, justice, and equal opportunity. When providing AI products and services, special attention shall be given to vulnerable and special groups, and alternative solutions shall be provided as necessary.
(III) Protecting privacy and security. Fully respect individuals' rights to be informed and to consent, process personal information in accordance with the principles of legality, legitimacy, necessity, and good faith, safeguard personal privacy and data security, and shall not infringe upon lawful data rights or collect and use personal information illegally through theft, tampering, or disclosure.
(IV) Ensuring controllability and trustworthiness. Ensure that humans retain full autonomous decision-making power, including the right to accept or reject AI services, withdraw from AI interaction at any time, and terminate AI system operations at any time, ensuring that AI remains under human control.
(V) Strengthening accountability. Uphold that humans are the ultimate responsible entities, clarify stakeholder responsibilities, strengthen accountability awareness across the AI lifecycle, establish accountability mechanisms, and neither evade responsibility reviews nor shirk responsibilities.
(VI) Enhancing ethical literacy. Actively learn and disseminate AI ethics knowledge, objectively understand ethical issues, neither underestimate nor exaggerate ethical risks, actively participate in ethical discussions, promote governance practices, and improve response capabilities.
新一代人工智能伦理规范
2021年9月25日发布
来源:科技部 / 国家新一代人工智能治理专业委员会
目 录
(一)管理活动主要指人工智能相关的战略规划、政策法规和技术标准制定实施,资源配置以及监督审查等。
(二)研发活动主要指人工智能相关的科学研究、技术开发、产品研制等。
(三)供应活动主要指人工智能产品与服务相关的生产、运营、销售等。
(四)使用活动主要指人工智能产品与服务相关的采购、消费、操作等。
(一)增进人类福祉。坚持以人为本,遵循人类共同价值观,尊重人权和人类根本利益诉求,遵守国家或地区伦理道德。坚持公共利益优先,促进人机和谐友好,改善民生,增强获得感幸福感,推动经济、社会及生态可持续发展,共建人类命运共同体。
(二)促进公平公正。坚持普惠性和包容性,切实保护各相关主体合法权益,推动全社会公平共享人工智能带来的益处,促进社会公平正义和机会均等。在提供人工智能产品和服务时,应充分尊重和帮助弱势群体、特殊群体,并根据需要提供相应替代方案。
(三)保护隐私安全。充分尊重个人信息知情、同意等权利,依照合法、正当、必要和诚信原则处理个人信息,保障个人隐私与数据安全,不得损害个人合法数据权益,不得以窃取、篡改、泄露等方式非法收集利用个人信息,不得侵害个人隐私权。
(四)确保可控可信。保障人类拥有充分自主决策权,有权选择是否接受人工智能提供的服务,有权随时退出与人工智能的交互,有权随时中止人工智能系统的运行,确保人工智能始终处于人类控制之下。
(五)强化责任担当。坚持人类是最终责任主体,明确利益相关者的责任,全面增强责任意识,在人工智能全生命周期各环节自省自律,建立人工智能问责机制,不回避责任审查,不逃避应负责任。
(六)提升伦理素养。积极学习和普及人工智能伦理知识,客观认识伦理问题,不低估不夸大伦理风险。主动开展或参与人工智能伦理问题讨论,深入推动人工智能伦理治理实践,提升应对能力。
