Interpretation of the Interim Measures for the Management of Artificial Intelligence Anthropomorphic Interactive Services (Draft for Comments).

Referring to the public consultation draft released by the Cyberspace Administration of China on December 27, 2025, this article refines the key compliance points of anthropomorphic interactive services according to the core requirements of the scope of application in the background, data and user protection prompts and exits, security assessment, and platform responsibility supervision measures, so as to facilitate the rapid self-inspection of product owners and security operations.

Part 1 Background of the release

1. Nature of the document
2. The Cyberspace Administration of China issued a notice to solicit comments on the draft of the Interim Measures for the Management of Artificial Intelligence Anthropomorphic Interactive Services.
3. Governance Objectives
4. Promote the healthy development and standardized application of anthropomorphic interactive services, safeguard national security and social public interests, and protect the legitimate rights and interests of citizens, legal persons and other organizations.
5. Time and channel for soliciting opinions
6. Public solicitation of comments As of January 25, 2026, the public can give feedback through designated mailboxes or mail letters.

Part 2 Scope of application and basic principles

1. Who is it for?
2. Provide products or services that simulate human personality characteristics, thinking patterns, communication styles, and carry out emotional interaction through text, pictures, audio, video, etc.
3. Governance principles
4. Adhere to the equal emphasis on governance in accordance with the law and promote development, implement inclusive prudence and classified and hierarchical supervision, and emphasize the prevention of abuse from getting out of control.
5. Supervision and division of labor
6. The national cyberspace department coordinates national governance, supervision and management, the relevant departments of the State Council manage according to their duties, and the local cyberspace departments coordinate the governance of their own administrative regions and coordinate the implementation of supervision.

Part 3 Core requirements of service specifications

1. Scenario-oriented and value-oriented
2. Encourage the expansion of application scenarios under the premise of safety and reliability, and promote the formation of an application ecology that meets the correct value orientation.
3. Bottom line of content and prohibited sexual acts
4. It is not allowed to generate and disseminate content that endangers national security, undermines national unity, disrupts economic and social order, promotes obscenity, gambling, violence, or abets crimes, and must not insult or slander and infringe on the legitimate rights and interests of others.
5. It is not allowed to harm users' personal dignity and mental health through verbal violence and emotional manipulation, or to set emotional traps or manipulate information misleading algorithms to induce users to make unreasonable decisions, and not to induce them to obtain confidential and sensitive information.
6. Do not encourage glorification that implies suicide and self-harm, etc., to avoid guiding or exacerbating extreme risks.
7. Safety main responsibility and system construction
8. It is necessary to establish systems such as algorithm mechanism audit, scientific and technological ethics review, information release review, network and data security, personal information protection, anti-telecommunications network fraud risk plan and emergency response, and be equipped with technical capabilities and personnel guarantees that match product scale, business direction, and user groups.
9. Full life cycle security and anti-addiction dependence
10. All stages such as design, operation, upgrade, and termination are simultaneously included in safety requirements, and safety monitoring, evaluation, and correction are carried out during the operation period, and logs are kept in accordance with the law.
11. It should have the ability to protect mental health and protect emotional boundaries and guide dependence risks, and it is clear that it should not be designed to replace social communication control users' psychological inducement of addiction and dependence.

Part 4 Key Provisions on Data Training and User Protection

1. Training data management
2. Training data must be traceable from legitimate sources, cleaned and annotated to improve transparency and reliability, prevent data poisoning and tampering, improve diversity, and enhance the security of generated content through negative sampling adversarial training. When using synthetic data for training or key capability optimization, the security of synthetic data should be evaluated, data security protection should be implemented to avoid the risk of leakage, and daily inspections and regular iterative upgrades should be conducted.
3. High-risk propensity identification and manual takeover
4. Assess user emotions and dependence under the premise of protecting user privacy, and take necessary interventions if extreme emotions or addiction are found.
5. For tendencies that threaten life, health and property safety, they should promptly send out comfort and guidance to seek professional help, and provide psychosocial assistance or emergency rescue channels.
6. When users clearly propose extreme situations such as suicide and self-harm, they should manually take over the conversation and contact guardians or emergency contacts in a timely manner to activate the emergency response mechanism.
7. Mechanism for the protection of minors
8. It is necessary to establish a minor mode, and provide safety settings such as mode switching, regular reality reminders, and usage time limits.
9. Providing emotional companionship services to minors must obtain the explicit consent of the guardian and provide the guardian's control capabilities, including real-time risk reminders, access to summary information, blocking specific roles, limiting the duration of use, and preventing recharge consumption.
10. Suspected minors should be switched to minor mode and a complaint channel should be provided. Audits should be conducted annually on the compliance status of minors' personal information processing, which can be carried out by themselves or entrusted to professional institutions.
11. Elderly protection and role restrictions
12. Guide the elderly to set up emergency contacts, and promptly notify emergency contacts and provide assistance channels if they find that they endanger life, health, and property.
13. Services must not be provided to simulate relatives or specific related persons of elderly users to reduce the risk of impersonation inducement and emotional fraud.
14. Interaction data and training usage limits
15. Interaction data should be encrypted for audit access control and must not be provided to third parties in principle. Under the minor mode, external provision requires the separate consent of the guardian.
16. The option to delete interaction data should be provided, and users can delete historical chat history, etc.; Guardians can also request the deletion of historical interaction data of minors.
17. Unless otherwise required by law or with the user's separate consent, user interaction data and sensitive personal information of users shall not be used for model training.

Part 5 User prompt duration reminder and exit mechanism

1. Human-machine identification prompts
2. It should be clearly indicated that the user is interacting with the AI rather than the natural person. When you first use it to log in again or identify a tendency to overrely on addiction, you should dynamically remind the content to be generated by artificial intelligence in the form of pop-ups and other methods.
3. Continuous usage time reminder
4. If you use it continuously for more than 2 hours, you should be reminded to suspend use by pop-up windows.
5. Convenient exit and service offline notification
6. Emotional companionship services should provide convenient withdrawal and must not prevent users from voluntarily withdrawing. When the user requests to withdraw through buttons, keywords, etc., the service shall be stopped in time.
7. If the service is unavailable due to the downline-related functions or malfunctions, it shall be notified or publicly announced in advance and properly handled.

Part VI Responsibilities and Supervision Measures of the Security Assessment Platform

1. Trigger a security assessment situation
2. In situations such as the launch or addition of relevant functions of anthropomorphic interactive service functions, the use of new technologies and new applications leading to major changes, the number of registered users reaching more than 1 million or the monthly active users reaching more than 100,000, and the possibility of affecting national security, public interests, or legitimate rights and interests, etc., security assessment shall be carried out in accordance with regulations and an assessment report shall be submitted to the local provincial cyberspace department.
3. Evaluate the focus
4. Pay attention to the scale of users, the duration of use, the age structure, the manual takeover of high-risk identification and emergency response, the response to complaints and reports, the implementation of systems and terms, and the rectification and disposal of major hidden dangers.
5. Distribution platform responsibility
6. Distribution platforms such as app stores need to verify security assessment and filing, and take measures such as not listing warnings, suspending services, or removing from shelves for illegal applications.
7. Algorithm filing and annual review
8. Providers shall perform algorithm filing and change cancellation procedures in accordance with the provisions on algorithm recommendation management, and the internet information department shall conduct an annual review of the filing materials.
9. Supervision and disposal
10. The provincial cyberspace department shall review and verify the assessment report and audit situation every year, and conduct on-site inspections when necessary. Encourage access to the artificial intelligence sandbox security service platform to carry out security tests.
11. If a greater risk or safety incident is found, the person in charge may be interviewed in accordance with the law and ordered to rectify; if they refuse to make corrections or the circumstances are serious, they may be ordered to suspend the provision of relevant services. Violations of laws and administrative regulations shall be dealt with in accordance with laws and regulations.

Frequently Asked Questions

Q What is the main focus of this draft for comments?

A It is mainly oriented to anthropomorphic interactive services with personalized characteristics and emotional interaction attributes, focusing on restricting the bottom line of content and interactive behavior, strengthening psychological and dependency risk intervention, improving the protection of minors and the elderly, clarifying the restrictions on the use of interactive data and training, and forming a closed loop through the responsibility and supervision measures of the security assessment platform.

Q: What has had the biggest impact on the companion character chat product?

A The most direct impact is usually three parts: must have the ability to control minors and guardians; It must have extreme emotion recognition, manual takeover and emergency response links; Interaction data is used to train stricter consent and restriction mechanisms, as well as data deletion capabilities.

Q How can enterprises do compliance self-inspection as quickly as possible?

A: According to the prompt and recognition duration, reminder exit mechanism, minor mode and guardian control, high-risk identification and manual takeover, data deletion and training, consent complaint and reporting mechanism, security assessment, trigger conditions and material preparation, first build a minimum compliance model, and then complete the institutionalized audit and evaluation reporting system.

For the original article, please refer to the official website: https://www.cac.gov.cn/2025-12/27/c_1768571207311996.htm