China’s Data Triad for AI: PIPL, DSL, CSL
Three foundational data laws set the floor for every AI system operating in China. Before you file with the CAC or deploy a model, confirm your compliance with all three.
Where the Three Laws Overlap
All AI-specific regulations in China reference these three laws. Cross-border data transfer triggers overlapping requirements from all of them simultaneously.
The GenAI Interim Measures explicitly require compliance with CSL, DSL, and PIPL.
PIPL for AI Systems
Start here: determine your legal basis for processing personal information. PIPL Art. 13 defines seven legal bases, with consent as the primary mechanism. Every AI system that processes personal information needs a documented legal basis before deployment.
Art. 13: Seven Legal Bases
Consent is primary. Other bases include contract performance, statutory duties, public health emergencies, public interest reporting, lawfully disclosed information, and reasonable use for HR management.
Art. 24: Automated Decision-Making
Any AI-driven automated decision must be transparent and fair. Algorithmic price discrimination is banned. Individuals have the right to an explanation of how the decision was reached.
Art. 29: Sensitive PI Consent
Processing sensitive personal information (including biometric data) requires separate, specific consent from the data subject. This applies to AI systems using facial recognition, voiceprints, or behavioral biometrics.
Art. 55: PIPIA Requirement
Complete a Personal Information Protection Impact Assessment (PIPIA) before any cross-border transfer of personal information or before deploying automated decision-making systems.
PIPL Individual Rights (Arts. 44-47)
Your AI system must support every one of these rights. Tap each card for implementation guidance.
Individuals have the right to know the identity of the PI processor, the purpose and method of processing, the types of PI processed, and the retention period. Build a transparency page or disclosure mechanism into your AI system that discloses this information in plain language.
Individuals can restrict or refuse the processing of their personal information. For AI systems, implement opt-out controls that allow users to withdraw from data collection or model training processes at any time.
Individuals can limit how their data is used without requiring full deletion. For AI training data, this may mean flagging records for exclusion from future model training cycles while preserving them for audit purposes.
Build an export function that lets individuals download all personal information your AI system holds about them. The export must be in a commonly used, machine-readable format.
If personal information is inaccurate or incomplete, individuals can request correction. For AI profiling systems, this means providing a mechanism to challenge and update data points that feed into automated decisions.
Deletion triggers include: processing purpose achieved, consent withdrawn, service terminated, or processing in violation of law. Document your deletion pipeline, including how you handle data already embedded in trained models.
Where conditions prescribed by the state cybersecurity authority are met, individuals can request transfer of their personal information to another PI processor. Prepare an API or structured data export to support inter-platform transfers.
DSL for AI Systems
Classify your data before you do anything else. The DSL creates a classified and graded protection system. If your AI system processes “important data” or “core data,” that data must be stored within China, and you face mandatory risk assessments.
Classified Protection System
All data is categorized into tiers: general data, important data, and core data. Your first step is to inventory your AI training data and operational data against these tiers. Core data and important data face the strictest controls.
Data Localization
“Important data” and “core data” must be stored within China. If your AI model training pipeline sends classified data to overseas servers, you are in violation. Audit your data flows now.
Art. 30: Risk Assessments
Important data handlers must conduct regular risk assessments and submit reports to the relevant authority. Document: what data you hold, how it flows, who accesses it, and what protections are in place.
DSL Penalties
Organizations face fines up to 10M RMB. Directly responsible individuals face fines up to 1M RMB. Serious violations can result in business suspension or license revocation.
CSL for AI Systems Amended 2026
The January 2026 amendments added AI-specific provisions to the CSL for the first time. Check whether your organization qualifies as a Critical Information Infrastructure Operator (CIIO), because CIIOs face elevated obligations and higher penalties.
Art. 20 (New): AI Research Support New
The state supports AI theoretical research, improves AI ethics norms, and strengthens risk monitoring. This is the CSL’s first explicit mention of artificial intelligence as a governance priority.
Art. 38: Cybersecurity Review
CIIOs must undergo cybersecurity review when procuring AI products or services that affect national security. If you sell AI tools to CIIO customers, anticipate security review requirements.
Art. 39: CIIO Data Localization
CIIOs must store personal information and important data collected or generated within China domestically. Cross-border transfer requires a security assessment by the CAC.
Art. 40: Annual Risk Assessment
CIIOs must conduct annual cybersecurity risk assessments. For AI systems in CIIO environments, include model integrity, adversarial attack vectors, and data pipeline security in your assessment scope.
Arts. 21, 23: MLPS Obligations
All network operators must comply with the Multi-Level Protection Scheme (MLPS 2.0). Network logs must be retained for a minimum of 6 months. This applies to AI service platforms and their underlying infrastructure.
Tiered Penalty System
The 2026 amendment introduces differentiated penalties: general operators face lower fines, CIIOs face higher penalties, and “serious consequences” trigger the maximum fines plus personal liability.
CSL Penalty Matrix (2026 Amendment)
Click a row to highlight it. CIIOs face 2-5x higher penalties than general operators.
| Tier | Applies To | Org Fine | Individual Fine | Additional |
|---|---|---|---|---|
| General | Network operators (refusing to rectify or causing harm) | Up to 500K RMB | Up to 100K RMB | Rectification order, warnings |
| CIIO | Critical infrastructure operators (refusing to rectify or causing harm) | Up to 1M RMB | Up to 100K RMB | Security review, procurement restrictions |
| Serious | Any operator, serious consequences (e.g., massive data leak) | Up to 2M RMB | Up to 200K RMB | Additional enforcement measures |
| Particularly Serious | Any operator, particularly serious consequences (e.g., major CII loss of function) | Up to 10M RMB | Up to 1M RMB | Business suspension, license revocation |
Maximum Penalties by Law
These penalties apply independently. An AI system violating all three laws faces cumulative exposure.
Cross-Border Transfer: Three Mechanisms
If your AI system sends personal information outside China, you need one of these three mechanisms. Click each path for details.
How the Three Laws Work Together
These three laws form a single regulatory ecosystem. Meeting only one is not enough.
All AI Regs Reference All Three
The GenAI Interim Measures, Algorithm Provisions, and Deep Synthesis Provisions each explicitly require compliance with PIPL, DSL, and CSL. They are not standalone obligations.
Cross-Border Triggers All Three
Transferring AI training data overseas can trigger PIPL Art. 38 (transfer mechanisms), DSL data localization (important data stays in China), and CSL Art. 39 (CIIO storage requirements) simultaneously.
Risk Assessments Stack
A single AI deployment may require a PIPIA (PIPL Art. 55), a DSL important data risk assessment (Art. 30), and a CIIO annual cybersecurity risk assessment (CSL Art. 40). Plan to consolidate where possible.
Key Articles at a Glance
Click any card for a one-paragraph summary. Bookmark this section for compliance reviews.
Consent, contract performance, statutory duties, public health, public interest reporting, lawfully disclosed information, and reasonable HR management use. Consent is primary for most AI use cases.
Automated decisions must be transparent and fair. Bans algorithmic price discrimination. Individuals have the right to request an explanation and to refuse decisions made solely by automated systems.
Security assessment (mandatory for CIIOs and large handlers), standard contract (file with provincial CAC), or PI protection certification (for intra-group transfers). One mechanism required per transfer.
Mandatory Personal Information Protection Impact Assessment before cross-border transfers, automated decision-making deployment, or processing sensitive PI. Document and retain the assessment for at least 3 years.
Important data handlers must conduct periodic risk assessments and report results to the relevant authority. Covers data inventory, access controls, flow mapping, and protection measures.
New provision added in the January 2026 amendment. The state supports AI theoretical research, establishes AI ethics norms, and strengthens AI risk monitoring mechanisms.
CIIOs procuring network products or services (including AI) that may affect national security must undergo cybersecurity review. AI vendors to CIIOs should anticipate this requirement.
All network operators must implement MLPS 2.0 and retain network logs for at least 6 months. AI service platforms must ensure their infrastructure meets these baseline network security requirements.
Processing sensitive PI (biometric, financial, location, minors’ data) requires separate, specific consent distinct from general processing consent. AI facial recognition and voiceprint systems must implement this.
Compare with Global Frameworks
If you operate across jurisdictions, check how China’s data triad compares to other privacy and AI governance regimes.
AI Governance Hub
TJS 8-stage committee framework, ISO 42001, NIST AI RMF, and implementation guides.
EU AI Act Guide
Risk classification tiers, conformity assessments, and GDPR-AI Act interaction patterns.
Data Governance Hub
9-stage data lifecycle framework for managing AI training data across jurisdictions.
Need Help with Multi-Law Data Compliance?
TJS advisors help multinational teams build compliance programs that address PIPL, DSL, and CSL obligations in a single implementation plan.
Talk to a TJS Advisor →