CAC Filing System: Algorithms, GenAI & Registration
Three filing types. Different documents, different timelines, different review levels. Start by identifying which one applies to your AI service.
Which Filing Type Does Your AI Service Need?
Answer three questions to identify your most likely filing obligation under the CAC system.
Three Filing Types Compared
Each filing type targets a different relationship between you and the AI model. The documents, review levels, and timelines differ accordingly.
| Dimension | Algorithm Filing 算法备案 |
GenAI Filing 大模型备案 |
Registration 生成式AI登记 |
|---|---|---|---|
| Trigger | Public-facing algorithm with opinion formation or social mobilization capabilities | Self-developed or re-developed foundation model | Using a pre-filed model via API |
| Key Docs | Company info, algorithm mechanism description (input/logic/output), training data info, security self-assessment | Application form, security self-assessment, keyword filtering list, evaluation test set, refusal test banks, corpus annotation rules | Simplified documentation. Relies on the upstream model’s existing filing. |
| Review Level | Provincial CAC + National CAC | Provincial CAC + National CAC (two-round) | Provincial CAC only |
| Timeline | 2-5+ months | 3-6 months | 2-3 months |
| Content Testing | Security self-assessment report | 2,000+ questions covering 31 safety risks. 500+ refusal test bank. 500+ non-refusal test bank. | Depends on upstream model. Service-level assessment may apply. |
| Keyword Library | Not required | Minimum 10,000 keywords across 17 safety risks. Updated weekly. | Not required (upstream model covers) |
| Pass Thresholds | No published thresholds | Training data: 96%+ (manual), 98%+ (technical). Content: 90%+. Refusal: 95%+. Non-refusal: 5% or less. | No published thresholds |
| Ongoing | Annual updates required | Annual updates required | Annual updates required |
| Filed to Date | 6,000+ filings | 796 nationally filed | 481 locally registered |
The CAC system works through pre-filing consultation, not outright rejection. If your filing has gaps, expect feedback rounds rather than a formal denial letter. Budget extra time for iteration.
All CAC filing documents must be submitted in simplified Chinese. English-language technical documents (security assessments, algorithm descriptions) are generally accepted with certified Chinese translations, but the filing itself must be in Chinese.
- The filing applicant must be a mainland China registered legal entity: WFOE (Wholly Foreign-Owned Enterprise), JV (Joint Venture), or a VIE-structure entity.
- A WFOE can file on behalf of the foreign parent company for AI services deployed in China.
- Representative offices cannot file. They lack the legal standing to serve as the filing entity.
- For JV structures, the JV entity itself typically files. Determine which entity is the “provider” (the one offering the service to users in China).
- A local legal representative must sign the filing application.
- Pre-filing consultation (预沟通) adds 1-3 months to the end-to-end timeline before formal submission begins.
Need Help with the CAC Filing Process?
TJS advisors help multinational teams prepare filing documentation, coordinate with local counsel, and structure the pre-filing consultation process.
Talk to a TJS Advisor →Technical Pass Thresholds
These thresholds apply to the GenAI Filing (大模型备案) path only. Each measures a different aspect of your model’s safety compliance.
A separate bank of 300 should-not-refuse prompts tests for over-blocking. Your model must refuse 5% or less of these legitimate prompts. Over-refusal is treated as a compliance gap.
Keyword Filtering Library Specifications
The keyword library is one of the most labor-intensive filing requirements. Plan for significant ongoing maintenance.
Keyword Filtering Library
- Minimum 200 keywords per risk category for the first-tier (A.1) safety risks
- Minimum 100 keywords per risk category for the second-tier (A.2) safety risks
- Must cover all 17 safety risk categories defined in the TC260 safety specification
- Updated weekly to reflect new terms, evolving slang, and emerging content risks
- Filing rejection feedback commonly cites insufficient keyword coverage, particularly around political content categories
GenAI Filing: Required Documents
Prepare these before initiating your filing. Missing any required document will trigger feedback rounds and delay your timeline.
Application Form
Standard CAC-provided form. Identifies your organization, the model, and its intended use.
RequiredSecurity Self-Assessment Report
Full security evaluation of the model, its training data, and deployment environment.
RequiredModel Service Agreement
Terms governing how the GenAI service will be used, including user responsibilities and restrictions.
RequiredCorpus Annotation Rules
Documentation of how training data is labeled, categorized, and quality-controlled.
RequiredKeyword Filtering List
Minimum 10,000 keywords across 17 safety risk categories. Minimum 200 per A.1 risk, 100 per A.2 risk. Weekly updates.
RequiredEvaluation Test Question Set
Minimum 2,000 questions covering 31 safety risks for generated content evaluation.
RequiredRefusal Test Banks
Two separate banks: minimum 500 should-refuse prompts and minimum 500 should-not-refuse prompts.
RequiredSecurity Assessment (Trigger-Based)
Triggered separately if your service reaches 100M+ users, influences opinion formation, or handles sensitive content.
ConditionalHow the Filing Review Works
This is the standard review flow for algorithm filing and GenAI filing. Registration follows a simplified provincial-only path.
Before submitting a formal filing application, companies universally engage in informal consultation with their provincial CAC office. This step is not required by regulation but is standard practice. During consultation, CAC reviewers provide guidance on documentation requirements, flag potential issues, and set expectations for the review timeline. Companies report that this step significantly reduces the risk of delays during the formal review process.
Submit your complete filing package to the provincial-level Cyberspace Administration. The initial review takes 10 working days. For GenAI Registration (API consumers), this is the only review level required.
All 3 filing types 10 working daysA separate security assessment is triggered when your service: (1) reaches 100M+ users, (2) has opinion formation capabilities, or (3) processes sensitive content categories. This runs in parallel or before the national review.
100M+ users Opinion formation Sensitive contentFor algorithm filing and GenAI filing, the provincial office forwards your filing to the national CAC. This is where the most detailed technical evaluation happens. Expect feedback rounds requesting additional documentation or clarification.
Algorithm + GenAI filing only Not required for registrationOnce approved, the CAC issues a filing number. You must display this number on your product interface. It becomes part of your public compliance posture. Keep it current: annual updates are required for all three filing types.
Must display on product Annual updatesOngoing Obligations After Filing
Receiving a filing number is not the end of the process. All three filing types carry ongoing compliance requirements that begin immediately upon approval.
Annual Updates Required
All three filing types require annual updates submitted to the CAC. Failure to update may result in suspension of the filing number.
All 3 TypesKeyword Library: Weekly Updates
GenAI filing holders must update their keyword filtering library at least weekly to reflect new terms, evolving slang, and emerging content risks.
GenAI FilingCAC Spot Checks
The CAC may conduct spot checks at any time without prior notice. Maintain audit-ready documentation for all compliance controls.
All 3 TypesMaterial Changes Trigger Re-Filing
Material changes to the model architecture, training data sources, or service scope may require a new filing or amendment to the existing one.
All 3 TypesIncident Reporting Obligations
AI safety incidents, data breaches, or content generation failures must be reported to the CAC in accordance with the applicable regulation’s incident reporting requirements.
All 3 TypesFiling Number Display
The filing number must remain displayed on the product or service interface at all times. This is a public compliance indicator and its removal may trigger enforcement action.
All 3 TypesFiling Statistics at a Glance
The filing system is actively growing. These numbers reflect cumulative filings across all categories.
There are no publicly disclosed filing denials in the CAC system. The process works through pre-filing consultation and feedback rounds. If your documentation is incomplete, you receive guidance to revise and resubmit rather than a formal rejection.
Start Your Filing Preparation
Use these tools to identify your filing type and prepare your documentation package.
CAC Filing Readiness Assessment
Free12-question self-assessment to determine your filing type, required documents, and estimated timeline.
China AI Compliance Checklist
EmailCross-law checklist covering PIPL, DSL, CSL, and all five AI regulations for your filing preparation.