Translation: Internet Information Service Deep Synthesis Management Provisions (Draft for Comment) – Jan. 2022

Draft rules would require labels, content controls for synthetic media


February 4, 2022

Article Banner Picture


February 4, 2022

This translation is by Rogier Creemers and was edited by Graham Webster with reference to an alternative translation by China Law Translate.

Archived copy:


Internet Information Service Deep Synthesis Management Provisions (Draft for Comment)

Article 1: These provisions are formulated in order to regulate deep synthesis activities in Internet information services, to carry forward the core Socialist value vision, to safeguard national security and the societal public interest, and to protect the lawful rights and interests of citizens, legal persons, and other organizations, on the basis of the Cybersecurity Law of the People’s Republic of China, the Data Security Law of the People’s Republic of China, the Personal Information Protection Law of the People’s Republic of China, the Internet Information Service Management Measures, and other such laws and administrative regulations.

Article 2: These Provisions apply to the use of deep synthesis technologies to provide Internet information services (hereafter referred to as deep synthesis services), as well as activities providing technical support to deep synthesis services, within the territory of the People’s Republic of China. Where laws or administrative regulations provide otherwise, those provisions are to be followed.

Deep synthesis technology as used in these Provisions refers to technologies using generative and synthesizing algorithms, with deep learning and virtual reality as representative examples, to produce text, images, sound, video, virtual settings, and other such information, including but not limited to:

  1. Technologies for generating or editing textual content, such as text generation, writing style transformation, and question-and-answer dialogues;
  2. Technologies for generating or editing voice content, such as text-to-speech, voice transformation, and voice characteristic editing;
  3. Technologies for generating or editing non-voice sound content, such as music generation, and ambient sound editing;
  4. Technologies for generating or editing human faces in images or video, such as facial generation, facial substitution, personal characteristic editing, facial manipulation, and posture manipulation;
  5. Technologies for editing non-biological characteristics in images or video, such as image enhancement and image repair;
  6. Technologies for generating or editing virtual settings, such as three-dimensional re-modelling.

"Deep synthesis service providers" refers to organizations providing deep synthesis services or providing technical support to deep synthesis services.

"Deep synthesis service users" refers to organizations and individuals using deep synthesis services to produce, reproduce, publish, or disseminate information.

Article 3: The State cybersecurity and informatization department is responsible for comprehensively coordinating deep synthesis service governance–related supervision and management work nationwide. Local cybersecurity and informatization departments are responsible for comprehensively coordinating deep synthesis service governance–related supervision and management work within their administrative areas.

Article 4: Deep synthesis service providers and deep synthesis service users shall abide by laws and regulations, respect social morals and ethics, adhere to the correct political direction, public opinion orientation, and value orientation, and promote progress and improvement in deep synthesis services.

Article 5: Relevant industry organizations are encouraged to strengthen industry self-discipline; establish and complete industry standards, industry norms, and self-discipline management structures; and supervise and guide deep synthesis service providers to formulate and perfect service standards, strengthen information content security management, provide services according to the law, and accept social supervision.

Article 6: No organization or individual may use deep synthesis to engage in activities harming national security, destroying social stability, upsetting social order, violating the lawful rights and interests of others, or other such acts prohibited by laws and regulations. They may not produce, reproduce, publish, or disseminate: information inciting subversion of State power or harming national security and social stability; obscenity and pornography; false information; information harming other people’s reputation rights, image rights, privacy rights, intellectual property rights and other lawful rights and interests; or other such content prohibited by laws and regulations.

Article 7: Deep synthesis service providers shall fulfill entity responsibility for information security, establish and complete management structures for algorithmic mechanism and logic (机制机理) examination and verification, user registration, information content management, data security and personal information protection, protection of minors, employee education and training, etc., with secure and controllable technical safeguard mechanisms suited to the development of new technologies and new applications.

Article 8: Deep synthesis service providers shall formulate and disclose management norms and platform covenants, improve service agreements, post the security obligations of deep synthesis service users in a conspicuous manner, and fulfill corresponding management responsibilities according to the law and according to covenants.

Article 9: Deep synthesis service providers shall conduct real identity information verification of deep synthesis service users according to the law. Where deep synthesis service users do not conduct real identity information verification, deep synthesis service providers may not provide information publishing services to them.

Article 10: Deep synthesis service providers shall: strengthen content management for deep synthesis information content, adopt technical or manual methods to examine and verify data input by deep synthesis service users, and the synthesis results; establish and complete a database of characteristics to be used to identify unlawful and harmful deep synthesis information content, and improve standards, norms, and procedures for making entries to the database; adopt corresponding methods to deal with unlawful and harmful information according to the law; and adopt response measures such as warnings, limitation of functions, suspension of service, account closure, etc., against related deep synthesis service users according to laws and covenants.

Article 11: Deep synthesis service providers shall strengthen management of deep synthesis technology, periodically examine and verify, assess, and test algorithmic mechanisms and logic; where they provide models or templating tools with the capability to edit facial, human voice, or other such distinguishing biological information or the distinguishing information of special non-biological objects or settings that may involve national security or the social public interest, they shall take the initiative to conduct security assessments and prevent information security risks.

Article 12: Deep synthesis service providers shall strengthen training data management, ensure the legality and propriety of data handling, and adopt necessary measures to ensure data security. Where training data includes data involving personal information, they shall also abide by personal information protection-related regulations, and must not illegally handle personal information. 

Where deep synthesis service providers provide significant editing functions for facial or vocal information, or other such distinguishing biological information, they shall prompt deep synthesis service users and notify them and obtain separate consent from the edited personal information subjects in accordance with the law, except where laws and administrative regulations provide otherwise.

Article 13: Deep synthesis service providers shall use effective technical measures to add marks that do not affect users’ usage to deep synthesis information content produced using their, retain daily record information according to the law, and ensure that published or disseminated deep synthesis information content can be self-identified and traced.

Article 14: Where deep synthesis service providers provide the following deep synthesis services, they shall use prominent methods to label deep synthesis information content, and effectively point out to the public the synthesized nature of the information content:

  1. Where providing smart dialogue, smart writing, and other such textual generation or editing services simulating natural persons, a clear label is to be provided in a position such as the source explanation section of the text information content;
  2. Where providing synthesized voices, imitated voices, and other such speech generation or editing services that significantly change individual identifying characteristics, a clear indication by spoken explanation or other such methods is to be provided in a reasonable part in the audio information content;
  3. Where providing services such as synthesis of virtual persons in images or video through facial generation, face substitution, face manipulation, posture manipulation, etc., or editing that significantly changes individual identifying characteristics; a clear label is to be provided in a prominent position in the image or video information content;
  1. Where providing immersive virtual reality settings and other such generative or editing services, a clear indication is to be provided in a prominent position in the virtual setting information content; 
  2. Where providing other services with generative or significant information content modification functions, a clear indication is to be provided in a reasonable position in the text, image, audio, video, virtual setting, etc.

Where deep synthesis providers provide deep synthesis services other than those provided in the previous paragraph, they shall provide deep synthesis service users with a function to prominently label deep synthesis information content, and point out that deep synthesis service users may provide prominent labels of deep synthesis information content.

Article 15: Where deep synthesis providers discover deep synthesis information content does not contain a prominent label as provided in Article 14, Paragraph I, they shall immediately cease the dissemination of the said information, and may only continue to disseminate it after a prominent label is made according to regulations.

Article 16: Internet application store service providers shall fulfill security management responsibilities concerning deep synthesis application programs provided by deep synthesis providers, and verify the security assessment, filing, and other such matters concerning  deep synthesis application programs according to the law and covenants; where relevant State regulations are violated, they shall promptly adopt response measures such as listing refusal, temporary delisting, or delisting, etc.

Article 17: Deep synthesis service providers shall establish and complete mechanisms for dispelling rumors; where it is discovered that deep synthesis information service users use deep synthesis technologies to produce, reproduce, publish, or disseminate false information, they shall promptly adopt corresponding measures to dispel rumors and file the relevant information with cybersecurity and informatization and other such departments.

Article 18: Deep synthesis service providers shall install convenient and effective portals for user appeals and public complaints and reports, publish handling procedures and feedback time periods for them, promptly accept and handle them, and provide feedback on the handling results. 

Article 19: Deep synthesis service providers shall, according to the relevant provisions of the Internet Information Service Algorithmic Recommendation Management Provisions, conduct filing formalities within 10 working days of first providing services. 

Deep synthesis service providers that have completed filing shall indicate their filing number in a prominent location on the website, application program, etc., where they provide external services and provide links to published information.

Article 20: Where deep synthesis service providers develop new products, new applications, or new functions online that have public opinion characteristics or social mobilization capacity, they shall conduct a security assessment according to relevant State provisions.

Article 21: All levels’ cybersecurity and informatization departments are to conduct supervision and inspection of deep synthesis information service providers’ fulfilment of their entity responsibility for deep synthesis information content management, and promptly put forward correction opinions and correction within a set time to deep synthesis information service providers where problems exist. 

Deep synthesis service providers shall cooperate with cybersecurity and informatization departments conducting supervision and inspection according to the law, and provide them with necessary technical, data, and other such support and assistance.

Article 22: In case of violations of Article 7, Article 8, Article 10, Article 11, Article 13, Article 14, Article 15, Article 16, Article 17, Article 18, Article 20, or Article 21 Paragraph II of these Provisions, where laws and administrative regulations contain provisions, those provisions are to be followed; where laws or administrative regulations do not contain provisions, the national and provincial, autonomous region, or directly-governed municipality cybersecurity and informatization department, on the basis of its duties and responsibilities, is to issue a warning, order correction within a limited time, and imposes suspension of related operations until correction; where correction is refused or circumstances are grave, it is to order provisional cessation of information updates and impose a fine between 10,000 and 100,000 Yuan.

In case of violations of Article 6, Article 9, Article 12 or Article 19 of these Provisions, the national, provincial, autonomous region, or directly-governed municipality cybersecurity and informatization department, on the basis of its duties and responsibilities, is to impose punishment according to the provisions of laws, administrative regulations, and departmental rules.

Where a violation of these Provisions causes harm to other persons, civil liability is to be borne according to the law; where it constitutes an act violating public order management, public order management liability is to be borne according to the law; where it constitutes a crime, criminal liability is to be prosecuted according to the law.

Article 23: The meaning of the following terms in these Provisions are as follows:

“Ambient sound” refers to non-spoken background sound content in audio.

“Face manipulation” refers to manipulation of the facial expression of persons in images or videos.

“Posture manipulation” refers to manipulation of the physical movements of persons in images or videos.

“Three-dimensional re-modelling” refers to the use of deep synthesis technologies for data-generated or -edited three-dimensional imaging of settings.

“Training data” refers to labelled or benchmark datasets used to train machine learning models.

“Immersive virtual reality settings” refers to virtual settings generated or edited through deep synthesis technologies that may provide a participatory experience or are interactive and feel highly realistic.

Article 24: The interpretation of these Provisions is the responsibility of the Cyberspace Administration of China.

Article 25: These Provisions take effect on (day, month, year).


The original text below includes explanatory content from the Cyberspace Administration of China's that is not translated above.



第一条 为了规范互联网信息服务深度合成活动,弘扬社会主义核心价值观,维护国家安全和社会公共利益,保护公民、法人和其他组织的合法权益,根据《中华人民共和国网络安全法》、《中华人民共和国数据安全法》、《中华人民共和国个人信息保护法》、《互联网信息服务管理办法》等法律、行政法规,制定本规定。

第二条 在中华人民共和国境内应用深度合成技术提供互联网信息服务(以下简称深度合成服务),以及为深度合成服务提供技术支持的活动,适用本规定。法律、行政法规另有规定的,依照其规定。










第三条 国家网信部门负责统筹协调全国深度合成服务治理和相关监督管理工作。地方网信部门负责统筹协调本行政区域内的深度合成服务治理和相关监督管理工作。

第四条 深度合成服务提供者和深度合成服务使用者应当遵守法律法规,尊重社会公德和伦理,坚持正确政治方向、舆论导向、价值取向,促进深度合成服务向上向善。

第五条 鼓励相关行业组织加强行业自律,建立健全行业标准、行业准则和自律管理制度,督促指导深度合成服务提供者制定完善服务规范、加强信息内容安全管理、依法提供服务并接受社会监督。

第六条 任何组织和个人不得利用深度合成服务从事危害国家安全、破坏社会稳定、扰乱社会秩序、侵犯他人合法权益等法律法规禁止的活动,不得制作、复制、发布、传播含有煽动颠覆国家政权、危害国家安全和社会稳定、淫秽色情、虚假信息,以及侵害他人名誉权、肖像权、隐私权、知识产权和其他合法权益等法律法规禁止内容的信息。

第七条 深度合成服务提供者应当落实信息安全主体责任,建立健全算法机制机理审核、用户注册、信息内容管理、数据安全和个人信息保护、未成年人保护、从业人员教育培训等管理制度,具有与新技术新应用发展相适应的安全可控的技术保障措施。

第八条 深度合成服务提供者应当制定并公开管理规则和平台公约,完善服务协议,以显著方式提示深度合成服务使用者信息安全义务,并依法依约履行相应管理责任。

第九条 深度合成服务提供者应当依法对深度合成服务使用者进行真实身份信息认证。深度合成服务使用者不进行真实身份信息认证的,深度合成服务提供者不得为其提供信息发布服务。

第十条 深度合成服务提供者应当加强深度合成信息内容管理,采取技术或者人工方式对深度合成服务使用者的输入数据和合成结果进行审核;建立健全用于识别违法和不良深度合成信息内容的特征库,完善入库标准、规则和程序;对违法和不良信息依法采取相应处置措施,并对相关深度合成服务使用者依法依约采取警示、限制功能、暂停服务、关闭账号等处置措施。

第十一条 深度合成服务提供者应当加强深度合成技术管理,定期审核、评估、验证算法机制机理;提供具有对人脸、人声等生物识别信息或者可能涉及国家安全、社会公共利益的特殊物体、场景等非生物识别信息编辑功能的模型、模板等工具的,应当自行开展安全评估,预防信息安全风险。

第十二条 深度合成服务提供者应当加强训练数据管理,确保数据处理合法、正当,采取必要措施保障数据安全。训练数据包含涉及个人信息数据的,还应当遵守个人信息保护有关规定,不得非法处理个人信息。


第十三条 深度合成服务提供者对使用其服务所制作的深度合成信息内容,应当通过有效技术措施在信息内容中添加不影响用户使用的标识,依法保存日志信息,使发布、传播的深度合成信息内容可被自身识别、追溯。

第十四条 深度合成服务提供者提供以下深度合成服务的,应当使用显著方式对深度合成信息内容进行标识,向社会公众有效提示信息内容的合成情况:







第十五条 深度合成服务提供者发现第十四条第一款规定的深度合成信息内容未进行显著标识的,应当立即停止传输该信息,按照规定作出显著标识后,方可继续传输。

第十六条 互联网应用商店服务提供者应当对深度合成服务提供者提供的深度合成应用程序履行安全管理责任,依法依约核验深度合成应用程序的安全评估、备案等情况;对违反国家有关规定的,应当及时采取不予上架、暂停上架或者下架等处置措施。

第十七条 深度合成服务提供者应当建立健全辟谣机制,发现深度合成信息服务使用者利用深度合成技术制作、复制、发布、传播虚假信息的,应当及时采取相应的辟谣措施,并将相关信息报网信等部门备案。

第十八条 深度合成服务提供者应当设置便捷有效的用户申诉和公众投诉、举报入口,公布处理流程和反馈时限,及时受理、处理并反馈处理结果。

第十九条 深度合成服务提供者应当按照《互联网信息服务算法推荐管理规定》的有关规定,在提供服务之日起十个工作日内履行备案手续。


第二十条 深度合成服务提供者开发上线具有舆论属性或者社会动员能力的新产品、新应用、新功能的,应当按照国家有关规定开展安全评估。

第二十一条 各级网信部门对深度合成信息服务提供者履行深度合成信息内容管理主体责任情况开展监督检查,对存在问题的深度合成信息服务提供者及时提出整改意见并限期整改。


第二十二条 违反本规定第七条、第八条、第十条、第十一条、第十三条、第十四条、第十五条、第十六条、第十七条、第十八条、第二十条、第二十一条第二款规定,法律、行政法规有规定的,依照其规定;法律、行政法规没有规定的,由国家和省、自治区、直辖市网信部门依据职责给予警告,责令限期改正,改正前应当暂停相关业务;拒不改正或者情节严重的,责令暂停信息更新,并处一万元以上十万元以下罚款。



第二十三条 本规定中下列用语的含义:







第二十四条 本规定由国家互联网信息办公室负责解释。

第二十五条 本规定自 年 月 日起施行。