China Issues New Guidelines Warning Local Governments on AI Access to Sensitive Data

New Directives on AI Use in Government Affairs

China has recently issued comprehensive guidelines to local governments, cautioning against the unauthorized access of artificial intelligence (AI) to sensitive information. These directives, primarily from the Cyberspace Administration of China (CAC) and the National Development and Reform Commission (NDRC), aim to enhance data security and ensure the responsible integration of AI technologies across government operations. The move underscores China's ongoing efforts to balance technological advancement with national security and data protection concerns.

Safeguarding Sensitive Information and State Secrets

A core component of the new guidelines emphasizes strict confidentiality requirements. Local governments are explicitly warned against inputting State secrets, work secrets, and other sensitive information into non-classified AI large models. This measure is designed to mitigate the significant risk of data leakage that could arise from the aggregation and association of such sensitive data. The guidelines also call for strengthened data governance to improve data quality, which is crucial for optimizing AI model training. Furthermore, robust safety management protocols are mandated, including the establishment of a safety responsibility system to clarify duties and enhance the capacity to respond to potential AI security risks.

Structured AI Deployment and Auxiliary Role

The directives advocate for a systematic and orderly approach to AI integration within government affairs. Departments are encouraged to adopt a scenario-driven approach, selecting typical use cases for AI application based on local conditions and existing technological foundations. This includes areas such as public services, social governance, office operations, and decision-making support. To ensure efficient resource utilization and consistency, the guidelines promote coordinated deployment, where prefectural cities follow provincial directives, and counties reuse computing power and model resources from higher-level governments. Crucially, the guidelines emphasize AI's auxiliary role, stressing that it should serve as a tool to mitigate risks like model hallucinations and should not replace human responsibility. This approach seeks to balance workload reduction with technological empowerment, cautioning against 'digital formalism'—the pursuit of technology without tangible value.

Broader Regulatory Landscape and AI-Generated Content

These new warnings are part of China's broader and evolving regulatory framework for AI and data security. The country has a comprehensive legal structure, including the Personal Information Protection Law (PIPL), Data Security Law (DSL), and Cybersecurity Law (CSL), all of which impose stringent obligations on data processing and protection. In a related development, guidelines issued in March 2025, taking effect on September 1, 2025, require visible and invisible labels on all AI-generated content circulated online. This includes texts, images, audios, videos, and virtual scenes, aiming to combat the misuse of AI and the spread of false information. Explicit labels are required for content that might confuse or mislead the public, while implicit labels containing metadata must be embedded in content files. These measures collectively reflect China's ambition to lead in AI development while maintaining strict control over its security and societal impact.