April 2026
Compliance Tips for the Application of Artificial Intelligence Technology (II) — Algorithm Compliance (Mainland China)
In the previous article, we provided a general overview of compliance issues that may arise in the application of artificial intelligence technologies. This article focuses on analyzing the compliance obligations and legal risks that relevant entities may face when applying algorithmic technologies.
I. What technologies are included in algorithmic technologies?
Pursuant to Article 2 of the Provisions on the Administration of Algorithmic Recommendations for Internet Information Services (hereinafter referred to as the “Provisions”), algorithmic recommendation technology refers to the use of algorithms such as generative synthesis, personalized push, ranking and selection, retrieval and filtering, scheduling and decision-making to provide users with information.
Any entity that applies the above technologies within the territory of the People’s Republic of China to provide Internet information services (hereinafter referred to as “algorithmic recommendation services”) shall be governed by the Provisions and comply with the compliance obligations set forth therein.
II. What are the algorithm compliance obligations?
According to the Provisions on the Administration of Algorithmic Recommendations for Internet Information Services, the compliance obligations of algorithmic recommendation service providers generally fall into six categories:
A. Basic Operational Compliance Obligations
These are the fundamental rules for providing algorithmic recommendation services, covering the implementation of primary responsibilities, full life cycle management of algorithms, adherence to operational principles, and other basic requirements. They serve as the premise for all compliance obligations and mainly include:
1. Abide by statutory principles: comply with laws and regulations, observe social morality and business ethics, and adhere to the principles of fairness, justice, openness, transparency, scientific rationality, and good faith (Article 4).
2.Implement primary responsibilities: establish and improve full-process management systems and technical measures for algorithm mechanism review, science and technology ethics review, data security and personal information protection, anti-telecom and online fraud, and emergency response to security incidents; formulate and publicize algorithmic recommendation service rules, and deploy professionals and technical support commensurate with the service scale (Article 7).
3. Conduct regular algorithm reviews: regularly review, evaluate, and verify algorithm mechanisms, models, data, and application results; algorithms shall not be designed to induce user addiction or excessive consumption (Article 8).
4. Cooperate with industry self-regulation: actively cooperate with self-regulation by relevant industry organizations, improve service specifications, and accept social supervision (Article 5).
B. Information Service Management Compliance Obligations
This obligation focuses on the governance of information content recommended by algorithms. The core is to regulate the whole process of information generation, recommendation, and management, uphold mainstream value orientation, and prevent the dissemination of illegal and harmful information. Algorithmic recommendation service providers shall:
1. Uphold mainstream value orientation: optimize algorithm mechanisms, actively disseminate positive energy, prevent and resist harmful information, and shall not use algorithms to spread illegal information or engage in activities endangering national security and public interests (Article 6).
2. Implement information security management: establish databases of illegal and harmful information features and improve identification standards; conspicuously label algorithmically generated synthetic information before transmission; immediately stop transmission, remove, and report illegal information upon discovery, and dispose of harmful information in accordance with regulations (Article 9).
3. Manage user tags and models: improve rules for user interest and tag management; user tags shall not include keywords related to illegal or harmful information, nor shall they be used for information recommendation (Article 10).
4. Maintain the page ecosystem: present mainstream value information in key sections such as the homepage, top screen, hot searches, rankings, and pop-ups; establish manual intervention and user-independent selection mechanisms (Article 11).
5. Improve algorithm transparency: adopt strategies such as content deduplication and dispersion to enhance the transparency and interpretability of algorithm retrieval, ranking, and recommendation rules (Article 12).
6. Meet special requirements for news information services: obtain the corresponding permits for providing Internet news information services; shall not generate synthetic fake news or spread news released by non-compliant entities (Article 13).
C. User Rights Protection Compliance Obligations
This obligation centers on user rights, including the disclosure of algorithm information, protection of users’ right to independent choice, special protection of minors, the elderly, workers, consumers and other vulnerable groups, and the establishment of sound complaint and appeal channels:
1. Disclose algorithm information: inform users of the provision of algorithmic recommendation services in a conspicuous manner, and publicize the basic principles, purposes, and main operating mechanisms of algorithms in an appropriate way (Article 16).
2. Protect users’ right to independent choice: provide users with non-personalized recommendation options or a convenient entry to disable algorithmic recommendation services, and cease relevant services immediately upon user disablement; provide functions for users to select or delete tags; explain and assume liability in accordance with the law if algorithms materially affect user rights (Article 17).
3. Protect special groups
a. Minors: develop exclusive usage modes, push information beneficial to physical and mental health, and shall not push information inducing bad habits or imitation of dangerous behaviors, or induce Internet addiction (Article 18).
b. The elderly: provide intelligent elderly-friendly services, consider their needs for travel and medical treatment, and monitor and identify information related to telecom and online fraud (Article 19).
c. Workers: for work scheduling services, protect rights to remuneration, rest and leave, and optimize algorithms for order allocation, working hours, rewards and penalties (Article 20).
d. Consumers: shall not use algorithms to impose unreasonable differential treatment such as price discrimination based on consumer preferences and transaction habits, and must protect the right to fair trade (Article 21).
4. Establish complaint and appeal channels: set up convenient and effective user appeal and public complaint reporting entries, clarify processing procedures and response time limits, and accept and respond to results in a timely manner (Article 22).
D. Supervision and Administration Cooperation Compliance Obligations
These are statutory obligations for algorithmic recommendation service providers to cooperate with regulatory authorities, mainly including compliance with classified and graded algorithm management, completion of algorithm filing (modification/cancellation), cooperation in security assessments and supervision inspections, retention of network logs, and provision of technical and data support:
1. Comply with classified and graded management: cooperate with cyberspace authorities and other departments in implementing classified and graded algorithm management based on public opinion attributes, social mobilization capabilities, user scale, etc. (Article 23).
2. Filing management (special requirements for algorithmic recommendation services such as Internet news information)
a. Enterprises with public opinion attributes or social mobilization capabilities shall complete algorithm filing within 10 working days from the date of service provision, and submit information including name, algorithm type, and a self-assessment report (Article 24).
b. Modify filing information within 10 working days in case of changes; cancel filing and make proper arrangements within 20 working days upon service termination (Article 24).
c. Indicate the filing number in a prominent position on websites, apps, etc., and provide a link to public information after filing (Article 26).
3. Cooperate in security assessments and supervision inspections
a. Enterprises with public opinion attributes or social mobilization capabilities shall conduct algorithm security assessments in accordance with national regulations (Article 27).
b. Retain network logs in accordance with the law, cooperate with cyberspace, telecommunications, public security and other departments in security assessments and supervision inspections, and provide necessary technical and data support (Article 28).
E. Prohibited Business Conduct Obligations
The Provisions also clearly define red lines for algorithm application, prohibiting the use of algorithms to manipulate online public opinion, engage in monopoly and unfair competition, conduct false operations, and commit other illegal acts. Providers shall not commit the following acts; violators will face administrative penalties and even criminal liability:
1. Fraudulently register accounts, illegally trade accounts, manipulate likes/comments/forwards, block information, over-recommend, manipulate rankings or hot searches, and interfere with information presentation to influence online public opinion (Article 14).
2. Impose unreasonable restrictions on other Internet service providers, obstruct the operation of their legitimate services, and engage in monopoly and unfair competition (Article 15).
3. Obtain algorithm filing through improper means such as concealing information or providing false materials (Article 33).
4. Refuse to cooperate with security assessments and supervision inspections by regulatory authorities, or fail to retain network logs as required (Article 28).
F. Other Relevant Legal Risks
In fact, in addition to the above compliance risks, improper commercial practices through algorithm application may also involve legal risks of infringement or unfair competition.
For example, in a case concerning infringement of the right of information network dissemination of film and television dramas in Hunan [1] , after users entered keywords such as “I want to watch a certain film and television drama” in an AI search engine, the product screened and prioritized multiple links, most of which directly directed users to websites providing pirated resources. The plaintiff claimed that such acts infringed its right of information network dissemination and sued the defendant before the Kaifu District People’s Court of Changsha for compensation and an apology. Although the case was finally settled through mediation, public judicial views indicated a high likelihood that the act would be found infringing.
In another case, a Guangzhou culture & communication company sued a Beijing technology company and others for infringement of the right of information network dissemination of a work [2] . The culture company was the copyright owner of the article in question. After a media company republished the article, the technology company accessed the article from popular science websites via RSS technology and published it in the technology section of its platform through text classification algorithms, without legitimate authorization. The culture company claimed civil liability for infringement of the right of information network dissemination against both defendants, seeking compensation of 150,000 yuan and a public apology. The court upheld the claim and ruled that Internet service providers have advantages in choosing content distribution subjects, adopting anti-infringement technical models, and responding to infringement risks. If an Internet service provider fails to adopt necessary technical measures to prevent infringement, its corresponding liability for contributory infringement shall be determined based on factors such as the nature and method of Internet services, ability to manage information, and profit distribution model.
Therefore, improper use of algorithm technologies may constitute infringement of others’ rights of information network dissemination of works, which is also a key compliance risk in algorithmic recommendation services.
III. Relevant Legal Liabilities
Pursuant to Articles 31 and 33 of the Provisions, service providers that violate the above compliance obligations shall face penalties including warnings, circulars of criticism, deadline corrections, and suspension of information updates according to the seriousness of the case; for serious cases, a fine of not less than 10,000 yuan but not more than 100,000 yuan shall be imposed. If the violation constitutes a public security offense, public security administration penalties shall be imposed; if it constitutes a crime, criminal liability shall be pursued in accordance with the law.
In addition, if algorithmic recommendation services constitute infringement or unfair competition, providers shall also bear civil compensation liability.
IV. Compliance Tips
In summary, when enterprises apply algorithm technologies, they shall, on the one hand, comply with various regulatory requirements; failure to meet the standards will result in corresponding administrative penalties. On the other hand, improper use of algorithm technologies may infringe upon others’ civil rights or constitute unfair competition, leading to civil compensation liability. Both scenarios will adversely affect the normal operation of enterprises. Enterprises are advised to attach great importance to and properly implement relevant compliance management.
[1] See the Notice of the Office of the China National Intellectual Property Administration and the General Office of the Supreme People's Court on Releasing Typical Cases of Diversified Mediation of Intellectual Property Disputes in 2024 (GZBFBZ [2025] No. 50).
[2] Refer to the civil judgment of the Guangzhou Intellectual Property Court (2021) Yue 73 Min Zhong 5651.
I. What technologies are included in algorithmic technologies?
Pursuant to Article 2 of the Provisions on the Administration of Algorithmic Recommendations for Internet Information Services (hereinafter referred to as the “Provisions”), algorithmic recommendation technology refers to the use of algorithms such as generative synthesis, personalized push, ranking and selection, retrieval and filtering, scheduling and decision-making to provide users with information.
Any entity that applies the above technologies within the territory of the People’s Republic of China to provide Internet information services (hereinafter referred to as “algorithmic recommendation services”) shall be governed by the Provisions and comply with the compliance obligations set forth therein.
II. What are the algorithm compliance obligations?
According to the Provisions on the Administration of Algorithmic Recommendations for Internet Information Services, the compliance obligations of algorithmic recommendation service providers generally fall into six categories:
A. Basic Operational Compliance Obligations
These are the fundamental rules for providing algorithmic recommendation services, covering the implementation of primary responsibilities, full life cycle management of algorithms, adherence to operational principles, and other basic requirements. They serve as the premise for all compliance obligations and mainly include:
1. Abide by statutory principles: comply with laws and regulations, observe social morality and business ethics, and adhere to the principles of fairness, justice, openness, transparency, scientific rationality, and good faith (Article 4).
2.Implement primary responsibilities: establish and improve full-process management systems and technical measures for algorithm mechanism review, science and technology ethics review, data security and personal information protection, anti-telecom and online fraud, and emergency response to security incidents; formulate and publicize algorithmic recommendation service rules, and deploy professionals and technical support commensurate with the service scale (Article 7).
3. Conduct regular algorithm reviews: regularly review, evaluate, and verify algorithm mechanisms, models, data, and application results; algorithms shall not be designed to induce user addiction or excessive consumption (Article 8).
4. Cooperate with industry self-regulation: actively cooperate with self-regulation by relevant industry organizations, improve service specifications, and accept social supervision (Article 5).
B. Information Service Management Compliance Obligations
This obligation focuses on the governance of information content recommended by algorithms. The core is to regulate the whole process of information generation, recommendation, and management, uphold mainstream value orientation, and prevent the dissemination of illegal and harmful information. Algorithmic recommendation service providers shall:
1. Uphold mainstream value orientation: optimize algorithm mechanisms, actively disseminate positive energy, prevent and resist harmful information, and shall not use algorithms to spread illegal information or engage in activities endangering national security and public interests (Article 6).
2. Implement information security management: establish databases of illegal and harmful information features and improve identification standards; conspicuously label algorithmically generated synthetic information before transmission; immediately stop transmission, remove, and report illegal information upon discovery, and dispose of harmful information in accordance with regulations (Article 9).
3. Manage user tags and models: improve rules for user interest and tag management; user tags shall not include keywords related to illegal or harmful information, nor shall they be used for information recommendation (Article 10).
4. Maintain the page ecosystem: present mainstream value information in key sections such as the homepage, top screen, hot searches, rankings, and pop-ups; establish manual intervention and user-independent selection mechanisms (Article 11).
5. Improve algorithm transparency: adopt strategies such as content deduplication and dispersion to enhance the transparency and interpretability of algorithm retrieval, ranking, and recommendation rules (Article 12).
6. Meet special requirements for news information services: obtain the corresponding permits for providing Internet news information services; shall not generate synthetic fake news or spread news released by non-compliant entities (Article 13).
C. User Rights Protection Compliance Obligations
This obligation centers on user rights, including the disclosure of algorithm information, protection of users’ right to independent choice, special protection of minors, the elderly, workers, consumers and other vulnerable groups, and the establishment of sound complaint and appeal channels:
1. Disclose algorithm information: inform users of the provision of algorithmic recommendation services in a conspicuous manner, and publicize the basic principles, purposes, and main operating mechanisms of algorithms in an appropriate way (Article 16).
2. Protect users’ right to independent choice: provide users with non-personalized recommendation options or a convenient entry to disable algorithmic recommendation services, and cease relevant services immediately upon user disablement; provide functions for users to select or delete tags; explain and assume liability in accordance with the law if algorithms materially affect user rights (Article 17).
3. Protect special groups
a. Minors: develop exclusive usage modes, push information beneficial to physical and mental health, and shall not push information inducing bad habits or imitation of dangerous behaviors, or induce Internet addiction (Article 18).
b. The elderly: provide intelligent elderly-friendly services, consider their needs for travel and medical treatment, and monitor and identify information related to telecom and online fraud (Article 19).
c. Workers: for work scheduling services, protect rights to remuneration, rest and leave, and optimize algorithms for order allocation, working hours, rewards and penalties (Article 20).
d. Consumers: shall not use algorithms to impose unreasonable differential treatment such as price discrimination based on consumer preferences and transaction habits, and must protect the right to fair trade (Article 21).
4. Establish complaint and appeal channels: set up convenient and effective user appeal and public complaint reporting entries, clarify processing procedures and response time limits, and accept and respond to results in a timely manner (Article 22).
D. Supervision and Administration Cooperation Compliance Obligations
These are statutory obligations for algorithmic recommendation service providers to cooperate with regulatory authorities, mainly including compliance with classified and graded algorithm management, completion of algorithm filing (modification/cancellation), cooperation in security assessments and supervision inspections, retention of network logs, and provision of technical and data support:
1. Comply with classified and graded management: cooperate with cyberspace authorities and other departments in implementing classified and graded algorithm management based on public opinion attributes, social mobilization capabilities, user scale, etc. (Article 23).
2. Filing management (special requirements for algorithmic recommendation services such as Internet news information)
a. Enterprises with public opinion attributes or social mobilization capabilities shall complete algorithm filing within 10 working days from the date of service provision, and submit information including name, algorithm type, and a self-assessment report (Article 24).
b. Modify filing information within 10 working days in case of changes; cancel filing and make proper arrangements within 20 working days upon service termination (Article 24).
c. Indicate the filing number in a prominent position on websites, apps, etc., and provide a link to public information after filing (Article 26).
3. Cooperate in security assessments and supervision inspections
a. Enterprises with public opinion attributes or social mobilization capabilities shall conduct algorithm security assessments in accordance with national regulations (Article 27).
b. Retain network logs in accordance with the law, cooperate with cyberspace, telecommunications, public security and other departments in security assessments and supervision inspections, and provide necessary technical and data support (Article 28).
E. Prohibited Business Conduct Obligations
The Provisions also clearly define red lines for algorithm application, prohibiting the use of algorithms to manipulate online public opinion, engage in monopoly and unfair competition, conduct false operations, and commit other illegal acts. Providers shall not commit the following acts; violators will face administrative penalties and even criminal liability:
1. Fraudulently register accounts, illegally trade accounts, manipulate likes/comments/forwards, block information, over-recommend, manipulate rankings or hot searches, and interfere with information presentation to influence online public opinion (Article 14).
2. Impose unreasonable restrictions on other Internet service providers, obstruct the operation of their legitimate services, and engage in monopoly and unfair competition (Article 15).
3. Obtain algorithm filing through improper means such as concealing information or providing false materials (Article 33).
4. Refuse to cooperate with security assessments and supervision inspections by regulatory authorities, or fail to retain network logs as required (Article 28).
F. Other Relevant Legal Risks
In fact, in addition to the above compliance risks, improper commercial practices through algorithm application may also involve legal risks of infringement or unfair competition.
For example, in a case concerning infringement of the right of information network dissemination of film and television dramas in Hunan [1] , after users entered keywords such as “I want to watch a certain film and television drama” in an AI search engine, the product screened and prioritized multiple links, most of which directly directed users to websites providing pirated resources. The plaintiff claimed that such acts infringed its right of information network dissemination and sued the defendant before the Kaifu District People’s Court of Changsha for compensation and an apology. Although the case was finally settled through mediation, public judicial views indicated a high likelihood that the act would be found infringing.
In another case, a Guangzhou culture & communication company sued a Beijing technology company and others for infringement of the right of information network dissemination of a work [2] . The culture company was the copyright owner of the article in question. After a media company republished the article, the technology company accessed the article from popular science websites via RSS technology and published it in the technology section of its platform through text classification algorithms, without legitimate authorization. The culture company claimed civil liability for infringement of the right of information network dissemination against both defendants, seeking compensation of 150,000 yuan and a public apology. The court upheld the claim and ruled that Internet service providers have advantages in choosing content distribution subjects, adopting anti-infringement technical models, and responding to infringement risks. If an Internet service provider fails to adopt necessary technical measures to prevent infringement, its corresponding liability for contributory infringement shall be determined based on factors such as the nature and method of Internet services, ability to manage information, and profit distribution model.
Therefore, improper use of algorithm technologies may constitute infringement of others’ rights of information network dissemination of works, which is also a key compliance risk in algorithmic recommendation services.
III. Relevant Legal Liabilities
Pursuant to Articles 31 and 33 of the Provisions, service providers that violate the above compliance obligations shall face penalties including warnings, circulars of criticism, deadline corrections, and suspension of information updates according to the seriousness of the case; for serious cases, a fine of not less than 10,000 yuan but not more than 100,000 yuan shall be imposed. If the violation constitutes a public security offense, public security administration penalties shall be imposed; if it constitutes a crime, criminal liability shall be pursued in accordance with the law.
In addition, if algorithmic recommendation services constitute infringement or unfair competition, providers shall also bear civil compensation liability.
IV. Compliance Tips
In summary, when enterprises apply algorithm technologies, they shall, on the one hand, comply with various regulatory requirements; failure to meet the standards will result in corresponding administrative penalties. On the other hand, improper use of algorithm technologies may infringe upon others’ civil rights or constitute unfair competition, leading to civil compensation liability. Both scenarios will adversely affect the normal operation of enterprises. Enterprises are advised to attach great importance to and properly implement relevant compliance management.
[1] See the Notice of the Office of the China National Intellectual Property Administration and the General Office of the Supreme People's Court on Releasing Typical Cases of Diversified Mediation of Intellectual Property Disputes in 2024 (GZBFBZ [2025] No. 50).
[2] Refer to the civil judgment of the Guangzhou Intellectual Property Court (2021) Yue 73 Min Zhong 5651.
Related Articles
The contents of all newsletters of Shanghai Lee, Tsai & Partners (Content) available on the webpage belong to and remain with Shanghai Lee, Tsai & Partners. All rights are reserved by Shanghai Lee, Tsai & Partners, and the Content may not be reproduced, downloaded, disseminated, published, or transferred in any form or by any means, except with the prior permission of Shanghai Lee, Tsai & Partners.
The Content is for informational purposes only and is not offered as legal or professional advice on any particular issue or case. The Content may not reflect the most current legal and regulatory developments. Shanghai Lee, Tsai & Partners and the editors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The contributing authors' opinions do not represent the position of Shanghai Lee, Tsai & Partners. If the reader has any suggestions or questions, please do not hesitate to contact Shanghai Lee, Tsai & Partners.
