September 2025

National Technical Committee on Cybersecurity of Standardization Administration Released Six Practical Guidelines on Labeling AI-Generated or Composed Content (Mainland China)

As mentioned in the previous article, according to Articles 5 and 6 of the “Measures for Labeling of Artificial Intelligence Generated or Composed Content” (hereinafter referred to as the “Measures”), service providers must embed implicit labels in the metadata of generated or composed content.  Meanwhile, providers of online content dissemination services are required to implement verification measures to regulate the dissemination of such content.  To implement these “Measures” and in accordance with the mandatory national standard GB 45438—2025 “Cybersecurity Technology – Labeling Methods for Artificial Intelligence-Generated or Composed Content,” on August 28, 2025, the Secretariat of the National Technical Committee on Cybersecurity of Standardization Administration (hereinafter referred to as the "Committee") released six cybersecurity standard practical guidelines (hereinafter referred to as the “Guidelines”).  These aim to guide both generated or composed content service providers and content dissemination service providers in carrying out labeling activities related to AI-generated or composed content.

The six Guidelines cover implicit metadata labeling methods, metadata security protection techniques, and detection frameworks for AI-generated or composed content such as text, images, audio, and video.  The documents specify technical requirements and security protection measures for implicit metadata labeling across various content types, offering technical references for relevant service providers.

For video files, “Guideline 01” [1] outlines two approaches.  One is for formats such as MP4, MOV, AVI, MKV, WebM, and FLV, where native embedding is used for implicit metadata labeling.  For other formats, it proposes using the XMP standard, with reference examples provided.

For text files, “Guideline 02” [2] addresses labeling methods for formats based on OOXML, UOF, PDF, OFD, Markdown, XMind, POSM, and POSF, and suggests that other formats may refer to these methods.  Reference examples are also included.

For image files, “Guideline 03” [3] presents a general implicit metadata labeling method for formats such as HEIF/HEIC, JPEG/JPG, PNG, TIFF, WebP, and GIF, with additional alternatives provided in Appendix B.

For audio files, “Guideline 04” [4] offers native embedding-based labeling methods for formats based on RIFF, MP3, OGG, FLAC, and M4A, and also provides XMP-based labeling for other formats.

In addition, “Guideline 05” [5] introduces security protection techniques and reference formats for security protection information for implicit metadata labeling in AI-generated or composed content files.  This ensures the authenticity, integrity, and association between labels and files during content dissemination.

“Guideline 06” [6] presents a detection framework for AI-generated or composed content, outlining aspects such as objective setting, detection processes, algorithms, and detection service packaging.  It also provides common detection algorithms and service packaging solutions, offering standardized guidance for the design, development, and application of detection systems for AI-generated or composed content.  Furthermore, the Committee plans to release evaluation methods and specific detection guidelines for images, videos, audio, and text.

In summary, if a company is a provider of AI-generated or composed content or a content dissemination service, it must comply with the currently released and upcoming guidelines to lawfully and systematically carry out labeling activities when it comes to AI-generated or composed content.


[1] See Section 5 of “Cybersecurity Standard Practical Guideline – Labeling Methods for AI-Generated or Composed Content: Implicit Metadata Labeling for Video Files.”
[2] See Section 5 of “Cybersecurity Standard Practical Guideline – Labeling Methods for AI-Generated or Composed Content: Implicit Metadata Labeling for Text Files.”
[3] See Section 5 of “Cybersecurity Standard Practical Guideline – Labeling Methods for AI-Generated or Composed Content: Implicit Metadata Labeling for Image Files.”
[4] See Section 5 of “Cybersecurity Standard Practical Guideline – Labeling Methods for AI-Generated or Composed Content: Implicit Metadata Labeling for Audio Files.”
[5] See Section 5 of “Cybersecurity Standard Practical Guideline – Labeling Methods for AI-Generated or Composed Content: Security Protection Techniques for Implicit Metadata Labeling.”
[6] See “Cybersecurity Standard Practical Guideline – Detection of AI-Generated or Composed Content, Part 1: Framework.”

Related Articles


The contents of all newsletters of Shanghai Lee, Tsai & Partners (Content) available on the webpage belong to and remain with Shanghai Lee, Tsai & Partners. All rights are reserved by Shanghai Lee, Tsai & Partners, and the Content may not be reproduced, downloaded, disseminated, published, or transferred in any form or by any means, except with the prior permission of Shanghai Lee, Tsai & Partners.

The Content is for informational purposes only and is not offered as legal or professional advice on any particular issue or case. The Content may not reflect the most current legal and regulatory developments. Shanghai Lee, Tsai & Partners and the editors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The contributing authors' opinions do not represent the position of Shanghai Lee, Tsai & Partners. If the reader has any suggestions or questions, please do not hesitate to contact Shanghai Lee, Tsai & Partners.