AI API Compliance in China: Data Export, Filing & Security Rules
Connecting to OpenAI, Anthropic, or Google's APIs takes a few lines of code. Getting it right on the compliance side is a different story. Chinese companies face three overlapping obligations the moment they start routing data to overseas AI services: cross-border data transfer rules, algorithm filing requirements, and the potential trigger for a national security review. Most teams either handle one of these and ignore the others, or discover all three at once when something goes wrong. This article lays out the full picture.
The Legal Foundation for Data Exports: Three Laws, One Problem
Three statutes govern what happens when data leaves China, and all three can apply simultaneously to a single API call.
The Data Security Law establishes a tiered data classification system. Companies must classify their own data as general, important, or core. Important data requires a government security assessment before it can leave the country. Core data generally cannot leave at all. If your API prompts contain business data — and they almost certainly do — you need to classify it before you send a single request.
PIPL Articles 38–43 cover personal information specifically. To transfer personal information overseas, you must satisfy exactly one of three conditions: pass a Cyberspace Administration of China (CAC) security assessment, obtain certification from an approved protection certification body, or execute a Standard Contract (the Chinese equivalent of SCCs) with the overseas recipient. There are no blanket exemptions.
The Network Data Security Management Regulations add concrete thresholds. If you processed personal information for more than one million people in the prior year, you must file for a security assessment before any overseas transfer. Between 100,000 and one million people, you can use the Standard Contract route instead. These two numbers are the practical decision point for most teams.
The part that trips people up: every API request is a data transfer. If your prompt includes a user ID, phone number, or behavioral log, PIPL applies. "We're just calling an API" is not a legal argument.
Algorithm Filing: When It Actually Applies to You
There are two distinct filing regimes, and they get conflated constantly.
The first is the algorithmic recommendation filing under the Internet Information Service Algorithm Recommendation Regulations. This covers platforms that push content to users via recommendation systems. If you're building an internal productivity tool for your own employees using GPT or Claude — not pushing content to the public — this doesn't apply to you.
The second is the generative AI service filing under the Interim Measures for the Management of Generative AI Services. This one is more directly relevant: if you provide generative AI services to the general public within China, you must file with the CAC. The operative phrase is "to the public." If you're a B2B SaaS company embedding AI into a product you sell to enterprise customers, you are the service provider — the filing obligation falls on you, not on OpenAI or Anthropic.
A straightforward way to think through your situation:
| Use case | Audience | Filing required? |
|---|---|---|
| Internal employee tools | Your own staff | Generally no |
| B2B SaaS with embedded AI | Enterprise customers | Yes |
| Consumer product with direct AI interaction | General public | Yes, mandatory |
| Dev and test environments | Engineering team | No |
The core filing materials include: basic information about the service provider, a description of the algorithm's function (you don't need to hand over model weights — describing which model you're using and what task it performs is sufficient), training data documentation, and a security assessment report.
Security Assessments: The Process and Where Teams Get Stuck
The CAC data export security assessment is the most process-intensive of the three requirements. The application covers 15 categories of information, from justification of necessity to contract terms with the overseas recipient to a self-assessment risk report. End to end, expect three to six months.
Three issues account for the majority of delays:
Minimal data collection isn't actually minimal. Assessment materials require you to specify the scope and volume of data being exported. If your prompt templates pass the user's complete profile by default, reviewers will ask why all of it is necessary. The fix is to implement field-level masking or truncation at the API call layer — pass only what the task actually requires, strip PII before the request leaves your system.
Your contract terms don't fully cover the requirements. Standard Contracts require the overseas recipient to accept specific data protection obligations. OpenAI's and Anthropic's standard enterprise agreements don't map cleanly to China's SCC requirements. You'll need to do a clause-by-clause comparison and patch the gaps in your Data Processing Agreement.
Security measures are described too vaguely. The self-assessment report needs specifics. "We use encrypted transmission" doesn't pass. You need to specify protocol version (TLS 1.3, for example), key management approach, and log retention period. Chinese regulations require logs to be retained for at least six months.
A Practical Compliance Checklist
Work through this in priority order:
Before launch - Map your data: identify which fields in your API calls qualify as personal information or important data - Implement PII filtering at the prompt construction layer — combining regex with named entity recognition is a reliable approach - Sign a DPA with your API provider and confirm they can make PIPL-compliant data processing commitments - Count your annual personal information processing volume to determine which compliance path applies
Before going public-facing - Determine whether the generative AI service filing obligation applies to your product - Prepare an algorithm transparency document covering the model used, task type, and output filtering approach - Build a user consent flow and update your privacy policy to disclose data export purposes and the identity of overseas recipients
Ongoing - Retain API call logs locally for at least six months — you need timestamps and data type labels, not the full request content - Conduct an annual data export risk assessment update - Monitor your API provider's privacy policy changes; re-evaluate compliance status within 30 days of any material change
An engineering note worth highlighting: consolidate compliance handling in a single proxy layer rather than scattering it across business modules. Masking rules, logging, and anomaly interception all live in one place, and when a reviewer asks to inspect your implementation, there's one module to show them.
Choosing the Right Compliance Path
For teams processing personal information for fewer than 100,000 people, the Standard Contract route is the lowest-cost option. With qualified legal counsel, it typically takes four to eight weeks to complete. For teams above the one million threshold, or handling important data, the security assessment is mandatory — budget six months and the corresponding internal headcount.
If your business needs to update its data export scope frequently, a practical alternative is routing traffic through a domestic API intermediary that already holds a licensed LLM algorithm filing number. This shifts the data export compliance burden upstream and is, in practice, how many Chinese companies avoid the complexity of direct overseas API connections entirely. It's not a workaround — it's a legitimate architectural choice that many enterprise teams make deliberately.
For teams evaluating this kind of setup, I've found XycAi to be a reliable option. It holds a licensed LLM algorithm filing number, comes with the full enterprise compliance documentation you'd need for a DPA, and supports global invoicing — which directly addresses the filing and contract issues described above. It also provides access to GPT, Claude, Gemini, and 200+ other models starting at 14% of list price, with one-command setup for Claude Code, Codex, and Gemini CLI. If you want GPT and Claude access without building your own overseas compliance infrastructure, it's worth evaluating first.
One API for 200+ global AI models
GPT · Claude · Gemini official models from 14% of list price. Licensed LLM filing, CN2 direct connect at ~5ms, compliant global invoicing.
Try XycAi →