China: TC260 standard Basic Requirements for Security of Generative Artificial Intelligence Services of Cybersecurity Technology including measures on copyright protection enters into force

On 1 November 2025, the national standard "Basic Requirements for Security of Generative Artificial Intelligence Services of Cybersecurity Technology" from the National Information Security Standardisation Technical Committee of China (TC260) enters into force. The standard outlines the requirements that providers of generative artificial intelligence (AI) services must implement during the development process, including the security of training data sources, training data content security, data annotation security, and model security. In addition, it outlines the security obligations after the system is released for public use. The standard requires providers to develop intellectual property management strategies to identify risks and establish a reporting channel for infringements. Before using data for training purposes, providers must identify potential copyright infringement risks, especially for data containing literary, artistic, or scientific works. User agreements should address intellectual property risks, and strategies must be updated regularly. Finally, the standard requires providers to publish information on the intellectual property aspects of training data and support third-party queries on data use.