Last reviewed: April 9, 2026
Jurisdictions covered: China, EU
Reading time: 18 minutes
Language note: Chinese regulations verified against original Mandarin text on cac.gov.cn. EU provisions cite Regulation (EU) 2024/1689.
China vs EU AI Act: Two Regulatory Superpowers, Zero Compatibility
Imagine you run a generative AI chatbot that serves users in both Berlin and Shanghai. In the EU, you need a conformity assessment under Art. 43 of the AI Act. In China, you need a CAC security assessment and algorithm filing before you can legally launch. The EU requires your system to be transparent about its limitations. China requires your system to reflect “socialist core values” and filter 14 categories of prohibited content. The EU bans real-time facial recognition in public spaces. China mandates on-device storage for facial data but allows law enforcement use without the EU’s judicial safeguards.
Same company. Same product. Two rule sets that do not fit together.
This is not a theoretical problem. Any company selling AI products into both markets faces overlapping, sometimes contradictory obligations from regulators that designed their systems independently. This article maps where the two regimes overlap, where they conflict, and what dual compliance actually requires in practice. We include filing statistics, enforcement numbers, and technical labeling specifications that no other comparison publishes.
For the full picture of each system individually, see our China AI Regulation 2026 guide and EU AI Act Annex III explainer.
Key Takeaways
- Different architectures. The EU wrote one law with 113 articles (risk-based). China issued seven targeted rules across five years (technology-specific). Neither maps onto the other.
- China is enforcing. The EU is not. China has 796 GenAI filings, 13,421 accounts penalized in a single labeling sweep (Feb 2026), and RMB 18 billion in antitrust fines. The EU has zero AI Act enforcement actions, zero harmonised standards, and zero notified bodies designated.
- Content requirements are irreconcilable. China mandates state-aligned content filtering. The EU imposes no political content requirements. A dual-market GenAI provider cannot use the same content governance for both.
- Labeling is the rare convergence point — both require AI-generated content disclosure, but China’s technical specs (GB 45438-2025) are far more prescriptive than EU Art. 50.
- Dual compliance is an engineering problem, not just a legal one. Data architecture, content filtering, labeling pipelines, and filing workflows all differ.
The Master Comparison Table
| Dimension | China | EU |
|---|---|---|
| Regulatory model | 7 technology-specific rules + 3 overarching laws | 1 horizontal regulation (113 articles) |
| Classification | By function (recommendations, deepfakes, GenAI, facial recognition) | By risk level (prohibited, high, limited, minimal) |
| In force since | First rule: March 2022. Latest: April 2026 | Phased: Feb 2025 (prohibitions), Aug 2025 (GPAI), Aug 2026 (high-risk) |
| Pre-market gate | CAC filing + security assessment (mandatory for public-facing GenAI) | Conformity assessment: self (Annex VI) or third-party (Annex VII) |
| Services filed/assessed | 796 GenAI national filings + 481 local (Feb 2026) | 0 (EU database not operational; zero notified bodies designated) |
| Content requirements | 14 prohibited categories including “socialist core values,” subversion, ethnic hatred | No state content requirements. Transparency and labeling only (Art. 50) |
| AI content labeling | Mandatory visible + invisible watermarks per GB 45438-2025 (image: text >= 5% shortest side; audio: Morse “AI” rhythm; JSON metadata) | Art. 50: must disclose AI interaction; “clearly and distinguishably” mark AI-generated content. No technical spec published |
| Facial recognition | All processors: separate consent, on-device storage, registration at 100K persons, alternatives required. Banned in private spaces. Public security exempt | Real-time remote biometric ID in public: banned (Art. 5(1)(g)), narrow law enforcement exceptions with judicial authorization |
| Prohibited uses | 14+ subcategories (subversion, separatism, terrorism, ethnic hatred, violence, pornography, false information + discrimination, IP, personal rights, transparency) | 8 categories: social scoring, subliminal manipulation, vulnerability exploitation, untargeted FR scraping, emotion recognition (workplace/education), biometric categorization, real-time remote biometric ID, predictive policing |
| Max penalty | RMB 50M or 5% revenue (PIPL); RMB 18.228B antitrust precedent | EUR 35M or 7% global turnover (prohibited practices) |
| Enforcement actions to date | Alibaba RMB 18.2B, Didi RMB 8B, 13,421 accounts (labeling), 39K accounts (Qinglang 2026), SAMR 5 AI cases (Feb 2026) | Zero AI Act enforcement actions (as of April 2026) |
| Harmonised/mandatory standards | GB 45438-2025 (mandatory labeling); GB/T 45392, GB/T 45652 (2025); TC260 48 more proposed for 2026 | Zero published. prEN 18286 failed vote Feb 2026. 0 of 10 standards in OJEU |
| Extraterritorial reach | Art. 20 GenAI Measures: CAC can block foreign services. PIPL Art. 3: applies to foreign processing of Chinese citizens’ data | Art. 2: applies to systems placed on EU market regardless of provider location |
| Comprehensive AI law | Under “legislative research” (Justice Minister, March 2026). 2027+ earliest | AI Act in force since August 2024 |
| R&D exemption | Yes (Art. 2 GenAI Measures: internal/research use exempt) | Yes (Art. 2: R&D before market placement exempt) |
| Data localization | PIPL: cross-border transfer requires security assessment, SCC, or certification. CSL: critical data stays in China | GDPR: free flow within EEA. Adequacy decisions for third countries. No AI Act-specific data localization |
Where They Conflict
Four areas create genuine dual-compliance friction.
1. Content governance — the irreconcilable difference.
China’s GenAI Measures require content alignment with “socialist core values” and prohibit 14 categories of content including subversion of state power and advocacy of separatism. The EU imposes no political content requirements on AI providers. A generative AI model serving both markets cannot use the same content filtering system. Chinese-market models must filter political content that European law does not require — and in some cases, would consider censorship. European-market models must avoid content restrictions that Chinese law mandates.
This is not a legal technicality. It is an architectural requirement. Dual-market providers need separate content governance pipelines, separate model configurations, and separate compliance documentation for each market. Companies like Alibaba (Qwen family) and Meta (Llama) have already addressed this through region-specific model versions.
2. Enforcement philosophy — campaigns vs proceedings.
China enforces through coordinated campaigns. The February 2026 labeling sweep penalized 13,421 accounts in one action. The Qinglang 2026 campaign processed 39,000+ accounts. This approach delivers high-volume enforcement but with limited procedural protections for individual companies.
The EU enforces through formal administrative proceedings by national market surveillance authorities. As of April 2026, no AI Act enforcement action has been initiated. The AI Office has been operational since February 2024 but has focused on guidance, not penalties. When EU enforcement begins, it will be slower, more procedural, and focused on individual companies rather than sweeps.
For compliance teams, this means different risk profiles. In China, enforcement arrives suddenly and at scale — your category may be targeted in a campaign without warning. In the EU, enforcement will likely ramp up gradually, with early focus on the most visible violations.
3. Data architecture — localization vs free flow.
PIPL requires cross-border data transfers to pass one of three pathways: CAC security assessment, standard contractual clauses (SCC) filing, or personal information protection certification. The Cybersecurity Law requires “critical information infrastructure” data to stay in China. Only four cross-border enforcement cases have been disclosed (all 2025), but the legal requirement is clear.
The EU allows free data flow within the EEA under GDPR. International transfers require adequacy decisions or safeguards, but no AI Act-specific data localization exists. China does not have an EU adequacy decision and is unlikely to receive one.
For AI training data, this creates a partition: data collected from Chinese users may not be easily transferable to EU-based model training infrastructure, and vice versa.
4. R&D treatment — similar exemption, different scope.
Both systems exempt R&D from their primary obligations. China’s GenAI Measures Art. 2 exempts internal research use. The EU AI Act Art. 2 exempts systems not placed on the market. But China’s broader surveillance and data laws (CSL, PIPL, DSL) still apply to AI R&D that touches personal data or network security — even if the GenAI Measures do not.
Enforcement: Numbers vs Promises
This is where the gap between the two systems is widest.
China’s enforcement record (selected):
| Action | Date | Amount/Scale | Legal Basis |
|---|---|---|---|
| Alibaba antitrust fine | Apr 2021 | RMB 18.228 billion (~$2.78B) | Anti-Monopoly Law |
| Didi data/privacy fine | Jul 2022 | RMB 8.026 billion (~$1.2B) + exec personal fines | CSL + PIPL + DSL |
| Meituan antitrust fine | Oct 2021 | RMB 3.442 billion (~$533M) | Anti-Monopoly Law |
| AI labeling enforcement sweep | Feb 2026 | 13,421 accounts; 543,000+ content pieces | Labeling Measures + GB 45438 |
| Qinglang 2026 campaign | Jan-Mar 2026 | 39,000+ accounts; 708,000+ content pieces | Multiple rules |
| SAMR AI unfair competition | Feb 2026 | 5 cases; fines RMB 5K-360K | Anti-Unfair Competition Law |
EU’s enforcement record (AI Act-specific):
Zero. No enforcement actions. No fines. No formal proceedings. The AI Office has existed since February 2024 but has focused on publishing guidance (4 of ~50 required measures) and overseeing the GPAI Code of Practice. National market surveillance authorities have not initiated AI Act proceedings. The EU database for high-risk AI registration is not operational. Zero notified bodies are designated for AI Act conformity assessment.
This is not necessarily a criticism of the EU — the high-risk obligations do not become enforceable until August 2, 2026. But it is a fact that compliance teams should internalize: the EU AI Act is a law on paper. Chinese AI regulation is a law in practice. The enforcement asymmetry will narrow over time, but as of April 2026, it is stark.
Disclaimer: This content is for informational purposes only and does not constitute legal advice. AI regulation in both China and the EU changes frequently. Dual-jurisdiction compliance requires counsel with expertise in both markets. Reg Intel is not a law firm and does not provide legal services.
Last verified: April 9, 2026
Compare: EU vs China
For the global keystone comparison across twelve dimensions — algorithm filing vs conformity assessment, content moderation conflicts, asymmetric extraterritoriality, enforcement philosophy, and a five-step dual-market compliance baseline — see EU vs China AI Regulation: Two Systems, Two Philosophies (2026).