CHINA Trends and Developments Contributed by: Hanshuo Zhou, Xiaoyun Wang and Taige Shi (Casper), Jingtian & Gongcheng
national data security, patient privacy and align- ment with international compliance frameworks. In digital health settings, personal information protection is not merely a legal requirement but a foundational element of patient trust and safety. It directly impacts users’ confidence in digital medical services and the broader integ- rity of healthcare systems. As China continues to strengthen its data governance regime and intensify regulatory enforcement, digital health enterprises are expected to take a proactive approach – building robust compliance frame- works that align with evolving legal standards and minimise risk exposure. Generative AI in digital healthcare and its regulation Since the implementation of the Interim Measures for the Management of Generative AI Services in August 2023, China has begun formalising the filing and registration process for generative AI models. This multi-stage process includes the submission of technical documentation, a secu- rity review, and public disclosure, with provincial cyberspace administrations conducting the ini- tial review and the Cyberspace Administration of China (CAC) responsible for final approval. Several large-scale AI models used in digital healthcare have already completed this process and have been officially published by the CAC. By 2025, China also introduced a series of national standards aimed at regulating the safe deployment of generative AI technology. Among them, the Cybersecurity Technical Requirements for the Security of Generative AI Services sets out clear expectations regarding the security of training data, model integrity, and the implemen- tation of protective safeguards. Given the sensi- tivity of the digital healthcare sector and its direct impact on patient wellbeing, AI models used to
generate health-related outputs – such as diag- nostic suggestions or wellness advice – must be trained on reliable, medically sound datasets and must adhere strictly to ethical and clinical standards. Service providers are expected to implement rigorous data labelling protocols, ensure that annotators are properly trained and certified, and apply technical safeguards such as keyword filtering and content classification mechanisms to enhance the reliability and safety of generated outputs. The Cybersecurity Technical Standard for the Security of Pretraining and Fine-tuning Data in Generative AI sets clear guardrails for how digital health companies should handle their training datasets. According to this document, the service providers must verify that all data sources are lawful and reject any material con- taining illegally obtained personal or sensitive health information. In the preprocessing phase, sample-based content reviews are required to verify safety. And whenever patient-level health records are used, rigorous de-identification pro- cesses must be applied to fully protect privacy and satisfy regulatory mandates. Additional transparency requirements have been introduced through the Measures for the Identifi- cation of AI-Generated Content, issued in March 2025, and the accompanying mandatory nation- al standard – the Cybersecurity Technical Spec- ification for Identifying AI-Generated Synthetic Content. These rules require both explicit and embedded identifiers to be applied to AI-gen- erated content, allowing users and downstream platforms to clearly recognise its artificial origin. In the context of digital healthcare, where the accuracy of medical information is directly tied to patient safety, AI-generated content – such as health advice or diagnostic reports – must be clearly labelled as such to avoid patient confu-
42
CHAMBERS.COM
Powered by FlippingBook