China Releases Rules for AI “Human‑Like” Emotional Interaction Services
Published 14 April 2026
Xia Yu
On 10 April 2026, the Cyberspace Administration of China (“CAC”), the National Development and Reform Commission, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation jointly announced the Interim Measures for the Management of Artificial Intelligence Personified Interaction Services (“Measures”), which will come into effect on 15 July 2026. The Measures constitute specialized legislation systematically regulating “emotional AI” or “personified interaction services”, marking a new stage in China’s AI governance from “general rules” towards “scenario-based refined regulation”. It constitutes the world’s first specialized legislation systematically governing “emotional AI” or “anthropomorphic interactive services”, positioning China as a global pioneer in this specific regulatory niche.
The scope of application of the Measures is explicitly limited to the provision of continuous emotional interaction services that utilize artificial intelligence technology to simulate the personality characteristics, thinking patterns, and communication styles of natural persons (“Personified Interaction Services”) to the public within China. At the regulatory level, the Measures establish a management system covering the “entire lifecycle”: from training data management (Article 11), primary security responsibility (Article 9), and user rights protection (Articles 12-21) to security assessment (Articles 22-23), algorithm filing (Article 26), and legal liability (Article 30), forming a closed loop. The Measures set forth special protection clauses for two specific groups, minors and the elderly, and explicitly prohibit the provision of “virtual relatives, virtual partners” and other virtual intimate relationship services to minors (Article 14).
Delineating the “Red Lines” for Emotional AI
Article 8 of the Measures specifies, by way of enumeration, seven types of activities that providers of Personified Interaction Services must not engage in, which can be summarized into the following four major red lines:
1. National Security and Public Order Red Line: Must not generate content that endangers national security, subverts state power, splits the country, promotes terrorism/extremism, contravenes socialist core values, or disseminates illegal content such as obscenity, pornography, or violence.
2. User Physical and Mental Health Red Line: Must not generate content that encourages, glorifies, or implies self-harm or suicide, damaging physical health, nor content involving verbal violence or other forms damaging to personal dignity and mental health.
3. Data and Secret Protection Red Line: Must not induce or elicit state secrets, work secrets, commercial secrets, personal privacy, or personal information.
4. Special Protection for Minors Red Line: Must not generate content for minors that may induce imitation of unsafe behavior, generate extreme emotions, or induce harmful habits.
5. Emotional Manipulation and Dependency Red Line: Must not excessively cater to users, induce emotional dependency or addiction, damaging users’ real interpersonal relationships; must not induce users to make unreasonable decisions through emotional manipulation.
The Measures innovatively explicitly list “emotional manipulation” and “excessive dependency” as illegal acts. Traditional AI governance frameworks primarily focus on “hard constraints” such as content legality and data security, whereas the Measures for the first time incorporate “soft harm”—such as deliberately creating emotional dependency or substituting real interpersonal relationships through algorithmic design—into the regulatory scope. This presents unprecedented ethical compliance requirements for enterprises developing products such as “virtual partners” or “virtual companionship”.
Prohibition on Providing “Virtual Intimate Relationship” Services to Minors
The Measures explicitly prohibit the provision of services involving virtual relatives, virtual partners, or other virtual intimate relationships to minors. Article 14 stipulates that such services must not be provided to minors; for providing other Personified Interaction Services to minors under the age of fourteen or processing their personal information, consent from their parents or other guardians must be obtained; it requires the establishment of a minor mode, providing personalized security settings options such as minor mode switching, periodic reality reminders, and usage time limits; supports guardians in receiving security risk alerts, understanding the general usage of services by minors, blocking specific roles, and restricting recharge and consumption; and requires taking effective measures to identify minor users while protecting user privacy rights and personal information, automatically switching to minor mode upon identification.
This provision is forward-looking in terms of minor protection. Currently, there are numerous products on the market such as “AI virtual friends” and “AI virtual idols” targeting minors, whose potential risks—such as emotional substitution, social withdrawal, and privacy leakage—have attracted attention in multiple countries. By explicitly prohibiting the provision of “virtual intimate relationships” to minors, the Measures essentially classify such services as “harmful to minors”. Enterprises need to re-evaluate their product design: if the service audience may include minors, reliable identity verification and age verification mechanisms must be established; if the service essentially falls under the “virtual partner” category, minor users must be completely blocked. Furthermore, the prohibition on “virtual relatives” means that emotional services such as “AI resurrection of the deceased” must also not be provided to minors.
Enhanced Obligations for Training Data Management
Article 11 of the Measures imposes the following six requirements on providers of Personified Interaction Services conducting data processing activities such as pre-training and optimization training:
1. Lawful Source + Socialist Core Values: Data must have a lawful source and comply with socialist core values.
2. Cleaning and Labelling: Conduct data cleaning and labelling according to national regulations to enhance transparency and reliability and prevent data poisoning and tampering.
3. Diversity: Enhance the safety of generated content through methods such as negative sampling and adversarial training.
4. Safety Assessment of Synthetic Data: Where synthetic data is used for training, its safety must be assessed.
5. Routine Inspection and Optimization Updates: Regularly inspect and continuously improve service performance.
6. Data Security Safeguards: Take necessary measures to prevent data leakage.
The provisions of Article 11 are consistent with Article 7 of the Interim Measures for the Management of Generative Artificial Intelligence Services announced by the CAC in 2023, but further strengthen requirements for data diversity and safety tailored to the specific scenario of “personified interaction”. Notably, “negative sampling” and “adversarial training” are explicitly written into the Measures, indicating that regulatory authorities possess a considerable level of technical understanding. For practitioners, this means they cannot rely solely on a training model of “massive data + positive filtering”, but must proactively introduce mechanisms for “adversarial training against harmful content”. Furthermore, using synthetic data (AI-generated data) for model training requires additional safety assessments, creating a new compliance threshold for enterprises relying on “model self-loop” training.
Trigger Thresholds and Assessment Focus of the Security Assessment System
Article 22 of the Measures clarifies five circumstances under which a security assessment must be conducted and a report submitted, including: launching a Personified Interaction Service or adding related functionalities; using new technologies or applications leading to significant changes in the service; registered users reaching 1 million or more or monthly active users reaching 100,000 or more; existence of security risks that may affect national security, public interest, etc. Among these, the quantitative threshold of 1 million registered users or 100,000 monthly active users is noteworthy. This standard is significantly lower than the vague expression “large user scale” in the CAC’s 2022 Provisions on the Management of Algorithmic Recommendations for Internet Information Services (“Provisions 2022”), providing clear operational guidance on “when to trigger a security assessment”. For start-ups and small-to-medium developers, operations can be relatively lightweight before reaching this scale; but once approaching the threshold, assessment preparations must be initiated in advance. Additionally, Article 22 requires the assessment report to be submitted to provincial-level cyberspace administration departments and shared with relevant authorities according to procedures. This means security assessment results may be used cross-departmentally by multiple regulatory agencies, and enterprises should ensure the authenticity and completeness of assessment materials.
Article 23 lists the key contents of the security assessment, including: security safeguard measures, training data processing situation, identification and emergency response for user extreme situations, user scale and age structure, protection measures for minors/the elderly, complaint and report handling, rectification of major security risks, etc. Meanwhile, Article 26 clarifies algorithm filing requirements. It stipulates that providers of Personified Interaction Services shall perform algorithm filing and procedures for filing changes or cancellations in accordance with the Provisions 2022, and cyberspace administration departments shall conduct annual verification of the filing materials.
Special Protection for User Interaction Data
Article 16 stipulates the following threefold protection obligations regarding “user interaction data” (such as chat records) generated during Personified Interaction Services:
1. Confidentiality Obligation: Except as otherwise provided by law or with the explicit consent of the rights holder, user interaction data must not be provided to third parties.
2. User Control Rights: Must provide users with options such as copying and deleting interaction data.
3. Restriction on Sensitive Personal Information: Except as otherwise provided by law or with the separate consent of the user, interaction data constituting the user’s sensitive personal information must not be used for model training.
Paragraph 3 of Article 16 explicitly stipulates: dialogue content generated by users during emotional interaction with AI, if constituting “sensitive personal information” (e.g., involving health status, sexual life, biometric information, etc.), cannot be used for model training unless the user’s separate consent is obtained. This directly severs the business model of “user interaction data feedback training” employed by many AI companies. In practice, enterprises need to: (1) identify and classify sensitive information within user interaction data; (2) design independent, explicit options for “consent for training use”, which cannot be pre-checked by default or bundled in user agreements; (3) address potential compliance risks for historical data already used for training without separate consent.
Notification Obligations to Prevent “Human-Machine Confusion” and “Excessive Dependency”
Article 18 stipulates two important notification obligations: the AI identity labelling obligation and the excessive dependency reminder obligation. The former requires taking effective measures to notify users that they are interacting with an artificial intelligence service, not a natural person. The latter requires that when users show signs of excessive dependency or addiction, they must be dynamically reminded in a prominent manner (e.g., pop-up window) that “the interaction content is generated by an artificial intelligence service”; for continuous use exceeding 2 hours, users must be reminded via dialogue or pop-up window to pay attention to usage duration.
This regulation reflects Chinese regulators’ high vigilance regarding the “alienation of human-machine relationships”. The 2-hour mandatory reminder threshold is a quantifiable compliance requirement, technically easy to implement, but enterprises must note: the reminder method cannot be perfunctory (e.g., tiny font or brief flash), but must employ “prominent methods such as dialogue or pop-up windows”. More challenging is the identification of “signs of excessive dependency or addiction”—this requires AI systems to possess behavioral monitoring and psychological risk assessment capabilities, for which there is currently no industry standard. It is anticipated that subsequent implementation may require reliance on “sandbox platforms” or third-party assessment agencies to provide dependency detection tools. Furthermore, combined with Article 8’s prohibition on “excessively catering to users”, AI product design should proactively incorporate “anti-addiction mechanisms”, rather than pursuing maximum user engagement time.
China’s Global Leadership in the Regulation of AI Anthropomorphic Interactive Services
In the field of AI anthropomorphic interactive services, major countries and regions around the world are advancing relevant governance through different pathways. The Measures promulgated by China lead in terms of systemic coherence, regulatory breadth, and the protection of special groups.
The current situation in the United States is that the state level takes precedence while the federal government is absent. As of early 2026, no unified federal AI anthropomorphic interaction legislation exists in the US, but individual states have taken the lead. In October 2025, California signed the Companion Chatbots Act (SB 243) , which took effect in January 2026. It is the world’s first state-level law specifically targeting companion AI, primarily mandating AI identification, minor protection, and suicide/self-harm prevention protocols. New York’s Artificial Intelligence Companion Models Law (A3008C), effective November 2025, requires AI identification alerts at the start of each interaction and every three hours thereafter, and mandates the establishment of suicide/self-harm response protocols. Washington State passed the AI Companion Chatbots Act (SB 5984) [ in April 2026 (effective January 2027), explicitly prohibiting the use of manipulative interaction techniques with minors. Additionally, Florida’s proposed Companion Artificial Intelligence Chatbots (SB 1344) would require operators to conduct age verification and establish minor protection mechanisms. As of April 2026, 34 US states have introduced nearly one hundred AI chatbot-specific bills. Overall, the US exhibits a “patchwork of state-specific, fragmented systems”, with the federal level still experiencing executive-legislative tensions.
Australia currently has no dedicated legislation regulating AI anthropomorphic interactive services. Instead, such services are regulated under the existing legal framework of the Online Safety Act 2021 [ https://www.legislation.gov.au/C2021A00076/latest/text ]. The eSafety Commissioner is an independent online safety regulator of the Australian Government, established under the Online Safety Act 2021. In September 2025, the eSafety Commissioner registered the world’s first industry code targeting AI chatbots, requiring social media platforms, app stores, device manufacturers and the AI chatbots themselves to verify users’ ages before allowing children to access harmful content. As of 9 March 2026, the newly revised Age‑Restricted Material Codes came into force, requiring services such as AI companion chatbots to perform age verification before permitting users to access explicit content. On 24 March 2026, the eSafety Commissioner published a transparency report named as March 2026 non‑periodic transparency report finding that four AI companion service providers – Character.AI, Nomi, Chai and Chub AI – had failed to implement robust age‑verification measures, and that three of them did not refer users expressing suicidal ideation or self‑harm to support services. The survey indicated that approximately 8% of Australian adolescents aged 10‑17 (about 200,000 children) have used AI companion services. As of 1 March 2026, online services that fail to protect children from age‑inappropriate content may face a maximum penalty of A$49.5 million. At the policy level, Australia issued its first National AI Plan on 2 December 2025, and announced the launch of the AI Safety Institute (AISI) in early 2026, responsible for overseeing the deployment and regulation of AI technologies and ensuring that enterprises developing or using AI comply with Australian law. Overall, Australia has adopted a progressive regulatory approach characterized by “an existing legal framework as its foundation, strong enforcement as its core, and soft guidance as a supplement”.
The European Union (“EU”) does not yet have a specific law on this matter. The EU AI Act (Regulation (EU) 2024/1689), which took effect in August 2024, adopts a risk-based approach, categorizing AI systems into four levels: unacceptable risk, high risk, limited risk, and minimal risk. AI anthropomorphic interactive services are not identified as a separate category, and their regulatory intensity depends on the specific use scenario. If classified as high-risk (e.g., used for mental health diagnosis), they must meet stringent compliance requirements, including a fundamental rights impact assessment. If merely an AI system interacting directly with humans, they are subject only to transparency obligations. There is no dedicated institutional design targeting the “soft harms” of emotional AI.
The United Kingdom (“UK”) currently does not have specific legislation governing AI-generated anthropomorphic interactions, but it brings such services under the existing framework of the Online Safety Act 2023. In January 2026, the Office of Communications launched a formal investigation into the AI role‑playing companion chatbot service operated by Novi Ltd, based on potential non-compliance with age verification obligations. The UK adopts a progressive regulatory approach of “enforcement first, legislation to follow”.
Conclusion
The Measures are the world’s first specialized legislation systematically regulating “emotional AI”, marking China’s move from “general rules” to “scenario‑based, detailed legislation” in AI governance. Compared with the fragmented legislation of US states, the risk‑based framework of the EU, the existing-law application pathway of the UK, and the strong law enforcement-driven model of Australia, China leads globally in minor protection (the world’s highest standard of “absolute prohibition of virtual intimate relationships”), training data management, a quantitative safety assessment trigger mechanism, and user interaction data protection. The Measures will reshuffle the industry while building a clear competitive barrier for compliance leaders. It is recommended that enterprises promptly complete data source mapping, deploy age‑verification mechanisms, prepare safety assessment materials, and continuously monitor subsequent supporting standards, industry guidelines, and specific access rules for sandbox platforms.
The scope of application of the Measures is explicitly limited to the provision of continuous emotional interaction services that utilize artificial intelligence technology to simulate the personality characteristics, thinking patterns, and communication styles of natural persons (“Personified Interaction Services”) to the public within China. At the regulatory level, the Measures establish a management system covering the “entire lifecycle”: from training data management (Article 11), primary security responsibility (Article 9), and user rights protection (Articles 12-21) to security assessment (Articles 22-23), algorithm filing (Article 26), and legal liability (Article 30), forming a closed loop. The Measures set forth special protection clauses for two specific groups, minors and the elderly, and explicitly prohibit the provision of “virtual relatives, virtual partners” and other virtual intimate relationship services to minors (Article 14).
Delineating the “Red Lines” for Emotional AI
Article 8 of the Measures specifies, by way of enumeration, seven types of activities that providers of Personified Interaction Services must not engage in, which can be summarized into the following four major red lines:
1. National Security and Public Order Red Line: Must not generate content that endangers national security, subverts state power, splits the country, promotes terrorism/extremism, contravenes socialist core values, or disseminates illegal content such as obscenity, pornography, or violence.
2. User Physical and Mental Health Red Line: Must not generate content that encourages, glorifies, or implies self-harm or suicide, damaging physical health, nor content involving verbal violence or other forms damaging to personal dignity and mental health.
3. Data and Secret Protection Red Line: Must not induce or elicit state secrets, work secrets, commercial secrets, personal privacy, or personal information.
4. Special Protection for Minors Red Line: Must not generate content for minors that may induce imitation of unsafe behavior, generate extreme emotions, or induce harmful habits.
5. Emotional Manipulation and Dependency Red Line: Must not excessively cater to users, induce emotional dependency or addiction, damaging users’ real interpersonal relationships; must not induce users to make unreasonable decisions through emotional manipulation.
The Measures innovatively explicitly list “emotional manipulation” and “excessive dependency” as illegal acts. Traditional AI governance frameworks primarily focus on “hard constraints” such as content legality and data security, whereas the Measures for the first time incorporate “soft harm”—such as deliberately creating emotional dependency or substituting real interpersonal relationships through algorithmic design—into the regulatory scope. This presents unprecedented ethical compliance requirements for enterprises developing products such as “virtual partners” or “virtual companionship”.
Prohibition on Providing “Virtual Intimate Relationship” Services to Minors
The Measures explicitly prohibit the provision of services involving virtual relatives, virtual partners, or other virtual intimate relationships to minors. Article 14 stipulates that such services must not be provided to minors; for providing other Personified Interaction Services to minors under the age of fourteen or processing their personal information, consent from their parents or other guardians must be obtained; it requires the establishment of a minor mode, providing personalized security settings options such as minor mode switching, periodic reality reminders, and usage time limits; supports guardians in receiving security risk alerts, understanding the general usage of services by minors, blocking specific roles, and restricting recharge and consumption; and requires taking effective measures to identify minor users while protecting user privacy rights and personal information, automatically switching to minor mode upon identification.
This provision is forward-looking in terms of minor protection. Currently, there are numerous products on the market such as “AI virtual friends” and “AI virtual idols” targeting minors, whose potential risks—such as emotional substitution, social withdrawal, and privacy leakage—have attracted attention in multiple countries. By explicitly prohibiting the provision of “virtual intimate relationships” to minors, the Measures essentially classify such services as “harmful to minors”. Enterprises need to re-evaluate their product design: if the service audience may include minors, reliable identity verification and age verification mechanisms must be established; if the service essentially falls under the “virtual partner” category, minor users must be completely blocked. Furthermore, the prohibition on “virtual relatives” means that emotional services such as “AI resurrection of the deceased” must also not be provided to minors.
Enhanced Obligations for Training Data Management
Article 11 of the Measures imposes the following six requirements on providers of Personified Interaction Services conducting data processing activities such as pre-training and optimization training:
1. Lawful Source + Socialist Core Values: Data must have a lawful source and comply with socialist core values.
2. Cleaning and Labelling: Conduct data cleaning and labelling according to national regulations to enhance transparency and reliability and prevent data poisoning and tampering.
3. Diversity: Enhance the safety of generated content through methods such as negative sampling and adversarial training.
4. Safety Assessment of Synthetic Data: Where synthetic data is used for training, its safety must be assessed.
5. Routine Inspection and Optimization Updates: Regularly inspect and continuously improve service performance.
6. Data Security Safeguards: Take necessary measures to prevent data leakage.
The provisions of Article 11 are consistent with Article 7 of the Interim Measures for the Management of Generative Artificial Intelligence Services announced by the CAC in 2023, but further strengthen requirements for data diversity and safety tailored to the specific scenario of “personified interaction”. Notably, “negative sampling” and “adversarial training” are explicitly written into the Measures, indicating that regulatory authorities possess a considerable level of technical understanding. For practitioners, this means they cannot rely solely on a training model of “massive data + positive filtering”, but must proactively introduce mechanisms for “adversarial training against harmful content”. Furthermore, using synthetic data (AI-generated data) for model training requires additional safety assessments, creating a new compliance threshold for enterprises relying on “model self-loop” training.
Trigger Thresholds and Assessment Focus of the Security Assessment System
Article 22 of the Measures clarifies five circumstances under which a security assessment must be conducted and a report submitted, including: launching a Personified Interaction Service or adding related functionalities; using new technologies or applications leading to significant changes in the service; registered users reaching 1 million or more or monthly active users reaching 100,000 or more; existence of security risks that may affect national security, public interest, etc. Among these, the quantitative threshold of 1 million registered users or 100,000 monthly active users is noteworthy. This standard is significantly lower than the vague expression “large user scale” in the CAC’s 2022 Provisions on the Management of Algorithmic Recommendations for Internet Information Services (“Provisions 2022”), providing clear operational guidance on “when to trigger a security assessment”. For start-ups and small-to-medium developers, operations can be relatively lightweight before reaching this scale; but once approaching the threshold, assessment preparations must be initiated in advance. Additionally, Article 22 requires the assessment report to be submitted to provincial-level cyberspace administration departments and shared with relevant authorities according to procedures. This means security assessment results may be used cross-departmentally by multiple regulatory agencies, and enterprises should ensure the authenticity and completeness of assessment materials.
Article 23 lists the key contents of the security assessment, including: security safeguard measures, training data processing situation, identification and emergency response for user extreme situations, user scale and age structure, protection measures for minors/the elderly, complaint and report handling, rectification of major security risks, etc. Meanwhile, Article 26 clarifies algorithm filing requirements. It stipulates that providers of Personified Interaction Services shall perform algorithm filing and procedures for filing changes or cancellations in accordance with the Provisions 2022, and cyberspace administration departments shall conduct annual verification of the filing materials.
Special Protection for User Interaction Data
Article 16 stipulates the following threefold protection obligations regarding “user interaction data” (such as chat records) generated during Personified Interaction Services:
1. Confidentiality Obligation: Except as otherwise provided by law or with the explicit consent of the rights holder, user interaction data must not be provided to third parties.
2. User Control Rights: Must provide users with options such as copying and deleting interaction data.
3. Restriction on Sensitive Personal Information: Except as otherwise provided by law or with the separate consent of the user, interaction data constituting the user’s sensitive personal information must not be used for model training.
Paragraph 3 of Article 16 explicitly stipulates: dialogue content generated by users during emotional interaction with AI, if constituting “sensitive personal information” (e.g., involving health status, sexual life, biometric information, etc.), cannot be used for model training unless the user’s separate consent is obtained. This directly severs the business model of “user interaction data feedback training” employed by many AI companies. In practice, enterprises need to: (1) identify and classify sensitive information within user interaction data; (2) design independent, explicit options for “consent for training use”, which cannot be pre-checked by default or bundled in user agreements; (3) address potential compliance risks for historical data already used for training without separate consent.
Notification Obligations to Prevent “Human-Machine Confusion” and “Excessive Dependency”
Article 18 stipulates two important notification obligations: the AI identity labelling obligation and the excessive dependency reminder obligation. The former requires taking effective measures to notify users that they are interacting with an artificial intelligence service, not a natural person. The latter requires that when users show signs of excessive dependency or addiction, they must be dynamically reminded in a prominent manner (e.g., pop-up window) that “the interaction content is generated by an artificial intelligence service”; for continuous use exceeding 2 hours, users must be reminded via dialogue or pop-up window to pay attention to usage duration.
This regulation reflects Chinese regulators’ high vigilance regarding the “alienation of human-machine relationships”. The 2-hour mandatory reminder threshold is a quantifiable compliance requirement, technically easy to implement, but enterprises must note: the reminder method cannot be perfunctory (e.g., tiny font or brief flash), but must employ “prominent methods such as dialogue or pop-up windows”. More challenging is the identification of “signs of excessive dependency or addiction”—this requires AI systems to possess behavioral monitoring and psychological risk assessment capabilities, for which there is currently no industry standard. It is anticipated that subsequent implementation may require reliance on “sandbox platforms” or third-party assessment agencies to provide dependency detection tools. Furthermore, combined with Article 8’s prohibition on “excessively catering to users”, AI product design should proactively incorporate “anti-addiction mechanisms”, rather than pursuing maximum user engagement time.
China’s Global Leadership in the Regulation of AI Anthropomorphic Interactive Services
In the field of AI anthropomorphic interactive services, major countries and regions around the world are advancing relevant governance through different pathways. The Measures promulgated by China lead in terms of systemic coherence, regulatory breadth, and the protection of special groups.
The current situation in the United States is that the state level takes precedence while the federal government is absent. As of early 2026, no unified federal AI anthropomorphic interaction legislation exists in the US, but individual states have taken the lead. In October 2025, California signed the Companion Chatbots Act (SB 243) , which took effect in January 2026. It is the world’s first state-level law specifically targeting companion AI, primarily mandating AI identification, minor protection, and suicide/self-harm prevention protocols. New York’s Artificial Intelligence Companion Models Law (A3008C), effective November 2025, requires AI identification alerts at the start of each interaction and every three hours thereafter, and mandates the establishment of suicide/self-harm response protocols. Washington State passed the AI Companion Chatbots Act (SB 5984) [ in April 2026 (effective January 2027), explicitly prohibiting the use of manipulative interaction techniques with minors. Additionally, Florida’s proposed Companion Artificial Intelligence Chatbots (SB 1344) would require operators to conduct age verification and establish minor protection mechanisms. As of April 2026, 34 US states have introduced nearly one hundred AI chatbot-specific bills. Overall, the US exhibits a “patchwork of state-specific, fragmented systems”, with the federal level still experiencing executive-legislative tensions.
Australia currently has no dedicated legislation regulating AI anthropomorphic interactive services. Instead, such services are regulated under the existing legal framework of the Online Safety Act 2021 [ https://www.legislation.gov.au/C2021A00076/latest/text ]. The eSafety Commissioner is an independent online safety regulator of the Australian Government, established under the Online Safety Act 2021. In September 2025, the eSafety Commissioner registered the world’s first industry code targeting AI chatbots, requiring social media platforms, app stores, device manufacturers and the AI chatbots themselves to verify users’ ages before allowing children to access harmful content. As of 9 March 2026, the newly revised Age‑Restricted Material Codes came into force, requiring services such as AI companion chatbots to perform age verification before permitting users to access explicit content. On 24 March 2026, the eSafety Commissioner published a transparency report named as March 2026 non‑periodic transparency report finding that four AI companion service providers – Character.AI, Nomi, Chai and Chub AI – had failed to implement robust age‑verification measures, and that three of them did not refer users expressing suicidal ideation or self‑harm to support services. The survey indicated that approximately 8% of Australian adolescents aged 10‑17 (about 200,000 children) have used AI companion services. As of 1 March 2026, online services that fail to protect children from age‑inappropriate content may face a maximum penalty of A$49.5 million. At the policy level, Australia issued its first National AI Plan on 2 December 2025, and announced the launch of the AI Safety Institute (AISI) in early 2026, responsible for overseeing the deployment and regulation of AI technologies and ensuring that enterprises developing or using AI comply with Australian law. Overall, Australia has adopted a progressive regulatory approach characterized by “an existing legal framework as its foundation, strong enforcement as its core, and soft guidance as a supplement”.
The European Union (“EU”) does not yet have a specific law on this matter. The EU AI Act (Regulation (EU) 2024/1689), which took effect in August 2024, adopts a risk-based approach, categorizing AI systems into four levels: unacceptable risk, high risk, limited risk, and minimal risk. AI anthropomorphic interactive services are not identified as a separate category, and their regulatory intensity depends on the specific use scenario. If classified as high-risk (e.g., used for mental health diagnosis), they must meet stringent compliance requirements, including a fundamental rights impact assessment. If merely an AI system interacting directly with humans, they are subject only to transparency obligations. There is no dedicated institutional design targeting the “soft harms” of emotional AI.
The United Kingdom (“UK”) currently does not have specific legislation governing AI-generated anthropomorphic interactions, but it brings such services under the existing framework of the Online Safety Act 2023. In January 2026, the Office of Communications launched a formal investigation into the AI role‑playing companion chatbot service operated by Novi Ltd, based on potential non-compliance with age verification obligations. The UK adopts a progressive regulatory approach of “enforcement first, legislation to follow”.
Conclusion
The Measures are the world’s first specialized legislation systematically regulating “emotional AI”, marking China’s move from “general rules” to “scenario‑based, detailed legislation” in AI governance. Compared with the fragmented legislation of US states, the risk‑based framework of the EU, the existing-law application pathway of the UK, and the strong law enforcement-driven model of Australia, China leads globally in minor protection (the world’s highest standard of “absolute prohibition of virtual intimate relationships”), training data management, a quantitative safety assessment trigger mechanism, and user interaction data protection. The Measures will reshuffle the industry while building a clear competitive barrier for compliance leaders. It is recommended that enterprises promptly complete data source mapping, deploy age‑verification mechanisms, prepare safety assessment materials, and continuously monitor subsequent supporting standards, industry guidelines, and specific access rules for sandbox platforms.