AI vendors based in China
AI vendors based in mainland China. Subject to PIPL, the Cybersecurity Law, the Data Security Law, and AI-specific regulations from the CAC. Significant procurement-policy considerations for non-Chinese buyers.
China-based AI vendors fall under the Personal Information Protection Law (PIPL, 2021), the Cybersecurity Law (2017), the Data Security Law (2021), and the Cyberspace Administration of China's (CAC) Interim Measures for Generative AI Services. Cross-border data transfers from China require security assessment by the CAC for sensitive cases. For non-Chinese buyers, procurement policy concerns dominate: U.S. federal contractors face FAR Part 52.204-25 (Section 889), and many enterprise procurement frameworks treat China-based vendors as restricted by default regardless of capability.
Buyer considerations
- FAR Part 52.204-25 / Section 889 prohibits federal contractors from using equipment from specified Chinese telecom companies; broader restrictions apply for many U.S. agencies.
- PIPL has extraterritorial reach — China-based vendors handling personal information of Chinese residents have specific obligations.
- Cross-border transfers out of China face CAC review for "important data" and certain volume thresholds.
- CAC Generative AI Interim Measures impose pre-launch security review for public-facing generative AI services.
- Non-Chinese buyers often default to excluding China-based AI vendors at procurement gate; verify policy before evaluation.