China’s Tightened Facial Recognition Regulations: Key Takeaways

Blog

China’s Tightened Facial Recognition Regulations: Key Takeaways

China’s Tightened Facial Recognition Regulations: Key Takeaways

As China continues to lead in the adoption of facial recognition technology, the country has introduced stricter regulations to ensure the responsible deployment of this technology and more substantial data protection. These new measures, set to take effect on 1 June 2025, are designed to safeguard personal information rights while balancing innovation with privacy concerns.

The Measures for the Security Management of the Application of Facial Recognition Technology (hereinafter referred to as “Measures”) were jointly released by the Cyberspace Administration of China (CAC) and the Ministry of Public Security (MPS). Here are the key takeaways from these regulations.

Why New Facial Recognition Regulations Matter

  • Security First

Permanent biometric risks demand strict safeguards. The Measures establish clear rules to balance innovation with risk control, protecting facial data (which is unique and permanent) while enabling responsible tech development.

  • No More Forced Scans

Stores/apps must offer alternatives. To curb misuse, the Measures mandate non-facial alternatives where possible, preventing unnecessary collection in places like stores and reducing privacy violations.

  • Stronger Privacy

Filling legal gaps to protect sensitive data in the AI era. As a key part of China’s data privacy framework, the Measures set tailored rules for sensitive facial data, closing gaps in existing laws and setting a benchmark for emerging tech regulation.

Major Advantages & Key Provisions

The new Measures establish clear guidelines to ensure facial recognition technology is used ethically and lawfully, balancing innovation with individual rights protection.

  1. Core Principles for Legal Compliance

The Measures stipulate the basic principles for the application of face recognition technology, laying a solid foundation for the entire regulatory system.

  1. First, only if the basic conditions of “specific purpose and sufficient necessity” are met, can face recognition technology be applied to process face information, and it should be adopted in a way that minimizes the impact on the rights and interests of individuals and implements strict protection measures.
  2. Secondly, it is made clear that if there are other non-face recognition technology methods to achieve the same purpose or meet the same business requirements, face recognition technology shall not be used as the only verification method, to avoid over-reliance on face recognition technology.
  3. Thirdly, the principle of “individual consent” is reiterated, and where face information is processed based on an individual’s consent, the individual’s voluntary and explicit individual consent should be obtained on the premise of being fully informed.

Together, these basic principles constitute the normative framework for the application of face recognition technology and make clear the State’s basic orientation towards the application of face recognition technology.

  • Clear Use-Case Boundaries

The Measures provide clear and specific operational guidelines for typical application scenarios of face recognition technology in real life.

In public places, the installation of face recognition equipment shall be necessary for the maintenance of public safety, and the face information collection area shall be reasonably determined in accordance with the law and set up with significant reminder signs.

In daily life, any organization or individual shall not install face recognition equipment inside private spaces in public places such as hotel guest rooms, public bathrooms, public locker rooms, and public toilets.

It also stipulates that no organization or individual shall mislead, defraud, or coerce individuals to accept face recognition technology to verify their identity on the grounds of conducting business or improving service quality. The scenario-based requirements for the application of face recognition technology directly respond to the public’s concern about “being swiped”, provide practical guidelines for the implementation of face recognition technology compliance in various industries, and accurately delineate the boundaries of the application of face recognition technology.

  • Accountability & Security Measures

The Measures have established a variety of governance mechanisms, including personal information protection impact assessment, record management and system security requirements, to provide systematic guidance for personal information processors in fulfilling their compliance obligations.

Through the personal information protection impact assessment mechanism, personal information processors are required to assess the legitimacy and risks of processing activities in advance; through the filing system, personal information processors are made more aware of their responsibilities, and supervisors are facilitated to carry out supervision; and through the requirements on data encryption, intrusion detection and defense, personal information processors are encouraged to continuously improve their security strategies and protection measures.

The diversified regulatory tools complement each other and provide enterprises with a clear path to compliance, which is conducive to promoting relevant subjects to better fulfill their legal obligations to legally apply face recognition technology and protect face information.

Conclusion

The Measures mark a significant step towards balancing technological innovation with privacy concerns. It reflects the concept of precise policy implementation, taking into account the actual needs of face recognition technology applications, setting corresponding protection measures for high-risk situations, clarifying the specific rules for the application of face recognition technology in handling face information, and realizing the balance between security and technology application.

The introduction of the Measures will effectively regulate the application of face recognition technology, effectively safeguard the rights and interests of citizens’ personal information, and create a favorable environment for the healthy development of face recognition technology.

For more information about Personal Information and Data Protection, you can check out our previous sharing: https://www.serviceonnewgrounds.com/personal-information-and-data-protection-compliance/

Contact us if you need more information.

Related Posts

In 2014, the State Administration of Taxation (SAT) formulated the Measures for the Publication of Information on Significant Tax Violation.

If significant tax violation conducted, information of discreditable enterprise and its legal person will be made public!

In 2014, the State Administration of Taxation (SAT) formulated the Measures for the Publication of Information on Significant Tax Violation... read more

Unlock the advantages of share capital in Hong Kong for your company. Explore benefits & responsibilities for owners.

Share capital structure and No-par Regime in Hong Kong

Physical or moral persons that created their own company in Hong Kong own share capital. These shares come with benefits... read more

Tax Inspections and Audits in the right way 3

Facing Tax Inspections and Audits in the right way (3)

Previously, we shared key points for responding to tax inspections and audits. In this article, we will discuss the late... read more

Get in touch

Please fill out the contact form with all the necessary details, and we will contact you within 24 hours to provide you with the best solutions.

Call Us

+8621 3201 0058

Mail Us

inquiry@serviceonnewgrounds.com

Follow us

Our Location

Room 702, 80 North Shaanxi Road, Jing’An district, Shanghai, China 200041

Contact us

    Please prove you are human by selecting the house.