At China’s annual Two Sessions gathering held from March 4-11, Zhou Hongyi, Representative of the 14th National People’s Congress (NPC) and CEO of 360 Group, emphasized the importance of DeepSeek’s open-source strategy in catalyzing China’s transition from an AI follower to a global leader. This builds on momentum from the Paris AI Action Summit, during which participants purportedly lauded China’s open-source AI models for helping to advance “open and inclusive AI development” around the world. DeepSeek’s success exemplifies China’s comprehensive open-source strategy, which has given rise to over 30 million open-source projects across the industrial spectrum, from chips to applications. As it stands, China has produced 17 percent of global open-source software — the second-most amount worldwide.
China’s legal framework is adapting to the rapid evolution of AI, particularly in areas involving content generation and sourcing for diverse training data. Emerging regulations primarily revolve around novel legal risks to copyright and security, which are especially pertinent for open-source models. President Xi Jinping’s most recent pronouncement of his desire to reinforce policies for intellectual property rights and to “form a global governance framework” for AI, which he views as a “global public good,” underscores Chinese AI regulation as a matter worthy of global attention.
Copyright Chaos: AI-Generated Outputs
Generative AI models can generate outputs that include depictions of specific individuals or personal characteristics, which may constitute copyright violations. The open-source nature of some models potentially exacerbates these risks by increasing accessibility, lowering barriers to misuse, and complicating the implementation of centralized safeguards against infringement.
In February, the Hangzhou Internet Court, which handles online disputes, held that a generative AI system’s production of certain images constituted contributory infringement of information network dissemination rights. The defendant, the operator of a platform providing Low-Rank Adaptation (LoRA) models for image generation, allowed users to generate images of the fictional character Ultraman that were substantially similar to those for which the plaintiff held exclusive licensing rights.
The court ruled that the defendant, as a generative AI service provider, failed to exercise a duty of care to implement adequate measures to prevent copyright infringement, thereby violating both the Interim Measures for the Management of Generative AI Services《生成式人工智能服务管理暂行办法》and the Regulations on the Administration of Deep Synthesis in Internet Information Services《互联网信息服务深度合成管理规定》.
The court explained that because the defendant offered a service directly to end users at the application layer, it had made targeted modifications to the open-source model to provide solutions for specific uses. The defendant also derived direct commercial benefit from the content generated. The court ultimately determined that the defendant should maintain sufficient understanding of the generated content in specific application scenarios and bear the corresponding duty of care.
This case is important for distinguishing between different levels of legal responsibility in the provision and downstream use of open-source models. Crucially, the court’s reasoning signals that commercialization and model modification are key factors that can transform a more “neutral” technology provider into an active contributor to infringement. It will not be surprising to see stricter legal expectations (and liability) for AI service providers modifying open-source models for commercial use in China going forward.
Fine Print Complexity: User Agreements
Although China has no general law governing the ownership of AI-generated content, Article 9 of the Interim Measures for the Management of Generative AI Services 《生成式人工智能服务管理暂行办法》mandates that service providers must establish agreements with users to define their respective rights and obligations. These licenses dictate the rights of downstream users, and failure to comply with their terms may result in copyright infringement.
The complexity and diversity of user agreements with open-source AI presents a gray area for compliance. Unlike proprietary AI systems, which have clear terms dictated by a single entity, open-source models can be modified, redistributed, and deployed in diverse contexts — often with varying, and sometimes conflicting, licensing terms.
Many Chinese AI service providers include clauses addressing content rights in their terms of service. For example, DeepSeek’s terms assign “any rights, ownership, and interests in the output content to [the user].” A similar clause by Doubao states that the company “does not claim ownership of the Output content.” In contrast, Kimi uses more specific language: “The copyright of the content generated by [the user] based on the Kimi Intelligent Assistant is maintained by [the user], and [the user] should use it after independent judgment. [The user] [is] responsible for handling any intellectual property issues arising from the content generated.”
It is interesting to note that DeepSeek and Doubao have opted for broad terms like “rights” or “ownership” instead of explicitly stating “copyright.” Artful contract drafting when assigning rights to AI-generated content will likely introduce much uncertainty for future copyright disputes. In practice, the provisions in user agreements may prove insufficient to determine ownership conclusively. Courts still need to consider specific requirements, such as “intellectual achievement” and “originality”, when adjudicating on the ownership of AI-generated content.
Users have also become more sensitive to (and influential over) contractual language. In March, Tencent revised the user agreement for its Yuanbao AI assistant– which had overtaken DeepSeek as the most downloaded free app in China– three times after facing backlash from netizens for an “overlord clause” (“霸王条款”). The clause had originally reserved for Tencent an “irrevocable”, “exclusive”, “unrestricted” and “permanent” license to use the content uploaded to and generated by Yuanbao, which is built on the open-source Hunyuan model. Amidst public criticism, Tencent issued a public apology and clarified that the rights for the content uploaded to and generated by Yuanbao would remain with the user or relevant party. This serves as a cautionary tale for AI developers: licensing structures must respect user expectations of autonomy and control, or risk losing legitimacy and adoption. Further, open-source communities which emphasize user freedoms would be particularly opposed to “overlord clauses” like this one.
The Data Labyrinth: AI Training
Training data for open-source AI models encompasses open data, self-collected data, commercial data, user-input information, and data input from other models. The diversity and sensitivity of this data make compliance exceptionally complex. For example, web crawlers that scrape content without proper authorization may violate the Robots Exclusion Protocol (robots.txt), leading to copyright violations. Zhong Bo, a deputy to the NPC, warned during the Two Sessions that unregulated data usage could lead to widespread ‘pseudo-innovation’, such as the reassembly of data to generate low-quality content, crowding out genuine high-quality innovation and technological breakthroughs.
Currently, the Interim Measures for the Management of Generative AI Services《生成式人工智能服务管理暂行办法》stipulate that generative AI service providers must conduct pre-training and optimization training activities using legally sourced data and foundation models. Personal information may only be obtained with user consent or in compliance with other legal provisions. However, Zhong recognized that rigidly adhering to ‘prior authorization’ rules may hinder innovation because large model training often necessitates extensive web scraping when obtaining consent may be burdensome.
To address these concerns, Zhong Bo submitted during this year’s Two Sessions a proposal titled Preventing Intellectual Property Abuse and Combating Extortionary Litigation《关于防范知识产权权利滥用,打击敲诈勒索式维权的建议》. The proposal calls for the clarification of legal definitions, punitive measures, and avenues for legal recourse to minimize ambiguity in intellectual property adjudications.
Going forward, Chinese policymakers will likely strive for greater legal clarity in regulating the collection and use of training data for AI systems, aiming to balance innovation with intellectual property protections. There might be a potential shift toward more nuanced policies that differentiate between various types of data and their respective uses in AI training.
Open Doors, Open Threats: Security Vulnerabilities
Beyond copyright risks, security vulnerabilities are a growing concern in open-source AI. Compared to closed-source AI, the code and architectural details for open-source AI are easily accessible, which increases the risk of system intrusions. Moreover, the development and deployment of open-source AI often depend on numerous third-party software packages and libraries like PyTorch and TensorFlow. Security vulnerabilities in these dependencies can rapidly compromise entire information systems through supply chain attacks.
DeepSeek’s design allows users to alter its safety mechanisms, leading to a heightened risk of exploitation, as evidenced by a major cyberattack in January. A recent Cisco study found that DeepSeek failed to block a single harmful prompt in its security assessments while OpenAI’s GPT-4o blocked 86 percent of these prompts. Analysts suggest that DeepSeek’s shortcomings illustrate a Chinese Communist Party imperative to rapidly produce models to compete with Western AI companies, compromising safety in the process.
Regulation has been hot on the heels of these risks. Three years after the initial consultation draft was conceived, the Regulations on Network Data Security Management《网络数据安全管理条例》came into effect in January 2025. It requires companies providing generative AI services to take steps to prepare for data breach risks and report to authorities within 24 hours in the event of a breach. In December 2024, China’s National Cybersecurity Standardization Technical Committee released the draft Cybersecurity Standards Practice Guide《网络安全标准实践指南—生成式人工智能服务安全应急响应指南》for public consultation. The guidelines introduce a structured approach to categorizing and determining the risk level of security incidents — such as data breaches, misuse of algorithms, and other cybersecurity threats — to generative AI services. The draft also provides a process for step-by-step monitoring, warning and emergency response. Though presently non-binding, it signals China’s commitment to addressing AI cybersecurity risks through a robust legal and operational structure.
Considering the growing awareness of security risks in open-source AI systems, it is worth watching whether China will introduce regulations targeting these systems under the broader umbrella of generative AI governance. The NPC and the Chinese People’s Political Consultative Conference have already called for stronger legislation concerning AI-related security breaches at the Two Sessions.
Going Forward
China’s accelerating wave of AI regulations makes one thing clear: the era of lightly governed open-source AI is ending. The combination of binding regulations and influential soft law signals that China is engineering a flexible but forceful AI governance architecture, capable of tightening controls as needed.
Yet even as the landscape hardens, major open questions remain. How will Chinese authorities draw the line between encouraging open innovation and securing national interests? Can China craft flexible legal mechanisms that protect IP and cybersecurity without stifling grassroots technological advances? These uncertainties will shape not only the future of open-source AI in China, but also influence global debates over how to govern the tension between openness and control in frontier technologies.
