AI Governance Institute logo
AI Governance Institute

Intelligence for Compliance and GRC Teams

← News

22 Chinese AI Firms, Including Alibaba and Baidu, Sign Voluntary AI Safety Commitments

Source

China AI Industry Alliance

What happened

In December 2024, the China AI Industry Alliance coordinated the signing of a voluntary AI Security and Safety Commitments initiative, with 17 major Chinese technology companies signing at launch and the total number of signatories growing to 22 since that date. Confirmed participants include Alibaba, Baidu, ByteDance, Huawei, and Tencent. The commitments establish a non-binding framework for managing AI risks across the full development and deployment lifecycle, and 18 of the 22 signatory companies have already disclosed their individual AI security and safety practices publicly. The initiative operates under the China AI Industry Alliance, a state-affiliated industry body, and sits alongside China's existing binding AI regulations, including the Provisions on the Management of Algorithmic Recommendations (2022), the Interim Measures for the Management of Generative AI Services (2023), and broader cybersecurity and data protection frameworks. Together, these mechanisms create a layered compliance environment that multinational enterprises operating in or partnering with Chinese AI companies should actively monitor.

Why it matters

  • ·Regulatory exposure: China's binding AI regulations already impose legal obligations on companies deploying AI services in the country, and this voluntary layer signals that regulators may convert soft norms into hard requirements, as Chinese authorities have precedent for doing with voluntary industry mechanisms.
  • ·Operational impact: The public disclosure of AI security and safety practices by 18 signatory companies raises the baseline expectation for documented risk management, meaning enterprises partnering with Chinese AI vendors may face increased due diligence burdens when assessing counterparty governance standards.
  • ·Organizational risk: Multinational enterprises that fail to audit vendor agreements with Chinese AI companies for signatory status and alignment with disclosed safety practices risk reputational exposure and procurement gaps if a counterparty's practices fall below emerging norms set by this initiative.

Governance controls affected

What to do now

  • Audit all existing vendor agreements with Chinese AI companies to determine whether counterparties are signatories to the China AI Industry Alliance AI Security and Safety Commitments.
  • Review the publicly disclosed AI security and safety practices of signatory vendors and assess whether those practices meet your enterprise's internal AI governance standards.
  • Update third-party AI risk assessment procedures to incorporate signatory status and public disclosure quality as evaluation criteria for Chinese AI vendors.
  • Revise AI vendor contract requirements to include provisions requiring notification if a Chinese AI counterparty joins or withdraws from the commitment framework or updates its public disclosures.
  • Establish a monitoring process to track whether the China AI Industry Alliance commitment framework evolves toward binding regulatory status or expands its signatory base.

What to watch next

Compliance teams should monitor whether Chinese regulators formally incorporate the AI Security and Safety Commitments framework into binding rulemaking, given the established precedent of voluntary mechanisms transitioning to mandatory requirements in China's AI regulatory history. Teams should also track the expansion of the signatory list beyond the current 22 companies and watch for updated public disclosures from existing signatories that may reset baseline expectations. Any guidance issued by the China AI Industry Alliance or Chinese regulators clarifying enforcement expectations around the voluntary commitments should be reviewed promptly for implications on vendor due diligence obligations.

AI Governance Weekly

Weekly intelligence on AI regulation, enforcement, and governance. Every Thursday.

Powered by Buttondown.

Related Coverage

Research2026-07-04

Voluntary AI Commitments Are Not Enough: Brookings Calls on G7 to Make Behavioral Standards Legally Enforceable

A June 2025 analysis from the Brookings Institution, authored by Tom Wheeler, argues that G7 nations should accept the international AI standards framework on offer but convert its voluntary commitments into binding, enforceable obligations. The piece calls for inclusive standards-setting that incorporates governments and civil society, not just industry. For enterprise compliance teams, the central implication is that behavioral AI standards currently treated as voluntary benchmarks may soon carry legal weight across the world's largest economies.

Research2026-07-08

Eight Governance Themes from 2025 Reveal Widening Gaps Between Regulatory Ambition and Enterprise Readiness

A year-in-review analysis by AI governance practitioner Oliver Patel identifies eight major governance developments from 2025, including new US state legislation, ISO/IEC 42006 audit standards, and successive EU AI Code of Practice drafts. The review highlights that compliance teams are now operating across an increasingly fragmented regulatory landscape where frontier AI transparency requirements, international audit standards, and state-level disclosure obligations are advancing at uneven speeds. Third-party AI vendor risk programs and model risk governance functions face the most immediate pressure to adapt.

Research2026-06-30

EU-US Regulatory Divergence on AI Creates Structural Compliance Gaps for Multinational Enterprises

A December 2024 analysis from the Oxford Internet Institute examines accelerating fragmentation in global AI governance, highlighting the EU Code of Practice for general-purpose AI and divergent US-EU approaches to agentic AI as the central compliance challenge. The research identifies ISO and OECD standards as the primary coherence mechanism available to enterprises operating across jurisdictions. Compliance teams at multinational organizations face structural gaps where no single regulatory framework covers the full scope of their AI deployments.