Laying a Solid Foundation for the Policy and Institutional Framework of Further Promoting the “AI plus” Initiative

In the digital leap driven by new-quality productive forces, “AI Plus” has been officially incorporated into the 2025 Government Work Report, becoming a key national strategic initiative to promote industrial intelligent upgrading and the modernization of social governance. The report clearly requires “intensifying the R&D and application of big data, artificial intelligence, and other technologies, launching the ‘AI+’ Initiative, and building internationally competitive digital industrial clusters”. Recently, the State Council issued the Opinions on Deepening the Implementation of “Artificial Intelligence Plus” Initiative, proposing to promote the extensive and in-depth integration of artificial intelligence with all sectors and fields of the economy and society. At the same time, it emphasizes strengthening policy and legal safeguards, enhancing security capabilities, and accelerating the formation of a dynamic, agile, and multi-stakeholder collaborative AI governance framework. This policy context has established a clear path of synergistic efforts focusing on “development-application-security-governance”, and positioned legislation and standard-setting as important institutional guarantees for the sustainable implementation of “AI+”.

I. Strengthen Policy and Institutional Drivers to Activate the Supply of Core AI Elements

Facing factor-driven restructuring, the primary task of policy and institutional frameworks is to establish effective “compliance channels” for the high-quality circulation of data, algorithms, and computing power. Since the release of the New Generation of Artificial Intelligence Development Plan in 2017, the national government has incorporated the rule of law and ethics into the institutional guarantee system for AI development, aiming to basically establish a comprehensive system of AI-related laws, regulations, ethical norms, and policies by 2025. Plan on Building the Rule of Law in China (2020-2025), issued in 2021, further adheres to the orientation of “good laws and good governance,” requiring timely research on legal systems related to the digital economy, artificial intelligence, and big data to enhance the law-based governance of the country. This top-level design is inherently consistent with the policy goals of “AI+”: on one hand, it clarifies the rights, obligations, and circulation rules of core elements such as data, algorithms, and computing power through the coordination of basic laws and sector-specific laws; on the other hand, it fulfills the compliance obligations of industrial and government entities and reduces institutional transaction costs for cross-regional and inter-departmental collaboration through the establishment of supporting regulations and standard systems.

In terms of data elements, the Data Security Law of the People’s Republic of China and the Personal Information Protection Law of the People’s Republic of China together provide a basic institutional framework for the security bottom line of data and personal information processing, as well as the protection of personal information rights. To promote the positive synergy between “cross-border data flow” and “industrial application,” the Provisions on Promoting and Regulating Cross-Border Data Flow issued in 2024 optimizes assessment procedures, standard contracts, and certification pathways, clarifying that data “not notified or publicly announced as important data” does not require a security assessment as “important data.” This means data processors can actively unlock the vitality of data elements on the premise of ensuring security and controllability. Together with the Measures for Security Assessment of Cross-Border Data Transfer (2022) and the Measures for Standard Contracts for the Outbound Transfer of Personal Information (2023), this regulation forms a “cross-border compliance toolbox.” Through hierarchical, classified, and procedural governance, it not only safeguards the security bottom line but also provides clear and operable legal pathways for the efficient flow of data elements in typical “AI+” scenarios such as healthcare, industry, and finance.

Regarding algorithms and models, the focus of regulation has expanded from “recommendation algorithms” in the platform economy era to full-chain governance covering “deep synthesis—generative AI—general-purpose large models.” The Regulations on the Administration of Algorithm Recommendation for Internet Information Services and the Regulations on the Administration of Deep Synthesis for Internet Information Services have established a regulatory baseline centered on “filing-identification-traceability.” The Interim Measures for the Administration of Generative Artificial Intelligence Services (2023) clearly states the regulatory philosophy of “inclusive and prudent, classified and tiered” in its general provisions, and requires generative AI services with public opinion attributes or social mobilization capabilities to conduct security assessments and complete algorithm filing, modification, and cancelation procedures. This systematic regulation ensures that the entire lifecycle of models—from the source of training data, intellectual property, and personal information compliance to post-launch identification, recall, and disposal—is governed by law, directly supporting the compliance requirements of “AI+” in content-intensive scenarios such as media, culture and tourism, and education.

In terms of computing power and infrastructure, the issuance of the Action Plan for the High-Quality Development of Computing Power Infrastructure and the vigorous advancement of the “Eastern Data Western Computing” project have elevated computing power resources to the status of basic elements similar to “water, electricity, and gas.” These initiatives promote the layout of hub nodes and data center clusters, emphasizing green low-carbon development and “computing power—electricity” coordination. This provides sufficient policy and institutional guarantees for “AI+” in high-concurrency and high-real-time scenarios such as urban governance, intelligent manufacturing, and transportation and logistics. This institutional arrangement not only ensures the parallel availability of compliance and resources but also avoids systemic risks caused by inadequate infrastructure governance during technological deployment.

In addition, at the level of standards and guidelines, the “soft law” support system is being accelerated to provide effective backing. The Guidelines for the Construction of a Comprehensive Standardization System for the National Artificial Intelligence Industry (2024 Edition), released in 2024, explicitly integrates seven components—including basic common standards, key technologies, industry applications, and security/governance—into a unified framework. TC260 (National Technical Committee for Information Technology Standardization) has issued the Basic Security Requirements for Generative Artificial Intelligence Services, which clarifies operational requirements for corpus security, model security, security measures, and security assessments, serving as an important reference for enterprises conducting security assessments and competent authorities evaluating service security levels. Governance through standards reduces coordination costs in the cross-industry promotion of “AI+” and enhances the consistency and verifiability of compliance.

II. Strengthen the Standardization of Policy and Institutional Construction to Ensure the Compliance and Trustworthiness of AI Applications

The key to advancing “AI+” in depth lies in establishing an accountable, interpretable, and governable closed-loop system among “humans—machines—institutions.” Taking model capacity security as an example, typical risks include “black-box decision-making,” “hallucinations,” and “discrimination/prejudice.” Current regulatory strategies are gradually shifting from static licensing to dynamic risk control: on one hand, the Interim Measures for the Administration of Generative Artificial Intelligence Services requires providers to achieve substantive compliance in terms of training data sources, intellectual property, and personal information processing, and fulfill obligations of identification, complaint acceptance, and disposal when launching services; on the other hand, regulatory authorities may require providers to explain the source, scale, annotation rules of training data, and algorithm mechanisms, and establish differentiated supervision and disposal processes based on “classification and tiering.” The core of this institutional design is to compress the space for risk spillover by building a full-chain compliance mechanism covering “ex ante—in process—ex post,” thereby achieving the governance goal of “exchanging controllability for usability.”

The realization of AI capacity security also requires full support from industry standards and evaluation systems. The Guidelines for the Construction of a Comprehensive Standardization System for the National Artificial Intelligence Industry (2024 Edition), jointly issued by ministries and commissions including the Ministry of Industry and Information Technology (MIIT) and the Cyberspace Administration of China (CAC), incorporates “security/governance standards” into the core of the system; the Basic Security Requirements for Generative Artificial Intelligence Services provides actionable evaluation dimensions and reference points for security assessments. Meanwhile, the industry and academic circles are actively promoting security evaluation and alignment technology practices for large models, forming a complementary mechanism combining “self-regulation—evaluation—disclosure.” This promotes the consensus that “security is capability,” advances the maturity of relevant technology stacks, and enhances public trust in “AI+” in high-sensitivity scenarios such as government affairs, healthcare, and justice.

In practice, medical AI has initially formed and demonstrated a positive cycle of “capacity security—process compliance—scenario implementation.” The National Medical Products Administration (NMPA) implements “full-life-cycle quality supervision” for innovative AI medical devices, and issues review guidelines and clinical evaluation instructions to promote the review and approval of relevant software through the high-risk (Class III) pathway. Research shows that as of the end of 2023, a total of 81 AI medical devices have been approved for Class III certificates, showing an overall upward trend with an accelerating growth rate year by year; official announcements in 2024 also indicate that the total number of approved innovative medical devices continues to rise. This “high-risk, high-regulation” governance approach has enabled “AI+” to establish an “law-abiding—traceable—correctable” capacity security paradigm in segmented scenarios such as medical imaging-assisted diagnosis and endoscopic polyp detection.

In the fields of urban governance and intelligent transportation, systems such as “city brains” have effectively improved congestion management and emergency dispatch efficiency through data fusion and adaptive signal control technologies. Academic research and empirical reports show statistically significant improvements in travel speed, congestion index, and carbon emissions. However, “AI+ urban governance” also needs to abide by the dual boundaries of personal information and public security: under the guardrails of algorithm filing, deep synthesis identification, and content governance rules, combined with the “whitelist/negative list + assessment” mechanism for cross-border data, it is necessary to avoid “eroding rights in the name of efficiency,” and ultimately achieve the coordinated development of “computable governance improvements” and “interpretable public accountability.”

III. Enhance the Adaptability of Policy and Institutional Frameworks to Build a Dynamic, Agile, and Multi-Stakeholder Collaborative Governance System

The in-depth advancement of “AI+” inevitably requires governance rationality to balance “innovation tolerance” and “risk response speed.” China has clearly defined the basic principles of “inclusive and prudent, classified and tiered” in the regulation of generative AI, implementing differentiated rules and an integrated mechanism of “testing—assessment—disposal” for technologies and applications with different risk levels, while encouraging the adoption of a combined “technology—management” approach and a collaborative mechanism of “government supervision—industry self-regulation—social oversight.” The AI Security Governance Framework Version 1.0, released in 2024, takes risk management as its core, systematically distinguishes between endogenous security risks of models, algorithms, data, and systems, as well as application security risks in the network, physical, cognitive, and ethical domains, proposes corresponding technical and comprehensive governance measures, and emphasizes “rapid, dynamic, and precise adjustment of governance measures in response to risk evolution.” This signifies that the policy and legal guarantees for “AI+” are shifting from the traditional “static licensing + ex post accountability” model to a cyclical governance system of “ex ante assessment—in-process monitoring—ex post correction.”

From an international perspective, the EU’s Artificial Intelligence Act was officially promulgated in 2024, establishing a unified framework for “use-case-driven risk classification” and additional obligations for General Purpose Artificial Intelligence (GPAI), aiming to guide the convergence and mutual recognition of global regulation. The OECD updated its AI Principles in 2024, focusing on the governance coordination of generative and general-purpose AI. These international rules and principles help build a compliance foundation for cross-border interoperability of “AI+,” as well as an international connection mechanism for testing standards and governance languages, facilitating the promotion and collaborative assessment of China’s AI products and services in the international market.

From an industrial practice perspective, the key to governance modernization lies in internalizing enterprises’ “compliance capabilities” into “engineering capabilities.” On one hand, indicators such as security, reliability, controllability, interpretability, fairness, and content authenticity are embedded into R&D processes and pre-launch red team testing through standards and evaluation, achieving “promoting improvement through assessment and stabilizing operations through testing”; on the other hand, the accountability chain is extended to the operational phase through mechanisms such as filing, identification, appeal, and disposal, and combined with cross-border data rules and green computing power governance to build “sustainable compliance assets.” When “AI+” is integrated into core systems involving public interests such as supply chains, finance, and education, a governance closed loop of “from capability to system, and from system to ecosystem” is realized.

The “AI+” Initiative is not a temporary catchy slogan, but a systematic project based on the rule of law, measured by standards, centered on capabilities, and guided by collaboration. By clarifying the boundaries and channels of elements such as data, algorithms, and computing power at the basic system and supporting regulation levels, building verifiable capacity security baselines at the standard and evaluation levels, and forming an inclusive, prudent, classified, and tiered dynamic and agile mechanism at the governance framework level, China is gradually transforming policy goals into executable and operable governance practices. In this process, the new cross-border data regulations, the “Eastern Data Western Computing” project and computing power networks, algorithm and deep synthesis filing, the Interim Measures for the Administration of Generative Artificial Intelligence Services and its established regulatory philosophy of “inclusive prudence—classification and tiering,” as well as the maturity of industry standards and evaluation systems, have jointly provided a trinity policy supply system of “hard law—soft law—technology” for the “AI+” Initiative. Looking ahead, with the continuous coordinated evolution of comprehensive AI legislation and security governance standards, the legal predictability, scenario credibility, and international interoperability of key scenarios such as healthcare, manufacturing, transportation, and urban governance will be simultaneously enhanced, promoting the maximum release of technological dividends on a track that is accountable, interpretable, and correctable—”Stability for long-term progress” is bound to become the decisive path for the strong, effective, and in-depth implementation of China’s “AI+” Initiative. (Professor Zhang Linghan, China University of Political Science and Law)