Where are Chinese AI companies on safety frameworks and approaches compared to Western counterparts?
In runup to Shanghai World AI Conference, a brief look at where China is on AI safety
The issue of how companies around the world are implementing safety and security guardrails around increasingly capable models has never been more salient, particularly as the paradigm of a winner-take-all race to AGI/ASI is likely to be ascendant over the next 18 months. Leading AI labs have in some cases signed up to responsible scaling policies and sought compliance with System and Organization Controls 2 (SOC 2) for AI model APIs offered in the cloud. In the runup to the Shanghai World AI Conference (WAIC) next week, there will be renewed attention to these issues in an international forum. Major announcements will be made on the Chinese side, along with extensive discussions at various fora at the conference about how international collaboration can move forward even as the geopolitics around advanced AI models becomes more complex. Here are some preliminary thoughts going into the WAIC. A subsequent post will examine the state of the issues coming out of the Shanghai gathering.
How are companies implementing safety policies outside of government regulation or mandates? The answer is complicated
While governments around the world attempt to determine basic guardrails around the deployment of advanced AI models and platforms, industry is not standing still, and companies are voluntarily adhering to existing and emerging best practices. There are various emerging standards around cloud deployments of AI models and platforms, and around the safety and testing of the models themselves. The EU Code of Practice is another key framework that companies will need to consider signing on to in order to deploy AI applications using advanced models in the EU (see below). Some brief comments on emerging best practices can shed light on where US and Chinese companies are in this process. SOC 2 Type II compliance focuses on system controls—particularly security and confidentiality—to ensure data and infrastructure are safeguarded continuously, while Responsible scaling policies (a/k/a RSP or Preparedness Frameworks) address when and how models should be safely trained or deployed as their capabilities increase, with structured thresholds, evaluations, and possible “pauses.” The US and UK governments tend to call these “frontier AI frameworks”, while the EU calls them “safety and security frameworks”, often confusing the issue of what is covered.
Taken together, they offer two complementary assurances: SOC 2 provides assurance around infrastructure security and operations, while scaling policies ensure developers actively manage risk tied to advancing model capabilities and potential misuse. These latter policies are really risk management systems that are solely intended for specific risks such as CBRN and advanced cyber capabilities, and do not cover most of the other areas often defined as misuse, such as fraud, hate speech, phishing, etc. Leading AI labs such as OpenAI, Anthropic, and Google are ahead in both arenas—offering SOC 2 Type II compliance and public, structured scaling policies tied to capability thresholds. Meta, xAI, DeepSeek, Alibaba, and Zhipu AI lack visibility on both fronts—potential red flags for enterprise customers and risk-aware stakeholders.
This is an evolving situation, and discussions with some of the leading labs in China in particular present some challenges in assessing where Chinese AI leaders in particular fall with respect to the importance of both RSP and SOC types of approaches. For example, last December the China Academy of Information and Communications Technology (CAICT) under the Artificial Intelligence Industry Alliance (AIIA) issued a pledge that was signed in late December 2024 by 17 prominent Chinese AI firms—including DeepSeek, Alibaba, Tencent, ByteDance, Zhipu, and others. Key commitments include:
Safety, controllability, transparency & ethics in model development
Contributing to standard-setting, public education, and cross-sector safety R&D
Comprehensive evaluation/testing for bias, reliability, and potential misuse
This is a voluntary, high-level statement, domestically oriented, lacking external audits, explicit risk thresholds, or deployment gating mechanisms. Here is a comparison of the various commitments.
The CAICT Pledge marks important early progress: Chinese firms are signaling alignment with global norms—covering ethics, transparency, and safety testing. However, compared to SOC 2, the pledge lacks auditability and operational rigor, and versus RSPs, it does not define when and how models must be paused or gated. It does not appear that Chinese companies that signed on to the agreement have all provided CAICT with details about their responsible scaling policies by the March 15 requested deadline. CAICT asked the 17 signatories to provide implementation details by March 15, including “revealing details about safety team structures and safety evaluation datasets, to compile best practices that can guide industry efforts,” according to Concordia AI. (For more, see an excellent summary here.) AIIA has indicated it will “review the materials of units participating in the self-discipline disclosure action, and publish a collection of best practice cases at the Alliance plenary meeting or other appropriate occasions, and select representatives of some units to participate in the release ceremony at the conference”—presumably meaning the WAIC.1
Shanghai World AI Conference: Is progress on international AI safety cooperation possible?
The event in Shanghai on July 26 and 27 will be an important one for the Chinese government, the Chinese AI Safety Institute (profiled here), and Chinese companies to showcase progress on compliance with best practices in China and globally on AI safety and security. The WAIC will host a meeting the first day of the conference entitled AI Safety: Practical Applications & Frontier Progress. It will include CAICT along with the Shanghai AI Laboratory, the Institute for AI International Governance at Tsinghua University, the Shanghai Qi Zhi Institute, and other organizations. Speakers include Andrew Yao, Dean of the College of AI at Tsinghua, AI/ML pioneer and Turing Award winner Yoshua Bengio, UC Berkeley Professor Stuart Russell, CAICT Dean Yu Xiaohui, and company representative from China Telecom and Alibaba Cloud. The event will also see the launch of the China AI Safety Commitment Framework. On the second day, there will be another closed-door session that will include discussions on AI risk governance and international cooperation, and a number of other high-profile AI safety figures and organizations will be represented at a major open session on the second day of the conference. Russell, an advocate for understanding AI existential risk, and Bengio will participate—they are regular participants in China-focused AI safety discussions.
There are a number of different parallel paths being pursued in terms of AI safety, international cooperation, and company participation in both national and international efforts to establish guardrails around AI model and application development. At the international level, the Bletchley Park Process, begun in November 2023, has stalled somewhat, as the Trump administration has reconsidered the US government approach on AI safety, the mission of its AI Safety Institute, now renamed the Center for AI Standards and Innovation (CAISI). The UK continues to push forward with the renaming of its AI Safety Institute as the UK AI Security Institute (UKAISI); the future of the AI Safety Institute network remains in doubt. The April Singapore conference on AI safety pushed by Max Tegmark was an attempt to maintain some momentum after the sidelining of safety at the February AI Action Summit in Paris.
The UK and its very capable AISI will remain a major player in the space and likely continue to attempt the difficult balancing act of engaging China in international efforts to develop a globally acceptable AI safety/security framework while continuing to push for collaboration with the US and allies to lead on AI development with an eye to “winning” the race to AGI/ASI. British Foreign Minister David Lammy, in a recent speech in Singapore, laid out one of the most, if not the most extensive views from a major western government on how the British Foreign Office views developments in the AI sector.
Lammy, in a not-too-veiled reference to China, claimed that AI would “deliver a paradigm shift in the distribution and exercise of power,” and pledged that he will bring “AI to the centre of the Foreign, Commonwealth and Development Office (FCDO) policy machine.” Lammy also talked about more collaboration, and more AI diplomacy around a “perimeter of values,” meaning democracies working together to advance AI, presumably in juxtaposition with “autocratic AI” led by China. The question of whether the UK government, potentially working with the Singaporean government, will continue to seek ways to include China in international discussions on AI guardrails is a critical one. It will depend in part on where the Trump administration comes down on these issues following the release of important policy documents such as the OSTP Action Plan at the end of July, and the evolving mission of the CAISI and its relationship with leading US AI labs including Anthropic, OpenAI, and xAI. The UK government and Lammy’s Foreign Office will also play a major role in shaping the next AI Safety summit in Delhi in early 2026.
As I noted in a readout of the Singapore conference in April, no Chinese companies were able to participate in that event, for complex reasons. The ongoing issue of how the Chinese government views the participation of leading Chinese AI labs in international efforts to agree on baseline approaches such as RSPs and SOC compliance remains unresolved. The WAIC meetings and the release of the China AI Safety Commitment Framework should provide significant new clarity on the issue of how Chinese companies will develop internal guardrails for model development. The challenge will still be lashing up the significant work done by the Chinese AI safety community, including the CNAISDA, AIIA, CAICT, and Chinese company efforts, with the Bletchley Park process and AI Safety Institute network, given the geopolitical pressures growing around AI and the very different approach preferred by the Trump administration to these issues—as I outlined in some detail here. The emerging US government policy approach appears to be heavily focused on compute governance, continuing to use export controls as a “chokepoint” to slow the ability of Chinese companies to develop frontier AI models, and establishing a new AI Diffusion rule likely to contain elements similar to the one the Trump administration rescinded in May. The risks of the US approach are becoming more evident and will make getting any collaboration on AI safety at the government level difficult, leaving industry- and company-led initiatives to carry the day.
Companies in the US and China employ different approaches to adhering to national laws and international best practices. Approaches to handling data, ensuring the security and reliability of cloud-based AI APIs and platforms, and putting up guardrails around CBRN, cyber, and autonomy to reduce risks of misuse remain very much a work in progress. In addition, the open source/weight model versus closed weight approach is also at play, as are the differing issues around consumer-facing and enterprise deployments of models and platforms, particularly as we move rapidly into the world of agentic AI.
Here is a comparison of different company approaches in the US and China to some of these challenges. This chart is a work in progress, and is based on both internet-based research and direct discussions with companies involved or other knowledgeable industry sources.
We can see that there are both significant differences in how the leading labs in the West and China are beginning to adhere to emerging best practices, and areas of some convergence. CAICT has, for example, pointed to OpenAI’s Preparedness Framework and Anthropic’s Responsible Scaling Policy as relevant or benchmarks for Chinese companies submitting inputs on actions they are taking in response to the CAICT/AIIA pledges2. This language used in the CAICT/AIIA pledges reflects a growing convergence with Western frameworks (like RSPs), particularly in its emphasis on red-teaming, data controls, transparency, and frontier safety—but as noted earlier, the CAICT pledge is non-binding and lacks specific risk gating or enforcement protocols. In addition, it will be critical to see how the new China AI safety framework handles issue such as open source/weight models, given that over the past year, almost all the leading Chinese AI labs have moved towards releasing model weights and in some cases, like DeepSeek, publishing significant details about model development and deployment.
However, the status of RSPs put out by leading US AI labs is also somewhat murky in terms of what testing has been done before advanced models are released, in a very competitive environment. The release of Grok 4 by xAI last week is a good example. xAI, in the livestream, announced the firm has obtained extended security compliance tests via SOC 2 in order to sell into enterprises, but the lack of guardrails around controversial statements coming from Grok suggests that there are major issues here.
Looking ahead
The challenges facing companies in deploying advanced AI models, and platforms based on these models, across borders appear set to become even more daunting. Efforts to build international consensus around the basic hygiene of models looks set to flounder in the runup to the next AI summit in early 2026. As companies release more and more capable models, such as Grok 4 and soon DeepSeek’s latest reasoning model R2, the incentives to restrict the ability of these models across borders are likely to grow. The state of AI safety and security frameworks is also getting more complex for companies, with the EU Code of Practice set to take effect on August 2, and published last week, including its Safety and Security Frameworks and RSPs. Here, US and Chinese companies with a presence in the EU such as Alibaba and Bytedance will need to determine whether to sign on to another framework. OpenAI recently announced it would sign the Code, as has Mistral.
US officials are almost certainly planning to take measures against DeepSeek, and even considering broader restrictions targeting Chinese open source/weight models. Throw in the use of AI models with increasingly capable humanoid robots, and the fears of advanced Chinese-origin AI-based systems featuring advanced agents unleashed on US roads, factories, or elder care homes will only rise. It is unclear whether Western governments will allow broad use of platforms using Chinese open source models within their borders—even if Chinese AI firms were to begin adhering to strong responsible scaling policies, putting in more safety guardrails around models in terms of CBRN, cyber, and autonomy, and seeking compliance via SOC 2 measures while aligning with data requirements under GDPR. Similarly, Beijing appears reluctant to grant more Western companies licenses under the Cyberspace Administration of China (CAC) regulatory system.
For multinational companies these developments are challenging to say the least. Throw in US export controls and the situation becomes even more difficult. For example, Apple has finally partnered with Alibaba to deploy the Chinese firm’s open source AI models as part of Apple Intelligence,—but the delays in working out all the details of this arrangement, testing Alibaba’s models to Apple’s standards (and deciding where testing will take place), and integrating the system in China have caused delays in rolling out the system in China, even as all the other smartphone makers are offering AI capabilities. This puts Apple at a major competitive disadvantage. Same with Tesla, which cannot import advanced GPUs to train its FSD software in China, due to US export controls. Chinese AI companies will face challenges outside of China. For example, using Huawei Ascend hardware could mean they are in violation of US export controls; and new controls targeting data centers, and the models and platforms themselves, will complexify efforts to deploy AI applications uniformly across the enterprise on a global basis or offer AI-based services outside of China.
All of these issues will only become more contentious as the age of agentic AI gets into full swing. Hold on to your hats…
‘Pledge 1: Risk Management Mechanism
Disclose the establishment of a safety and risk management team or organizational structure, including but not limited to:
Structure of the safety organization,
Lifecycle management of AI development,
Basic risk management concepts,
Open model safety measures.
Pledge 2: Model Safety
Disclose safety testing and evaluation measures for model effectiveness and safety, including but not limited to:
Red-teaming efforts,
General-purpose domain misuse testing,
Vertical domain testing methodologies.
Pledge 3: Data Security
Disclose measures to protect training and business data, including but not limited to:
Training data security policies and safeguards,
Technical defenses,
Other related security controls,
Business data encryption,
Storage, access control, and additional security measures.
Pledge 4: Infrastructure Security
Disclose the monitoring and protection capabilities for AI system hardware and infrastructure security, including but not limited to:
Security testing of infrastructure,
Risk scenario simulations,
Emergency response mechanisms.
Pledge 5: Model Transparency
Disclose the implementation of model transparency, including but not limited to:
Model type,
Applicable domains,
Model usage limits,
Specific transparency mechanisms.
Pledge 6: Frontier Safety Research
Disclose the organization and results of frontier safety research, including but not limited to:
Safety research layout,
Risk assessment or evaluation mechanisms,
Research on frontier AI safety topics.