China’s Digital Human Regulation 2026: Biometric Consent, Real-Time Labels, and Global Platform Compliance

What China’s Draft “Digital Human” Rules Require

China’s Cyberspace Administration has been the world’s most prolific AI regulation issuer since 2022 — with rules on deep synthesis (2022), recommendation algorithms (2023), and generative AI (2023) preceding the digital human draft. The April 2026 draft, formally titled “Measures on the Administration of AI-Generated Virtual Personas,” is the first regulation globally to specifically target the category of AI-animated virtual characters: virtual influencers, AI avatars for livestreaming commerce, AI-generated customer service agents with realistic human faces, and interactive synthetic companions.

According to Norton Rose Fulbright’s analysis of China’s proposed AI labeling regulations, the draft rules build on China’s existing deep synthesis framework but go further in three specific directions: mandatory real-time visible labeling during presentation, biometric consent requirements for training data, and content restrictions targeting minors.

Biometric Update’s coverage of the draft confirms that the April 2026 draft represents a materially more specific compliance obligation than any of the CAC’s prior regulations, because it specifies not just that labeling must occur but how it must appear — in the field of view of the digital human at all times during the interaction, not just in metadata or app settings.

The Four Core Compliance Requirements

1. Real-Time Visible Watermarking During All Presentations

All AI-generated or AI-animated virtual personas must display a visible label — “AI-generated” or equivalent — in the digital human’s field of view during every interaction or presentation. The draft specifies that the label must be continuously visible, not dismissable by users, and rendered at sufficient contrast to be legible against the digital human’s visual context.

This is a significantly more demanding requirement than the EU AI Act’s deep synthesis labeling provision, which requires disclosure at the time of output generation or publication but does not mandate persistent on-screen labeling. For livestreaming commerce platforms — where virtual influencer hosts conduct multi-hour sales sessions — the requirement means a persistent overlay on every frame of video output. For interactive AI companions or customer service agents, it means a persistent UI element in every chat window or video call interface.

China Law Translate’s analysis of CAC AI labeling rules provides technical detail on the label format requirements: minimum font size, color contrast ratios, and prohibited placements (e.g., outside the visible area of the digital human, in sub-pixel overlays, or in areas obscured by UI elements). Platforms that use digital human technology must audit their current display implementations against these technical specifications before the rules finalize.

2. Explicit Biometric Consent for Likeness Training

The draft requires that any AI training process using biometric data — facial geometry, voice prints, body kinematics — to create or refine a digital human representation of a real person must obtain explicit, specific, and freely given consent from that person before training begins. The consent must document: what biometric data will be collected, how it will be used in training, whether it will be transferred to third parties, and the person’s right to withdraw consent and request deletion.

Ondato’s analysis of deepfake laws globally places China’s biometric consent requirement in context: most jurisdictions require consent for publishing likeness deepfakes, but China’s draft is one of the first to require consent at the training data collection stage — before any synthetic output exists. This has significant implications for companies that train digital human models using publicly available social media content, influencer video archives, or licensed media databases.

Any platform or vendor that has used Chinese influencers’ video content, livestreaming archives, or publicly posted images as training data for digital human models must audit that training data collection process for consent compliance. Retroactive consent, while legally complex, may be required for existing models if the rules apply retrospectively to models trained before finalization.

3. Absolute Prohibition on Synthetic Intimate Relationships with Minors

The draft contains an unconditional prohibition on any AI-generated virtual persona being used to simulate or facilitate an intimate, romantic, or sexual relationship with a person under 18. This applies to: AI companion applications, interactive storytelling platforms, social AI products, virtual friend or relationship simulation tools, and any other interactive AI character product.

The prohibition is absolute — it does not permit consent, parental approval, or age-restricted alternatives. A platform that allows users of any age to configure an AI character as a “romantic companion” must implement age verification sufficient to exclude all users under 18, and must ensure that its AI character interaction model cannot produce intimate relationship simulations regardless of user prompting.

This requirement aligns with protective measures in the EU AI Act and the UK Online Safety Act, but extends them to virtual personas specifically rather than just content generation. Platforms operating AI companion or social AI products in China face both the age verification implementation challenge and the product design constraint — the intimate relationship interaction mode cannot exist for Chinese users under any circumstance.

4. Liability Assignment for Digital Human Operators

The draft establishes that the entity that deploys or operates a digital human persona — not the underlying AI model provider — bears primary regulatory liability for compliance. This mirrors the EU AI Act’s deployer liability principle and has the same practical implication: a brand that licenses a virtual influencer from an AI studio, or a platform that enables brands to deploy virtual hosts for their commerce livestreams, is the regulated party responsible for labeling, consent, and content restrictions.

Veritas Chain’s analysis of China’s digital human regulation notes that this creates a due diligence obligation that flows up the supply chain: the deploying brand must verify that the underlying AI studio or model provider has obtained the required biometric consents for the persona’s training data. A brand cannot shield itself from liability by arguing that the AI vendor failed to obtain consent — the deployment relationship creates responsibility.

What Global Platforms Must Build Before Q3 2026

The CAC’s regulatory timeline typically runs 30–60 days of public comment, followed by finalization within 60–90 days of comment close. Based on the April 2026 publication date, final rules are expected no later than Q3 2026, with an effective date that is typically immediate or 30 days post-publication.

For global platforms with Chinese users — whether consumer apps, enterprise SaaS, gaming platforms, e-commerce tools, or social networks — the pre-finalization window is the most cost-effective time to build compliance systems. Four implementation tracks require parallel attention: real-time labeling infrastructure, biometric consent management systems, age verification for interactive AI features, and supply chain due diligence documentation for third-party digital human vendors.

The labeling infrastructure track is the most technically complex. A persistent, non-dismissable overlay that meets CAC’s contrast and placement specifications must be embedded in the video rendering pipeline — not in the application UI, which can be bypassed by screen recording or client-side modification. For server-rendered video streams (common in livestreaming commerce), the label must be burned into the video frame before delivery.

The Regulatory Question for Global Platforms

The digital human regulation creates a structural compliance challenge for global platforms that operate both Chinese and non-Chinese versions of their products. The labeling requirements, consent frameworks, and content restrictions in the Chinese regulatory version differ from EU and US requirements in important ways — persistent visible labeling is more demanding than EU’s at-publication disclosure; biometric training data consent is more demanding than most Western frameworks; the minor protection absolute prohibition is consistent with but more specifically defined than UK and EU equivalents.

A global platform that maintains a single digital human technology stack for all markets faces the choice of applying the most demanding requirement across all markets (simplifying compliance but potentially over-implementing in less regulated markets) or maintaining market-specific configurations (implementing correctly for each market but at higher operational complexity). For most platforms, the over-implementation approach — apply Chinese labeling and consent standards globally — is the lower total compliance cost option, because it eliminates market-specific configuration and the associated risk of misapplication.

The digital human space is moving from a regulatory grey area to a heavily regulated product category simultaneously in multiple major jurisdictions. Companies that build robust compliance infrastructure for China’s Q3 2026 rules will be better positioned for the EU and US equivalents that are expected to follow within 12–18 months.

Frequently Asked Questions

Sources & Further Reading

• China’s Draft Rules on AI Virtual Humans Target Biometric Deepfakes — Biometric Update
• China’s Proposed AI Labelling Regulations: Key Points — Norton Rose Fulbright
• AI Labeling in China — China Law Translate
• China Is Regulating Digital Humans — Veritas Chain via Medium
• Deepfake Laws: A Global Overview — Ondato