The China Banking and Insurance Regulatory Commission has issued guidance setting out how banking and insurance institutions should develop and apply artificial intelligence safely. The framework places responsibility on firms as AI users, requires governance at board level, and brings AI within enterprise-wide risk management. It calls for full life cycle controls covering design, data preparation, development, deployment, monitoring, maintenance and exit, with applications classified by risk so that higher-risk uses face tighter controls. The guidance sets detailed expectations across governance, models, data, computing resources and operational controls. Institutions should establish internal rules for model development, data governance, safe operations and outsourcing, and build cross-functional mechanisms spanning business, technology and data teams. It supports one-stop AI development platforms, model-as-a-service capabilities and, subject to risk controls, generative AI applications, while requiring admission controls for generative models and procedures for externally sourced models. Firms are expected to build high-quality datasets, manage data across the full life cycle, support lawful data sharing, deploy computing resources according to need, and treat key computing services as important technology outsourcing. On risk management, the guidance highlights black box risk, hallucinations, algorithmic discrimination, cybersecurity, data security and customer information protection. It also requires transparency and explainability standards for high-risk uses, prominent labelling of AI-generated content, consumer disclosure duties, regular algorithm audits, human oversight and intervention at critical points, emergency shutdown and model exit conditions, and backup systems or manual alternatives for high-risk applications. The guidance also sets supervisory expectations. Institutions that use generative AI in public-facing services or in high-risk scenarios must report this to the regulator. Supervisory authorities will strengthen risk assessment and inspections, focus more closely on high-risk applications, build a sector-wide technical framework for safe AI use, and enhance monitoring, early warning and cross-agency coordination.
China Banking and Insurance Regulatory Commission2026-06-18
China Banking and Insurance Regulatory Commission issues guidance on safe AI development and use in banking and insurance
The China Banking and Insurance Regulatory Commission has issued guidance requiring banks and insurers to govern AI through board-level oversight, full life cycle controls and risk-based classification of applications. It sets expectations for model, data, computing, transparency and cybersecurity controls, including labelling of AI-generated content and human intervention for high-risk uses. Firms using generative AI in public-facing or high-risk scenarios must report this to the regulator.