TL;DR: Automated Decision-Making (ADM) refers to the use of personal data in algorithm-driven systems to make decisions about individuals, like credit scoring or job eligibility. Under China’s Personal Information Protection Law (PIPL), ADM processes are expected to be transparent, fair, and respectful of user rights. Businesses operating in or targeting China are generally expected to offer opt-out mechanisms, explainability, and contestability for ADM outputs. Regulatory requirements differ by sector and can be stricter for high-impact industries like finance. Foreign businesses must also consider data localization and cross-border transfer compliance.

*Disclaimer: This guide is intended for informational purposes only and does not constitute legal advice. Chinafy is not a legal or corporate advisory entity. Given that legal obligations vary by business type and context, we recommend consulting with qualified legal counsel for advice specific to your organization. If needed, Chinafy can connect you with one of our experienced legal partners.

What is Automated Decision-Making (ADM)?

Automated Decision-Making (ADM) refers to the use of algorithms and personal information to make decisions that significantly affect individuals. These decisions are made without human intervention and can shape user experiences or outcomes in various sectors.

ADM is explicitly referenced in Article 24 of the PIPL, which defines it as the use of personal information in automated processes to make decisions that may have a significant impact on individuals. Common use cases include:

Credit scoring

Targeted advertising

Job or loan eligibility decisions

Behavior profiling

What does PIPL require for ADM?

China’s PIPL, along with related cybersecurity and data laws, emphasizes user rights and algorithmic accountability.

Chinese law provides individuals with rights such as the ability to:

Opt-out of profiling for marketing: Individuals can reject automated decisions used for marketing or information push services.

Request explanations: Individuals have the right to be informed about how decisions are made.

Contest decisions: If an ADM process significantly affects their rights or interests, they can request human intervention.

This aligns with China's broader data governance goals to balance innovation with personal data protection.

Read more: Navigating the China Personal Information Protection Law (PIPL)

Under PIPL and accompanying guidance from the Cyberspace Administration of China (CAC), regulators expect ADM operators to:

Ensure transparency in algorithms

Prevent unfair discrimination

Regularly evaluate and adjust decision-making models

Avoid using ADM to unjustly differentiate between individuals (e.g., pricing discrimination)

Are some industries more strictly regulated for ADM?

Yes. Sector-specific regulations impose stricter requirements on how ADM is implemented. Here are some examples:

Financial services: Regulations emphasize secure data processing and risk assessments for automated systems to protect consumer financial data.

Healthcare: Regulations govern AI-based medical devices, requiring safety and efficacy evaluations for ADM systems used in diagnostics or treatment.

E-commerce & advertising: Recommendation engines should preserve user autonomy and enable opt-outs from personalized feeds.

Platform economy: Operators of large platforms should ensure ADM systems used in content moderation, order allocation, and user ranking are explainable and fair.

These sectors, among others, often face increased regulatory scrutiny, with higher expectations for technical and procedural safeguards.

How do ADM rules differ for foreign vs domestic businesses?

Both domestic and foreign businesses need to comply with China’s ADM-related regulations but the implementation and operational requirements can differ depending on a company’s origin and infrastructure setup.

PIPL has extraterritorial reach, applying to any company that processes personal data of users located in China, regardless of where the business is based.

Foreign companies should consider factors such as:

Localization & filing: ADM models developed or operated overseas may require data localization or security assessments under the Data Security Law (DSL).

Cross-Border Data Transfers: Transfer of “important data” abroad may be subject to approval by the CAC and other regulatory bodies.

User expectations: Chinese users expect ADM transparency, including explanations and opt-out features. Foreign platforms must localize ADM interfaces and controls to align with domestic platforms.

Even companies already compliant with frameworks like the EU’s GDPR will likely need to analyze and adapt their processes to reflect China’s distinct legal and operational requirements.

What are the business implications of ADM regulation?

Businesses integrating ADM into their operations will likely need to navigate both technical and regulatory complexity. Potential consequences of non-compliance may include:

Regulatory penalties from the CAC or sector-specific regulators

Reputational damage from perceived bias or lack of transparency

Operational friction tied to cross-border data transfer restrictions

Customer attrition due to loss of trust in algorithm-driven decisions

ADM compliance is integral to responsible data governance, especially in the Chinese regulatory landscape that is evolving rapidly.

Chinafy collaborates with specialized partners, such as Lianwei Pancloud, who can offer insight into regulatory trends and compliance considerations, including ADM.

Get in touch with Chinafy today to better understand the next steps for your company’s website and data in China.