China China Personal Information Protection Law PIPL

China's TC260 Draft Mandates Explicit Consent for AI Synthesis of Biometric Data — and Exposes the Cost of Governing by Accretion

A proposed amendment to national security standard GB/T 35273 adds specific biometric consent rules for AI deep synthesis, the fifth overlapping framework since 2021.

China's AI Biometric Consent Timeline People of Internet Research · China Aug 16, 2026 Consultation closes TC260 public comment window for th… 820,000+ Illegal AI pieces removed Shanghai CAC 2025 Qinglang enforce… Jan 2023 Deep synthesis rules live CAC's Provisions on Deep Synthesis… peopleofinternet.com

Key Takeaways

On June 17, 2026, China's National Information Security Standardisation Technical Committee (TC260) released a draft amendment to GB/T 35273, the Information Security Technology — Personal Information Security Specification. The revision introduces mandatory explicit consent requirements for AI deep synthesis technologies that process biometric data — faces, voices, fingerprints, and iris patterns. Public consultation runs through August 16, 2026.

The amendment targets a gap that was easy to miss in the existing framework. GB/T 35273 is a recommended national standard (the "GB/T" prefix marks it as non-mandatory in principle), but in China's regulatory environment, TC260 standards are routinely referenced in enforcement proceedings and treated as binding baselines by compliance teams. When TC260 updates them, industry follows.

What the Draft Actually Requires

The core change is specific: before deploying any deep synthesis function that uses a person's biometric data — whether to generate a synthetic face, clone a voice, or produce a digital avatar — a service provider must obtain that individual's explicit, separate consent. Consent cannot be bundled into general terms of service or inferred from prior data-sharing agreements.

The amendment extends requirements into the AI processing chain beyond the synthesis output itself: restrictions on user profiling based on biometric data, controls on automated decision-making that uses synthesis outputs, and limitations on how large language model APIs can integrate with biometric synthesis pipelines.

The Case for This Regulation

Before examining the costs, the draft gets something important right. Biometric data is uniquely irreplaceable. A compromised password can be changed; a cloned voice or face cannot. The harms from non-consensual biometric synthesis — fraudulent impersonation, AI-generated harassment, financial scams using voice deepfakes — are well-documented and growing in parallel with the accessibility of synthesis tools.

China's Personal Information Protection Law (PIPL), effective November 1, 2021, already classifies "biometric characteristics" as sensitive personal information under Article 28, requiring "the individual's separate consent" under Article 29. The CAC's Deep Synthesis Provisions, jointly issued with MIIT and the Ministry of Public Security and effective January 10, 2023, further required that providers obtain consent before using anyone's likeness or voice to generate synthetic content.

But those earlier frameworks left meaningful ambiguity at the technical layer: does consent at model training cover downstream inference? Does a general platform terms of service constitute "separate consent" for biometric synthesis? The TC260 amendment attempts to close those interpretation gaps at the specification level — where product and API design decisions are actually made. That is a plausible regulatory objective, not overreach.

The Problem of Governing by Accretion

The more serious concern is architectural, not substantive. China now operates under at least five distinct layers of AI biometric governance since 2021:

Each layer emerged from a legitimate regulatory moment. Each adds obligations that are justifiable in isolation. But the overlap between the April 2026 virtual human draft and the June 2026 TC260 amendment is substantial: both impose explicit consent requirements for biometric synthesis. If finalized simultaneously without a harmonization provision, companies may face duplicative but non-identical obligations — different definitions of "biometric data," different consent granularity thresholds, and different enforcement routes through the CAC versus TC260-referral pathways.

This matters most for smaller innovators. Large platforms — ByteDance, Alibaba, Baidu — can absorb regulatory complexity that would cripple a startup building a legitimate voice synthesis accessibility tool or a medical imaging application using facial recognition for patient identification. Compliance costs that favor incumbents are not neutral outcomes; they foreclose competition precisely in sectors where new entrants are most needed.

There is also a definitional gap the draft does not close: what does "explicit consent" mean at the synthesis layer? Must it be obtained at model training, or only at the point of inference? Is feature-level granularity required, or is a per-service consent flow sufficient? Must consent be renewed as synthesis capabilities expand? These questions need answers in the standard itself, not left to enforcement discretion — because discretion applied to ambiguous text tends to benefit the largest actors with established regulatory relationships.

What the Consultation Period Should Surface

The August 16, 2026 deadline is an opportunity that industry respondents should not squander. Three asks are worth making.

First, a harmonization map: TC260 should publish a cross-reference table specifying exactly which obligations in the amended GB/T 35273 supersede, supplement, or duplicate existing requirements under the Deep Synthesis Provisions and the virtual human draft. Silence on this point creates compliance risk for every operator trying to maintain a coherent program across five overlapping frameworks.

Second, defined consent mechanics: the standard should specify whether biometric synthesis consent must be feature-specific, renewed on capability expansion, and whether it distinguishes between training-stage and inference-stage processing.

Third, proportionality carve-outs: research institutions, medical applications, and assistive technology providers operate on fundamentally different risk profiles than commercial deepfake services. A blanket requirement that fails to distinguish these cases is over-inclusive in ways that harm innovation without commensurate benefit.

The underlying principle driving TC260's June 2026 draft — that people should control how their biometric data is used in AI synthesis — is sound and widely defensible. The challenge is turning that principle into a standard that adds genuine clarity to China's AI governance framework, rather than one more layer in a stack that is already difficult enough for anyone outside a major platform's legal department to navigate.

Sources & Citations

  1. IAPP — TC260 June 2026 Amendment Coverage
  2. CAC — Deep Synthesis Provisions Announcement (Dec 2022)
  3. TC260 — Official National Standards Committee Site
  4. DigiChina — PIPL Full Translation (Stanford)
  5. DigiChina — Deep Synthesis Provisions Translation (Stanford)
  6. Biometric Update — China April 2026 Digital Virtual Human Draft
  7. ICLG — China Key AI Governance Developments 2025