The Cyberspace Administration of China (CAC) and Ministry of Public Security have jointly issued the Security Management Measures for Facial Recognition Technology Applications, set to take effect on 1 June 2025. These measures (1) requires specific purpose and minimum necessary data collection; (2) mandates explicit separate consent for facial data use if the legal basis is consent; (3) prohibits internet transmission of facial data without consent; (4) limits storage duration to operational necessities; (5) compulsory impact assessments for high-risk processing; and (6) requires organisations to file records with CAC when storing 100,000+ facial templates. The measures also set out enhanced security protocols including: (1) bans on facial recognition as sole verification method where alternatives exist; (2) prioritization of national identity databases for authentication; (3) prohibition of coercive facial scans for services; (4) restriction on installation in private spaces (hotel rooms, bathrooms, etc.); and (5) requirement for encryption, access controls, and audit mechanisms.
Click here for the official article/release
Disclaimer
The Legal Wire takes all necessary precautions to ensure that the materials, information, and documents on its website, including but not limited to articles, newsletters, reports, and blogs (“Materials”), are accurate and complete. Nevertheless, these Materials are intended solely for general informational purposes and do not constitute legal advice. They may not necessarily reflect the current laws or regulations. The Materials should not be interpreted as legal advice on any specific matter. Furthermore, the content and interpretation of the Materials and the laws discussed within are subject to change.
