China has made public a set of security management measures concerning the application of facial recognition technology, aiming to standardize the use of the technology and protect individuals' personal information rights.
Jointly released by the Cyberspace Administration of China (CAC) and the Ministry of Public Security, the measures will go into effect on June 1, 2025.
The document sets forth basic requirements and processing rules for the use of facial recognition technology in handling facial data, security standards for the application of the technology, as well as relevant supervisory and management responsibilities.
Notably, regarding mandatory facial recognition, an issue of wide concern which often occurs at hotel check-ins and residence area entrances, the document introduces a non-mandatory principle, stipulating that facial recognition cannot be the sole verification method if "the same purpose or business requirement can be achieved through other non-facial recognition methods."
If individuals do not consent to identity verification through facial recognition, they should be provided with other reasonable and convenient alternatives, according to the measures.
Facial recognition data is sensitive personal information, and once it is leaked, it can cause significant harm to individuals' personal and property security, and even pose a threat to public safety, said an official with the CAC.
