From Jun。 1, No Face Recognition in Hotels, Restrooms & More

Source: OT-Team(G)，中国网信网

  The "Regulations on the Security Management of Facial Recognition Technology Applications" (hereinafter referred to as the "Regulations") will take effect on June 1, 2025.

A spokesperson from the National Internet Information Office emphasized that the use of facial recognition technology is closely tied to facial information security, a matter of great concern to society. To standardize the use of this technology and protect personal information rights, the new regulations set forth guidelines on the basic requirements, processing rules, safety standards, and supervisory responsibilities related to facial recognition applications.

The "Regulations" outline several key principles for using facial recognition technology. 

Regarding the processing of facial information, the "Regulations" stipulate that any use of facial recognition technology must have a clear, legitimate purpose and should minimize any impact on personal rights. Strict protective measures must be implemented. Organizations must also fulfill their obligation to inform individuals and obtain explicit consent for processing their facial data, especially for minors under the age of 14, where parental consent is required. Additionally, facial data should not be transmitted over the internet unless legally required or with the individual's consent. Data retention must be limited to the shortest period necessary for the processing purpose.

The "Regulations" set out safety standards for facial recognition technology. For example, alternative technologies should be considered if they can achieve the same objectives without relying solely on facial recognition. The use of national identity databases and public network authentication services is encouraged for identity verification. The installation of facial recognition systems in public spaces must be justified for public safety, with clearly marked zones for data collection. Moreover, devices should not be placed in private spaces such as hotel rooms or restrooms. Security measures such as data encryption and intrusion detection are mandatory to protect the data.

On the supervisory front, any entity that processes facial information for over 100,000 people must file a report with local internet authorities within 30 working days. A collaboration mechanism will be established between internet regulators, law enforcement, and other departments to ensure information protection.

The "Regulations" also outline legal consequences for non-compliance and provide clear definitions for relevant terms.

For the full text in Chinese, please visit:

https://www.cac.gov.cn/2025-03/21/c_1744174262156096.htm