National Technical Committee on Cybersecurity of Standardization Administration Released Six Practical Guidelines on Labeling AI-Generated or Composed Content

As mentioned in the previous article, according to Articles 5 and 6 of the "Measures for Labeling of Artificial Intelligence Generated or Composed Content" (hereinafter referred to as the "Measures"), service providers must embed implicit labels in the metadata of generated or composed content.  Meanwhile, providers of online content dissemination services are required to implement verification measures to regulate the dissemination of such content.  To implement these "Measures" and in accordance with the mandatory national standard GB 45438—2025" Cybersecurity Technology – Labeling Methods for Artificial Intelligence-Generated or Composed Content", on August 28, 2025, the Secretariat of the National Technical Committee on Cybersecurity of Standardization Administration (hereinafter referred to as the "Committee") released six cybersecurity standard practical guidelines (hereinafter referred to as the "Guidelines").  These aim to guide both generated or composed content service providers and content dissemination service providers in carrying out labeling activities related to AI-generated or composed content.

The six Guidelines cover implicit metadata labeling methods, metadata security protection techniques, and detection frameworks for AI-generated or composed content such as text, images, audio, and video.  The documents specify technical requirements and security protection measures for implicit metadata labeling across various content types, offering technical references for relevant service providers.

For video files, "Guideline 01" ^[1] outlines two approaches.  One is for formats such as MP4, MOV, AVI, MKV, WebM, and FLV, where native embedding is used for implicit metadata labeling.  For other formats, it proposes using the XMP standard, with reference examples provided.

For text files, "Guideline 02" ^[2] addresses labeling methods for formats based on OOXML, UOF, PDF, OFD, Markdown, XMind, POSM, and POSF, and suggests that other formats may refer to these methods.  Reference examples are also included.

For image files, "Guideline 03" ^[3] presents a general implicit metadata labeling method for formats such as HEIF/HEIC, JPEG/JPG, PNG, TIFF, WebP, and GIF, with additional alternatives provided in Appendix B.

For audio files, "Guideline 04" ^[4] offers native embedding-based labeling methods for formats based on RIFF, MP3, OGG, FLAC, and M4A, and also provides XMP-based labeling for other formats.

In addition, "Guideline 05" ^[5] introduces security protection techniques and reference formats for security protection information for implicit metadata labeling in AI-generated or composed content files.  This ensures the authenticity, integrity, and association between labels and files during content dissemination.

"Guideline 06" ^[6] presents a detection framework for AI-generated or composed content, outlining aspects such as objective setting, detection processes, algorithms, and detection service packaging.  It also provides common detection algorithms and service packaging solutions, offering standardized guidance for the design, development, and application of detection systems for AI-generated or composed content.  Furthermore, the Committee plans to release evaluation methods and specific detection guidelines for images, videos, audio, and text.

In summary, if a company is a provider of AI-generated or composed content or a content dissemination service, it must comply with the currently released and upcoming guidelines to lawfully and systematically carry out labeling activities when it comes to AI-generated or composed content.