AI Regulation Tracker / Technical guidance
China's TC260 issues a security guide for deploying and using AI agents
On July 6, 2026, China's national cybersecurity standards body, TC260, issued a voluntary practice guide that sets lifecycle security guidance for AI agents across five stages: assessment, preparation, deployment, use, and decommissioning. It is guidance, not a mandatory standard, but it is worth reading closely.
China has spent the past two years building rules around generative AI, and most of the attention has gone to the mandatory pieces: the labeling measures, the security assessments, the algorithm filings. This document is a different kind of instrument. TC260 did not pass a law here. It issued a practice guide, the softer end of China's standards toolkit, aimed at teams that are already putting AI agents into production and want a common reference for doing it securely.
What the guide covers
The guide addresses agentic AI specifically, the systems that plan and take actions rather than just answer a prompt, and it walks through the security questions that come with letting software act on its own. Its own scope statement puts it plainly: 本文件提供了智能体部署使用的安全指导,涵盖评估、准备、部署、使用、退出等阶段。 In English, the document provides security guidance for deploying and using AI agents, covering the assessment, preparation, deployment, use, and decommissioning stages.
Read as a lifecycle, the five stages map to concrete practices. Assessment is the pre-use security review, checking what an agent can reach and what could go wrong before it goes live. Preparation is hardening the environment before deployment. Deployment and use is where the operational controls sit, and the guide leans on least-privilege and permission controls so an agent holds only the access it needs. Decommissioning is the exit, and here the emphasis is on secure data erasure so an agent that is retired does not leave sensitive data behind. The guide also frames itself as something a buyer can use as a reference when selecting a commercial agent service, which makes it a procurement checklist as much as an engineering one.
Guidance is not a mandatory standard
This is the distinction to keep straight. A TC260 practice guide is not a GB national standard, and it does not create a compliance obligation on its own. Nobody is required by law to follow it. What it does is establish a voluntary baseline, a recommended way to do the work that carries the weight of the national standards committee behind it.
The practical reality is more nuanced than the legal one. In China, security teams and enforcers often treat TC260 guidance as the de facto expectation, the reference point auditors reach for when they assess whether an organization handled a system responsibly. So while the guide does not require anything, ignoring it is not the same as ignoring an ordinary vendor whitepaper. Treat it as the baseline others will measure you against, not as a rule you must certify to.
Why a US professional should track this
If your organization deploys AI agents in China, or procures agent services from Chinese providers, this guide is the clearest statement yet of what good security practice is expected to look like there. The direct work is mapping your agent deployments against the five stages, especially the least-privilege controls in operation and the data-erasure step at decommissioning, since those are the two places agent security most often gets thin.
There is a second reason to watch it. Agent security is an unsettled area everywhere, and few regulators have published a lifecycle framework this specific. TC260 moving first on agentic AI, even in a voluntary form, gives the rest of the world a concrete reference to react to. For a US professional, it is a useful benchmark for what a mature agent-security program looks like, regardless of where your systems run.
Questions professionals are asking
Is this a law companies in China must comply with?
No. It is a voluntary TC260 practice guide, not a mandatory GB national standard, so it does not create a legal compliance obligation on its own. In practice, though, Chinese security teams and regulators often treat TC260 guidance as the de facto baseline, so it is best read as the benchmark you will be measured against.
What are the five stages the guide covers?
Assessment, preparation, deployment, use, and decommissioning. In plain terms that means a pre-use security review, hardening before you go live, least-privilege permission controls while the agent runs, and secure data erasure when the agent is retired.
Does this affect a US company?
It affects US organizations that deploy AI agents in China or buy agent services from Chinese providers. The practical step now is to map your agent deployments to the five stages, focusing on operational permission controls and data erasure at decommissioning, and to use the guide as a reference when selecting a commercial agent service.
RELATED BRIEFINGS
Browse the full AI Regulation News tracker
Informational analysis for working professionals, not legal advice. Confirm how any rule applies to your situation with qualified counsel in the relevant jurisdiction.