How China’s AI Model Risk Governance Maturity Model Shapes Enterprise Compliance

AI Model Risk Governance Capability Maturity Model Standard

Algorithms and models are increasingly used in finance, recommendation systems, e‑commerce, intelligent diagnosis, and enterprise services, becoming key drivers of digital transformation and modern governance. Recent Chinese regulations such as the Personal Information Protection Law and guidelines on algorithm governance require fairness, transparency, privacy protection, safety, auditability, and accountability.

Enterprises, as the main producers and users of AI models, must establish governance systems—through policies, processes, platforms, and technical tools—to ensure the entire lifecycle of models is safe, controllable, transparent, fair, privacy‑respecting, auditable, and supervised.

Standard Development

Led by the China Academy of Information and Communications Technology (CAICT) and the IT Risk Governance Working Committee of the China Internet Association, more than 20 enterprises co‑created the "Artificial Intelligence Model Risk Governance Capability Maturity Model" standard.

The standard addresses major risk challenges in AI model development, implementation, and use, specifying governance activities across the model lifecycle. It provides safeguards in strategy, organization, resource allocation, and technical measures, enabling rapid and flexible risk response and promoting technology for good.

The standard aligns closely with regulatory requirements, helping enterprises meet legal obligations and improve their algorithmic risk governance capabilities.

Maturity Assessment

CAICT conducts the "Artificial Intelligence Model Risk Governance Capability Maturity Assessment" to verify enterprises' risk governance abilities, benchmark against industry best practices, and raise overall governance levels. The assessment currently includes 16 modules and classifies organizations into five levels: Basic, Enhanced, Excellent, Outstanding, and Leading.

The first batch of assessments has been completed, with results publicly announced.

Benefits of the Assessment

Self‑check: Identify weak points and potential risks before formal assessment.

Third‑party verification: Validate the controllability and management level of AI model risks across the full lifecycle.

Benchmarking: Compare against industry best practices to improve risk governance capabilities.

Regulatory compliance: Implement concrete measures to meet regulatory requirements and build a robust compliance framework.

Cost reduction: Adopt differentiated model management based on risk, optimizing resources and lowering management costs.

2022 First‑Batch Assessment Launch

The first batch of the 2022 AI model risk governance capability maturity assessments has officially started. Enterprises are invited to apply.

Application period: now until the end of February. Assessment period: early March to early May. Expert review: mid‑May 2022. To apply, email [email protected] (cc: [email protected], [email protected]) with company name, contact person, and contact details.

For inquiries, contact: Liang Ye – 17801066261 – [email protected] Wang Yang – 13269376063 – [email protected] Chen Yang – 13811870811 – [email protected]