after building its AI ecosystem on open-source, Beijing is moving to resolve its security vulnerabilities through onshoring and standardisation
Open-source gave the PRC its most striking AI victories. Seven of the world’s top ten open-source models are now PRC-built. Now Beijing wants to govern the ecosystem that made that possible.
Yet open-source works because it is open: distributed, international, and lightly governed. The architecture Beijing is building pushes in the opposite direction.
The benefits of open source are well understood in Beijing. Gao Wen 高文, Chinese Academy of Engineering, argued in a February 2025 Qiushi article that open-source was central to DeepSeek’s popularity precisely because it lets developers adapt models for specialised purposes without bearing the full cost of training. A May 2026 Qiushi report from the journal’s economic editorial board and CCID Research Institute called open-source a way to ‘concentrate collective force‘, spreading cost across participants and lifting total output.
Beijing’s advisers are equally alert to the risks. Writing in Qiushi in 2019, Zhao Guangli 赵广立 China Science Daily reporter, warned that PyTorch and TensorFlow, the dominant AI frameworks, are built by Meta and Google, putting core tech leadership and rule-setting power outside PRC hands. Wang Xiaodong 王晓冬, then head of the National Information Centre Public Technology Service Department, made the operational case in a 2021 Information Security Research article, reposted by NDRC (National Development and Reform Commission). Google designs its TPUs and TensorFlow around each other, giving its own engineers a structural advantage no outside user can close. Microsoft-owned GitHub sits inside US jurisdiction; the Linux Foundation has limited PRC representation; a sanctions event could cut access to upstream updates overnight.
four ways to de-risk
The strategy varies with the stack: where a tool can be replaced, Beijing replaces it; where it cannot, Beijing works around it.
Direct replacement: some domestic alternatives are growing to compete directly with their international counterparts. LLMs (large language models) from overseas, including ChatGPT, Claude and Gemini, are prohibited; domestic open-source models such as DeepSeek, Qwen and Kimi fill the gap. On server operating systems, openEuler, backed by Huawei and OpenAtom, accounted for 57.3 percent of newly installed PRC server operating systems in 2025, up from 50.2 percent in 2024. On mobile, Huawei’s HarmonyOS, built on OpenAtom-hosted OpenHarmony, is now the world’s third largest operating system.
China mobile OS share: HarmonyOS vs iOS
Building backups: where full substitution is not yet feasible, Beijing builds parallel capability. Baidu’s PaddlePaddle and Huawei’s MindSpore, both AI training frameworks, each hold around 11 percent of PRC developer usage; PyTorch and TensorFlow, their US-built counterparts, remain at around 64 percent combined. The domestic alternatives are not yet substitutes, but they are insurance. Huawei continues to optimise its Ascend chips for both.
Downstream architecture: some international open-source tools are too embedded to replace. Kubernetes, Google’s software for managing large-scale cloud applications, holds around 70 percent of the PRC market. Replacing it would be expensive and unnecessary while it remains open. Instead, domestic firms have filled the layers built on top of it: tooling, procurement channels, support services and standards. If access to Kubernetes were ever cut off, PRC users could keep the version they already run while the rest of the stack remained intact.
Join and influence: for popular global ecosystems where the PRC can contribute and help set standards, Beijing increases its institutional weight from inside. RISC-V’s foundation relocated from the US to Switzerland to insulate it from jurisdictional capture; PRC contributions and standard-setting influence continue to grow there. The Linux Foundation receives the same treatment.
The strategies overlap and reinforce each other. openEuler directly replaces other operating systems, but remains a Linux derivative whose international position Beijing wants to protect. Kubernetes has a comprehensive domestic downstream architecture while PRC tech giants are some of its largest direct contributors. The GitHub and Hugging Face cases show how the strategies blur further. Gitee, the PRC’s answer to GitHub, has around 14 million users to GitHub’s 150 million; ModelScope, its answer to Hugging Face’s model repository, holds around 170,000 models to Hugging Face’s 2 million-plus. Neither is close to displacing its international counterpart, in part because Beijing encourages engagement with the global platforms: the communities are free resources to draw from, and contributing to them builds influence. The domestic alternatives provide a safety net in case access is ever cut off.
The strategies need rules behind them: a filing regime to make projects traceable, standards to make licences legible, and enforcement to make communities accountable.
the rulebook
The governance architecture has three layers. Market entry runs through CAC (Cyberspace Administration of China). Voluntary national standards build the technical and legal scaffolding underneath. Mandatory sectoral rules sit on top.
At the gate sits the August 2023 interim measures on generative AI services and the model filing regime that flows from them. Providers of public-facing services with opinion-shaping or social-mobilisation capacity must complete a security assessment and file with CAC before going to market. Deployed apps must display the model name and filing number. By end-2025, 748 generative AI services had been filed and 435 applications registered, with 446 filings and 330 registrations added in 2025 alone.
Below the filing regime sits a layer of voluntary national standards. GB/T 44272-2024, issued by SAMR (State Administration for Market Regulation) and SAC (Standardisation Administration of China) under TC28 (National Information Technology Standardisation Technical Committee), came into force in March 2025. It standardises the structure and compatibility logic of open-source licences, making obligations and compatibility legible for procurement and community governance. A draft standard on technical requirements for open-source model platforms is under review; the drafting consortium includes CESI (China Electronics Standardisation Institute), OpenAtom, Alibaba Cloud, and BAAI (Beijing Academy of Artificial Intelligence), among other industry associations, research institutes, and companies.The drafting consortium reads as a map of who Beijing trusts to define the category
Mandatory rules are arriving sector by sector. PBOC (People’s Bank of China) issued three standards in January 2024 covering terminology, management and evaluation for open-source software in finance. Other sectors are expected to follow.
Cutting across all layers are the Qinglang (clear and bright) campaigns, a series of recurring CAC-led enforcement drives originally aimed at cleaning up online content. They now extend to open-source communities: hosts can be penalised for failing to verify user identities, maintain emergency response procedures, or promptly remove problematic datasets and models.
OpenAtom as institutional bridge
OAF (OpenAtom Foundation) ties the architecture together. Founded in June 2020 with MIIT backing, it is a nonprofit secretariat whose founders include Alibaba, Baidu, Huawei and Tencent. Its weight comes not from its size but from its position: it incubates open-source projects, governs the communities around them, and sits on the national standards committees that determine how those projects get classified and procured.
Most PRC open-source projects are firm-led, built and maintained by Huawei, Alibaba or Baidu. Enterprise and government buyers worry about vendor lock-in and governance opacity when a single company controls the upstream. A foundation partially neutralises that by presenting projects as shared ecosystem infrastructure rather than corporate property. Running a project through OAF, from incubation through community building, developer training and enterprise participation, is also the path by which it becomes legible enough to be standardised by CESI and procurable by SOEs.
OAF turns open-source from a community practice into procurement infrastructure. It is not a regulator, but it makes the regulatory architecture work.
the balancing act
The four de-risking strategies depend on communities that remain attractive to developers. Heavy compliance burdens push developers elsewhere. The immediate risk is domestic: filing obligations, evaluation standards and lifecycle management fall hardest on the PRC developers and small firms that open-source was supposed to empower. Beijing is betting it can structure open-source without losing its openness. Whether domestic developer communities stay in the ecosystem will determine whether that bet pays off.
writing the rules
Xie Shaofeng 谢少锋 | OpenAtom Foundation chair
Xie calls open-source ‘the cornerstone of the digital economy’ and ‘a world technical language that crosses national borders’. OpenAtom’s job, in his framing, is to convert that language into a functioning ecosystem. Standards, he has argued, play a ‘foundational and guiding role’ and should be managed across the full lifecycle, from pre-research through approval, drafting, release, promotion, implementation and evaluation, with stronger safety lines around product security, algorithmic ethics and data privacy.
Xie chairs OpenAtom Foundation, elected to the role in March 2026. He brings two decades of experience at MIIT (Ministry of Industry and Information Technology) to the position, having previously served as chief engineer, director general of the Science and Technology Department, and director general of the Information and Software Services Department, where he led the ministry’s industrial internet and manufacturing digitalisation agendas. He also chairs the National Humanoid Robot Standardisation Technical Committee, established in November 2025
Fu Hongyu 傅宏宇 |Alibaba Research Institute AI Governance Center director
Applying a relatively lighter regulatory policy to open-source AI does not mean leaving risks unchecked, Fu wrote in June 2025. ‘It means reassessing the value of open-source AI from the perspective of technical tools, and using ecosystem-building to control risks and allocate responsibility.’ Open-source, he argues, should not be governed by copy-pasting closed-model regulation. Its distributed structure produces its own controls: developer self-governance, community scrutiny, faster vulnerability discovery and more transparent safety research. He proposes adaptive governance: classify open-source AI by risk, clarify responsibility across developers, deployers, platforms and users, and use ecosystem-building to allocate obligations rather than treating every release as a conventional commercial product.
Fu directs the AI Governance Centre and Data Economy Centre at Alibaba Research Institute and heads research for Alibaba’s Science and Technology Ethics Committee. He is an adjunct associate professor at UESTC (University of Electronic Science and Technology of China) School of Public Administration and a researcher at Tsinghua University’s Centre for Industrial Development and Environmental Governance. He co-authored ‘China’s emerging regulation toward an open future for AI’ in Science (2025).
Gou Husheng 苟护生 | China International Engineering Consulting Corporation (CIECC) chair and Party secretary
Gou’s September 2025 Qiushi article sets out an integrated framework for PRC AI development, situating open-source within a wider dialectic of autonomy, security, market function and social governance. PRC AI development turns on four dialectical pairs: independent innovation and open cooperation; development and security; government and market; industrial application and social governance. Quoting Xi Jinping, ‘independent innovation is innovation conducted within an open environment’, he argues that core technology autonomy is the ‘root’ without which open cooperation collapses into dependent development, but that closing the door produces a ‘technology island’. He credits the PRC’s open-source LLM ecosystem with breaking the closed-system monopoly of US technology firms, while acknowledging that international AI frameworks have provided foundational support for PRC AI innovation. International AI governance, in his reading, is now a contest of ‘multipolar competition and fragmented cooperation’, with the US pursuing technology hegemony, the EU pursuing regulatory leadership, and the PRC positioning around ‘technology sharing and capability co-building’ to narrow the digital divide. On security, he warns against both ‘slamming the brakes’ out of fear of risk and ‘flooring the accelerator’ in pursuit of innovation.
Rising through CIECC, a central SOE under SASAC (State-owned Assets Supervision and Administration Commission) providing consulting and evaluation services on major national investment projects, from South–North Water Diversion to manned spaceflight, Gou becoming chair and Party secretary in October 2021. He is a 14th CPPCC (Chinese People’s Political Consultative Conference) National Committee member and sits on its Economic Affairs Committee. He is a graduate of Northeastern Industrial Institute (now Northeastern University).