Notes from the Asia-Pacific Region: China’s ‘Two Sessions’ Looks to the Country’s AI Future
With a warm breeze, spring has arrived in China and the data and artificial intelligence landscape is heating up.
The Significance of March in China
March is a pivotal month in China as it is when the “Two Sessions” of the National People’s Congress normally convene in Beijing. Top leaders and stakeholders from various fields gather to discuss and set China’s development plans and priorities for the upcoming 12 months.
AI as a Driving Force
In the Central Government Work Report delivered by China’s Premier Li Qiang at the Two Sessions, AI is positioned as the driving force for new quality productive forces. This represents a significant shift in China’s digital economy from a data-driven to an intelligence-driven model. The government aims to actively promote the development and deployment of new-generation smart devices and agentic AI, while providing robust support for building open-source AI infrastructures. To balance innovation and risk, there will be an ongoing enhancement of AI governance.
Legislative Developments
Notably, during the Two Sessions, China’s Supreme Court announced an expedited legislative process for AI laws and regulations. Courts will strive to handle more AI-related cases, clarifying the delicate boundary between innovation and infringement. Additionally, they will draft more judicial policies to guide businesses on complex issues such as the originality of AI-generated content and the legality of training data.
The Rise of OpenClaw
In March 2026, the open-source AI agent project OpenClaw — nicknamed “Lobster” because of its icon — went viral in China, becoming a significant tech phenomenon. Powered by autonomous decision-making, multitool collaboration, and complex task automation, it gained widespread adoption among developers and ordinary internet users.
Security and Privacy Risks
However, significant security and privacy risks emerged due to OpenClaw’s architecture. Issues such as plug-in vulnerabilities, prompt injection, data leakage, and unauthorized access prompted regulators in China to issue risk alerts. Enterprises are now required to restrict access to sensitive data, strengthen access control, audit logs, anonymize data, and ban unprotected use in financial and other key industries. These alerts are crucial in helping users understand and manage the risks associated with “raising the lobster,” or using OpenClaw.
Regulatory Approach in Hong Kong
A similar regulatory strategy has been adopted in Hong Kong. The Office of the Privacy Commissioner for Personal Data issued a March 16 alert reminding business organizations and the public to be aware of personal data privacy and security risks. This is essential to avoid potential breaches, malicious system takeovers, and cybersecurity threats before deploying or using OpenClaw and other agentic AI.
Practical Recommendations
To minimize risks, the PCPD offered practical suggestions, such as granting minimum access rights to agentic AI, using the latest official version, adopting adequate data and cybersecurity measures, installing and using plugins with caution, and conducting continuous risk assessments.
