The U.S. used its AI kill switch in June. China appears to be building one for July.
Beijing has spent the past month in quiet talks with its biggest AI companies about restricting who gets to use them, according to Reuters.
The sessions were convened by China's Ministry of Commerce, Reuters reported, citing three sources who spoke on condition of anonymity.
Participants discussed putting limits on both closed-source models and open-weight ones—the kind developers can download, run locally, and modify. Officials also raised making any unauthorized disclosure or theft of proprietary AI technology an offense under China's national security law, according to Reuters. Separately, participants floated new measures to restrict which investors can fund domestic AI startups.
The scope of any potential restrictions is still being debated. Two sources told Reuters the measures may only apply to future models, not existing ones. No timeline has been set, and it's not certain anything will come into force.
The AI PyramidHow any restrictions would work in practice is unclear, but hints surfaced in a summary published in a Supreme People's Court journal from a May roundtable of Chinese legal experts on open-source AI regulation. Participants proposed a three-tier structure: basic open-source tools would require a simple government filing; more advanced technologies would face security reviews before release; the most sensitive frontier models would be barred from public release or restricted to domestic use only.
That structure would mark a sharp reversal for Chinese AI companies, whose global gains have come almost entirely from openness. Alibaba's Qwen series has built a large following on Hugging Face, the world’s largest repository of open-source AI models. ByteDance's Doubao is one of the dominant AI products inside China. Z.ai's GLM-5.2 has attracted attention from U.S. researchers for matching top American models on some benchmarks while pricing API access at a fraction of the cost.
Any decision to restrict overseas access would likely raise costs for businesses that have come to rely on Chinese models as cheaper, less restricted alternatives to U.S. frontier systems. Officials also grew alarmed that Anthropic's Mythos—the cybersecurity model the Donald Trump administration restricted in June—could be reverse-engineered and turned against Chinese systems, adding a defensive urgency to the discussions.
The U.S. went first Beijing has been watching‼️ BREAKING: Anthropic has embedded hidden spyware-like code in Claude Code that covertly targets Chinese users. It then sends information regarding every user by injecting it into their prompt message.
The tiered structure proposed in China’s Ministry of Commerce discussions maps directly onto how the U.S. has handled chip export controls for three years—a policy history that narrowed China's capability gap rather than widened it.
Beijing had already been tightening the perimeter. Its state planning agency ordered Meta to unwind a $2 billion deal for AI startup Manus in April, under China's foreign investment security review mechanism. It required Moonshot AI and StepFun to obtain government approval before accepting U.S. capital in funding rounds, and a broader regulatory package released in early June extended scrutiny to cross-border transactions touching Chinese technology and data.
The escape valve closesThat logic only holds if Chinese models stay open. If Beijing restricts overseas access to its frontier systems—closed-source or open-weight—the escape valve closes. Z.ai's GLM-5.2 built its pitch entirely around borderless access under an MIT license; restricting that distribution cancels the pitch.
This may spell trouble for small labs and developers all over the world who trust and build on open-source technologies, since China has up to now led in that area.


















