夜雨聆风国家网信办等部门2026年5月8日发布的《智能体规范应用与创新发展实施意见》(以下简称《意见》或新规),确立了“安全可控、规范有序、创新驱动、应用牵引”的基本原则,将安全可信要求贯穿智能体全生命周期,从技术研发方向、标准体系、安全架构到功能边界、决策权限、行为管控等方面,对AI智能体的技术路径和功能权限设计形成了系统性、强制性的约束与引导。
深圳王小敏律师长期保持对智能体技术发展与合规问题的关注与研究,现从智能体技术路径及功能权限设计的角度,对《意见》相关内容进行解读,供参考。
一、对AI智能体技术路径的影响
《意见》明确了智能体技术发展的合规底线和优先方向,推动技术路径从“功能优先”向“安全与功能深度融合”转型:
1.技术底座研发方向的强制性引导
(1)模型体系重构:新规要求构建“通用基础模型+行业专用模型”的产品矩阵,改变过去单一追求通用大模型能力的路线,鼓励针对不同场景和设备优化模型,同时强制提升高质量合规数据集的供给能力,为智能体训练奠定数据安全基础。
(2)核心能力攻关优先级调整:新规将任务理解、任务规划、工具使用、长期记忆、互认互通、群体协同列为核心技术攻关方向,取代过去单纯追求生成能力的技术导向,重点提升智能体的实际执行能力和协同能力。
(3)工具链全周期覆盖:新规要求完善研发、测试、部署、运维全流程工具链,同时强制发展对抗样本检测、行为异常检测等安全治理工具,安全工具从“可选组件”变为“标配模块”,需与智能体核心系统同步研发、同步上线。
2.标准化与互联互通技术成为必选项
(1)强制推进互联标准:新规明确要求加快推广智能体互联协议(AIP)等关键国家标准、行业标准,未来跨平台、跨厂商智能体的互联互通必须遵循统一协议,打破技术孤岛。
(2)智能互联网技术布局:新规要求研究建立智能互联网体系架构,开发智能体注册平台和数字身份管理技术,所有智能体需具备唯一可信数字身份,支持身份验证、能力声明、合规状态查询等功能。
(3)接口标准化:新规要求制定智能体与软件工具、应用服务、硬件外设的基础接口标准,改变过去厂商自定义接口的混乱局面,降低适配成本的同时实现统一管控。
3.内生安全技术成为技术体系的核心组成
(1)全维度安全技术嵌入:新规要求研究智能体数据安全、个人信息保护、密码防护、攻击检测、权限管理、行为控制等安全技术,安全技术不再是事后补丁,需融入智能体的底层架构。
(2)行为管控技术强制应用:新规要求发展规则内嵌、行为围栏技术,确保智能体在不同场所的行为合规;同时鼓励利用区块链技术建立重要场景行为可验证、可追溯机制,实现全链路审计。
(3)安全检测与评估技术配套:新规要求研究智能体安全检测技术,建立安全评估体系,智能体上线前需通过合规检测,推动安全检测技术成为独立的技术分支。
4.供应链安全技术贯穿全生命周期
(1)全流程安全管控技术:新规要求制定智能体开发、部署、应用、维护全周期安全规范,重点加强模型接入、API调用、扩展工具使用等环节的安全管理技术,防范第三方组件引入的安全风险。
(2)供应链预警技术:新规要求建立供应链安全信息共享和预警机制,推动企业研发供应链风险监测技术,及时发现并阻断恶意组件和漏洞。
5.分类分级适配技术成为差异化研发重点
(1)敏感领域高安全技术:针对医疗、交通、公共安全等敏感领域,新规要求研发强审计、强管控、高可靠的技术方案,支持备案、检测、召回等管理措施的技术落地。
(2)低风险领域高效治理技术:针对生活娱乐、日常办公等低风险领域,新规要求开发合规自测、自动报告等轻量化治理工具,在保障安全的前提下提升创新效率。
二、对AI智能体功能权限设计的影响
《意见》首次明确了智能体决策权限的边界框架和行为管控规则,推动功能权限设计从“最大化自主”向“用户主导、分级授权、边界清晰”转型,主要体现在以下方面:
1.确立“三分法”决策权限边界框架
《意见》明确将智能体决策方式划分为三类,成为目前智能体权限设计的主要依据和政策指引:
(1)仅限用户本人决策:涉及重大人身、财产安全和公共利益的事项,智能体不得参与决策,仅可提供信息支持。
(2)用户授权决策:需用户明确授权后,智能体方可执行操作,且授权必须是细粒度、可撤销的。
(3)智能体自主决策:仅可在用户授权范围内、非敏感场景下进行低风险自主决策。
同时要求用户对所有自主决策享有知情权和最终决策权,智能体执行操作不得超出授权范围,禁止实践中争议极大的“默认授权”或“一揽子授权”。
2.基于场景的行为权限分级管控
(1)场所维度:新规要求针对公共场所、隐私场所、专门场所设置不同的行为围栏,例如在隐私场所禁止智能体开启摄像头、麦克风等感知设备,在公共场所禁止智能体进行未经授权的人脸识别。
(2)行业维度:明确医疗、交通、媒体、公共安全等领域需制定强制性标准,限制智能体的核心功能权限,例如医疗智能体仅可提供辅助诊断建议,不得独立作出诊疗决策。
(3)风险维度:敏感领域智能体实行备案制,功能需经第三方检测合格后方可上线;低风险领域智能体可通过合规自测上线,但需接受平台和行业自律监管。
3.伦理与合规功能成为强制标配
(1)价值观对齐功能:新规要求智能体内置内容审核和价值观过滤功能,防止传播不良价值观、实施算法压榨等行为。
(2)特殊群体保护功能:新规要求设计防沉迷、防情感依赖功能,防范未成年人、老年人过度使用智能体产生的风险。
(3)反滥用功能:新规要求智能体具备识别并拒绝自动化攻击、隐私侵犯、虚假信息生成、网络诈骗等违法请求的功能。
4.全链路可追溯与审计功能要求
(1)重要应用场景的智能体必须具备行为可验证、可追溯功能,完整记录决策过程、操作日志和数据流转轨迹,保存期限需符合相关法律法规要求。
(2)支持监管部门和用户对智能体行为进行审计,当发生安全事件时,能够快速定位责任主体和问题原因。
5.供应链相关的权限管控功能
(1)新规要求智能体平台具备模型接入、API调用、扩展工具的权限审批和监控功能,对第三方组件的权限进行严格隔离,防止越权访问。
(2)建立第三方组件安全审计功能,定期检测组件漏洞和恶意行为,发现问题及时禁用并通知用户。
6.用户控制权强化的功能设计
(1)细粒度授权管理:新规要求支持用户对智能体的感知权限(摄像头、麦克风)、数据访问权限、操作执行权限进行单独设置和随时撤销。
(2)决策透明化:新规要求智能体向用户清晰说明自主决策的依据和过程,不得隐瞒关键信息。
(3)应急关停与召回:具备一键关停智能体所有功能的应急按钮,同时支持问题产品的远程召回和升级修复。
三、总结与建议
《意见》的发布标志着我国AI智能体治理进入规范化、法治化新阶段。对于企业而言,建议在技术路径上将安全可信作为核心竞争力,同步推进核心能力研发与安全技术布局,主动适配国家标准和互联互通要求;同时,在功能权限设计上需严格遵循“用户主导、分级授权”原则,明确决策边界,强化合规与伦理功能。
笔者认为,在人工智能发展已进入智能体广泛应用的时期,只有将合规要求深度嵌入智能体的技术架构和产品设计当中去,才能降低合规风险,避免产生不必要的行业争议与内耗,实现规范发展与创新突破的平衡。
附:AI智能体产品合规自查清单(2026最新版)(略)
如需以上附件《AI智能体产品合规自查清单(2026最新版)》完整版,可微信联系freefly2105(注明来意+实名)。想获取更多AI合规自查清单、AI管理制度规范等文本资料/参与深度讨论,可加入知识星球【云端数智法】。
Impact Interpretation of New Regulatory Rules on AI Agent Technology Paths and Functional Permission Design (with Compliance Self-Inspection Checklist)
On May 8, 2026, the Cyberspace Administration of China (CAC) and other relevant departments issued the Implementation Opinions on Regulated Application and Innovative Development of Intelligent Agents (hereinafter referred to as the "Opinions" or the "New Rules"). The document establishes the basic principles of "security and controllability, standardization and orderliness, innovation-driven, and application-led", integrates security and trustworthiness requirements throughout the entire life cycle of intelligent agents, and imposes systematic and mandatory constraints and guidance on the technology paths and functional permission design of AI agents from aspects including technology R&D directions, standard systems, security architectures, functional boundaries, decision-making permissions, and behavior management.
Lawyer Wang Xiaomin from Shenzhen has long maintained attention and research on the technological development and compliance issues of intelligent agents. This article interprets the relevant contents of the Opinions from the perspectives of intelligent agent technology paths and functional permission design for reference.
I. Impact on AI Agent Technology Paths
The Opinions clearly define the compliance bottom lines and priority directions for the development of intelligent agent technologies, driving the transformation of technology paths from "function-first" to "deep integration of security and function":
1. Mandatory Guidance on Technology Base R&D Directions
(1) Model System Reconstruction: The new rules require the construction of a product matrix of "general foundation models + industry-specific models", changing the past route that solely pursued the capabilities of general large models. It encourages optimizing models for different scenarios and devices, while mandating the improvement of the supply capacity of high-quality compliant datasets to lay a data security foundation for intelligent agent training.
(2) Adjustment of Priorities for Core Capability Breakthroughs: The new rules list task understanding, task planning, tool usage, long-term memory, mutual recognition and interoperability, and group collaboration as the core technology breakthrough directions, replacing the previous technology orientation that purely pursued generation capabilities. The focus is shifted to enhancing the practical execution and collaboration capabilities of intelligent agents.
(3) Full-Cycle Coverage of Toolchains: The new rules require improving the toolchains for the entire process of R&D, testing, deployment, and operation and maintenance. Meanwhile, it mandates the development of security governance tools such as adversarial sample detection and abnormal behavior detection. Security tools have changed from "optional components" to "standard modules" and must be developed and launched simultaneously with the core systems of intelligent agents.
2. Standardization and Interoperability Technologies Become Mandatory
(1) Mandatory Promotion of Interconnection Standards: The new rules explicitly require accelerating the promotion of key national and industry standards such as the Intelligent Agent Interconnection Protocol (AIP). In the future, interconnection between cross-platform and cross-vendor intelligent agents must follow unified protocols to break down technological silos.
(2) Layout of Intelligent Internet Technologies: The new rules require researching and establishing an intelligent internet system architecture, and developing intelligent agent registration platforms and digital identity management technologies. All intelligent agents must possess a unique and trusted digital identity that supports functions such as identity verification, capability declaration, and compliance status query.
(3) Interface Standardization: The new rules require formulating basic interface standards for intelligent agents with software tools, application services, and hardware peripherals, changing the past chaotic situation of vendor-customized interfaces, reducing adaptation costs while achieving unified management and control.
3. Endogenous Security Technologies Become Core Components of the Technical System
(1) Full-Dimensional Security Technology Embedding: The new rules require researching security technologies for intelligent agents including data security, personal information protection, cryptographic protection, attack detection, permission management, and behavior control. Security technologies are no longer post-event patches but need to be integrated into the underlying architecture of intelligent agents.
(2) Mandatory Application of Behavior Control Technologies: The new rules require the development of built-in rules and behavioral fencing technologies to ensure the compliant behavior of intelligent agents in different venues. Meanwhile, it encourages the use of blockchain technology to establish verifiable and traceable mechanisms for behaviors in important scenarios, achieving full-link auditing.
(3) Supporting Security Detection and Evaluation Technologies: The new rules require researching intelligent agent security detection technologies and establishing a security evaluation system. Intelligent agents must pass compliance testing before going online, promoting security detection technologies to become an independent technical branch.
4. Supply Chain Security Technologies Run Through the Entire Life Cycle
(1) Full-Process Security Control Technologies: The new rules require formulating full-cycle security specifications for the development, deployment, application, and maintenance of intelligent agents, with a focus on strengthening security management technologies for links such as model access, API calls, and extended tool usage to prevent security risks introduced by third-party components.
(2) Supply Chain Early Warning Technologies: The new rules require establishing a supply chain security information sharing and early warning mechanism, promoting enterprises to develop supply chain risk monitoring technologies to timely detect and block malicious components and vulnerabilities.
5. Classification and Grading Adaptation Technologies Become the Focus of Differentiated R&D
(1) High-Security Technologies for Sensitive Fields: For sensitive fields such as healthcare, transportation, and public security, the new rules require the development of technical solutions with strong auditing, strict control, and high reliability, supporting the technical implementation of management measures such as filing, detection, and recall.
(2) Efficient Governance Technologies for Low-Risk Fields: For low-risk fields such as daily life entertainment and office work, the new rules require the development of lightweight governance tools such as compliance self-testing and automatic reporting to improve innovation efficiency while ensuring security.
II. Impact on AI Agent Functional Permission Design
The Opinions clearly define the boundary framework for intelligent agent decision-making permissions and behavior management rules for the first time, driving the transformation of functional permission design from "maximizing autonomy" to "user-led, graded authorization, and clear boundaries". This is mainly reflected in the following aspects:
1. Establishment of a Three-Tier Decision-Making Permission Boundary Framework
The Opinions explicitly divide intelligent agent decision-making methods into three categories, which have become the main basis and policy guidance for current intelligent agent permission design:(1) User-Only Decision-Making: For matters involving major personal, property safety and public interests, intelligent agents shall not participate in decision-making and may only provide information support.(2) User-Authorized Decision-Making: Intelligent agents may perform operations only after explicit user authorization, and the authorization must be fine-grained and revocable.(3) AI Agent Autonomous Decision-Making: Low-risk autonomous decision-making may only be conducted within the scope of user authorization and in non-sensitive scenarios.
At the same time, it requires that users have the right to know and the final decision-making power over all autonomous decisions. Intelligent agents shall not perform operations beyond the scope of authorization, and the highly controversial "default authorization" or "blanket authorization" in practice is prohibited.
2. Scenario-Based Graded Control of Behavioral Permissions
(1) Venue Dimension: The new rules require setting different behavioral fences for public places, private places, and specialized places. For example, intelligent agents are prohibited from turning on sensing devices such as cameras and microphones in private places, and from conducting unauthorized face recognition in public places.(2) Industry Dimension: It is clarified that mandatory standards shall be formulated for fields such as healthcare, transportation, media, and public security to restrict the core functional permissions of intelligent agents. For example, medical AI agents may only provide auxiliary diagnosis suggestions and shall not independently make diagnosis and treatment decisions.(3) Risk Dimension: Intelligent agents in sensitive fields shall implement a filing system, and their functions must pass third-party testing before going online. Intelligent agents in low-risk fields may go online through compliance self-testing but shall be subject to platform and industry self-regulatory supervision.
3. Ethical and Compliance Functions Become Mandatory Standard Configurations
(1) Value Alignment Functions: The new rules require intelligent agents to have built-in content review and value filtering functions to prevent the dissemination of bad values and the implementation of algorithmic exploitation.(2) Special Group Protection Functions: The new rules require the design of anti-addiction and anti-emotional dependence functions to prevent risks arising from excessive use of intelligent agents by minors and the elderly.(3) Anti-Abuse Functions: The new rules require intelligent agents to have the function of identifying and rejecting illegal requests such as automated attacks, privacy violations, false information generation, and online fraud.
4. Full-Link Traceability and Audit Function Requirements
(1) Intelligent agents in important application scenarios must have verifiable and traceable behavior functions, completely recording decision-making processes, operation logs, and data flow trajectories, with the retention period complying with the requirements of relevant laws and regulations.(2) They shall support regulatory authorities and users in auditing the behaviors of intelligent agents, enabling rapid identification of responsible subjects and root causes when security incidents occur.
5. Supply Chain-Related Permission Control Functions
(1) The new rules require intelligent agent platforms to have permission approval and monitoring functions for model access, API calls, and extended tools, and strictly isolate the permissions of third-party components to prevent unauthorized access.(2) Establish third-party component security audit functions, regularly detect component vulnerabilities and malicious behaviors, and promptly disable and notify users when problems are found.
6. Functional Design for Strengthening User Control
(1) Fine-Grained Authorization Management: The new rules require supporting users to individually set and revoke at any time the sensing permissions (cameras, microphones), data access permissions, and operation execution permissions of intelligent agents.(2) Decision-Making Transparency: The new rules require intelligent agents to clearly explain the basis and process of autonomous decision-making to users and shall not conceal key information.(3) Emergency Shutdown and Recall: Equipped with an emergency button to shut down all functions of the intelligent agent with one click, while supporting remote recall and upgrade repair of problematic products.
III. Summary and Recommendations
The release of the Opinions marks that China's AI agent governance has entered a new stage of standardization and legalization. For enterprises, it is recommended to take security and trustworthiness as the core competitiveness in technology paths, simultaneously promote core capability R&D and security technology layout, and actively adapt to national standards and interoperability requirements. Meanwhile, in functional permission design, enterprises must strictly follow the principle of "user-led, graded authorization", clarify decision-making boundaries, and strengthen compliance and ethical functions.
The author believes that in the era when artificial intelligence has entered the stage of widespread application of intelligent agents, only by deeply embedding compliance requirements into the technical architecture and product design of intelligent agents can enterprises reduce compliance risks, avoid unnecessary industry disputes and internal frictions, and achieve a balance between standardized development and innovative breakthroughs.
Appendix: AI Agent Product Compliance Self-Inspection Checklist (Latest 2026 Edition) (Omitted)
The above Compliance Self-Checklist is for reference only. For the complete version, you may contact via WeChat: freefly2105 (please specify the purpose + real name). To obtain more text materials such as AI compliance self-checklists/AI management system specifications or participate in in-depth discussions, you can join the Knowledge Planet [云端数智法].
声明:
Disclaimer:
本文仅代表作者个人观点,不视为正式法律意见或建议。交流讨论或申请转载/加入“云端数智法”社群,请扫描下方二维码或添加微信freefly2105
The views expressed herein are solely those of the author and do not constitute formal legal advice or opinion. For discussions, reprint permissions, or to join the "Cloud Digital Intelligence Law" community, please scan the QR code below or add WeChat: freefly2105.
About Shenzhen-based Lawyer Wang Xiaomin
Lawyer Wang Xiaomin is dedicated to creating and reshaping legal value in the AI era. He positions himself as a practitioner of AI compliance, a mitigator of AI hallucinations, an advocate for AI ethics, and a guardian of AI safety.
A graduate of Southwest University of Political Science and Law—one of China's prestigious "Five Schools and Four Departments"—Wang brings a unique dual perspective from both legal practice and in-house counsel roles. He previously worked at Tencent Group and Tencent Music Entertainment Group (TME). Currently, he practices at a leading national law firm in Shenzhen.
His practice focuses on legal research and practice within the digital economy and artificial intelligence sectors, with particular expertise in intellectual property and trade secrets, data privacy and protection, AI cyberlaw, and dispute resolution.
