For three years, "AI" has mostly meant something that talks: you ask, it answers. The next wave does not answer, it acts.
It books the flight, moves the money, files the form, closes the ticket, on your say-so and sometimes without checking back first. Which raises the obvious question: once software starts doing things in the world, who is accountable for what it does?
China is the first country to write down an answer. On 8 May, its three most powerful tech regulators jointly issued a national rulebook for AI agents. If you saw the English coverage, you read that Beijing wants to "boost" agents and put them to work across the economy. True enough. But that is roughly half of what the document says, and it is the reassuring half. The other half, never translated, is where the state gives every agent a registered digital identity, sorts them by risk, and keeps itself able to trace them and switch them off.
This issue reads the whole document, in the language it was written in.
Parallel Frontier reads one primary-source document from China's or Russia's AI world in the original, every two weeks, and shows you what the English version leaves out. The name nods to 平行智能 ("parallel intelligence"), a real term in Chinese AI research.
What the document is. On 8 May 2026 the CAC, NDRC and MIIT jointly issued the Implementation Opinions on the Standardized Application and Innovative Development of Intelligent Agents (智能体规范应用与创新发展实施意见), China's first policy framework treating agents as a distinct governance object rather than an application layer on top of generative AI. (原文 / full text, cac.gov.cn; CAC press Q&A.) It defines an agent as a system capable of "autonomous perception, memory, decision-making, interaction, and execution" (自主感知、记忆、决策、交互、执行), and organises into four blocks of measures, Parts II through V: development foundations, a security baseline, 19 application scenarios, and ecosystem-building.
The following separates the record from my reading.
The fact register. Three features of the text are doing the real work, and English coverage has largely skipped two of them. First, Section 4 plans an "intelligent internet": agent registration platforms offering digital-identity management, discovery/search and capability declarations, plus research into agent identity systems, trusted interconnection, compliant payments and conflict resolution, riding IPv6. Second, Section 3 commits to a standards system built on agent interoperability protocols (AIP), with mandatory standards flagged for healthcare, transport, media and public security, and an explicit pledge to "actively participate in international standards." Third, Section 6 sets decision-authority tiers: actions reserved to the user, actions requiring user authorisation, and actions the agent may take autonomously, with the user retaining the "right to know" and "ultimate decision-making authority." Governance is tiered by scenario risk (Section 11): filing, testing and product-recall for sensitive sectors; self-assessment and platform governance for entertainment and office use.
The political read. The instinct to read this as a control document misses half of it. The binding lineage runs back to the State Council's August 2025 "AI+" Initiative, whose phased target is 70% adoption of next-generation terminals and agents by 2027. That is why the issuers are CAC and NDRC and MIIT: content control fused with macro-planning and industrial policy. The document's own framing is "coordinate development and security"; the operative posture, in practice, is closer to deploy first, govern along the way. This is the cloud-governance playbook, not the VPN one: with cloud, the state wanted more adoption, not less, but wanted it legible, and assembled visibility (CSL), classification (MLPS 2.0), critical-infrastructure designation, and data rules (DSL/PIPL) as the rails. Agents get the same treatment one layer up: Section 4's registry is the legibility layer, Section 11 the classification layer, Section 14's voluntary "credit evaluation" the disciplinary layer. The throughline is older than cloud: real-name registration migrated from phones to social media to payments; Section 4 reads as the same logic reaching autonomous software. Note also the standards-sovereignty thread (Sections 3, 34 and 38): compatibility with domestic chips and OS, open-source cultivation, and a bid to shape global AIP rather than inherit it, directly competitive with the Linux Foundation's agentic-interoperability body (Huawei joined as a Gold member).
The technical read. The registry's premise is that an agent has a stable, declarable identity and a fixed capability set that can be registered, discovered and trusted. Deployed agentic systems strain that premise: capability is a function of the tools and context wired in at runtime, not a fixed property; the same weights behave very differently behind different scaffolds; and open-weight agents fork, compose and recombine faster than any filing cadence. Section 7's reach for blockchain-based behavioural traceability is aspirational against agents whose action space is emergent rather than enumerated. The Section 6 decision-authority tiers are the most technically serious move: they map onto the "meaningful human control" debate, but "user authorisation" degrades quickly when an agent chains dozens of sub-actions per task; consent at dispatch is not oversight at execution. Where the Chinese read is arguably sharper than the Western one: the policy's working assumption that loss-of-control scenarios depend on "unlimited resources and permissions," and that compute quotas, credit ceilings and kill-switches impose hard constraints, is a reasonable engineering bet for near-term deployed systems, even if it under-weights the harder cases.
What it means / what's next. For labs: the differentiator in sensitive sectors shifts from model capability to compliance architecture: testing documentation, traceability, third-party evaluation. For policy shops: this is the first state attempt to govern an agent ecosystem before it is economically load-bearing; the registry is the artefact to watch, not the rhetoric. For Western regulators: the standards bid means agent interoperability is now contested terrain, not a purely technical one. Indicators to watch: (1) first agent registration platform pilot or standard from CAICT/TC260; (2) first mandatory agent standard drafted in healthcare or public security; (3) any PRC AIP submission to IETF/W3C; (4) first enforcement or recall action under Section 11.
内外有别 (nèi wài yǒu bié), "inside and outside are treated differently," is a standing principle of Chinese external communication: the account prepared for foreign audiences need not match the one circulated at home. This document is a clean case, and it is the kind of thing this publication exists to catch.
The fact. The full 38-point text of the Implementation Opinions was published in Chinese only, on cac.gov.cn. The sole English the state produced is a roughly 250-word Xinhua wire brief, carried near-verbatim across gov.cn English, China Daily, China.org.cn and english.news.cn. No official full English translation appears to have been published. So the question is not how the text was translated. It is what was allowed to cross over at all.
What crossed over. The English brief keeps the growth story intact: the "AI+" linkage, the four principles (including the reassuring phrase "safety and controllability"), the 19 application scenarios across research, industry, consumption, welfare and governance, and the innovation-ecosystem pillar. A foreign investor or ministry reading it comes away with a single message: China is going big on AI agents, across the whole economy.
What stayed in Chinese. The entire governance architecture. The English renders the whole of Part III, the security-and-control half of the document, as one sentence: the document "calls for ensuring safety and security." Everything underneath it disappears:
The read. We assess that the selection, not merely the brevity, is the signal. A 250-word brief that found room for all 19 commercial scenarios but not one word on a national agent registry, decision-authority limits, recall powers or social-credit discipline is not simply short; it is curated. The outward text keeps the reassuring adjective, "safe and controllable," and drops every mechanism that gives the adjective teeth. The inward text is where the teeth are.
The honest caveat. Full English translations of Chinese regulations are rare in general, and their absence here could be read as ordinary triage rather than intent. That null hypothesis is worth holding. But triage does not explain the shape of the cut: length-cutting trims detail evenly, whereas here the cut falls cleanly along one seam, development kept, control removed. We judge it probable that this reflects the ordinary 内外有别 reflex rather than a decision taken specially for this document, which makes it more telling, not less: the governance layer goes quiet outward by default.
Why it matters. Anyone assessing Chinese AI policy from English-language sources is not reading a shorter version of the same document. They are reading a different document, one from which the sovereignty and control architecture has been structurally removed. The registry, the identities, the recall power and the credit discipline are not hidden. They are simply on the other side of a language line. Crossing that line is the whole job.
Five weeks in, the lab response is most notable for its quiet. No frontier lab (Alibaba/Qwen, DeepSeek, Zhipu, Moonshot, ByteDance, Tencent) has issued a prominent formal response. The visible reaction has come from official interpreters, capital markets and smaller vendors, not from the majors. Read that as response-by-participation rather than proclamation: the big labs are expected to engage through standards committees and product, and to make their aligned statements at WAIC in late July. This section fills from direct monitoring; below is the standing read and what each item is waiting on.
The interpreters spoke first; the labs did not. The earliest substantive readings came from CAICT, whose director Yu Xiaohui published an official interpretation, and from Tsinghua's Xue Lan, both framing the directive as de-risking the market for developers. No frontier lab has matched them on the record. ⚠️ [verify: CAICT interpretation on cac.gov.cn; Xue Lan via Xinhua] So what: when the ecosystem's official voices move before its commercial leaders, the message being sent is "compliance is settled, build accordingly," not "industry is still negotiating the terms." Watch: the first on-record statement from a top-five lab, and whether it endorses the directive's framing or hedges.
Capital moved before the labs did. Agent-concept equities and southbound flows reacted within the week, and smaller vendors used the moment to launch agent platforms at the 2026 Mobile Cloud Conference. ⚠️ [verify: 证券时报 / STCN; conference coverage] So what: the market is pricing the directive as a green light, consistent with the adoption-first reading in Key Judgment 3. Watch: whether frontier-lab product cadence, new agent frameworks and platform launches, accelerates into WAIC.
Protocol allegiance is the tell. The sharpest lab-response signal is technical: does any lab build to the directive's Agent Interconnection Protocol (AIP) and the Section 4 registry concept, or keep shipping on the US-origin MCP and A2A protocols? Nothing decisive yet. So what: protocol choice is where the standards-sovereignty contest in Key Judgment 5 becomes concrete or stalls. Watch: any AIP support, registry or identity hooks, or permission-tier and logging features (Sections 6 and 7) appearing in Qwen-Agent, Coze, Bailian or Qianfan release notes on ModelScope and GitHub.
Standing monitoring scaffold (primary-source, Chinese-first):