Loading the catalogue…
Loading the catalogue…
Baidu is a publicly listed, Beijing-headquartered technology company that operates under the full scope of Chinese law, including the 2017 Cybersecurity Law, the 2021 Personal Information Protection Law, and the Data Security Law — all of which can compel disclosure of user and training data to Chinese state authorities. It is not a US entity and therefore not directly CLOUD Act exposed, but its structural VIE arrangement (Cayman Islands holding vehicle) and the Chinese government's status as a de facto regulatory overlord present distinct and material sovereignty risks for EU regulated-sector customers. Baidu has recently embraced open-source, releasing its flagship ERNIE 4.5 family under the Apache 2.0 licence, but its AI Act compliance posture, GDPR mechanisms, and EU-facing security certifications remain unverified in public documentation.
Baidu operates under Chinese law, including the 2017 Cybersecurity Law, 2021 PIPL, and Data Security Law, all of which can compel disclosure of data to Chinese state authorities with no judicial oversight mechanism comparable to EU standards. The Chinese government explicitly views Baidu as a 'national champion' corporation.
No GDPR-compliant data transfer mechanism, EU GDPR representative, or Data Processing Agreement identified. China holds no EU adequacy decision. Baidu USA privacy policy explicitly states data may be transferred to China, and users 'consent to transfer to jurisdictions without equivalent data protection laws'.
Baidu uses a weighted dual-class share structure where Class B (insider) shares carry 10 votes vs. 1 for Class A, concentrating effective control in founders and insiders. The company is subject to Chinese government content censorship directives and was penalised by the CAC in January 2024 for insufficient content censorship.
2024 Citizen Lab report identified critical encryption vulnerabilities in Baidu's cloud-based keyboard app. Baidu addressed the most severe issues but left some unresolved. No ISO 27001 or SOC 2 certifications confirmed for Baidu's AI model products.
No public EU AI Act compliance statement found, no GPAI Code of Practice participation identified. ERNIE 4.5 is a large-scale multimodal model (424B total parameters) that may qualify for GPAI systemic risk obligations under the EU AI Act; training compute not disclosed. GPAI obligations have been in force since 2 August 2025.
Baidu USA LLC maintains a US presence (Mountain View, CA). US-stored data associated with this entity may be subject to US legal process independently of the Chinese parent's CLOUD Act non-exposure.
Baidu competes strongly in China but trails ByteDance's Doubao chatbot significantly in active users, and its API market share trails DeepSeek. This competitive pressure is driving open-source pivots which, while positive for transparency, reflect a challenged commercial position in domestic AI services.
Stav AI Act assessment
Editorial assessment, not legal advice. Stav's risk ratings, scores, and verdicts are our own analysis of publicly available information and may be incomplete or out of date. Verify independently before making compliance or procurement decisions.
ERNIE 4.5 model family (10 variants, up to 424B parameters) released fully open-source under Apache 2.0 licence on June 30, 2025, permitting commercial use without licensing fees or usage restrictions.
Detailed technical blog post published alongside ERNIE 4.5 open-source release, describing model architecture (heterogeneous MoE), training methodology, and benchmark performance.
Long-standing commitment to open-source tooling: PaddlePaddle (deep learning framework), PaddleOCR, ERNIEKit, and FastDeploy are all open-source projects with active developer communities.
First Chinese company to join the Partnership on AI (2018), a US-based multi-stakeholder AI ethics consortium, demonstrating early engagement with international AI governance norms.
Publicly traded company with full SEC reporting obligations (Form 20-F annual report, 6-K quarterly filings), providing a relatively high level of financial and corporate governance transparency compared to private Chinese AI labs.
Operationally sound with multiple growing business lines (AI Cloud up 42% YoY in Q1 2025, Apollo Go autonomous driving expanding globally including Switzerland). Strategic AI-first pivot underway with clear long-term investment plans.
Baidu publishes ESG reports covering data security and privacy protection practices, and addressed the most severe vulnerabilities identified in the 2024 Citizen Lab report on its keyboard app.
Published safeguards & certifications
Privacy policy review
Creator profile
Stav compliance has not yet scored BAIDU. Scores are published once the policy review and infrastructure assessment complete.
Findings
Citations gathered when the Compliance Curator last reviewed this creator’s public-facing documents. Grouped by source so the picture stays auditable.
“Li has been CEO of Baidu since January 2004. ”
“A variable interest entity for Baidu to enable investment of foreign capital is incorporated in the Cayman Islands. ”
“The GPAI rules took effect on 2 August 2, 2025, meaning all new models released from that date must comply. ”
Baidu offers various services, including ... Baidu, Inc. is a Chinese multinational technology company specializing in Internet-related services, pro...
Li has been CEO of Baidu since January 2004.
Under our weighted voting rights structure, our share capital comprises Class A ordinary shares and Class B ordinary shares. Each Class A ordinary sha...
A variable interest entity for Baidu to enable investment of foreign capital is incorporated in the Cayman Islands.
The CCP’s Central Propaganda Department and its local subsidiaries issue regular instructions to news sites and social media platforms on what to rest...
[2][3] Enforced since the late 1990s and intensified under successive administrations, the regime affects China's vast online population—exceedin...
While China's political environment discourages companies from disclosing detailed information about government demands, Baidu could and should p...
The ERNIE 4.5 models are provided under the Apache License 2.0. This license permits commercial use, subject to its terms and conditions.
Baidu offers various services, including ... Baidu, Inc. is a Chinese multinational technology company specializing in Internet-related services, pro...
Li has been CEO of Baidu since January 2004.
Under our weighted voting rights structure, our share capital comprises Class A ordinary shares and Class B ordinary shares. Each Class A ordinary sha...
A variable interest entity for Baidu to enable investment of foreign capital is incorporated in the Cayman Islands.
The CCP’s Central Propaganda Department and its local subsidiaries issue regular instructions to news sites and social media platforms on what to rest...
[2][3] Enforced since the late 1990s and intensified under successive administrations, the regime affects China's vast online population—exceedin...
While China's political environment discourages companies from disclosing detailed information about government demands, Baidu could and should p...
The ERNIE 4.5 models are provided under the Apache License 2.0. This license permits commercial use, subject to its terms and conditions.
“Baidu offers various services, including ... Baidu, Inc. is a Chinese multinational technology company specializing in Internet-related services, pro...”
“The GPAI Code of Practice is a voluntary compliance tool submitted to the Commission by independent experts, which offers practical guidance to help p...”
“The ERNIE 4.5 models are provided under the Apache License 2.0. This license permits commercial use, subject to its terms and conditions. ”
“The CCP’s Central Propaganda Department and its local subsidiaries issue regular instructions to news sites and social media platforms on what to rest...”
“[2][3] Enforced since the late 1990s and intensified under successive administrations, the regime affects China's vast online population—exceedin...”
“While China's political environment discourages companies from disclosing detailed information about government demands, Baidu could and should p...”
“Under our weighted voting rights structure, our share capital comprises Class A ordinary shares and Class B ordinary shares. Each Class A ordinary sha...”
“Baidu has officially open-sourced its ERNIE 4.5 series, releasing 10 models on Hugging Face, GitHub and its own PaddlePaddle ecosystem. ”
As classified under Regulation (EU) 2024/1689.
Provider of GPAI model (general-purpose).
Baidu has officially open-sourced its ERNIE 4.5 series, releasing 10 models on Hugging Face, GitHub and its own PaddlePaddle ecosystem.
The GPAI Code of Practice is a voluntary compliance tool submitted to the Commission by independent experts, which offers practical guidance to help p...
The GPAI rules took effect on 2 August 2, 2025, meaning all new models released from that date must comply.
Baidu has officially open-sourced its ERNIE 4.5 series, releasing 10 models on Hugging Face, GitHub and its own PaddlePaddle ecosystem.
The GPAI Code of Practice is a voluntary compliance tool submitted to the Commission by independent experts, which offers practical guidance to help p...
The GPAI rules took effect on 2 August 2, 2025, meaning all new models released from that date must comply.