China has become the first country to publish official security guidance for OpenClaw deployment, with recommendations spanning three distinct user groups: ordinary consumers, cloud service providers, and developers.

The guidance, issued jointly by China’s national security and standardization bodies over the weekend, represents a shift from the informal warnings to government officials reported last week. Where that earlier directive targeted a narrow audience, the new framework addresses the entire Chinese OpenClaw ecosystem.

What the Guidance Says

For ordinary users, the core recommendation is blunt: do not run OpenClaw on your everyday work computer. The guidance calls for dedicated devices, virtual machines, or containers with strict environment isolation. The logic tracks with OpenClaw’s architecture — the platform can read files, execute code, and browse the web, meaning a compromised or misconfigured instance on a personal machine has access to everything on that machine.

Cloud service providers face a separate set of requirements around hosting OpenClaw instances for customers, though the full technical specifications were not detailed in English-language summaries of the guidance. Developer-specific recommendations address secure configuration and deployment practices.

Adoption Incentives Alongside Security Controls

The timing matters. China is simultaneously one of OpenClaw’s largest adoption markets and the first government to formalize security standards around it. CGTN reported the guidance on Sunday, with state media outlets Xinhua and People’s Daily publishing their own coverage.

This follows a pattern Beijing has established over the past two weeks: encourage adoption, but define the boundaries. Tencent integrated OpenClaw into WeChat via its ClawBot feature. Shenzhen launched deployment vouchers worth up to CNY 2 million for enterprises. Alibaba and Baidu both announced enterprise agent platforms built around the technology. At the same time, CNCERT restricted certain OpenClaw capabilities and government officials were told to keep sensitive data away from instances.

Western Governments Have Not Issued Comparable Guidance

No Western government has published equivalent guidance. The U.S., EU, and UK have all issued broad AI safety frameworks, but none address OpenClaw specifically or provide user-group-specific hardening recommendations. China’s guidance effectively sets a de facto international standard by default — if you’re deploying OpenClaw at scale and want a reference framework, Beijing’s is currently the only one that exists.

For enterprise deployments outside China, the consumer recommendation carries weight: dedicated devices or VMs, not personal laptops. That aligns with what security researchers have been saying since OpenClaw’s CVE disclosures earlier this month, but now it has the weight of a national government behind it.

The Beijing Review characterized the guidance as part of China’s broader effort to balance innovation with security in the AI agent space.