In September 2025, Anthropic updated their Terms of Service to explicitly restrict access from China, Hong Kong, and Macau. OpenAI started blocking China API connections in July 2024. Google's Gemini API was never available in China. If any of these companies detect a China IP on your account -- even once -- you risk permanent suspension. If you are an AI developer in China, see our dedicated guide for protecting your AI tool access.
The Current Enforcement Landscape
Anthropic (Claude, Claude Code)
Anthropic's risk control system operates in real-time. When a connection arrives from a flagged IP range, the request is rejected and the account is flagged for review. Repeated connections from China IPs trigger automatic account suspension with no documented appeal process. Your API keys, subscription history, and all saved data become inaccessible.
OpenAI (GPT, Codex, DALL-E)
Since July 2024, OpenAI has aggressively blocked VPN IP ranges associated with commercial providers. Even if you connect from a VPN, if the VPN IP is on OpenAI's blocklist (NordVPN, ExpressVPN, and Astrill ranges are flagged), your request will be rejected. Persistent attempts can trigger account review.
Google (Gemini, Vertex AI)
Gemini API is geo-restricted at the API level. Connections from China, Russia, and Iran are blocked outright. While Google's enforcement is less aggressive than Anthropic's, your Google Cloud account is still at risk if China connections are detected.
Why Commercial VPNs Make It Worse
You might think any VPN solves this problem. It does not. Commercial VPNs can actually increase your risk:
- Shared IP contamination: When one user on NordVPN's Singapore server gets flagged, the entire IP gets added to the blocklist. You inherit other users' violations.
- Known VPN IP ranges: AI companies maintain lists of commercial VPN IP ranges. Your connection is suspicious before you even make a request.
- Disconnection exposure: VPN drops during an API call expose your real China IP. Most commercial VPNs have no kill switch or the kill switch is too slow.
- DNS leaks: Many VPNs leak DNS queries, revealing your Chinese ISP to the service even while VPN is active.
- Browser-only protection: VPN browser extensions do not capture CLI tool traffic. Claude Code, Codex CLI, and Gemini CLI make direct API calls that bypass browser proxies.
How to Protect Your Accounts
1. Use a Private Dedicated IP
A private server IP from a standard hosting provider (like DigitalOcean) is not in any commercial VPN blocklist. AI companies see a normal cloud server IP, not a VPN exit node.
2. Use TUN Mode
TUN mode captures ALL traffic at the operating system level. Every CLI tool, every API call, every background process goes through the VPN tunnel. No leaks from direct connections.
3. Enable Kill Switch
If VPN drops, ALL traffic stops instantly. Your real IP never touches AI company servers.
4. Use an Undetectable Protocol
VLESS+Reality prevents GFW-triggered disconnections. If your VPN never gets detected and terminated by the GFW, there is no window for IP exposure.
5. Verify Before Every Session
Check your public IP before starting any AI tool session. A 5-second verification can save you from months of account recovery attempts.
The stakes are real: These bans are permanent. There is no "oops, I accidentally connected from China" exception. Protect your accounts proactively with KookVPN.