On July 10, 2023, seven departments including the Cyberspace Administration of China (“CAC”) jointly issued the Interim Measures for the Management of Generative Artificial Intelligence Services (《生成式人工智能服务管理暂行办法》, the “Generative AI Measures”), which aim to promote the development and ensure the security of this fast-growing area of technology. The Generative AI Measures will come into force on August 15, 2023. In this article, we highlight the key provisions of the Generative AI Measures and set forth some observations on this evolving area of regulation in China.
Background
Generative AI promises to lead a profound revolution for economic productivity in the coming years as new technologies and products come to market. Within a few months of generative AI products becoming widely and popularly available, regulatory authorities across the world have raced to keep up with the pace of adoption and set guardrails on how companies and individuals use these services in their day-to-day operations. A wave of draft guidance seeking to regulate generative AI creation is becoming a key driver of policy debates in many jurisdictions.
Like other countries, China has also been active in AI and algorithm governance, long before the recent wave of regulatory urgency around generative technologies. In September 2021, a policy statement from several ministries included a pledge to establish a regulatory framework for algorithms used in Internet information services within three years. Later that year, ministries led by the CAC jointly published a regulation on algorithm-based online recommendation technologies, which cover a wide range of services that push, promote, and sort content for individual users online.
Building on this, in September 2022, China announced regulations on internet information services using “deep-synthesis” technology to address technologies that automatically generate audio, visual, and textual content. In addition to the previous AI and algorithm-specific regulations, the overarching trio of the Personal Information Protection Law (“PIPL”), the Data Security Law (“DSL”) and the Cybersecurity Law (“CSL”) also form an important backdrop to the regulatory framework for generative AI.
After issuing rules to govern the provision of recommendation algorithms and deep synthesis technologies, the Generative AI Measures is the third regulatory document for a specific AI technology dedicated by the Chinese government. The CAC issued the draft Administrative Measures for Generative Artificial Intelligence Services (the “draft Measures”, For our comments on the draft Measures, please click here) earlier this year to seek public opinions, and the final version relaxes some regulatory requirements. Below we analyze the key provisions of the Generative AI Measures, including scope and applicability, research and innovation, content management, disclosure and transparency, training, accountability, protection of rights, and administrative licensing and liabilities.
Key provisions and observations
I. Scope of Generative AI Measures
The Generative AI Measures apply to the use of generative AI technology that provides services to the “public” within the territories of China. “Generative AI technology” is defined as models and related technology that have the “ability to generate text, images, audios, videos, or other content.” (Art.2)
There are two exemptions where the Generative AI Measures do not apply:
- If the government has other regulations regarding the utilization of generative AI services to engage in activities such as news and publication, film and television production, or literary and artistic creation, those regulations shall prevail. This exemption indicates that the relevant departments may strengthen the management of generative AI services in their respective fields.
- The Generative AI Measures are not applicable to the research, development and application of generative AI that is not provided to the “public” within the territories of China. This exception suggests that generative AI measures may not be applicable in the following scenarios:
- If overseas organizations and individuals (“Service Providers”) only provide generative AI services to users outside China, they do not need to comply with the Generative AI Measures. However, the Generative AI Measures are applicable if the Generative AI services are provided to the public in China, and CAC will notify other departments to employ technical measures and other necessary measures to tackle non-compliant behaviors by overseas Service Providers.
- If Service Providers only develop generative AI without providing services to the public, the Generative AI Measures also do not apply. However, there is a question over the interpretation of the word “public (公众)” in the Generative AI Measures.
Service Providers that use Generative AI to provide content generation services will be responsible for the content generated using the product. Notably, companies that enable the public to generate content via application programming interfaces (APIs) will also be considered Service Providers. This may mean that the Generative AI Measures will also apply to Service Providers which do not operate Generative AI services but provide access to such services via an API.
II. Encouragement of the Development of Generative AI
Compared with the draft Measures, the final version focuses more on the balance between the development of the industry and regulation instead of only on the restraint of this technology.
Arts. 5 and 6 of the Generative AI Measures clearly state China’s support for innovation and international cooperation in the field of generative AI, especially in fundamental technologies such as algorithms, frameworks, chips, and supporting software platforms. The Generative AI Measures also highlight the adoption of secure and trusted chips, tools, data resources, etc.
In terms of the regulation of this technology, the Generative AI Measures highlight the regulation based on the “classification” and “grading” of the Generative AI services. (Art.3) However, China has not yet established a governance system covering different levels of AI, and it remains unknown whether China will take a risk-based approach that is like the EU’s regime to regulate AI.
III. Content Management
The Generative AI Measures require Services Providers to be responsible for the content generated by the Generative AI, including ensuring that the content is:
- in line with the laws, regulations, political structure, moral values and social and economic orders in China;
- is not discriminatory; and
- is accurate and truthful.
Where non-compliant content is generated, Service Providers must prevent the generation of such content, stop the transmission, or optimize the training model, and report to the competent authorities.
Service Providers are required to mark to the public the relevant content generated by AI in a conspicuous manner.
IV. Disclosure and Transparency
Additionally, the Generative AI Measures mandate that Service Providers should, upon the authorities’ request, furnish necessary information that may affect the trust and choice of the end users, such as a description of the source, scale, types and quality of the dataset, rules and types of manual labeling, the basic algorithm and the technology stack.
In addition, Service Providers must make public the targeted group of users, scenarios and purposes of the Generative AI services.
V. AI Training
The Generative AI Measures have set out specific compliance requirements for training the Generative AI model. These include:
Lawful Datasets: Service Providers will be responsible for the legality of the source of data used for training Generative AI, including ensuring that the data does not infringe intellectual property rights, complies with cybersecurity and personal information protection laws and is accurate, truthful, objective and diverse. The Service Providers should use data and underlying models with legitimate sources. If the data contains personal information, the personal information shall not be used for training the Generative AI model unless it is expressly allowed by the laws or administrative regulations in China, or the personal information subject has consented to such processing.
Manual Labeling: Service Providers must formulate clear, specific and operative labeling rules, train the labelers and verify the accuracy of the labeling by random checks.
Non-discrimination: when designing an algorithm, selecting a training dataset, generating and optimizing models and providing services, Service Providers must take measures to prevent discriminatory content from being generated based on race, ethnicity, religious belief, nation, region, gender, age, occupation or health.
VI. Government Assessment, Filing and Ethics Review
The Generative AI Measures require that if the generative AI services have public opinion attributes or the capacity for social mobilization, before providing such Generative AI services to the public, the Service Providers should apply for a government security assessment and a filing of algorithm – both of which are supervised and coordinated by the CAC. The CAC also adopts the same requirements for recommendation algorithms.
Although ethics are not expressly discussed in the Generative AI Measures, the government also intends to strengthen ethical reviews of technologies. In an official opinion issued by the central government in 2022 (Opinions on Strengthening the Governance of Scientific and Technological Ethics《关于加强科技伦理治理的意见》), AI is one of the three key areas where the government will focus on formulating laws, regulations, standards and guidance. Additionally, we note a recent draft Measures on Ethical Review of Scientific and Technology (《科技伦理审查办法(试行)(征求意见稿)》), under which technologies involving data and algorithms should be reviewed for their security, fairness, transparency, reliability, and trustworthiness.
VII. Managing the Use of Generative AI Services
Service Providers are required to manage the use of the services by:
- Taking measures to prevent excessive dependence on or addiction to the services;
- Guiding the users to understand and use Generative AI in a scientific, rational and legal manner; and
- Suspending or ceasing services to users, if they are found to have violated laws or regulations, commercial ethics or social morality.
Notably, the draft Measures require users to provide their real identity information, while in the current version, the provision has been deleted.
VIII. Protection of Rights
Service Providers are required to compete fairly and to respect the rights of others, including not infringing their rights to portrait, reputation, privacy, personal information, and commercial secrets. In particular, the Generative AI Measures require Service Providers to protect users’ input information and usage records, collect and retain personal information in accordance with the principles of minimization and necessity, establish mechanisms for handling complaints and requests to promptly respond to individuals’ requests for correcting, deleting, or masking their personal information.
Service Providers are also required to execute service agreements with users who register for their generative AI services to differentiate the respective rights and obligations.
IX. Administrative License and Foreign Investment
The Generative AI Measures provide that Service Providers should obtain an administrative license where applicable. There is currently no administrative license specifically for generative AI. Service Providers can pay attention to the Internet content provider license/record (互联网信息服务许可/备案), public security Internet record (公安联网备案), as well as the online culture operation license (网络文化经营许可证), online publishing service license (网络出版服务许可证) and information network transmission audio-visual program license (信息网络传播视听节目许可证), etc., if applicable.
In addition, foreign investment in generative AI services shall comply with the relevant laws and regulations. Currently, we are not aware of any laws and regulations in force that provide for foreign investment requirements for generative AI.
X. Liabilities for Non-Compliance
The draft Measures impose a fine of up to RMB 100,000 in addition to an order to suspend or cease its services of Generative AI, if the Service Provider in question refuses to make rectifications within a time limit or if its violation is severe. However, the provision regarding the fine is deleted in the final version.
Therefore, violation of the Generative AI Measures will be penalized in accordance with the PIPL, the DSL, the CSL, the Law on the Progress of Science and Technology, as well as public security and criminal laws. In this regard, the penalties under the Generative AI Measures do not go beyond those provided for under the existing laws and administrative regulations.
Conclusion
In addition to explicitly stating the government’s support for generative AI, the Generative AI Measures lay down comprehensive obligations that touch upon content management, data privacy and security, and transparency of Generative AI. Notably, the Generative AI Measures are built upon the previous regulations on deep synthesis and algorithm management and represent another branch of China’s larger regulatory architecture for data governance. AI. Service Providers are required to perform these obligations throughout the provision of Generative AI services and apply for relevant filings, assessments and reviews where necessary.