China Issues Draft Administrative Measures for Generative Artificial Intelligence Services
Global interest in Generative AI Technologies has increased tremendously in recent months, given the emergence of ChatGPT (followed by similar… The Cyberspace Administration of China (CAC) has issued the Draft Administrative Measures for Generative Artificial Intelligence Services (Draft for Comment) for service Providers providing Generative AI services in China. The Draft Measures define "Generative AI" as "technologies generating text, image, audio, video, code, or other such content based on algorithms, models, or rules". Service Providers must conduct and submit a security assessment to the CAC in accordance with the Provisions on the Security Assessment of Internet Information Services with Public Opinion Properties or Social Mobilisation Capacity. They must also filter and remove content that contravenes the Draft Measures or discover such content on its own.
Pubblicato : 2 anni fa di Linda Qiao, Benjamin Cheong in Tech
Global interest in Generative AI technologies has increased tremendously in recent months, given the emergence of ChatGPT (followed by similar technologies). While these technologies will no doubt continue to develop and become more sophisticated over time, they have already demonstrated the potential to greatly enhance our efficiency and productivity. However, as with any new technology, there are also concerns about their impact on society and the need for responsible use and regulation.
The proliferation of such Generative AI technologies has therefore attracted the attention of Chinese regulators. On 11 April 2023, the Cyberspace Administration of China ("CAC") issued the Administrative Measures for Generative Artificial Intelligence Services (Draft for Comment) (生成式人工智能服务管理办法(征求意见稿) (the "Draft Measures") for public comments.
This Update will provide an overview of the Draft Measures and their potential impact on Service Providers providing Generative AI services in China.
The Draft Measures define "Generative AI" as "technologies generating text, image, audio, video, code, or other such content based on algorithms, models, or rules ".
The term "Service Providers" is defined as " individuals and organizations that use generative AI products to provide services such as chat, text, image, and sound generation, including through the provision of programmable interfaces (APIs) and other means ".
Article 2 of the Draft Measures provides that the Draft Measures shall apply to the research, development, and use of Generative AI products, and to the provision of services to the public within the territory of the People's Republic of China.
As such, Service Providers based outside China are potentially also subject to the Draft Measures, to the extent that they provide Generative AI services targeted at users within China.
The Draft Measures imposes various obligations on Service Providers. Some of the key obligations include:
Article 6 of the Draft Measures states that before providing services to the public through Generative AI products, Service Providers must conduct and submit a security assessment to the CAC in accordance with the Provisions on the Security Assessment of Internet Information Services with Public Opinion Properties or Social Mobilisation Capacity (《具有舆论属性或社会动员能力的互联网信息服务安全评估规定》).
Service Providers are also required to fulfil their algorithm filing obligations in accordance with the (《互联网信息服务算法推荐管理规定》).
Article 5 of the Draft Measures states that Service Providers are responsible for the content generated by the generative AI products.
In this regard, Article 4(1) of the Draft Measures states that content generated through the use of Generative AI shall reflect Socialist core values, and may not contain:
• content that subverts state power or overthrows the socialist system;
• content that incites separatism or is harmful to national unity;
• content that may disturb economic and social order.
Article 15 states that where a Service Provider receives complaints from users of content that contravenes the Draft Measures or discovers such content on its own, it must filter and remove such content, and carry out model optimisation training to prevent such content from being generated again within three months.
Article 19 further requires Service Providers to suspend or terminate their services if it discovers users' violation of laws and regulations, business ethics or social morality in the process of using the Generative AI products, including engaging in network speculation, malicious posting and commenting, creating spam, programming malicious software, and implementing improper commercial marketing, etc.
Article 4(2) of the Draft Measures states that in the process of algorithm design, training data selection, model generation and optimisation, and provision of services, Service Providers must take measures to prevent discrimination based on race, ethnicity, belief, nationality, region, sex, age, occupation, etc.
Article 12 of the Draft Measures further states that Service Providers shall not generate discriminatory content based on the user's race, nationality, sex, etc.
Article 4(3) of the Draft Measures states that Service Providers must respect intellectual property rights and business ethics.
Article 4(5) of the Draft Measures also requires Service Providers to prevent the infringement of intellectual property rights.
Article 4(3) of the Draft Measures also provides that Service Providers shall not use algorithms, data, platforms and other advantages to carry out unfair competition.
Article 4(5) also prohibits the illegal acquisition, disclosure or use of trade secrets.
Article 4(4) of the Draft Measures provides that content generated by Generative AI shall be authentic and accurate, and measures shall be taken to prevent the generation of false information.
Article 4(5) of the Draft Measures states that Service Providers must respect the legitimate interests of others, prevent injury to the physical and mental health of others, prevent damage to the right of likeness, right of reputation and personal privacy, and the infringement of intellectual property rights. Service Providers are also prohibited from illegally obtaining, disclosing or using personal information, private information and trade secrets.
Article 10 also requires Service Providers to clarify and disclose the applicable groups, circumstances, and uses of its services, and take appropriate measures to prevent users from excessively relying on or developing addiction to the generated content.
The aforementioned principles must not only be reflected in the output generated using Generative AI products but also reflected in the preparation of data that are used to train the Generative AI models. The Draft Measures impose obligations on Service Providers with respect to the pre-training and optimised training data used for Generative AI products.
Article 7 of the Draft Measures states that Service Providers are responsible for ensuring the lawfulness of pre-training and optimised training data for their Generative AI products. In particular, the Draft Measures require Service Providers to ensure that pre-training and optimised training data used for Generative AI products satisfy the following requirements:
• They must comply with the requirements of the Cybersecurity Law and other laws and regulations;
• They must not infringe on intellectual property rights;
• If the data contains personal information, consent of the subject of personal information must be obtained, or other circumstances prescribed by laws and administrative regulations must be complied with;
• The authenticity, accuracy, objectivity and diversity of data must be ensured;
• They must comply with other regulatory requirements of the CAC on Generative AI services.
This requirement therefore imposes significant obligations on Service Providers in the data selection process.
Article 5 states that, where personal information is involved, Service Providers shall be responsible for personal information protection obligations as personal information processors.
In this regard, Article 4(5) requires Service Providers to prevent infringement of personal privacy, and prohibits the illegal acquisition, disclosure or use of personal information and private information.
Article 11 also states that in the process of providing services, Service Providers have the obligation to protect the input information and usage records of users, shall not illegally retain input information from which the identity of the user can be inferred, shall not create user portraits or profile users based on the user's input information and usage, and shall not disclose the user's input information to others, except as otherwise provided for by any law or regulation.
Article 9 requires Service Providers to authenticate the identity of users and requires users of Generative AI services to provide real identity information in accordance with Cybersecurity Law.
Article 13 of the Draft Measures requires Service Providers to establish a mechanism for receiving and handling users' complaints and promptly handle requests for correction, deletion or shielding of their personal information. Further, when generated text, image, sound or video is found to infringe upon the right of likeness, right of reputation, personal privacy and trade secrets of others, or fail to meet the requirements of the Draft Measures, the Service Providers must take actions to stop such generation and prevent further harm.
When manual labelling is used in the development of Generative AI products, Article 8 of the Draft Measures require Service Providers to make clear, specific and operable labelling rules in accordance with the requirements of the Draft Measures, conduct necessary training for labelling personnel, and verify the correctness of labelling contents by sampling.
Article 16 of the Draft Measures requires Service Providers to mark the generated images, videos and other contents in accordance with the Provisions on the Administration of Deep Synthesis of Internet-based Information Services (《互联网信息服务深度合成管理规定》).
Article 17 of the Draft Measures requires Service Providers to provide necessary information that can affect the trust and choice of users, including the description of the source, scale, type and quality of pre-training and optimised training data, manual labelling rules, scale and type of manual labelling data, basic algorithm and technical system, etc, in accordance with the requirements of the CAC and relevant authorities.
Article 18 of the Draft Measures requires Service Providers to guide users to have a scientific understanding and rational use of the content generated by Generative AI, not to damage the image, reputation or other legitimate rights and interests of others by using the generated content, and not to engage in commercial speculation or improper marketing.
The CAC has the power to punish Service Providers that violate the Draft Measures in accordance with the Cybersecurity Law, the Data Security Law, the Personal Information Protection Law, and other relevant laws and administrative regulations.
The CAC also has the power under the Draft Measures to issue warnings, directions and correction orders under the Draft Measures where not so provided under other relevant laws and administrative regulations. If a Service Provider fails to comply, the CAC may order the Service Provider to suspend or terminate its services and impose financial penalties on such Service Provider.
Regulators around the world are confronted with the difficult question of striking the right balance between regulating Generative AI services to ensure that their use will be safe and lawful on one hand, and not stifling the potential for innovation and growth in this nascent area on the other hand. The approaches taken by regulators thus far have been diverse. The Italian data protection authority took a hard-line stance and banned ChatGPT while announcing that it would investigate whether OpenAI complied with the EU General Data Protection Regulation (GDPR). UK, on the other hand, asked regulators to apply existing regulations to AI rather than establishing new regulations. At the same time, the European Union proposed the European AI Act to regulate the use of AI in critical infrastructure, education, law enforcement, and the judicial system.
China's Draft Measures reveal its own strategic and normative goals for Generative AI services. The Draft Measures aim to support a sound and orderly growth of Generative AI services, while ensuring protection for national interests, social values, and user rights. They also try to avoid the potential dangers that Generative AI services may cause, such as dissemination of false or harmful information, infringement of personal information and intellectual property rights, or discrimination against certain groups. In this regard, China's Draft Measures demonstrate a remarkably comprehensive and forward-looking approach towards AI regulation.
At the same time, the territorial scope also means that the Draft Measures will have a considerable impact on not only domestic companies, but also foreign companies that seek to offer Generative AI services in China. The stringent obligations imposed by the Draft Measures may not only force domestic Generative AI Service Providers to take a slower and more cautious approach, but also dissuade foreign Generative AI Service Providers from entering the Chinese market. Development in this area should therefore be closely monitored by all those interested in Generative AI technologies.
Rajah & Tann Singapore LLP Shanghai Representative Office is a foreign law firm licenced by the Ministry of Justice of the People's Republic of China (the "PRC"). As a foreign law firm, we may not issue opinions on matters of PRC law. Any views we express in relation to PRC laws and regulations for this matter are based on our knowledge and understanding gained from our handling of PRC-related matters and through our own research, and also from our consultations with PRC lawyers. Therefore, such views do not constitute (and should not be taken as) opinion or advice on PRC laws and regulations.
Temi: AI, China