The Interim Administrative Measures for Generative Artificial Intelligence Services were published in their final form on July 13, 2023, by the Cyberspace Administration of China (CAC) and six other government organizations in China (you can view the Chinese version here). The implementation of these measures will begin on August 15, 2023.
For context, the CAC posted a draft version of the measures in April 2023 for public feedback. The removal of certain prescriptive obligations on service providers, as defined below (such as limitations on user profiling and a requirement for user real identity authentication), as well as the emphasis on the need to strike a balance between industry innovation and development and the regulation of generative AI services, are notable changes in this final version.
The measures, which are China’s first regulation particularly addressing generative AI, lay out fundamental regulatory concepts, place compliance duties on pertinent service providers, and create a framework for enforcing generative AI laws.
Must read: Artificial Intelligence Becoming a Game Changer for Intel Stock
Key takeaways
1. Important duties of service providers
The measures provide a legal framework that places various compliance requirements on service providers (those that offer generative AI services). These service providers must adhere to the following important requirements, among others:
Data for training: According to Article 7 of the measures, service providers must conduct training activities (such pre-training and training optimization) legally and make the following provisions:
- The information and underlying models come from legitimate sources.
- The training exercises do not violate anyone else’s intellectual property rights.
- If personal information is handled, the service provider has the appropriate parties’ consent, or it may rely on another legal justification for processing the data.
- Effective steps have been taken to raise the training data’s authenticity, accuracy, objectivity, and variety while also improving its quality.
- China’s Cybersecurity Law (CSL), Data Security Law (DSL), Personal Information Protection Law (PIPL), and other relevant rules and regulations are all complied with during the training activities.
Additionally, if service providers are allowed to conduct data labeling during the research and development stage of a technology, the measures also require them to:
- Create guidelines for labeling that are precise, comprehensible, and compatible with the measures.
- Conduct a labeling quality assessment and a spot check of the labeling’s accuracy.
- Personnel in charge of labeling tasks should receive training (Article 8).
Protection of personal information: In addition to the aforementioned permission requirement, the measures generally impose obligations on service providers (Article 9) to secure personal information. In particular, when offering services, service providers must not acquire superfluous personal information. Service providers are further forbidden from: Illegally keeping such information and records in a fashion that could permit user identification for information entered by users and records of users’ service usage.
Must read: Artificial Intelligence is Improving and Enhancing the Intelligence of Automation
- exchanging such data and records with third parties without authorization.
- In accordance with Article 11 of the GDPR, service providers are also required to respond to requests made by users who want to access, update, supplement, delete, or receive a copy of their personal information.
Content control: When a service provider learns of illegal content, the regulations require it to: Take prompt action to rectify it by stopping the creation and transmission of the illegal content and removing it from its services.
- Implement training for AI model optimization.
- Inform a capable regulator about the situation.
If a service provider learns that one of its customers is utilizing generative AI services for unlawful purposes, it must:
- Give such users warnings and restrict their access to pertinent features.
- halt or stop providing its services to such users.
The service provider shall also keep the pertinent documents and inform a qualified regulator of the aforementioned (Article 14).
Must read: The advancement of science in the era of artificial intelligence
Security evaluation and filing of algorithms: Article 17 of the measures mandates that relevant service providers undergo a security assessment to be carried out by the CAC and other relevant regulators, as well as conducting a filing of their algorithm in accordance with China’s Internet Information Service Algorithmic Recommendation Management Provisions, which require the filing to be conducted within six months. This is specifically for generative AI services with “public opinion attributes or the capacity for social mobilization.”
2. Dimensions of the actions
The regulations include the use of generative AI technology to generate texts, images, audio files, videos, and other types of content for the general public in China (collectively, “generative AI services”). However, the measures’ (Article 2) definition of “to the public” is lacking. Therefore, until the CAC gives additional guidance, it’s feasible that this might apply to services offered to both individual users and enterprise users. Additionally, the measures make it clear that research and internal use of generative AI technologies are exempt from the rules to the extent that no generative AI services are offered to the general public
It should be noted that while the measures do not expressly forbid Chinese users from using generative AI services offered by foreign companies based outside of China, the CAC does have the authority to ask competent regulators to take the technical or other necessary measures regarding such services that are in violation of Chinese laws and regulations
Must read: The new synthesizer — or just muzak — might be produced by Meta’s AI music generator.
3. Enforcements
Penalties for breaking the rules will be implemented in line with Article 21 of the Law on Scientific and Technological Progress, the CSL, DSL, PIPL, and other applicable laws. According to the measures, competent regulators have the authority to demand that service providers cooperate with their “supervision and inspection” by outlining the sources, scope, and types of training data, labeling guidelines, and algorithmic mechanisms and by offering the necessary technical support and assistance with data and data collection (Article 19).
Must read: Artificial Intelligence is Transforming the Healthcare Industry