China’s Regulation of Generative Artificial Intelligence (Draft for Comments)
Regulations and Policies
Cyberspace Administration of China (CAC) issued a draft of the regulation of generative artificial intelligence on 11 April. The new regulation should be introduced in 2023. The following text is translated by Google Translate from the original Chinese version of the text.
Administrative Measures for Generative Artificial Intelligence Services
Draft for Comment
In order to promote the healthy development and standardized application of generative artificial intelligence, these measures are formulated in accordance with laws and administrative regulations such as the “Network Security Law of the People’s Republic of China”, “Data Security Law of the People’s Republic of China”, “Personal Information Protection Law of the People’s Republic of China” and other laws and administrative regulations .
These Measures apply to research, development and utilization of generative artificial intelligence products to provide services to the public within the territory of the People’s Republic of China.
The generative artificial intelligence referred to in these Measures refers to technologies that generate text, pictures, sounds, videos, codes, and other content based on algorithms, models, and rules.
The state supports the independent innovation, popularization and application, and international cooperation of basic technologies such as artificial intelligence algorithms and frameworks, and encourages the priority use of safe and reliable software, tools, computing, and data resources.
The provision of generative artificial intelligence products or services shall comply with the requirements of laws and regulations, respect social morality, public order and good customs, and meet the following requirements:
(1) The content generated by generative artificial intelligence should reflect the core values of socialism and must not contain subversion of state power, the overthrow of the socialist system, incitement to split the country, undermine national unity, promote terrorism, extremism, and promote ethnic hatred and ethnic discrimination , violence, obscene and pornographic information, false information, and content that may disrupt economic and social order.
(2) In the process of algorithm design, training data selection, model generation and optimization, and service provision, take measures to prevent discrimination based on race, ethnicity, belief, country, region, gender, age, occupation, etc.
(3) Respect intellectual property rights and business ethics, and shall not use advantages such as algorithms, data, and platforms to implement unfair competition.
(4) The content generated by generative artificial intelligence should be true and accurate, and measures should be taken to prevent the generation of false information.
(5) Respect the legitimate interests of others, prevent harm to the physical and mental health of others, damage portrait rights, reputation rights and personal privacy, and infringe intellectual property rights. Illegal acquisition, disclosure, and use of personal information, privacy, and business secrets are prohibited.
Organizations and individuals that use generative artificial intelligence products to provide services such as chat and text, image, and sound generation (hereinafter referred to as “providers”), including supporting others to generate text, image, and sound by providing programmable interfaces, etc. etc., assume the responsibility of the producer of the content generated by the product; if personal information is involved, assume the statutory responsibility of the personal information processor and fulfil the obligation to protect personal information.
Before using generative artificial intelligence products to provide services to the public, a security assessment shall be submitted to the national network information department in accordance with the “Regulations on the Security Assessment of Internet Information Services with Public Opinion Attributes or Social Mobilization Capabilities” and the “Internet Information Service Algorithm Recommendations” “Management Regulations” to carry out the procedures of algorithm filing, modification, and cancellation filing.
Providers shall be responsible for the legitimacy of the source of pre-training data and optimized training data for generative artificial intelligence products.
The pre-training and optimized training data used for generative artificial intelligence products should meet the following requirements:
(1) Comply with the requirements of the “Network Security Law of the People’s Republic of China” and other laws and regulations;
(2) Does not contain content that infringes intellectual property rights;
(3) If the data contains personal information, it shall obtain the consent of the subject of the personal information or meet other circumstances stipulated by laws and administrative regulations;
(4) Be able to guarantee the authenticity, accuracy, objectivity and diversity of the data;
(5) Other regulatory requirements of the national network information department on generative artificial intelligence services.
When manual labelling is used to develop generative artificial intelligence products, the provider shall formulate clear, specific, and operable labelling rules that meet the requirements of these measures, provide the necessary training for labelling personnel, and conduct random verification of the correctness of the labelling content.
The provision of generative artificial intelligence services shall require users to provide real identity information in accordance with the provisions of the “Network Security Law of the People’s Republic of China”.
Providers should clarify and disclose the applicable groups, occasions, and uses of their services and take appropriate measures to prevent users from relying too much on or indulging in generated content.
While providing services, the provider shall be obligated to protect the user’s input information and usage records. It is not allowed to illegally retain input information that can infer the user’s identity, it is not allowed to make portraits based on the user input information and usage conditions, and it is not allowed to provide user input information to others. Where laws and regulations provide otherwise, those provisions shall prevail.
The provider shall not generate discriminatory content based on the user’s race, country, gender, etc.
The provider shall establish a mechanism for receiving and handling user complaints and promptly handle individuals’ requests for correction, deletion, and blocking of their personal information; discover and know that the generated text, pictures, sounds, and videos infringe on other people’s portrait rights, reputation rights, When personal privacy, business secrets, or do not meet the requirements of these measures, measures should be taken to stop the generation and prevent the harm from continuing.
The provider shall provide safe, stable, and continuous services within the life cycle to ensure users’ normal use.
For generated content found during operation and reported by users that do not meet the requirements of these measures, in addition to taking measures such as content filtering, model optimization training and other methods should be used to prevent re-generation within 3 months.
Providers shall mark the generated pictures, videos, and other content in accordance with the “Internet Information Service Deep Synthesis Management Regulations”.
The provider shall, in accordance with the requirements of the national network information department and relevant competent departments, provide necessary information that can affect users’ trust and choice, including descriptions such as the source, scale, type, and quality of pre-training and optimized training data, and manual labeling Rules, the scale and type of manually labeled data, basic algorithms and technical systems, etc.
The provider shall guide users to scientifically understand and rationally use the content generated by generative artificial intelligence, not to use the generated content to damage the image, reputation and other legitimate rights and interests of others, and not to engage in commercial hype or improper marketing.
When users find that the generated content does not meet the requirements of these measures, they have the right to report to the cyberspace administration or relevant competent authorities.
When the provider discovers that the user violates laws and regulations, business ethics, and social morality in the process of using generative artificial intelligence products, including engaging in network hype, maliciously posting and commenting, creating spam, writing malicious software, and implementing improper commercial marketing, etc., the service shall be suspended or terminated.
Where a provider violates the provisions of these Measures, the network information department and relevant competent departments shall, in accordance with the “Network Security Law of the People’s Republic of China”, “Data Security Law of the People’s Republic of China”, “Personal Information Protection Law of the People’s Republic of China” and other laws and administrative punished by law.
Where there are no provisions in laws and administrative regulations, the network information department and relevant competent departments shall give warnings and circulars of criticism based on their duties, and order corrections within a time limit; where corrections are refused or the circumstances are serious, the use of generative artificial intelligence to provide services shall be ordered to be suspended or terminated, and A fine of not less than 10,000 yuan but not more than 100,000 yuan shall be imposed. If it constitutes a violation of public security management, it shall be punished according to law; if it constitutes a crime, it shall be investigated for criminal responsibility according to law.
These Measures shall come into force on 2023.