IDC Names Securiti a Worldwide Leader in Data PrivacyView
On July 13, 2023, the Cyberspace Administration of China (CAC) and six other central government regulators issued the Interim Measures for the Management of Generative Artificial Intelligence Services (AI Measures). The issuance of the final AI Measures has followed the CAC’s publication of the draft measures for public consultation on April 11, 2023.
Set to take effect on August 15, 2023, the AI Measures have been formulated in accordance with existing laws and regulations such as the Cyber Security Law (CSL), the Data Security Law (DSL), the Personal Information Protection Law (PIPL), and the Science and Technology Progress Law (STPL).
The AI Measures aim to ensure that a healthy environment can be fostered within China that allows for the responsible use of generative artificial intelligence (GenAI) without causing undue harm to the national security, social and public interest, and the legitimate rights and interests of the citizens, including legal persons and organizations.
GenAI technology refers to models and related technologies that have the ability to generate content such as text, pictures, audio, and video.
GenAI service providers (Providers) refer to organizations and individuals that use GenAI technology to provide GenAI services (including providing GenAI services by providing programmable interfaces, etc.).
GenAI service users (Users) refer to organizations and individuals who use generative artificial intelligence services to generate content.
The AI Measures apply to the use of GenAI technology to provide GenAI services to the public within the territory of the People’s Republic of China (PRC). However, in case specific regulations are in force concerning the use of GenAI services to engage in activities such as news publishing, film and television production, and literary and artistic creation, the relevant specific regulations will prevail over the AI Measures.
Furthermore, industry associations, enterprises, educational and research institutions, cultural institutions, and certain professional institutions that develop and apply the GenAI technology but do not provide GenAI services to the public are exempt from the application of the AI Measures. Notably, the first draft of the AI Measures did not provide for such a carve-out and applied to all sorts of uses of GenAI technology.
As per the AI Measures, the provision and use of the GenAI services must comply with the existing laws and regulations as well as uphold social morality and ethics. Organizations using generative AI to deliver products or services to the public within China must adhere to the following principles:
Following are some obligations under the AI Measures that the Providers must comply with:
The Providers must carry out training data processing activities, including pre-training and optimization training, in accordance with the law and must ensure to:
The providers must ensure the following while carrying out data labeling during the research and development of the GenAI technology:
Under the AI Measures, the providers are responsible for the conduct of the network information content producers as well as the network information security obligations under applicable laws. To protect personal information and ensure compliance with the applicable laws, the Providers should enter into binding agreements with their vendors laying out their obligations and regularly monitor compliance on the part of the vendors.
The AI Measures require the Providers to enter into service agreements with the Users. Such agreements must clarify the rights and obligations of both the Providers as well as the Users.
The Providers must clarify and disclose the applicable groups, occasions, and uses of their services to the Users. The Providers must guide the Users to scientifically and rationally use the GenAI technology in accordance with the law and take effective measures to prevent minors from excessive reliance or indulgence in the GenAI services.
In addition, the Providers must also mark pictures, videos, and other generated content in accordance with the Regulations on the Administration of Deep Synthesis of Internet Information Services.
The Providers must protect the Users’ input information and maintain records as per the applicable laws and regulations. The Providers must refrain from:
The AI Measures provide several rights to the Users. The Providers must accept and process in a timely manner the requests from the Users, who are individuals, to exercise the following rights:
Furthermore, the Users have the right to file complaints and report any GenAI services which do not comply with the applicable laws, regulations and AI Measures.
The Providers must ensure regular monitoring of their GenAI services and must comply with the following requirements:
The AI Measures require the Providers to establish and maintain a complaint and report mechanism. The Providers must also publish the complaint handling process and feedback time limit, accept and handle the public complaints and reports in a timely manner and provide feedback on the handling results.
The Providers with public opinion attributes or social mobilization capabilities must conduct security assessments in accordance with the relevant state regulations. In addition, such Providers must also perform algorithm filing, modification, and cancellation filing procedures in accordance with the Internet Information Service Algorithm Recommendation Management Regulations.
Different central government departments are responsible under the AI Measures to supervise and inspect the GenAI services in accordance with their respective duties and responsibilities. These departments include the following:
Further, the National Network Information Department is responsible for notifying the relevant institutions to take technical and other necessary measures where the provision of GenAI services originating from outside of the PRC does not comply with the AI Measures.
The Providers who violate the provisions of AI Measures shall be liable for penalties as per the applicable laws, including CSL, DSL, PIPL, STPL, etc. Further, depending on the nature of the violation, the contravenes may also be subject to criminal prosecution.
China is quickly gaining a reputation for being extensively proactive in formulating and adapting AI-related regulations.
These measures, alongside its already established data privacy regulations, make China a complex jurisdiction for organizations aiming to comply with their regulatory obligations completely.
This is where Securiti can be of great help.
A global leader in providing enterprise data privacy, security, compliance, and governance solutions, Securiti's DataControls Cloud™ is an enterprise solution based on a Unified Data Controls framework that allows organizations to optimize their oversight and compliance with China's extensive AI and data regulatory regulations.
Request a demo today and learn more about how Securiti can help your organization comply with China's data privacy and AI-related regulations today.
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.