Hogan Lovells 2024 Election Impact and Congressional Outlook Report
China’s Interim Administrative Measures for Generative Artificial Intelligence Services (“AI Measures”) took effect from August 15, 2023. Jointly published by the Cyberspace Administration of China (“CAC”), the Ministry of Science and Technology, the Ministry of Industry and Information Technology, the Ministry of Public Security and other regulators, the AI Measures are China’s first comprehensive regulations on generative artificial intelligence (“AI”). Looking back to the consultation draft published in April 2023, the measures show a degree of relaxation, with something less than perfection expected of the industry in challenging areas such as ensuring the authenticity and accuracy of training data. The measures also strike a more positive tone in terms of seeking to encourage the development of the technology in China. Continuing to be titled “interim”, further change can be expected as regulators gain experience with the rapidly advancing field of AI and the particular challenges the technology may pose in a jurisdiction where the law requires its usage to be consistent with socialist core values.
The AI Measures regulate those who use generative AI technologies to provide generative text, pictures, audio, videos, and other content to the general public in the territory of China, including where such content is provided through API or other technical means ("generative AI services"). Notably, the AI Measures make clear that the research, development, and “internal-facing” applications of generative AI technologies do not fall within the scope of regulation under the AI Measures, if the generative AI technologies are not used to provide service to the Chinese public. However, it is still unclear whether “business to business” usage of AI in China would be considered as providing a service to the public, so further clarification is needed.
Offshore generative AI providers targeting the Chinese public are required to comply with the requirements. There is no clear guidance yet on how “targeting” will be assessed, but factors such as accepting RMB as payment or allowing the registration of Mainland China mobile phones are likely to be considered indicative. There is also no clear indication as to what steps the authorities would take in order to deal with an offshore offender of the rules, but the “technical measures” cited would likely include blocking mainland Chinese access to the technology.
In the draft interim measures, all generative AI services made available to the public would have been required to complete a security assessment and complete an algorithm record-filing. The AI Measures have relaxed this requirement, with only those generative AI services with “public opinion attributes” or “social mobilization capabilities” being subject to the record-filing and security assessment. However, the references to ”public opinion” and “social mobilization” are vague and there is no clear-cut line as to how Chinese authorities will determine what kind of generative AI services will be caught by these obligations.
The AI Measures underscore that generative AI providers must comply with relevant restrictions on foreign investment. A number of existing areas of regulation may apply, such as regulations on the provision of value-added telecommunications services, which would require a permit for a commercial website/platform deploying generative AI products. Activity in this area is subject to a foreign shareholding ratio limit of up to 50% and other practical obstacles for foreign participation. It is clear that the technology import licensing requirements for specified deep fake technology may also be relevant.
AI algorithms and training data
In line with the earlier draft, the AI Measures impose obligations in respect of data protection and intellectual property rights issues arising from training data, but instead of requiring generative AI service providers to achieve a standard of perfection, the AI Measures only require providers to make efforts to improve the authenticity, accuracy, objectivity and diversity of training data and take effective measures to improve the accuracy and reliability of generated AI content.
In the same vein, the AI Measures have removed the strict three month remediation timeline to optimize model training when the generative AI outputs do not conform to requirements. The AI Measures leave it flexible as to when generative AI providers must improve their models to prevent the re-generation of similar nonconforming content.
Generative AI service providers have general responsibility for content generated by their services. As set out in the earlier draft, generative AI content should reflect socialist core values and respect lawful rights and interests. Generative AI service providers are also required to ensure that content adheres to the labelling requirements mandated by the Provisions on the Administration of Deep Synthesis Internet Information Services, which require “deep fake” content to be marked in a conspicuous manner so as to alert viewers that natural persons, scenes or information are being simulated by the content.
The AI Measures introduce an article that requires relevant industry regulators to strengthen their own regulation of generative AI within their sectors, including by developing guidelines for the classification and grading of AI. Details are to follow, but the approach seems similar to that taken under the Data Security Law (“DSL”), whereby industry regulators are tasked with developing industry-specific catalogues of “important data” to supplement China’s regulation in that area.
User Terms & Conditions
Generative AI providers are required to enter into a service agreement with their users, specifying the rights and obligations of both parties.
Privacy and data protection obligations
Generative AI providers shall not collect unnecessary personal data from users. However, it is permissible to store and share user-generated data, as provided under relevant laws and regulations. Echoing the protections under China’s Personal Information Protection Law (“PIPL”), generative AI providers are urged to promptly accept and handle individuals' requests to access, correct, delete and receive copies of their personal data.
Protection for minors
Generative AI providers are required to take measures to prevent minor users from making excessive reliance on generative AI services or developing addictions to the technology.
Real-name identification and authentication obligation
The AI Measures do not incorporate the real-name verification requirements proposed in the earlier draft. However, we note that the real name requirements under the Cyber Security Law (“CSL”) may still apply, depending on the nature of the service.
The finalization of the AI Measures saw the removal of the specific penalties proposed in the draft, specifying that any violation will be addressed in accordance with the CSL, the DSL, the PIPL and other applicable laws.
Compared to the draft version, the final AI Measures offer relaxation in key areas, suggesting that China hopes to promote AI in line with its broader economic development plans. It is expected that the AI Measures will be taken as a positive signal from the central government, encouraging investment in this critical area of technological advancement. At the same time, it is expected that the authorities will continue to maintain strict oversight of generative AI technologies that pose national security risks, which will likely serve as encouragement for generative AI developers to invest more heavily in use cases that serve industrial and enterprise purposes.
Authored by Mark Parsons, Sherry Gong, Tong Zhu and Flora Feng.