On 13 July 2023, China’s Cyberspace Administration of China (CAC) and six other regulators have jointly passed the Interim Measures for the Management of Generative Artificial Intelligence Services (GenAI Measures) which come into force on 15 August 2023. The new law, which is the first of its kind in Asia, follows from previous draft measures released earlier this year.
The new rules contain several notable changes which provide more clarity on the scope of application and openly promote collaboration between service providers in the AI sector within China and internationally. However, there remains a number of regulatory supervision and oversight provisions, meaning AI providers will still need to operate in compliance with obligations under the GenAI Measures but also existing rules such as data privacy, IP and content control rules.
Here are the key takeaways businesses need to know about the new GenAI Measures:
- Clearer scope: The GenAI Measures clarify that the measures only apply to providers of generative AI services to the public within the PRC. Businesses who use generative AI technology for their own internal business purposes are not caught by the new rules. However, what is meant by ‘services to the public’ is not defined and therefore, unless further guidance is provided by the authorities, it is likely the GenAI Measures will apply to the provision of AI services to both individuals and enterprise clients.
- Industry-led approach: Similar to the UK sector-based approach, the CAC confirmed its intention to encourage industry regulators to formulate separate and additional sector-specific AI regulations (which will prevail over the GenAI Measures). The rules also require such industry regulators and national authorities to include guidelines for the classification and grading of AI, although the indicators which will be used for such classification system, whether it be based on the type of AI technologies or training data, or a risk-based classification system akin to the EU AI Act have yet to be disclosed. As a result, we will likely see more focused rules being released in the coming months. That being said, if China wants to pull ahead in the AI race, the industry-specific rules that will follow must be balanced against ensuring that innovation is not stifled in the process, given that businesses will already have to comply with the local assessment and filing processes among others.
- Collaboration encouraged: Perhaps the most interesting development is the encouragement of cooperation between both industry players in China and with international parties. Within China, key providers in the AI ecosystem are encouraged to share computing power resources and public data. In line with fostering AI growth, China has also removed KYC obligations originally found in the draft measures, which will likely boost user uptake of the generative AI services in China. These are welcomed signs as the government recognises that a collaborative environment and removal of barriers to entry are vital in keeping up with western counterparts. From an international perspective, China has also reaffirmed its intention to be involved in international rulemaking. China is clearly key to the debate on AI in terms of innovation and deployment of emerging technologies, and will continue to play a critical role in international discussions. That said, depending on how the rules unfold, there is an opportunity for some degree of alignment internationally which could ease cross-border compliance pressure for businesses.
- Individual use: The new measures make clear providers will need to actively think about how their technologies may impact users of their services. What will be key is ensuring that protocols and mechanisms are in place to ensure technologies and services do not infringe the legal rights of individual users and are in line with existing laws covering data privacy, personal reputation and likeness, IP, bias, discrimination, etc. The steps which providers are required to take include performing pre-training, optimisation training, and other training data processing activities according to the law, as well as having in place proper terms and conditions or service agreements with users and setting up processes and channels to handle user complaints. An AI audit and AI governance structure are therefore strongly recommended to ensure compliance. Similar to the gaming industry, providers will also need to conduct age verification to protect minors against over-reliance or addiction towards generative AI services.
- Oversight and supervision: Providers must go through a local security assessment and algorithm filing if the generative AI service has public opinion attributes or has capacity for social mobilisation (e.g. forums, social media platforms, blogs, chatrooms etc.). Labelling rules under existing laws regulating “deep synthesis” AI services must also be complied with, and any illegal content discovered by providers must be promptly reported to the relevant authorities. That said, these requirements already exist under other Chinese regulations (e.g. regulations on “recommendation algorithms” and “deep synthesis” AI services), so Chinese companies familiar with the space should find it easier to navigate these requirements compared to foreign businesses looking to enter the market. However, given the high media attention globally on generative AI services, the regulators are anticipated to pay close attention to the development in this space and take appropriate actions as necessary. Overall, these measures represent China’s approach on oversight to ensure accountability and responsible development of AI, but equally the assessment and filing processes may be seen as hurdles against AI innovation which may be difficult for businesses to comply with.
- AI content: One of the key challenges for providers and businesses alike is compliance with China’s complex laws relevant to AI-generated content (e.g. data privacy, content regulation, intellectual property rights). The GenAI Measures also empower authorities to direct technical measures against foreign generative AI services that do not comply with Chinese laws. This effectively means that the availability of compliant and lawful systems, content and data will be limited, and foreign businesses looking to enter the Chinese generative AI market may be forced to rely heavily on local partners to ensure compliance. These factors will be key in negotiating any partnership or collaboration arrangements with local partners.
Providers should promptly conduct internal AI compliance audits according to the requirements under GenAI Measures and check if they are required to conduct a security assessment and comply with algorithm filing rules. Providers and businesses alike should monitor developments in this area, in particular in respect of industry-specific rules that may be released going forward which are likely to prescribe more nuanced and detailed requirements.
If your organisation is deploying AI solutions, you can undertake a free maturity risk assessment using our AI Scorebox tool.