On April 11, 2023, the Cyberspace Administration of China (CAC) released draft measures to regulate the provision of generative artificial intelligence (AI) services — for example, ChatGPT — to solicit comments from the public on the proposed measures. The Measures for the Management of Generative Artificial Intelligence Services (Draft for Comment) (unofficial English translation) aim to regulate the provision of generative AI services to the public of mainland China. “Generative AI” in the draft measures refers to “technologies generating text, image, audio, video, code, or other such content based on algorithms, models, or rules.” (Art. 2.)
The draft generative AI measures were released only three months after the implementation of the last AI-related administrative rules issued by the CAC, the Provisions on Deep Synthesis Technology, which entered into effect on January 10, 2023. The draft measures state that China’s regulatory objective concerning generative AI is to promote its healthy development while ensuring its regulated application. (Art. 1.)
According to the draft measures, before providing services to the public using generative AI products, providers would be required to apply to the CAC for a security assessment. The requirements of algorithm filing under the Algorithmic Recommendation Provisions would also apply. (Art. 6.)
As drafted, the measures would make providers responsible for the legitimacy of the source of the data used to train or optimize their generative AI product. The draft measures set up the following broad requirements for such data:
2. Not containing content infringing intellectual property rights;
3. Where data includes personal information, the consent of the personal information subject shall be obtained, or other procedures conforming with the provisions of laws and administrative regulations followed;
4. Be able to ensure the data’s veracity, accuracy, objectivity, and diversity;
5. Other supervision requirements of the state cybersecurity and informatization department concerning generative AI functions and services. (Art. 7.)
Furthermore, when providing generative AI services, providers would be required to ask users to register their real identities in accordance with the Cybersecurity Law. (Art. 9.) In the process of providing services, providers would be obligated to protect users’ input information and usage records. Unlawfully retaining input information that could be used to deduce a user’s identity, profile users on the basis of their input information and usage, or provide users’ input information to others would be prohibited. (Art. 11.)
Violation of the measures would be punishable in accordance with the previously enacted Cybersecurity Law, Data Security Law, and Personal Information Protection Law. (Art. 20, para. 1.) The CAC and other relevant competent authorities would also be able to impose administrative penalties, including a fine ranging from 10,000 yuan to 100,000 yuan (CNY) (about US$1,392 to $13,920). If the transgression constituted a violation of public security administration, punishment would be imposed in accordance with that law; if it constituted a criminal offense, the offender could also be criminally prosecuted. (Art. 20, para. 2.)
China has not enacted a comprehensive AI law or state regulation. According to the Next Generation Artificial Intelligence Development Plan (unofficial translation), which was issued by the State Council in 2017 and sets forth the country’s long-term strategic goals for AI development, China seeks to become the world’s primary AI innovation center by 2030, when it will complete building the AI legal, ethical, and policy systems.
Laney Zhang, Law Library of Congress
July 5, 2023
Read more Global Legal Monitor articles.