Alert 03.22.23
Alert
Alert
04.19.23
With OpenAI’s introduction of ChatGPT into the market, generative artificial intelligence (generative AI) has dominated the headlines across the globe. Many technology companies have followed suit and released their generative AI tools and services. Generative AI is widely expected to empower and change business models across industries and has immediately improved efficiency in many sectors. Pillsbury has been closely monitoring and advising our clients on these fast-changing AI technologies. (See our website at Artificial Intelligence (AI) Law | Pillsbury Law.)
The emergence of generative AI also brings new market opportunities to China. Leading China-based tech giants have released or plan to release their own self-developed generative AI services. Experts expect that many of them will be trained on China-specific datasets or Chinese-language datasets. Integrated chip manufacturing, cloud computing, data storage, dataset providers and other sectors along the supply chain for generative AI services may see a business boom in coming years.
The recent popularity of generative AI also alarms users and regulators who are concerned about the potential risks, including potential data breach risks, copyright infringement risks, disinformation risks, etc. These concerns were reflected in the Italian regulator’s decision to temporarily block the popular AI tool ChatGPT due to alleged breaches of the EU’s General Data Protection Regulation on March 30, 2023.
On April 11, 2023, China’s main cybersecurity and data privacy regulator, Cyberspace Administration of China (CAC) issued its Administrative Measures on Generative Artificial Intelligence Service (Draft Generative AI Regulations) draft for public comments. The public comment period will end on May 10, 2023.
The 21-article draft cites, in its first article, the key legal basis of such draft regulations, which include the PRC Cybersecurity Law, Data Protection Law and Personal Information Protection Law. The current text of the draft regulations also shows a strong inclination towards regulating generative AI from a cybersecurity perspective.
Scope of Application
The Draft Generative AI Regulations, if enacted, will regulate the activities of those providing services to public users within mainland China through research, development and use of generative AI products. This means that generative AI developed and/or based outside of mainland China and accessible to users in mainland China will also be subject to the Draft Generative AI Regulations.
Under the draft regulations, generative AI is broadly defined as technologies that generate texts, pictures, audios, videos, codes and other content using algorithms, models and rules.
The draft regulations do not classify generative AI services into categories and impose differentiated regulatory requirements on services with different risk levels.
The Draft Generative AI Regulations apply to the organizations and individuals that use generative AI products to provide chat and text, image, sound generation and other services, including those who support others to generate text, image, sound, etc. (the Providers). The Providers shall take responsibilities of content producers, which content is generated by the generative AI product; if personal information is involved in the services, the service Provider shall bear the statutory responsibility of the personal information processor and fulfill the obligation of personal information protection.
Basic Requirements for Generative AI
The Draft Generative AI Regulations reiterates the legal requirements under the existing laws and regulations, especially those relating to cybersecurity and personal information protection.
Among others, the Providers of the generative AI products and services must fulfill the following requirements:
Requirements on Training Dataset
Providers of generative AI products must be responsible for the legitimacy of the datasets for pre-training and optimization training. The dataset must:
When labeling data, generative AI Providers shall formulate clear, detailed and operable labeling rules, provide sufficient training to its staff, and verify the accuracy of labeling content through the sampling method.
Rights of Users
Generative AI Providers must establish reporting systems for users to process the individual requests for modifying, deleting and blocking relevant personal information. In case of any identified infringement of portrait rights, reputation rights, personal privacy and business secrets of others, the Providers must stop generating such information. If any generated content violates the Draft Generative AI Regulations, the Providers must optimize the AI model to avoid regeneration of such content within three months.
Legal Liability
Any violation of the Draft Generative AI Regulations will be penalized in accordance with the Cybersecurity Law, Data Protection Law and Personal Information Protection Law and other existing laws and regulations. In case there is no clear provision on the penalty, CAC and other applicable regulators may issue a warning, order corrections within a certain period of time, order suspension or termination of the services, and impose a fine of RMB 10,000 to 100,000 (approximately USD 1,470 to 14,700).