The Provisional Administrative Measures of Generative Artificial Intelligence Services (Generative AI Measures), were published by the Cyberspace Administration of China (CAC), together with six other authorities, on 13 July 2023 and will take effect from 15 August 2023. The Generative AI Measures, along with the likely enactment of the Artificial Intelligence Law in the 2023 legislative year, will have a significant impact on the development, provision and use of AI services in China.

Scope of Application

The Generative AI Measures apply to “the use of generative AI technology (refers to algorithms, models or other rules) to provide services for generating text, pictures, sounds, videos and other content within the territory of China”. The requirements of this regulation will apply to domestic companies and to overseas generative AI service providers offering generative AI services to general public in China. It is important to note also that the Generative AI Measures apply to services offered to the public and not the use of generative AI services by enterprises.

Key Obligations

The key requirements and obligations.

1. In the development and use of generative AI services, generative AI service providers must:

  • not generate illegal content such as false or harmful information;
  • take effective measures to prevent the generation of discriminatory content;
  • not use advantages in algorithms, data, or platforms where this leads to monopoly and unfair competitive behaviours;
  • not infringe on others’ portrait rights, reputation rights, honour rights, privacy rights and personal information rights; and
  • take effective measures based on service types to increase the transparency of generative AI services and the accuracy and reliability of generative AI content.

2. In respect of the training data, generative AI service providers must:

  • use data and foundation models from legitimate sources;
  • not infringe others’ legally owned intellectual property;
  • obtain personal data with consent or under situations prescribed by the law or administrative measures; and
  • take effective measures to increase the quality of training data, their truthfulness, accuracy, objectivity and diversity.

3. When providing generative AI services, generative AI service providers bear cybersecurity obligations as online information content producers and personal information protection obligations as personal information handlers and must:

  • enter into service agreements with registered generative AI service users which specify the rights and obligations of both parties;
  • guide users on the legal use of generative AI technology and take effective measures to prevent users from over-reliance on or “addiction to” the generated AI service;
  • not collect non-essential personal information, not illegally retain input information and usage records which can be used to identify a user and not illegally provide users’ input information and usage records to others;
  • receive and settle data subjects’ requests;
  • tag generated content such as photos and video as pursuant to the Administrative Provisions on Deep Synthesis of Internet-based Information Services (Deep Synthesis Provisions);
  • if illegal content is discovered, take measures to stop the generation and transmission of and delete illegal content, take rectification measures such as model improvement, and report to the relevant competent authorities;
  • where users are found to use generative AI services to conduct illegal activities, take measures to warn the user, or restrict, suspend or terminate the service, retain the records, and report to the relevant competent authorities; and
  • establish a mechanism for receiving and handling users’ complaints.

4. In relation to other legal obligations and enforcement supervision, generative AI service providers shall:

  • if the generative AI service comes with a public opinion attribute or social mobilisation ability, carry out a safety assessment obligation and (within ten working days from the date of provision of services) go through record-filing formalities pursuant to the Administrative Provisions on Algorithm Recommendation for Internet Information Services (Algorithm Provisions); and
  • when the relevant competent authorities (e.g., the CAC) commence supervisory checks on the generative AI service, co-operate with them, explain the source, size and types of the training data, tagging rules and the mechanisms and principles of the algorithm and provide necessary technology and data, etc., for support and assistance.

The final version followed a draft of the measures released earlier this year. Compared to the draft, the Generative AI Measures have somewhat reduced the red tape in the development and use of generative AI services for use in China while reflecting a heavier focus by the authorities on the compliance with privacy law.

Extraterritorial Effect

The Generative AI Measures have extraterritorial application which is particularly relevant to generative AI service providers located outside China. Under Article 20, the CAC and relevant authorities can inform generative AI service providers who are outside China and providing generative AI services in the territory to take technical or other necessary measures if they are not compliant with relevant Chinese laws and regulations. Although the supervisory power over offshore providers could potentially be enhanced in the future, this extraterritorial application does imply that offshore providers who comply with the law are able to provide generative AI services in China.

China’s Approach

The Generative AI Measures aim to prescribe the basic requirements of generative AI services and clarify the specific measures aimed at promoting the development of AI-generated content (AIGC) industry in China. This regulation is the latest addition to AI regulations in China after the Algorithm Provisions in 2021 and the Deep Synthesis Provisions in 2022. With the likely promulgation of the Artificial Intelligence Law in China later this year, AI regulations in China are developing fast and in a broad-based manner, covering technology, cybersecurity, privacy and intellectual property. We will continue to monitor the discussions and proposals for legislative change and provide further updates on the fast-moving AI regulatory environment.

Erin Yang from Shanghai Pacific Legal, a domestic PRC law firm with whom Norton Rose Fulbright has an informal referral and co-operation arrangement, also contributed to this article.