SecurePrivacy Logo

Generative AI Regulations

China's comprehensive regulatory framework for generative AI systems, ensuring responsible development, deployment, and use of AI technologies.

Key Points

  • Effective from August 15, 2023
  • Applies to all generative AI service providers
  • Enforced by the Cyberspace Administration of China (CAC)
  • Focuses on registration, content management, and data protection

Generative AI Requirements

Registration & Licensing

Mandatory registration and licensing requirements.

  • Business registration
  • Technical capability assessment
  • Security evaluation
  • Compliance documentation
  • Regular renewals

Content Management

Content monitoring and compliance systems.

  • Content filtering mechanisms
  • Real-time monitoring
  • Moderation guidelines
  • Content review processes
  • Reporting systems

Data Protection

Data handling and protection requirements.

  • Data encryption standards
  • Access control mechanisms
  • Data retention policies
  • Privacy safeguards
  • Data minimization

Compliance Requirements

Risk Management System

Establish and maintain a risk management system for the entire lifecycle of the AI system

  • Risk identification and analysis
  • Risk evaluation methods
  • Risk mitigation measures
  • Documentation of risk assessment
  • Regular monitoring and updates

Data Governance

Implement data quality management and governance practices

  • Data quality criteria
  • Relevant data properties
  • Data preparation protocols
  • Data examination for biases
  • Data security measures

Technical Documentation

Maintain detailed technical documentation demonstrating compliance

  • System architecture
  • Development process
  • Training methodologies
  • Validation procedures
  • Performance metrics

Record-Keeping

Maintain logs of system activity and automated record-keeping

  • System operations logs
  • Error logs
  • Access records
  • Training data changes
  • System modifications

Transparency

Ensure transparency and provide information to users

  • System capabilities
  • Intended purpose
  • Performance limitations
  • Human oversight measures
  • Expected lifetime

Human Oversight

Implement appropriate human oversight measures

  • Oversight procedures
  • Training for human overseers
  • Authority to override
  • Monitoring protocols
  • Incident response plans

Prohibited Practices

Social Scoring

AI systems used by public authorities for evaluating or classifying the trustworthiness of natural persons based on their social behavior or personality characteristics

Examples:

  • Mass surveillance systems
  • Behavior prediction for social ranking
  • Automated social credit systems

Exploitation of Vulnerabilities

AI systems that exploit vulnerabilities of specific groups of persons due to their age, disability, social or economic situation

Examples:

  • Targeted manipulation of elderly people
  • Exploitation of children's behavior
  • Discriminatory targeting of vulnerable groups

Biometric Identification

Real-time remote biometric identification systems in publicly accessible spaces for law enforcement purposes

Examples:

  • Real-time facial recognition in public spaces
  • Live biometric tracking systems
  • Automated public surveillance systems

Exceptions:

  • Search for victims of crime
  • Prevention of imminent terrorist threats
  • Detection of serious criminal offenses

Subliminal Manipulation

AI systems deploying subliminal techniques to materially distort behavior in a manner causing physical or psychological harm

Examples:

  • Unconscious behavior manipulation
  • Harmful psychological targeting
  • Covert influence systems