China’s AI regulation
China became the first global superpower to implement regulations governing the use of generative AI (referred to as “Gen AI”). China’s new AI regulations do not seek to curtail innovation, but rather place a strong focus on ensuring the safe and appropriate promulgation of Gen AI tools to the general public within China.
The Interim Measures for Management of Generative Artificial Intelligence Services (referred to as the “Interim Measures”) were jointly issued by the Cyberspace Administration of China and six other Chinese regulators, coming into effect in August 2023. More recently, in March 2024, the Basic Security Requirements for Generative Artificial Intelligence Service (referred to as the “Basic Requirements”) were issued to supplement the precise details of the Interim Measures. Together, the Interim Measures and Basic Requirements outline the principal obligations for entities engaged in AI-related business in Mainland China (collectively, referred to as “Regulations”).
The Interim Measures apply exclusively to entities that use Gen AI systems to provide services to the public within China (referred to as “Gen AI Service Providers”). The Regulations impose a comprehensive set of obligations on Gen AI Service Providers.
Firstly, there are obligations related to ensuring the legality of the training model and data, which may involve conducting security assessments in accordance with the Basic Requirements and filing algorithms (applicable to Gen AI services with attributes related to public opinion or capabilities for social mobilization). Additionally, Gen AI Service Providers have a duty to adopt effective measures to enhance the quality of data, including its accuracy, truthfulness, objectivity, and diversity.
Secondly, there are transparency obligations and a responsibility to safeguard the interests of the public. This includes requesting Gen AI Service Providers to implement anti-addiction measures, guiding users to understand the Gen AI service provided and the complaint procedures of the Gen AI Service Provider. Moreover, Gen AI Service Providers are required to ensure the lawful use of the Gen AI service by the users and that lawful outputs are generated.
Key legal risks / issues
1. Categorized Supervision: In addition to the express obligations outlined in the Interim Measures, it is stipulated that relevant state authorities may establish further regulations and guidance based on the specific industries and fields, and specific categories of Gen AI Service.
2. Broad Definition: According to the Interim Measures, the definition of Gen AI service is defined broadly as “models and related technologies that have the ability to generate texts, pictures, sounds, videos, and other content”. This wide definition essentially encompasses any content-generating technology, regardless of whether the service is made available on the internet or not. However, the regulatory intent is to capture Gen AI service.
3. Extensive Obligations: The Regulations have set out comprehensive and specific requirements that cover various aspects of the underlying Gen AI system, including the attributes of the training data and the accuracy of the machine learning model. However, Gen AI Service Providers might not have direct access to relevant information or control over certain aspects of the Gen AI system (as they may be leveraging Large Language Models provided by a third party). Monitoring and compliance requirements under the Regulations—such as filing, improving the quality of the training data, and ensuring its legality—may be challenging for these Gen AI Service Providers.
4. Positive Duty: Gen AI Service Providers would be held responsible for the compliance and legality of the output of the Gen AI system, as they are considered the producers of that output. Although it is unlikely for Gen AI Service Providers to develop the Gen AI system from the ground up, these providers have a positive duty to take measures to comply with relevant requirements. For example, they must filter out illegal training data and prevent the dissemination of illegal content (e.g., by suspending users who have unlawfully utilised the Gen AI system).
5. Penalties: If any Gen AI Service Provider breaches the Regulations, relevant authorities will impose penalties in accordance with applicable laws and regulations. These include the Cybersecurity Law, Data Security Law, and Law on Progress of Science and Technology. In cases where the breach constitutes a criminal act, criminal liabilities may arise. For breaches not covered by other laws, authorities may issue warnings, public denouncements, or orders for rectification within a specified time limit. Suspension of Gen AI services is also a possible consequence.
Actions for consideration
1. Risk Assessment and Comprehensive Compliance Checklist: Given the broad coverage and extensive compliance obligations under the Regulations, it is vital for businesses to conduct necessary self-evaluations to assess their risks and compliance posture as early as possible. Businesses should evaluate the Gen AI system they have adopted and consider which laws and regulations are applicable. A comprehensive governance checklist would be helpful for this purpose. Additionally, it would be prudent for businesses to undertake the assessment in respect of the chosen Gen AI system provider before engaging with them.
2. Contractual Arrangement with Gen AI System Provider: Given that businesses can be held responsible under the Regulations even if the AI system was not developed by them, it is vital for businesses to closely monitor the performance of the Gen AI system provider regularly. Businesses should consider including sufficient and comprehensive audit rights and tailored mechanisms to inspect and collaborate with the Gen AI system provider. This ensures that the positive duties outlined in the Regulations are flowed down under the Gen AI system procurement contract.
3. Stay Informed with the Evolving Legal Landscape: The AI legal landscape in China is constantly evolving, and Chinese regulators are at the forefront of formulating Gen AI regulation as compared to other jurisdictions. Additionally, under the categorized supervision approach adopted under the Regulations, more industry specific regulations are expected to be introduced by relevant government authorities. Therefore, it is essential for businesses to stay informed of both national and industry specific regulations and regularly review their compliance status.
Related contacts
© Eversheds Sutherland. All rights reserved. Eversheds Sutherland is a global provider of legal and other services operating through various separate and distinct legal entities. Eversheds Sutherland is the name and brand under which the members of Eversheds Sutherland Limited (Eversheds Sutherland (International) LLP and Eversheds Sutherland (US) LLP) and their respective controlled, managed and affiliated firms and the members of Eversheds Sutherland (Europe) Limited (each an "Eversheds Sutherland Entity" and together the "Eversheds Sutherland Entities") provide legal or other services to clients around the world. Eversheds Sutherland Entities are constituted and regulated in accordance with relevant local regulatory and legal requirements and operate in accordance with their locally registered names. The use of the name Eversheds Sutherland, is for description purposes only and does not imply that the Eversheds Sutherland Entities are in a partnership or are part of a global LLP. The responsibility for the provision of services to the client is defined in the terms of engagement between the instructed firm and the client.
Share this page