Generative artificial intelligence is an important achievement of human science and technology development, providing the possibility for leading and driving a new round of industrial transformation. In recent years, generative artificial intelligence technology has continued to mature, showing the important potential of improving the efficiency of human production and life in an all-round way, and unveiling the trend of intelligent evolution of human society. However, generative AI also brings new challenges and risks in cybersecurity. How to develop, use and manage generative artificial intelligence well has become a common challenge facing the world.
In this context, the Cyberspace Administration of China and other seven departments issued the Interim Measures for the Management of Generative Artificial Intelligence Services (hereinafter referred to as the Measures). The issuance of the Measures will escort the healthy development of generative artificial intelligence in mainland China from the level of policies and regulations, and is an important measure for overall development and security. At the same time, as the first special legislation in the world to actively deal with the safety risks of generative artificial intelligence, the Measures clarify the direction for the orderly implementation of relevant management work.
I. The Measures clarify the security requirements for generative AI services
(1) Focus on the security of generated content, and guide services for good
Generative AI services have become one of the important ways for users to obtain knowledge on the Internet, and the content provided by the service will directly affect the user's perception of things, the Measures clearly adhere to the core socialist values, require service providers not to generate illegal information, and clearly put forward requirements such as anti-discrimination. The Measures require service providers to take effective measures to improve the quality of training data, enhance the authenticity, accuracy, objectivity and diversity of data, and guide service providers to do a good job in security management in data processing and data labeling.
(2) Focus on the protection of users' rights and interests, and ensure the legality and compliance of services
Generative AI services bring new security issues and security risks, in order to protect the rights and interests of users, the process and form of services need to be correctly guided, and the Measures require service providers to clarify and disclose the applicable population, occasions and uses of the service, so as to prevent minor users from over-relying or indulging in it. Due to its technical characteristics, generative AI services are prone to involve sensitive user data and require key protection, and the Measures put forward requirements for the protection of trade secrets and users' personal information, and clarify the obligation of service providers to protect user input information and usage records, so as to provide guarantees for users' safe use of services.
(3) Focus on management of usage patterns to prevent abuse and misuse of services
The Measures specify that service providers that discover that users are using generative AI services to engage in illegal activities shall employ measures such as warnings, restricting functions, suspending or terminating the provision of services to them in accordance with laws and agreements, keep relevant records, and report to the relevant competent departments. The Measures put forward requirements for the obvious identification of generated content such as pictures and videos to prevent users from misusing the generated content.
II. The Measures guide the construction of a generative AI security governance environment
(1) Encourage innovative applications and make overall plans for development and security
At present, mainland generative artificial intelligence is in a critical period of development, and it is necessary to ensure development with safety, promote safety with development, and promote the steady and rapid development of generative artificial intelligence. The first of the Measures further clarifies the principle of attaching equal importance to development and security, promoting innovation and governing according to law, and implementing inclusive and prudent supervision of generative artificial intelligence; The second is to encourage the innovative application of generative artificial intelligence in various industries and fields, explore and optimize application scenarios, and support professional institutions to carry out cross-industry collaboration in technological innovation, data resource construction, transformation and application, risk prevention, etc., and build an application ecosystem; The third is to encourage independent innovation in basic technologies such as algorithms, frameworks, chips, and supporting software, and promote the sustainable development of the entire industry chain.
(2) Strengthen entity responsibility and build a multi-party governance structure
The generative artificial intelligence service industry chain is gradually taking shape, and it is necessary to further strengthen the main responsibility and promote the improvement of the safety level of all links. First, the Measures clarify that providers shall bear the responsibility of producers of network security information content in accordance with the law and perform network information security obligations; Second, it is clarified that where personal information is involved, the provider shall bear the responsibility of the personal information processor in accordance with the law and perform the obligation to protect personal information; Third, it stipulates that the provider and the user should sign a service agreement to clarify the rights and obligations of both parties. The Measures clarify governance rules from multiple angles, emphasize governance requirements, clarify the role of users in supervising services, require providers to establish complaint and reporting mechanisms, and emphasize that users have the right to complain and report to relevant departments.
(3) Promote standards work and support the detailed implementation of the Measures
In parallel with the relevant work of the Measures, the national standards related to cybersecurity, which support the detailed implementation of the Measures, have been laid out in advance and uniformly promoted. The National Information Security Standardization Technical Committee has issued the "Information Security Technology Generative Artificial Intelligence Pre-training and Optimization Training Data Security Specification" and "Information Security Technology Generative Artificial Intelligence Manual Labeling Security Specification", and promoted the development of the "Overall Requirements for Information Security Technology Generative Artificial Intelligence Service Security", which plays a normative guiding role in preventing major security risks of generative AI and improving the overall security level of generative AI.
3. Accelerate the implementation of the Measures
The promulgation of the Measures provides an important legal guarantee for the healthy development of generative artificial intelligence services in the mainland, and it is recommended to accelerate the implementation of the Measures.
The first is to comprehensively promote the publicity and training of the "Measures". Carry out targeted publicity and interpretation for Internet enterprises, artificial intelligence, and other key industries related to intelligence, fully publicize the spirit of the Measures, widely condense security consensus, and promote the self-discipline development of the industry. Comprehensively carry out popular science training for the society, promote the understanding of national policies and safety awareness of generative AI service users, and promote the formation of a good situation of multi-party participation and joint governance.
The second is to establish a generative artificial intelligence service security assessment mechanism. Promote the establishment of supporting security assessment mechanisms and supporting assessment forces in the Measures, urge service providers with public opinion attributes or social mobilization capabilities to carry out security assessments, promptly discover security risks, rectify security issues, and improve security levels.
The third is to strengthen the security standardization of generative artificial intelligence services. Accelerate the development of national standards related to cybersecurity supporting the Measures. Actively promote the research and formulation of standards such as overall security requirements, training dataset security, and manual labeling security, and further give play to the supporting role of standards in generative AI management; Carry out forward-looking research on standardization at the same time, carry out pre-research on generative artificial intelligence classification and grading, generated content identification, user service agreements, etc., and continuously improve the scientificity, leadership and forward-looking nature of standardization work.
Author: Yang Jianjun Secretary of the Party Committee of China Electronics Standardization Institute
Source: "Netinfo China" WeChat public account
Reviewed: Li Jiamin
Editor: Wang Linchen
Proofreader: Chen Jindan
Source: NCIT China
![Poster|New rules for promoting the healthy development of generative artificial intelligence are here~ Six pictures to highlight for you![fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)