AI regulation in China

In January 2022, China promulgated two laws specific to AI applications. While the provisions regarding the management of algorithmic recommendations for internet information services (Algorithm Provisions) have been in effect since March 2023, the provisions for managing deep synthesis of internet information services (Draft Deep Synthesis Provisions) are still in the drafting stage.

Algorithm Provisions

These regulations aim to address the misuse of algorithmic recommendation systems and include provisions concerning content management, tagging or labelling, transparency, data protection, and fair practices. Additional regulations are applicable in specific areas, such as those related to minors or e-commerce services. Non-compliance may result in fines ranging from 10,000 to 100,000 RMB (approximately 1,570 to 15,705 US dollars).

Draft Deep Synthesis Provisions

These provisions seek to regulate “deep synthesis” technologies, particularly in combating deep fakes. With the exception of fair practices, these laws cover all the aspects mentioned above. Additionally, certain obligations for online app store operators are included. The maximum penalties are the same as those specified in the Algorithm Provisions.

China’s Cyberspace Administration (CAC) concluded its consultation on the draft Administrative Measures for Generative Artificial Intelligence Services on May 10, 2023. This draft regulation mandates a “safety assessment” for new AI products developed in China before their release to the public. Specifically, the regulation requires AI-generated content to be truthful and accurate, while prohibiting content that undermines state power, contains terrorist or extremist propaganda, promotes violence, contains obscene or pornographic information, incites ethnic hatred or discrimination, or disrupts economic and social order. The regulation also requires AI service providers to take measures to prevent the generation of false information and harmful content. If inappropriate content is generated, providers must update their technology within three months to prevent similar content from being produced. Non-compliance with the regulation may result in fines, service suspensions, or criminal investigations.

Additionally, China has implemented regional legislation concerning AI. On September 6, 2022, the Shenzhen government published China’s first city-level AI regulation, known as the “Regulations on Promoting Artificial Intelligence Industry in Shenzhen Special Economic Zone.” Shanghai also published a provincial law on AI development called the “Shanghai Regulations on Promoting the Development of the AI Industry” which came into force in October 2022.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.