Our Observations: In April 2023, the TMT sector in China witnessed considerable regulatory advancements, notably the Cyberspace Administration of China's (CAC) introduction of new regulations for AIGC. This legislative action highlights the growing emphasis on ethical and secure AI use. Concurrently, other regulatory bodies, including the NMPA, MST, SPP, and the TC260 expanded the scope of digital and cyberspace regulation, indicating an increased commitment to secure and regulate digital ecosystem. Furthermore, the NDRC's strategy to strengthen the digital economy through six key aspects reflects an integrated approach towards the nation's digital transformation. Meanwhile, the focus on Open Source code security indicates a growing recognition of its compliance issues in the tech sector. Last, the ruling on the inadmissibility of unauthorized WeChat chat records recovery reaffirms the judiciary's commitment to personal information protection.

PART I – REGULATIONS, POLICIES & JUDICIARY INTERPRETATIONS

1. The CAC Issues New Regulations to Enhance the Supervision on AIGC

On April 11, 2023, the Cyberspace Administration of China (CAC) issued the Measures for the Management of Generative Artificial Intelligence Services (Draft for Comment) (the "AIGC Measures"), which aims to provide clearer guidance for China's AI and algorithm-related industries in terms of the current regulatory landscape.

The AIGC Measures defines generative artificial intelligence as technology that creates content based on algorithms, models, and rules. AIGC companies targeting the Chinese public, regardless of their physical location, are subject to regulatory supervision. ChatGPT's recent actions of shutting down user account from the P.R.C. can be considered a preventative measure to avoid being subject to the laws and regulations of the P.R.C. The AIGC Measures may also regulate "specific targeting" AIGC products, which means that even if an AIGC product is not directly targeted at the public, but at specific domestic enterprise users or custom-designed products, it may still be subject to the AIGC Measures.

AIGC Measures defines Service Providers as individuals and organizations that use AIGC products to provide services such as chat, text, image, and sound generation. This also includes entities that provide programmable API interfaces to support others in generating related content but excludes AIGC end-users. The AIGC Measures set out the extensive obligations of the Service Providers.

2. The NMPA Introduces Measures for Regulating Cosmetics Business Operated in Cyberspace

Recently, the National Medical Products Administration issued the Measures for the Supervision and Administration of Cosmetics Operations in Cyberspace (the "NMPA Measures"), which will come into effect on September 1, 2023. The NMPA Measures aim to regulate two primary entities: e-commerce platform operators and cosmetic businesses operating within these platforms.

The NMPA Measures emphasize the responsibilities of e-commerce platform operators to uphold quality control and perform routine inspections on the cosmetic businesses operating within their platforms. It should be noted that the NMPA Measures do not extend to cosmetics import or retail conducted during cross-border e-commerce.

E-commerce platform operators must implement quality management systems and establish specialized quality management functions or personnel to ensure the quality control obligations concerning the cosmetics businesses operating within their platforms. Additionally, the operators are responsible for routine inspections of product information posted on the platform and daily business operations. During inspections, the operators verify the registration and record-keeping of cosmetics, as well as the consistency, authenticity, and legality of the cosmetics labeling information.

3. The MST Solicited Comments on the Measures for Ethical Review of Science and Technology

On April 4th, 2023, the Ministry of Science and Technology issued the Measures on Ethical Review of Science and Technology (for Trial Implementation) ("MST Measures"), aiming to reinforce ethical review and supervision of science and technology activities in accordance with the Circulars on Beefing up Ethical Governance of Science and Technology. The MST Measures comprehensively regulate the requirement of ethical review regarding science and technology applicable in all fields.

The MST Measures defines the scope of application, reviewing entities, review process, and supervisory requirement of science and technology ethics review in accordance with other applicable laws and regulations, such as the Personal Information Protection Law. Additionally, the MST Measures stipulates that if competent authorities of specific industries have issue industrial-based regulations for the ethical review of science and technology activities in their field, provided that these regulations are at least as strict as MST Measures in terms of ethics reviews, then such industrial-specific regulations will take precedence.

The application scope of the MST Measures extends to scientific and technological activities as follows:

  1. scientific and technological activities involving human beings, including tests, investigations, observational studies with human research participants, and involving the use of human genes, human embryos, human biological samples, personal information;
  2. scientific and technological activities involving experimental animals;
  3. scientific and technological activities that do not directly involve human beings or experimental animals, but may pose ethical risk challenges in terms of life and health, ecology and environment, public order and sustainable development; and
  4. scientific and technological activities that are subject to ethical review of science and technology in accordance with laws, administrative regulations and relevant state provisions.

4. The SPP Issued the Circular on Beefing up the Procuratorate's Work in Cyberspace in the New Era

On April 18, 2023 the Supreme People's Procuratorate issued the Circular on Beefing up the Judicial Work in Cyberspace in the New Era (the "Circular"). The Circular consist of 21 articles in 6 aspects, focusing on the deployment of the comprehensive governance system of the cyberspace. The Circular provides specific requirements for legislation, law enforcement, judicial practice, legal popularization, legal research, and team building for the national Procuratorate Systems.

In terms of legislation, the Circular proposes to actively participate in the development and revision of legislation in cyberspace, cooperate with the legislature and regulatory authorities, and promote the development and revision of the Cybersecurity Law, Cybercrime Prevention Act, Anti-Unfair Competition Law, Regulations for the Network Protection of Minors and other laws and regulations.

In terms of judicial protection, the Circular proposes to focus on maintaining network system security and data security, and to increase the punishment of crimes against computer information system security in accordance with the law. At the same time, it highlights the increase in judicial protection of core technologies in key areas such as integrated circuits, artificial intelligence, big data and cloud computing, and to beef up the judicial protection of computer software, databases, network domain names, digital copyrights and digital content works.

In terms of public interest litigation, the Circular proposes to actively carry out prosecutorial public interest litigation in the field of network governance, focusing on issues such as harming cybersecurity, data security, personal information security, infringing on the rights and interests of network users,.

5. The NDRC Advocates for the Digital Economy to Become Stronger, Better, and Bigger through Six Key Aspects

On April 3, 2023, the head of the Department of Innovation and High Technology Development, under the National Development and Reform Commission, announced at a State Council Information Office press conference a commitment to fortify China's digital economy. The six key aspects targeted this year are:

  1. Strengthening policy and system infrastructure.
  2. Strategically deploying digital infrastructure.
  3. Encouraging digital industry innovation and growth.
  4. Expediting industry-wide digital transformation.
  5. Enhancing digital public services.
  6. Deepening international cooperation in the digital economy.

Specifically, the department aims to expedite the development of the "1+N" data factors system, encouraging early adoption and trial use of data factors where feasible, and coordinate a multilevel, diverse data factors market system.

The "1" in the "1+N" legal framework refers to the "Circular of the State Council of the Central Committee of the Communist Party of China on Building a Data Foundation System to Better Play the Role of Data Factors".

PART II - SECTORIAL STANDARDS & PRACTICE GUIDANCE

1. TC260 Solicited Opinions on the National Standard Information Security Technology Open Source Code Security Evaluation Method for Software Products

On April 10, the National Information Security Standardization Technical Committee (TC260) issued the Information Security Technology Open Source Code Security Evaluation Method for Software Products (Draft for Comments) ("OSS Method"). OSS Method provides explicit targets, evaluation criteria, and methods for assessing the security of Open Source code in software products. OSS Method's evaluation criteria includes aspects concerning Open Source code origin, quality, IPR, and management capabilities. The standard is intended to offer a reference for organizations to self-evaluate the safety of the open source code in their software, and provide a foundation for third-party entities to carry out similar work.

2. The National Information Security Standardization Technical Committee Solicited Public Comments on the Practice Guideline for Cybersecurity Standards

On April 18, 2023, the National Technical Committee for Standardization of Information Security issued the Practice Guideline for Cybersecurity Standards - Implementation Guidelines of Network Data Security Risk Assessment (Draft for Comments) (the "Guideline"), which aims to guide data processors in conducting network data security risk assessment.

The Guidelines elucidate the ideas, main work content, processes, and methods for network data security risk assessment, and propose to assess security risks from aspects such as data security management, data processing activities, data security technologies, and personal information protection.

PART III - ENFORCEMENT HIGHLIGHTS

1. The State Administration for Market Regulation Announced Key Legislative Tasks for the Year 2023

On April 11, the State Administration for Market Regulation announced key legislative tasks for the year 2023, focusing on four aspects:

  1. Optimizing the fair competition environment: enacting the Regulations on the Review of Fair Competition and revising the Regulations on Prohibiting the Abuse of Intellectual Property Rights to Eliminate or Restrict Competition and other regulations.
  2. Optimizing the business environment: enacting and revising the Implementation Measures for the Administration of Enterprise Name Registration and Medical Devices, Health Food and Food Formulas for Special Medical Purposes.
  3. Implementing strict quality and safety supervision of food, drugs, industrial products, and special equipment: actively promoting the revision of administrative regulations such as Regulations on the Supervision of Special Equipment Safety and Regulations on the Implementation of the Drug Administration Law.
  4. Accelerating the construction of a strong quality power: actively promoting the revision of the Product Quality Law and the Certification and Accreditation Regulations and revising the Measures for the Administration of National Measurement and Calibration Regulations and Measures for the Administration of Industry Standards and other regulations.

2. The State Administration for Market Regulation Organized the Special Enforcement Campaign Against Unfair Competition in 2023

On April 18, the State Administration of Market Supervision launched the 2023 "Guardian" campaign against unfair competition. This "Guardian" campaign emphasizes the following aspects:

  1. The focusing on the investigation and rectification of unfair online competition, including new forms such as fraudulent credit cards and deceptive live-stream promotions, to safeguard the digital economy.
  2. Regulating market practices in essential sectors, intensify supervision of new commercial marketing tactics, curbing illicit commercial bribery in key industries like pharmaceutical sales, catering, and tourism, and regulating prize promotions to boost consumer confidence.
  3. Protecting enterprises' core competitiveness, including enhancing protection of trade secrets, commercial logos, and business reputations, stimulating enterprise innovation, promoting efficient goods and factor circulation, and advancing the construction of a unified national market.

PART IV - COURT JUDGMENTS

1. The Employee's WeChat Chat Records Recovered by the Employer Without Consent Is Inadmissible Evidence

The Beijing Second Intermediate People's Court recently publicized a noteworthy case on employee personal information protection. The court held that the defendant company's self-retrieved WeChat chat record screenshots, from data previously deleted from the plaintiff's working computer, constituted the plaintiff's personal information. Irrespective of its content, such information should only be recovered and gathered with the plaintiff's informed, voluntary, and explicit consent to such personal information processing. The company's unauthorized restoration and collection of the deleted data, used as internal disciplinary grounds and case evidence, is deemed an improper utilization of the plaintiff's personal information. This action also breaches the key principle of personal information protection. As a result, the court find this evidence of WeChat chat record inadmissible.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.