1. INTRODUCTION
As a vital part of the AIGC governance, algorithm record-filing serves as a regulatory tool to enforce the legal requirements of algorithmic transparency. Its primary objective is to safeguard user rights by ensuring product and information security. Since the introduction of the requirements for algorithm record-filing by the Internet Information Service Algorithmic Recommendation Management Provisions (the "Algorithm Provisions") and the Internet Information Service Deep Synthesis Management Provisions (the "Deep Synthesis Provisions"), the Cyberspace Administration of China (the “CAC”) has consecutively released four rounds of domestic Internet Information Service algorithm record-filing lists, along with the first algorithm record-filing list for domestic Deep Synthesis Services.
In alignment with the requirement of algorithm record-filing, major application stores have initiated a pre-launch review process for AIGC-related applications to ensure compliance with the requirements of algorithm record-filing. Per Article 13 of the Deep Synthesis Provisions, if an AIGC product fails to fulfill its legal obligations for algorithm record-filing, application stores hold the authority to take actions including denying shelf space, issuing warnings, suspending services, or even removing the application from the store. As Part II in a series of articles intending to chart the regulatory course for AIGC and explore its potential trajectory under the current legal advancements, this article seeks to guide readers through the complexities of the algorithm record-filing process, a step that AIGC product developers cannot miss to successfully bring AIGC products to market.
2. THE DISTINCTION BETWEEN "DEEP SYNTHESIS ALGORITHMS" AND "GENERATIVE SYNTHESIS ALGORITHMS"
After the release of the Deep Synthesis Provisions, distinctions between " Deep Synthesis Algorithms" and " Generative Synthesis Algorithms” is widely discussed among all stakeholders in the AIGC industry. While Deep Synthesis Algorithms and Generative Synthesis Algorithms each exhibit their unique characteristics, their underlying similarity underscores their association. For instance, both Deep Synthesis Algorithms and Generative Synthesis Algorithms apply advanced deep learning technologies such as Convolutional Neural Networks (CNN), Generative Adversarial Networks (GAN), Variational Autoencoders (VAE) to generate diverse forms of contents and data, and both find versatile applications in fields including but not limited to computer vision, image processing, computer graphics, virtual reality, and augmented reality.
Notably, the key differentiation lies in the respective outputs of these two types of algorithms. Deep Synthesis Algorithms specialize in generating novel data that closely mirror the real-world counterparts. A well-known example is Deepfake technology, which generates hyper-realistic images or videos by "swapping" faces. In contrast, Generative Synthesis Algorithms aim to generate completely original content based on pre-defined rules, parameters, or models, thereby presenting an even more natural rendition of the “reality”, like "creating" new faces from scratch.
The fundamental commonality between Deep Synthesis Algorithms and Generative Synthesis Algorithms lies in their capacity to create content that significantly diverges from existing reality. Both methodologies use the power of deep learning to understand, learn and mimic the intrinsic characteristics of the data, thus generating realistic and convincing new data. As a result, despite their distinct approaches - "swapping faces" or "creating faces" - both technologies ultimately serve the same purpose of pushing the boundaries of what's achievable in data generation. Hence, in terms of regulatory compliance such as algorithm record-filing, businesses are not obliged to differentiate between the two technologies.
Following is the actual filling interface. For the “Algorithm Type” row, readers can find that the CAC treat Generative Synthesis(AIGC) and Deep Synthesis Algorithm procedurally the same under one filling section:
3. STEP-BY-STEP GUIDANCE TO ALGORITHM RECORD-FILING
Given that the CAC has not established a distinct record-filing procedure for Generative Synthesis Algorithms and considering the unique nature of the Deep Synthesis Algorithm—which necessitates a specific role-identification for the filing entity—we will introduce the entire record-filing process using the Deep Synthesis Algorithm as an illustrative example.
- Record-Filing Subject
The roles inherent to the Deep Synthesis Algorithm encompass the Deep Synthesis Service Provider and the Deep Synthesis Service Technical Supporter, each bearing distinct responsibilities during the record-filing of the same algorithm. Entities should consider the following guidelines to discern their record-filing responsibilities:
- If an entity embodies both roles for the same algorithm, it must independently fulfill the record-filing process as both a Deep Synthesis Service Provider and a Deep Synthesis Service Technical Supporter.
- If an entity solely functions as a Deep Synthesis Service Provider without offering technical support, it needs to complete the record-filing merely as a Deep Synthesis Service Provider.
- If an entity procures Deep Synthesis technology from a supplier and utilizes this technology to deliver Deep Synthesis services to end-users, it must independently meet its record-filing obligation as a Deep Synthesis Service Provider, regardless of the supplier's record-filing status.
Within a corporate group where multiple subsidiaries might share algorithms, the group can designate the subsidiary that controls the algorithm as the record-filing entity. However, if the algorithm record-filing entity differs from the ICP record-filing entity for the same AIGC product, the algorithm record-filing entity may be required to provide an explanation detailing the relationship between these two entities and the reason for this discrepancy.
- Recording-Filing Process
Per the record-filing guidance issued by the CAC in alignment with the Deep Synthesis Provisions, and considering our previous project experiences, the record-filing procedures for AI algorithms can be delineated into three steps:
- Step 1 - Information of the Record-Filing Subject. Relevant information regarding the record-filing entity should be submitted. Once manually approved by the CAC, the record-filing entity can proceed to submit the data regarding the algorithm and the functionality of the AIGC products.
- Step 2 - Information of the Algorithm. Following the Step 1, required information regarding the algorithm should be submitted during the record-filling as follows:
basic information required for the algorithm
|
Algorithm Type |
Please choose the type of the algorithm. |
|
Algorithm Name |
Please type in the name of the algorithm. |
|
Launch Time |
Please choose the date. |
|
Application Area |
Please choose the application area. |
|
Self-Assessment Report of Algorithm Security |
Please upload the self-assessment report of algorithm security. |
|
Text to be Publicized |
Please upload the text to be publicized. |
detailed information required for the algorithm
|
Algorithm Introduction |
Please type in the introduction of the algorithm. (No more than 200 words.) |
|
Usage Scenario |
Please choose the usage scenario. |
|
Algorithm data |
|
|
Input Data Modality |
Please choose the input data modality. |
|
Does the input character feature include biometric features? |
□ Yes. □ No. |
|
Does the input character feature contain identity information? |
□ Yes. □ No. |
|
Output Data Modality |
Please choose the output data modality. |
|
Output File Format |
Please choose the output file format. |
|
Output File Size |
Please type in the output file size. |
|
Does the algorithm support batch output? |
□ Yes. □ No. |
|
Algorithm model |
|
|
The Source of Training data |
|
|
Does the training data include overseas data? |
□ Yes. □ No. |
|
How to generate training data? |
Please choose the mechanism to generate training data. |
|
Does the training data involve personal information? |
□ Yes. □ No. |
|
Generative Synthesis Algorithm Type |
Please choose the type of the generative synthesis algorithm. |
|
Algorithm Hardware Requirements |
Please type in the type of the algorithm hardware requirements. |
|
Algorithm Performance |
Please type in the algorithm performance. |
|
Algorithm Calculation Method |
Please choose the algorithm calculation method. |
|
Algorithm Strategy |
|
|
Do you preprocess the training data? (model strategy) |
□ Yes. □ No. |
|
Do you preprocess user input data? (input strategy) |
□ Yes. □ No. |
|
Do you post-process the output results? |
□ Yes. □ No. |
|
Risk of Algorithm and Prevention Mechanism |
|
|
Do you attach implicit identification to the generated synthesized content created by your service. |
□ Yes. □ No. |
|
Do you attach significant identification to the generated synthesized content. |
□ Yes. □ No. |
|
Do you have the capacity to remind users to prominently identify the generated synthesized content? |
□ Yes. □ No. |
|
Security Guarantee Mechanism for User Data |
Please choose the security guarantee mechanism for user data. |
|
Refutation Mechanism for Generative Synthesized Fake Information |
Please choose the refutation mechanism for generative synthesized fake information. |
|
Discovery and Disposal Mechanism for Generative Synthesized Harmful Content |
Please choose the discovery and disposal mechanism for generative synthesized harmful information. |
|
Explanation of Risk Prevention Mechanism |
Please type in the explanation of risk prevention mechanism. (No more than 200 words.) |
- Step 3 – Information of Associated AIGC Products and Technical Supporters. The record-filing process requires different information from the Deep Synthesis Service Provider and the Deep Synthesis Service Technical Supporter primarily during Step 3. The Deep Synthesis Service Provider is expected to deliver details about associated AIGC products and functionalities, while the Deep Synthesis Service Technical Supporter should provide information about the technical support plan. The summary of the submission process for the Deep Synthesis Service Provider and the Deep Synthesis Service Technical Supporter is as follows:
Owing to the extensive information required during the record-filing process, we advise businesses to prepare the necessary content in advance, utilizing the Internet Information Services Algorithm Record-Filing System provided by the CAC.
- Record-Filling Documents
During the algorithm record-filing process, besides inputting the basic and detailed information aforementioned, entities are also required to prepare the following documentation:
- Table for the Implementation of Subject Responsibility of Algorithm Security. As part of Step 1, a record-filing entity is expected to upload the completed table to demonstrate compliance. This document should detail the dedicated algorithm security department within the entity, in addition to the algorithm security management policies they adhere to. These policies should include but are not limited to the Algorithm Security Self-Assessment Policy, Algorithm Security Monitoring Policy, Algorithm Security Violation Penalty Policy, Emergency Response Policy, and the Policy for Ethical Review of Technology.
- Algorithm Security Self-Assessment Report. In Step 2, entities should submit an Algorithm Security Self-Assessment Report detailing the operations of the algorithm, including but not limited to, specific information about the algorithm (workflow, data, model, intervention strategies), its application in service, risk assessment, risk control measures, and security evaluation conclusions. Specifically, Deep Synthesis Service Providers are expected to provide additional information regarding content governance, generated content marking, rumor debunking mechanisms, and user rights protection.
- Proposed Public Disclosure. Pursuant to the Algorithm Provisions, providers of algorithm recommendation services are obliged to disclose the core principles, objectives, and operational mechanisms of their services appropriately. During Step 2 of the record-filing process, entities should submit their proposed public disclosure information, primarily encapsulating the algorithm's core principles, operational mechanisms, application scenarios, and objectives. While the CAC has not specified detailed requirements for public disclosure, we suggest entities adhere to the existing industry standards to fulfill the obligations of algorithm disclosure without revealing trade secrets or technical know-how concerning the algorithm.
The aforementioned documents are crucial for the successful completion of the algorithm record-filing process. They not only cover the technical aspects of the algorithm but also explore the depth of its compliance structure, including security management systems, organizational constructs, and risk mitigation strategies. Therefore, we strongly recommend that entities initiate strategic planning and thorough preparation for the algorithm record-filing process well ahead of time. Engaging external legal experts can significantly aid in the efficient, comprehensive, and timely preparation of record-filing materials.
4. RECORD-FILING DEADLINE.
In accordance with the Algorithm Provisions, upon the successful submission of all requisite information and documents pertaining to algorithm record-filing, the CAC is obligated to finalize the record-filing process within thirty working days. But entities should know that, based on our first-hand project experience, the record-filing process for algorithms may extend beyond two months, given the probability of back-and-forth revisions and subsequent re-submissions.
5. CONCLUSIONS
The recent Interim Measures for the Management of Generative Artificial Intelligence Services requires AIGC services and products to complete the algorithm record-filing process before entering the market. Entities now should commence this process promptly due to its lengthy nature, which involves a comprehensive internal review of algorithms and painstaking preparation of necessary documentation. Entities should consider engaging external legal consultants that are familiar with relevant regulations, actual procedures, and maintaining up-to-date communication with regulatory bodies. After record-filing, entities must conspicuously display their record-filing number and disclose algorithmic principles and operations.
