1. INTRODUCTION
Pursuant to Article 17 of the Interim Measures for the Management of Generative Artificial Intelligence Services (the "AIGC Measures"), providers offering AI-related services with public opinion nature or capable of social mobilization shall conduct security assessment in line with applicable laws and regulations. During the market entry process of AIGC products, security assessment is a pivotal step in ensuring both product compliance and user security. As Part III in a series of articles intending to chart the regulatory course for AIGC and explore its potential trajectory under the current legal advancements, this article aims to dissect the complex nature of "security assessment" by tracing its historical development and exploring its current practice. Concurrently, this article will analyze how to formulate and execute effective security assessment strategies, sharing some ideas to aid in the successful market entry of your AIGC products.
2. ABOUT THE SECURITY ASSESSMENT: VERSION 0.5
In 2017, the Cybersecurity Administration of China (CAC) already introduced the regulatory approach of "security assessment" in the Regulations on the Security Assessment of New Technologies or New applications for Internet-based News information Services (the "Double-New Measures"). The Double New Measures stipulates that internet news service providers should conduct security assessment and compile a security assessment report when (1) applying new technologies, adjust or add application functions with news or public opinion nature or social mobilization capabilities, or (2) causing changes in user scale, functions, technical implementation methods, basic resource allocation and other aspects which lead to significant changes in news or public opinion nature or social mobilization capabilities. Such service providers must submit the required security assessment report to the national or provincial-level CAC for review. This the early form of security assessment was what the industry now refers to as the "Double-New Assessment" (new technology, new application).
But under the Double-New Measures, the duty to conduct security assessment is narrowly limited to "providers of internet news information services." Given this, the security assessment requirement under Double-New Measures does not apply to AIGC products not involving news information services. We refer to this early form of the security assessment as Security Assessment 0.5.
3. ABOUT THE SECURITY ASSESSMENT: VERSION 1.0
A year after the implementation of the Double-New Measures, the CAC issued the Provisions on the Security Assessment of Internet Information Services with Public Opinion Nature or Social Mobilization Capacity (the "Public Opinion Provisions"). This time, the application scope of security assessment was no longer confined to the news information services. According to the Public Opinion Provisions, providers of internet information services shall carry out security assessment under the following circumstances:
- Information services with public opinion nature or social mobilization capacity is implemented online, or corresponding functions is added on to such online information services.
- New technologies or new applications, cause the functions, technical realization methods, basic resource allocation, etc., of their information services to undergo major change, leading to major changes in public opinion nature or social mobilization capacity.
- User scale is markedly increasing, leading to major changes in the public opinion nature or social mobilization capacity of such information services.
- Where unlawful or harmful information has been disseminated and spread, indicating the difficulty for existing security measures to effectively prevent and control cybersecurity risks.
- Other circumstances where district / city-level or higher cybersecurity administrations or public security bureaus notify in writing that a security assessment is required.
In such circumstances, providers of internet information services are obligated to conduct security assessment and submit the security assessment report to the district / city-level or higher cybersecurity administrations or public security bureaus via the National Internet Security Management Service Platform (https://www.beian.gov.cn/portal/index.do). The specific requirement for security assessment can be found in Article 5 of the Public Opinion Provisions.
Additionally, cybersecurity administrations or public security bureaus have the authority to initiate on-site inspections based on their evaluations. Generally, providers of internet information services should bring relevant documents for on-site inspections at the designated public security bureau. Looking from the submission window and on-site inspection bodies, the public security bureau is the primary body responsible for implementing Security Assessment 1.0.
Even though Security Assessment 1.0, by law, are closely tied with internet information services characterized by "public opinion nature or social mobilization capability," in practice, the interpretation of what qualifies as such is somewhat expansive, virtually covering all products featuring internet information interaction functionalities or channels. The submission process for Security Assessment 1.0 is quite transparent; businesses simply need to accurately complete the forms and submit their assessment reports based on the guidance found in the Security Assessment User Manual offered by the National Internet Security Management Service Platform. Generally, the review of the security assessment report, from submission to approval, can be accomplished within a month.
4. ABOUT THE SECURITY ASSESSMENT: VERSION 2.0
Fast forward to 2023, a year of exceptional growth and development in the field of artificial intelligence, AIGC product developers, primarily those working on large models, are now tasked with presenting comprehensive Double-New Assessment reports to the CAC. Such reports cover extensive requirements, frequently encompassing over a hundred pages of meticulous details, which is quite different from Security Assessment 1.0 reports submitted via the National Internet Security Management Service Platform. Hence, we refer to this as Security Assessment 2.0.
The primary regulatory targets of Security Assessment 2.0 are AIGC developers. Based on our experience and observations, the Security Assessment 2.0 differs from the Security Assessment 1.0 in the following ways:
|
Security Assessment 1.0 |
Security Assessment 2.0 |
|
|
Subject |
Internet Information Services Provider |
Developers of AIGC Product Primarily Based on Foundation Models |
|
Conditions |
x before the market launch of internet information services or related functions with public opinion nature or social mobilization capacity; x before the launch of new technology or new application of information services; x when the scale of information service users significantly increases; x when harmful information disseminates. |
x before the launch of deep synthesis technology; x before the launch of facial recognition positioning, identity authentication, and attribute analysis services; x before the launch of internet information services based on algorithms recommendation; x before the launch of ai system; x before the launch of blockchain information services. |
|
Regulatory Authority |
District / City-Level or Higher Public Security Bureaus |
CAC |
|
Report Content |
x setting of security department; x identity authentication; x retention of the logs of registration, publishing information, and weblogs; x measures for preventing and disposing of harmful information; x technical measures to prevent the spread of harmful information; x channels for complaints and rights protection; x mechanisms for cooperation and assistance in law enforcement. |
x security guarantee of the subject (organization, system, technology and management of third parties ); x security guarantee of information (information resource, content review, information release, monitoring and warning, information storage and destruction; x user security; x technology security (deep synthesis, facial recognition, algorithm recommendation, ai system and blockchain). |
|
Assessment Key Issues |
x business application security; x business platform security; x business operation security; x data security. |
x ideological security; x legal and ethical security; x technology security. |
|
Assessment Period |
2-4 weeks |
Unknown |
|
Pass Rate |
High |
Low |
Regulatory authorities have been closely monitoring the potential
security risks of AIGC products for some time. Back in 2021, the
CAC, along with the Ministry of Public Security (MPS), issued
directives to strengthen the security assessment of emerging
internet technologies and applications, especially those related to
voice social media and deepfake technologies. The cited legal
foundation then was the Public Opinion Provisions. Two years later,
we now see a significant amplification in the rigor of regulatory
oversight, with major AIGC product developers currently grappling
with the demands of Security Assessment 2.0.
Interestingly, Security Assessment 2.0 appears to be implemented in practice despite the lack of clear statutory guidance. Pursuant to Article 6 of the draft AIGC Measures, service providers shall declare the security assessment to the CAC before launching any AIGC products to the public per the Public Opinion Provisions. Compared to Security Assessment 1.0, Article 6 of the draft AIGC Measures elevates the regulatory body from the "district / city-level or higher cybersecurity administrations or public security bureaus" to the CAC. Hence, it was once perceived as the legal basis for Security Assessment 2.0.
But in the officially released AIGC Measures, the requirement for declaring security assessment to the CAC has been modified. It now states, "[f]or those providing AIGC services with public opinion nature or social mobilization capabilities, security assessment should be conducted according to relevant laws and regulations." This updated, albeit somewhat nebulous, statutory requirement may be interpreted in several ways:
- Possible Interpretation 1. "AIGC services with public opinion nature or social mobilization capabilities" fall under the category of "internet information services with public opinion nature or social mobilization capabilities." Thus, AIGC service providers should satisfy the relevant requirements set forth in the Public Opinion Provisions, including the submission of Security Assessment 1.0.
- Possible Interpretation 2. The term " relevant laws and regulations" is not confined to the Public Opinion Provisions. Therefore, AIGC service providers should also comply with other applicable laws and regulations. If other applicable laws and regulations put forward similar security assessment requirements, AIGC service providers should also fulfill their relevant assessment obligations in accordance with the law and regulations.
In addition, the requirement for "security assessment" also recurs in other AI-related legislations. For instance, providers of algorithmic recommendation services that bear public opinion nature or social mobilization capabilities must conduct security assessment. Similarly, providers and technical supporters of deep synthesis services with specific functionalities must also perform security assessment according to pertinent laws and regulations. The recurring requirement of "security assessment" across different legislative frameworks inevitably causes confusion among businesses. Consequently, we cautiously foresee that the CAC may introduce auxiliary regulations or specific assessment guidelines for Security Assessment 2.0 in the future, thereby filling the current legislative gap.
5. ABOUT THE SECURITY ASSESSMENT: MIIT VERSION
In addition to the Security assessment 0.5, 1.0, and 2.0, all led by the cybersecurity administrations or public security bureau, Ministry of Industry and Information Technology (MIIT) introduced another variant of security assessment, referred to as the MIIT Version.
The inception of the MIIT Version can be traced back to the Internet New Business Security Assessment Management Measures (Draft for Comments) (the "MIIT Measures") promulgated by the MIIT in 2017, which requires telecommunications business operators to carry out security assessment - also known as "Double-New Assessments" - regarding potential cybersecurity threats that their new Internet services may pose. Despite the MIIT Measures not having officially taken effect, the MIIT has subsequently released a succession of industrial standards that pertain to the security assessment of new internet technologies and services within the telecommunications sector. This progression has enabled the practical implementation of the MIIT Version of the security assessment:
The MIIT Version of security assessment currently operates under a well-established service procedure, and recognized assessment institutions are available to conduct the process. Notably, the content of the MIIT Version largely intersects with the requirement of Security Assessment 2.0. The extent to which the CAC, MIIT, and MPS will coordinate and harmonize their regulatory scopes and benchmarks in the future remains an open question.
6. CONCLUSIONS
The existing dialogue surrounding security assessment is marked by ambiguity, leaving businesses in dire need of further clarification and definition from the regulatory authorities. Despite this, it's indisputable that Security Assessment 2.0 has emerged as the toughest hurdle to cross before AIGC products can enter the market. We would strongly advise businesses that have yet to commence preparation works to treat this matter with utmost seriousness. Initiating internal projects at an early stage, dedicating the necessary personnel, and enlisting external legal help if needed, could be instrumental in facilitating the smooth market entry of AIGC products.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
