Basic Security Requirements for Generative AI Service Issued
Recently, the National Technical Committee 260 on Cybersecurity of Standardization Administration of China(SAC/TC260)issued the Basic Security Requirements for Generative Artificial Intelligence Service (hereinafter referred to as the "Basic Requirements"), which stipulates the basic requirements for the security aspect of generative artificial intelligence services from multiple dimensions such as corpus security and model security. It is applicable for service providers to conduct security assessments and improve security levels, and also provides reference for relevant regulatory authorities to evaluate the security level of generative AI service.
The Interim Measures for the Management of Generative Artificial Intelligence Service (the "Interim Measures") came into effect on August 15, 2023, which stipulated the basic standards for generative artificial intelligence service. In October, the SAC/TC260 released a draft of the Basic Requirements for soliciting opinions, which received positive feedback from all sectors of society. Beijing Zhongguancun Laboratory, Shanghai Artificial Intelligence Laboratory, Zhejiang University, Baidu, iFLYTEK and others participated in the drafting of the document. The Basic Requirements refine and interpret relevant provisions such as the Interim Measures, providing specific guidance for the implementation of the Interim Measures. For example, in terms of corpus security, the requirements for service providers are specifically divided into corpus source security, corpus content security, and corpus annotation security. In terms of corpus content security, in addition to filtering out illegal and unhealthy information in the corpus, specific requirements for intellectual property are stipulated, mainly including:
1) An intellectual property person in charge should be in place for the corpus and generated content, and an intellectual property management strategy should be established;
2) Before using the corpus for training, the main intellectual property infringement risks in the corpus should be identified. If problems such as intellectual property infringement are found, the service provider should not use the relevant corpus for training;
3) Complaint and reporting channels for intellectual property issues should be established;
4) In the user service agreement, the user should be informed of the intellectual property related risks when using the generated content, and the responsibility and obligation to identify intellectual property issues should be agreed with the user;
5) Intellectual property related strategies should be timely updated based on national policies and third-party complaints;
6) The following intellectual property measures should be in place:
—— Summary information related to intellectual property in public corpus;
—— Support third-party inquiries on corpus usage and related intellectual property situation in the complaint and reporting channels.
In addition, the Basic Requirements also involve security measures and provide specific requirements for security assessment. The security assessment can be carried out by the provider themselves or commissioned to a third-party assessment agency. The appendix also clarifies the main security risks of the corpus and generated content, including content that violates socialist core values, discriminatory content, risks of commercial violations (including infringement of intellectual property rights of others, violation of business ethics, disclosure of trade secrets of others, use algorithms, data, platforms and other advantages to carry out monopolistic and unfair competition behaviors), and risks of infringing on the legitimate rights and interests of others, etc.
The Basic Requirements also point out that in addition to the basic requirements proposed in this document, service providers should independently carry out other security work in aspects such as network security, data security, and personal information protection in accordance with Chinese laws, regulations, and national standards, and should also pay close attention to the long-term risks that may arise from generative artificial intelligence.
Security and trustworthiness are necessary conditions for the healthy development of generative artificial intelligence. The Basic Requirements, as the specific support of the Interim Measures in the field of security, is a heavyweight document in the field of generative AI in China recently. It will promote further healthy and orderly development of the industry and accelerate the implementation of applications.
(Adapted from Science and Technology Daily)
新闻中心
卓越服务,让智慧成就非凡
卓越服务,让智慧成就非凡
卓越服务,让智慧成就非凡
卓越服务,让智慧成就非凡