China: Closed consultation on Administrative Measures for Generative Artificial Intelligence Services including data protection regulation

On 10 May 2023, the Cyberspace Administration of China (CAC) closed its consultation on the draft “Administrative Measures for Generative Artificial Intelligence Services”. The draft regulation will require new artificial intelligence (AI) products developed in China to undergo a “security assessment” before being released to the public. In particular, the regulation establishes that AI service providers will be responsible for the legitimacy of data used to train generative AI products and to obtain the subject’s consent if the data contains personal information. Furthermore, providers will be responsible for protecting users’ information and will be prohibited from retaining information that allows to infer the user’s identity and from providing user input information to third parties. The regulation also requires providers to establish a mechanism for receiving and handling complaints on the use of personal data and to promptly address requests for correction, deletion, and blocking of personal information. Providers that fail to comply with the regulation may be fined, have their services suspended, or be subject to criminal investigations.