China: Closed consultation TC260 draft standard Basic Requirements for Security of Generative Artificial Intelligence Services of Cybersecurity Technology including data protection regulation

On 22 July 2024, the National Information Security Standardisation Technical Committee of China (TC260) closes the public consultation on the draft national standard "Basic Requirements for Security of Generative Artificial Intelligence Services of Cybersecurity Technology". The draft outlines the requirements that providers of generative artificial intelligence (AI) services are required to implement during the development process regarding the security of training data sources, training data content security, data annotation security, and model security. In addition, it outlines the security obligations after the system was released for public use. In regard to data protection, providers are required to obtain the data subject's consent before using training data that contains personal information and explicit consent if training data contains sensitive personal data. If consent cannot be obtained, the providers are required to comply with the laws and administrative regulations regarding the legal bases for processing of personal data.