Skip to main content

China first attempt to regulate deepfake-like risks.

|

China recently released an administration regulation on the use of deep synthesis technologies and their use on the internet. The regulation regulates some of the typical technologies and scenarios that are commonly seen on the internet nowadays.

Background


The Provisions on the Administration of Deep Synthesis of Internet-based Information Services ("Provisions") came into effect on 10 Jan 2023.  The Provisions were jointly published by the Cyberspace Administration of China, the Ministry of Industry and Information Technology and the Ministry of Public Security. The Provisions sets out, amongst others, the obligations of deep synthesis service providers, technical operators, and users to strengthen the supervision of deep synthesis technology and services.

Deep synthesis technology refers to the use of technologies such as deep learning and virtual reality that use generative sequencing algorithms to create text, images, audio, video, virtual scenes, or other information, including but not limited to:

(1) Technologies for generating or editing text content, such as chapter generation, text style conversion, and question-and-answer dialogues;

(2) Technologies for generating or editing voice content, such as text-to-speech, voice conversion, and voice attribute editing;

(3) Technologies for generating or editing non-voice audio content, such as music creation and ambient sound editing;

(4) Technologies for generating or editing biometric features in images and video content, such as face generation, face swapping, personal attribute editing, face manipulation, or gesture manipulation;

(5) Technologies for generating or editing non-biometric features in images and video content, such as image generation, enhancement, or restoration;

(6) Technology for generating or editing digital characters or virtual scenes, such as 3D reconstruction or digital simulations. 

The Provisions regulate deep synthesis service providers, deep synthesis service technical supporters and deep synthesis service users.  The Provisions define these parties as:

    • Deep synthesis service providers: refers to organizations and individuals that provide deep synthesis services.

    • Deep synthesis service technical support: refers to organizations and individuals who provide technical support for deep synthesis services.

    • Deep synthesis service users: refers to organizations and individuals who use deep synthesis services to produce, reproduce, publish, and disseminate information.


Key contents of the Provisions

General Provisions


According to the Provisions, no organization or individual may use deep synthesis services to produce, reproduce, publish, or disseminate information prohibited by laws and administrative regulations, and must not use deep synthesis services to engage in activities prohibited by laws and administrative regulations, such as endangering national security and interests, harming the national image, infringing on the public interest, disrupting economic and social order, or infringing on the lawful rights and interests of others. Other requirements for deep synthesis service providers include:

    1. Do not use deep synthesis services to produce, copy, publish, or disseminate false news information;

    2. Implement the main responsibility for information security, including establishing and improving management systems such as user registration, algorithm mechanism review, scientific and technological ethics review, information release review, data security, personal information protection, anti-telecommunications network fraud, and emergency response;

    3. Formulate and disclose management rules, platform conventions, and improve service agreements;

    4. Authenticate the real identity of users of deep synthesis services; and

    5. Establish and complete mechanisms for refuting rumors, and where it is discovered that deep synthesis services are used to produce, reproduce, publish, or disseminate falsehoods, they shall promptly employ measures to refute rumors, store relevant records, and report to the internet information departments and relevant competent departments.

Data and Technology Management Specifications


The Provisions also propose the following data and technology management specifications for deep synthesis service providers and technology supporters:

    1. Strengthen the management of training data and take necessary measures to ensure the security of training data;

    2. Strengthen technical management, regularly review, evaluate and verify the mechanism of generating synthetic algorithms; and

    3. If the provider's deep synthesis service may cause confusion or misidentification among the public, it shall be conspicuously marked in a reasonable location or area of the information content generated or edited, and the public shall be reminded of the deep synthesis situation.

    4. In addition, where internet information departments and relevant regulatory departments discover that deep synthesis services have relatively large information security risks, they may, in accordance with their duties and law, require deep synthesis service providers and technical supporters to take measures such as suspending information updates, user account registration, or other related services.
 

Summary


This is China's first attempt to regulate "deepfake"-like misinformation.  In summary, the Provisions provide guidelines on the obligations of relevant subjects such as service providers, technical supporters and users in light of the latest development of deep synthesis technology. This is not only coordinated with the Measures for the Administration of Internet Information Services, but also reflects the importance and understanding of emerging science and technology in China.

 

Article provided by INPLP member: Chris Yau (SGS Hong Kong Limited, Hong Kong)

 

 

Discover more about the INPLP and the INPLP-Members

Dr. Tobias Höllwarth (Managing Director INPLP)

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

VIEW STREAM

About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.

{$page.footerData}