In today's rapid development of artificial intelligence, governments have introduced regulations specifically for AI, especially generative AI. These regulations form the core framework of AI compliance, directly stipulating the full lifecycle requirements of AI systems, from development to deployment to operation.
1. Regulations specifically for AI/generative AI (most directly related)
China's Interim Measures for the Administration of Generative AI Services
⭐⭐⭐⭐⭐ the most relevant: specifically regulating generative AI, Including the core requirements of the whole process of training data, content generation, and service provision
: algorithm filing, security assessment, content filtering, and identification obligations
the most relevant ⭐⭐⭐⭐⭐ the EU's
AI Act
: the world's first comprehensive AI regulatory law, There are specific core requirements for the basic model
: risk assessment, transparency obligations, technical documentation, manual supervisionOfficial
2. Algorithm governance related (directly affecting model deployment)
China
"Provisions on Algorithm Recommendation of Internet Information Services" ⭐⭐⭐⭐
Official website for
algorithm filing, algorithm transparency, and protection of user rights
"Provisions on Deep Synthesis of Internet Information Services" ⭐⭐⭐⭐
Official website for
deep synthesis content identification, detection technology, and prevention of illegal content
3. Data compliance (related to training data)
Global
GDPR (EU) ⭐⭐⭐⭐⭐
If training data involves personal information, it requires legal basic
data subject rights (right to delete, right to access, etc.).
China's
Personal Information Protection Law ⭐⭐⭐⭐⭐
the legality of training data collection and use
Special protection of sensitive personal information
Data Security Law Important ⭐⭐⭐⭐
Data Processing Rules
Data Export Security Assessment
4. Content security (related to output content)
China's
Cybersecurity Law Monitoring ⭐⭐⭐⭐
and Disposal of Illegal Content Network
Security Level Protection
"Provisions on the Ecological Governance of Online Information Content" Official ⭐⭐⭐
website of the
review requirements
for
the content of bad information governance
5. Intellectual property rights (related to training data and output)
Copyright Law (available in all countries). ⭐⭐⭐⭐
Copyright compliance for training data
Copyright attribution of generated content
6. Industry-specific norms
Financial sector
China: Fintech Development Plan, relevant regulations of the People's Bank of China
European Union: Digital Operational Resilience Act (DORA)
Medical field
United States: FDA's AI/ML medical device guidelines
China: Summary of core compliance points of AI-assisted diagnosis related regulations
in the Medical Device Classification
Catalogue Algorithm Filing (China): To provide generative AI services, algorithm filing security assessment must be
completed: security assessment before launch, Including content security, data security
training, data compliance: ensuring that data sources are legal and does not infringe on intellectual property
rights Transparency requirements: informing users to use AI-generated content, and technical documentation disclosure
content filtering: preventing the generation of illegal and harmful content
Personal information protection: privacy protection during training and reasoning
Manual supervision: Establish a manual review mechanism
Risk classification management: Conduct risk assessment and corresponding management
suggestions according to application
scenariosFocus on:
If operating in China: Prioritize the Interim Measures for the Management of Generative AI Services If
operating
in the EU: Prioritize the AI Act and GDPR If
processing personal data: Data protection laws in each country need to be complied with
If it involves a specific industry: also need to pay attention to industry regulatory requirements
