First Generative AI Safety Guidelines Released with 31 Security Requirements
-
The newly released generative AI safety regulations outline 31 security requirements, and only compliant generative AI service providers can be "licensed to operate." These standards encompass four key areas: data security, model security, safety measures, and security assessments.
For data security, providers are required to establish a blacklist of data sources and refrain from using blacklisted data for training. If a data source contains over 5% illegal or harmful content, it will be added to the blacklist. Additionally, the regulations mandate diversified data sources, including different languages and types, with traceability requirements.
Regarding model security, providers are prohibited from using unregistered foundational models for development and must disclose the use of third-party foundational models. Generated content must align with scientific facts and avoid misinformation.
For safety measures, different protective measures are specified based on usage scenarios and user needs, particularly for critical information infrastructure and underage users. Additionally, monitoring personnel must be assigned to improve content quality.
Security assessments include specific evaluation methods, such as data security assessments, generated content safety assessments, and content rejection assessments. Providers are required to conduct manual sampling to ensure data security.
Overall, these generative AI safety regulations provide clear security standards for service providers to ensure the quality and safety of generated content. This is crucial for protecting user rights and social security.
The original notice for soliciting opinions on the technical document "Basic Security Requirements for Generative Artificial Intelligence Services (Draft for Comment)" by the Information Security Standards Committee can be found at:
https://www.tc260.org.cn/front/postDetail.html?id=20231011143225