Mainland China and Hong Kong continue to be very active in improving and strengthening artificial intelligence governance and digital trust.
On May 19, China’s National Cybersecurity Standardization Technical Committee released Guidelines 1.0 on Ethical Security for AI Applications, the first comprehensive guidance covering ethical issues across the entire AI lifecycle.
The guidelines make clear that AI aims to benefit human well-being, contribute to society, and achieve sustainable development, and emphasize the importance of human oversight in the development and deployment of AI.
China has so far issued several AI policies and rules, such as the 2022 Opinions on Strengthening Science and Technology Ethics Governance and Measures on Ethical Review and Services of AI Technology, but these frameworks were either soft law policies, sector-specific rules with limited application, or piecemeal ethical requirements tied primarily to algorithmic governance and data protection.
For the first time, the guidelines cover the entire AI lifecycle, from development and service delivery to applications, and extend their scope to new AI innovations, including agent AI and humanoid AI.
The guidelines establish nine AI ethical principles: Respect the right to life. Fairness and fairness. Rationality of risk. transparency; privacy and security; Control and reliability. Agile governance. and inclusive and shared interests.
They also identify six major ethical risks: Disruption of public order. Misinformation and knowledge distortion. Algorithmic discrimination. Violation of individual rights. and damage to the ecosystem.
These guidelines provide operational guidance for key AI stakeholders throughout the AI lifecycle. AI developers are expected to adhere to the principles of safety, fairness, privacy, and transparency and remain accountable throughout the lifecycle. You must meet security assessment requirements and take precautions when designing agents and humanoid AI services.
AI service providers must implement mandatory human oversight for financial, healthcare, education, national security, public interest, or other high-risk scenarios that significantly impact an individual’s personal or property safety. AI services must have the ability to intervene and respond to emergencies.
While AI users are encouraged to improve their AI literacy, they are expected to use AI lawfully, appropriately and responsibly, and should not rely too heavily on AI.
Recently, regulators in Shanghai, Zhejiang province, and several other provinces launched a four-month AI compliance enforcement campaign targeting training data safety, AI “addiction,” using AI for misinformation, creating illegal content, and harming children.
Similarly, Hong Kong regulators have been proactive in promoting the safe adoption of AI by conducting several AI compliance checks. The Personal Data Privacy Commission announced the results of its compliance inspection on May 19th.
The compliance check targets a total of 60 organizations, 95% of which use AI in their daily operations, ranging from day-to-day administrative support, customer service, marketing and risk management to research and development, human resources management and corporate communications.
The findings show that all organizations review their established Personal Data Collection Statements, specify data retention periods, and implement appropriate security measures in the collection and/or use of personal data through AI systems. Additionally, most organizations have adopted a “human-involved” approach to monitoring their AI systems, conducting regular internal audits and independent evaluations of their AI systems. This demonstrated prudence in the application of AI across different sectors.
Going forward, PCPD will offer practical recommendations for the development and use of AI, and encourage organizations to explore the “AI Security” themed webpage, which provides one-stop access to information on protecting the privacy of personal data when using AI.
