国家网信办就《生成式人工智能服务管理办法》征求意见

4月11日，国家互联网信息办公室（网信办）发布关于《生成式人工智能服务管理办法（征求意见稿）》（下称“《管理办法》”）公开征求意见的通知。

为促进生成式人工智能技术健康发展和规范应用，根据《中华人民共和国网络安全法》等法律法规，国家互联网信息办公室起草了《生成式人工智能服务管理办法（征求意见稿）》，现向社会公开征求意见，意见反馈截止时间为2023年5月10日。

《管理办法》包含二十一条内容。《管理办法》指出，其所称生成式人工智能，是指基于算法、模型、规则生成文本、图片、声音、视频、代码等内容的技术。

《管理办法》表示，国家支持人工智能算法、框架等基础技术的自主创新、推广应用、国际合作，鼓励优先采用安全可信的软件、工具、计算和数据资源。提供生成式人工智能产品或服务应当遵守法律法规的要求，尊重社会公德、公序良俗。

此外，针对生成式人工智能产品或服务的训练数据、人工标注规则、用户信息保护等方面，《管理办法》对产品或服务提供者做出要求。

为促进生成式人工智能技术健康发展和规范应用，根据《中华人民共和国网络安全法》等法律法规，国家互联网信息办公室起草了《生成式人工智能服务管理办法（征求意见稿）》，现向社会公开征求意见。公众可通过以下途径和方式提出反馈意见：

1.登录中华人民共和国司法部 中国政府法制信息网（www.moj.gov.cn、www.chinalaw.gov.cn），进入首页主菜单的“立法意见征集”栏目提出意见。

2.通过电子邮件方式发送至：[email protected]。

意见反馈截止时间为2023年5月10日。

国家互联网信息办公室

2023年4月11日

生成式人工智能服务管理办法（征求意见稿）

第一条 为促进生成式人工智能健康发展和规范应用，根据《中华人民共和国网络安全法》《中华人民共和国数据安全法》《中华人民共和国个人信息保护法》等法律、行政法规，制定本办法。

第二条 研发、利用生成式人工智能产品，面向中华人民共和国境内公众提供服务的，适用本办法。

本办法所称生成式人工智能，是指基于算法、模型、规则生成文本、图片、声音、视频、代码等内容的技术。

第三条 国家支持人工智能算法、框架等基础技术的自主创新、推广应用、国际合作，鼓励优先采用安全可信的软件、工具、计算和数据资源。

第四条 提供生成式人工智能产品或服务应当遵守法律法规的要求，尊重社会公德、公序良俗，符合以下要求：

（一）利用生成式人工智能生成的内容应当体现社会主义核心价值观，不得含有颠覆国家政权、推翻社会主义制度，煽动分裂国家、破坏国家统一，宣扬恐怖主义、极端主义，宣扬民族仇恨、民族歧视，暴力、淫秽色情信息，虚假信息，以及可能扰乱经济秩序和社会秩序的内容。

（二）在算法设计、训练数据选择、模型生成和优化、提供服务等过程中，采取措施防止出现种族、民族、信仰、国别、地域、性别、年龄、职业等歧视。

（三）尊重知识产权、商业道德，不得利用算法、数据、平台等优势实施不公平竞争。

（四）利用生成式人工智能生成的内容应当真实准确，采取措施防止生成虚假信息。

（五）尊重他人合法利益，防止伤害他人身心健康，损害肖像权、名誉权和个人隐私，侵犯知识产权。禁止非法获取、披露、利用个人信息和隐私、商业秘密。

第五条 利用生成式人工智能产品提供聊天和文本、图像、声音生成等服务的组织和个人（以下称“提供者”），包括通过提供可编程接口等方式支持他人自行生成文本、图像、声音等，承担该产品生成内容生产者的责任；涉及个人信息的，承担个人信息处理者的法定责任，履行个人信息保护义务。

第六条 利用生成式人工智能产品向公众提供服务前，应当按照《具有舆论属性或社会动员能力的互联网信息服务安全评估规定》向国家网信部门申报安全评估，并按照《互联网信息服务算法推荐管理规定》履行算法备案和变更、注销备案手续。

第七条 提供者应当对生成式人工智能产品的预训练数据、优化训练数据来源的合法性负责。

用于生成式人工智能产品的预训练、优化训练数据，应满足以下要求：

（一）符合《中华人民共和国网络安全法》等法律法规的要求；

（二）不含有侵犯知识产权的内容；

（三）数据包含个人信息的，应当征得个人信息主体同意或者符合法律、行政法规规定的其他情形；

（四）能够保证数据的真实性、准确性、客观性、多样性；

（五）国家网信部门关于生成式人工智能服务的其他监管要求。

第八条 生成式人工智能产品研制中采用人工标注时，提供者应当制定符合本办法要求，清晰、具体、可操作的标注规则，对标注人员进行必要培训，抽样核验标注内容的正确性。

第九条 提供生成式人工智能服务应当按照《中华人民共和国网络安全法》规定，要求用户提供真实身份信息。

第十条 提供者应当明确并公开其服务的适用人群、场合、用途，采取适当措施防范用户过分依赖或沉迷生成内容。

第十一条 提供者在提供服务过程中，对用户的输入信息和使用记录承担保护义务。不得非法留存能够推断出用户身份的输入信息，不得根据用户输入信息和使用情况进行画像，不得向他人提供用户输入信息。法律法规另有规定的，从其规定。

第十二条 提供者不得根据用户的种族、国别、性别等进行带有歧视性的内容生成。

第十三条 提供者应当建立用户投诉接收处理机制，及时处置个人关于更正、删除、屏蔽其个人信息的请求；发现、知悉生成的文本、图片、声音、视频等侵害他人肖像权、名誉权、个人隐私、商业秘密，或者不符合本办法要求时，应当采取措施，停止生成，防止危害持续。

第十四条 提供者应当在生命周期内，提供安全、稳健、持续的服务，保障用户正常使用。

第十五条 对于运行中发现、用户举报的不符合本办法要求的生成内容，除采取内容过滤等措施外，应在3个月内通过模型优化训练等方式防止再次生成。

第十六条 提供者应当按照《互联网信息服务深度合成管理规定》对生成的图片、视频等内容进行标识。

第十七条 提供者应当根据国家网信部门和有关主管部门的要求，提供可以影响用户信任、选择的必要信息，包括预训练和优化训练数据的来源、规模、类型、质量等描述，人工标注规则，人工标注数据的规模和类型，基础算法和技术体系等。

第十八条 提供者应当指导用户科学认识和理性使用生成式人工智能生成的内容，不利用生成内容损害他人形象、名誉以及其他合法权益，不进行商业炒作、不正当营销。

用户发现生成内容不符合本办法要求时，有权向网信部门或者有关主管部门举报。

第十九条 提供者发现用户利用生成式人工智能产品过程中违反法律法规，违背商业道德、社会公德行为时，包括从事网络炒作、恶意发帖跟评、制造垃圾邮件、编写恶意软件，实施不正当的商业营销等，应当暂停或者终止服务。

第二十条 提供者违反本办法规定的，由网信部门和有关主管部门按照《中华人民共和国网络安全法》《中华人民共和国数据安全法》《中华人民共和国个人信息保护法》等法律、行政法规的规定予以处罚。

法律、行政法规没有规定的，由网信部门和有关主管部门依据职责给予警告、通报批评，责令限期改正；拒不改正或者情节严重的，责令暂停或者终止其利用生成式人工智能提供服务，并处一万元以上十万元以下罚款。构成违反治安管理行为的，依法给予治安管理处罚；构成犯罪的，依法追究刑事责任。

第二十一条 本办法自2023年 月 日起实施。

（网信中国）

参考英语文本：

Management Measures for Generative Artificial Intelligence Services(Solicitation Draft)

Article 1 To promote the healthy development and standardized application of generative artificial intelligence, these measures are formulated in accordance with the Cybersecurity Law of the People’s Republic of China, the Data Security Law of the People’s Republic of China, the Personal Information Protection Law of the People’s Republic of China, and other laws and regulations.

Article 2 These measures apply to the development and use of generative artificial intelligence products and services provided to the public within the territory of the People’s Republic of China.

“Generative artificial intelligence” as mentioned in these measures refers to the technology that generates content such as text, images, sound, videos, and codes based on algorithms, models, and rules.

Article 3 The country supports independent innovation, promoting the application, and international cooperation of foundational technologies such as artificial intelligence algorithms and frameworks, and encourages preferential use of secure and reliable software, tools, computing and data resources.

Article 4 Providers should comply with the requirements of laws and regulations, respect social ethics and public order, and meet the following requirements:

(1) The content generated using generative artificial intelligence should reflect the core socialist values and cannot contain information that undermines national political power, subverts the socialist system, incites separatism, undermines national unity, promotes terrorism, extremism, ethnic hatred or discrimination, violence, obscene pornography, false information, or content that may disrupt economic order and social order.

(2) In the processes of algorithm design, training data selection, model generation, optimization, and service provision, measures should be taken to prevent discrimination based on race, ethnicity, religious belief, nationality, region, gender, age, occupation, or other factors.

(3) Respect intellectual property rights and business ethics and do not use algorithms, data, platforms, and other advantages to engage in unfair competition.

(4) The content generated by generative artificial intelligence should be truthful and accurate, and measures should be taken to prevent the generation of false information.

(5) Respect the legitimate interests of others, prevent harm to others’ physical and mental health, and avoid infringement of portrait rights, reputation rights, personal privacy, and intellectual property rights. Illegal acquisition, disclosure, and use of personal information, privacy, and trade secrets are prohibited.

Article 5 Organizations and individuals who use generative artificial intelligence products to provide chat and text, image, sound generation services to the public (hereinafter referred to as “providers”), including support for others to generate text, images, sounds, etc. through the provision of programmable interfaces, assume the responsibilities of content producers for the generated product; for personal information involved, they assume the statutory responsibilities of personal information processors and fulfill personal information protection obligations.

Article 6 Providers should submit a security assessment report to the competent department of cyberspace administration in accordance with the Regulations on Security Assessment for Internet Information Services with Public Opinion Attributes or Mobilization Capabilities before providing generative artificial intelligence services to the public. Providers should also fulfill the record filing and change, cancellation procedures for algorithms as stipulated in the Regulations on the Administration of Internet Information Services Algorithm Recommendations.

Article 7 Providers shall be responsible for the legality of the pre-training data and optimization training data for generative artificial intelligence products.

The pre-training and optimization training data used for generative artificial intelligence products should meet the following requirements:

(1) It should comply with the requirements of laws and regulations such as the Cybersecurity Law of the People’s Republic of China.

(2) It should not contain content that infringes on intellectual property rights.

(3) If the data contains personal information, it should obtain the consent of the data subject or comply with other provisions of laws and regulations.

(4) The data should be true, accurate, objective, and diverse.

(5) Other regulatory requirements of the competent department of cyberspace administration regarding generative artificial intelligence services.

Article 8 When using manual annotation in the development of generative artificial intelligence products, providers should develop annotation rules that comply with the requirements of these measures, are clear, specific, and operational, and provide necessary training to annotation personnel. They should also periodically check the accuracy of the annotated content by sampling.

Article 9 Providers should require users to provide their real identity information in accordance with the Cybersecurity Law of the People’s Republic of China when using generative artificial intelligence services.

Article 10 Providers should clearly and publicly specify the applicable user groups, occasions, and purposes of their services, and take appropriate measures to prevent users from excessively relying on or becoming addicted to generated content.

Article 11 Providers bear the responsibility of protecting users’ input information and use records during service provision. They should not illegally retain input information that can identify users, create portraits based on users’ input information and use situation, or disclose users’ input information to others. If laws and regulations stipulate otherwise, those provisions shall prevail.

Article 12 Providers shall not generate content that discriminates based on users’ race, nationality, gender, etc.

Article 13 Providers should establish a user complaint handling mechanism, promptly respond to and dispose of requests from individuals concerning the correction, deletion, or blocking of their personal information. If they discover or become aware of generated text, images, sounds, videos, etc. that infringe on others’ portrait rights, reputation rights, personal privacy, commercial secrets, or that do not meet the requirements of these measures, measures should be taken to prevent harm and to stop generation.

Article 14 Providers should provide secure, stable, and continuous services throughout the product lifecycle to ensure that users can use them normally.

Article 15 For generated content that does not meet the requirements of these measures found during operation or reported by users, in addition to adopting content filtering measures, providers should prevent its recurrence through methods such as optimization training within three months.

Article 16 Providers should label images, videos, and other contents generated by generative artificial intelligence products in accordance with the Measures for the Administration of Internet Information Services with Deep Synthesis.

Article 17 Providers should provide necessary information that may affect users’ trust and choice in accordance with the requirements of the competent department of cyberspace administration and other relevant departments, including descriptions of the sources, scale, type, and quality of pre-training and optimization training data, rules for manual annotation, scale and type of manually annotated data, basic algorithms and technical systems, etc.

Article 18 Providers should guide users to scientifically recognize and use the generated content rationally, not harm others’ image, reputation, and other legitimate rights and interests, and should not engage in commercial hype or improper marketing. Users who find that the generated content does not meet the requirements of these measures have the right to report it to the competent department of cyberspace administration and other relevant departments.

Article 19 Providers should suspend or terminate services when they discover that users violate laws and regulations or engage in behavior that violates business ethics and social morality during the use of generative artificial intelligence products, including engaging in online hype, malicious posting and commenting, producing spam messages, writing malicious software, or engaging in unfair commercial marketing.

Article 20 If the provider violates the provisions of these Measures, the cyberspace administration department and the relevant competent department shall impose punishment in accordance with the provisions of laws and administrative regulations such as the Cybersecurity Law of the People’s Republic of China, the Data Security Law of the People’s Republic of China, and the Personal Information Protection Law of the People’s Republic of China.

For violations not stipulated by laws and administrative regulations, the cyberspace administration department and the relevant competent department shall give warnings, make criticism and corrections as required by their duties, order to suspend or terminate the provision of services using generative artificial intelligence, and impose a fine of no less than RMB 10,000 and no more than RMB 100,000 in case of failure to make corrections or having severe circumstances. If it constitutes a violation of public security management, punishment shall be given in accordance with the law; if it constitutes a crime, criminal responsibility shall be investigated in accordance with the law.

Article 21 These Measures shall come into effect as of (date) in 2023.