The National Technical Committee 260 on Cybersecurity of Standardization Administration of China (TC260) has recently issued the Cybersecurity Technology - Basic Security Requirements for Generative Artificial Intelligence Service (Draft for Comment) (the "Draft") to solicit public opinions by July 22, 2024.
The Draft aims to help service providers clarify the cybersecurity baseline of generative artificial intelligence (AI) services and improve the security level in their services; in response to the key issues faced by current generative AI services, such as cybersecurity, data security, and personal information protection, the security requirements covering the entire life cycle of the service are introduced, so as to prevent and resolve the security risks in application scenario, software and hardware environment, content generation, and rights protection during the service process. Regarding the model development process before the launch of generative AI services, the Draft focuses on the security of training data sources, training data content security, data annotation security, and model security. Regarding the service provision process after a service is open to the public, the Draft focuses on the security measures that shall be taken during the service provision process.