Information contained in this publication is intended for informational purposes only and does not constitute legal advice or opinion, nor is it a substitute for the professional judgment of an attorney.
Browse through brief employment and labor law updates from around the globe. Contact a Littler attorney for more information or view our global locations.
View all Q3 2023 Global Guide Quarterly updates Download full Q3 2023 Global Guide Quarterly
Interim Measures for the Regulation of Generative Artificial Intelligence Services
New Regulation or Official Guidance
Author: Xi (Grace) Yang, Of Counsel – Littler
On July 10, 2023, the Cyberspace Administration of China (CAC) and several other government departments jointly released the Interim Measures for the Regulation of Generative Artificial Intelligence Services (Generative AI Measures), which took effect on August 15, 2023. These measures apply to the use of generative AI technologies to provide services to the public in China for the generation of text, images, audios, videos, or other content (the generative AI services), subject to certain exceptions.
The Generative AI Measures state that the government will emphasize equally on development of generative AI and security. Moreover, the Generative AI Measures impose comprehensive obligations on generative AI service providers, including content management, data security and privacy, and transparency of Generative AI. If an overseas provider that provides generative AI services to the public within China fails to comply with the laws, administrative regulations or these Measures, the Chinese authority will notify the relevant bodies to adopt technical measures and other necessary actions to address the situation.
Counter-Espionage Law Amended
New Legislation Enacted
Author: Xi (Grace) Yang, Of Counsel – Littler
On July 1, 2023, the Counter-Espionage Law, as amended by the Standing Committee of the National People’s Congress, came into force. The law broadened the definition of espionage to give the same protection to “all documents, data, materials, or items related to national security and interests” as state secrets. In addition, the definition of espionage has been expanded to include cyber-attacks against state organs or critical information infrastructure.
Under the new law, the national security authority is empowered to inspect electronic equipment and business facilities, as well as to impose entry and exit bans through the immigration authority. Further, the law expands the application of administrative penalties, imposes fines for minor espionage violations and adds new types of administrative penalties, such as regulatory talks summoned by state security authority, “name and shame,” and temporary seizure or revocation of license. Due to the emphasis on data in the amended law, multinational companies in China should pay particular attention to their daily data handling to ensure data compliance.
China’s Cyberspace Authority Publishes Draft Measures on Personal Information Protection Compliance Audits
Proposed Bill or Initiative
Author: Xi (Grace) Yang, Of Counsel – Littler
On August 3, 2023, the Cyberspace Administration of China (CAC) published a set of short draft measures – Administrative Measures for Personal Information Protection Compliance Audits (Draft Measures), along with an appendix called Personal Information Protection Compliance Audits Reference Points (Reference Points), for public comments. The draft measures would require an annual compliance audit for handlers who process personal data of over one million people and a biennial audit for all other personal information handlers. A voluntary audit may be conducted either internally or by a third-party specialized institution.
The authority may require an audit if it determines there are high risks in personal data processing or upon occurrence of personal data security incidents. In such cases, the government-mandated audit must be conducted by an external specialized institution. The Reference Points set forth the key audited items, covering a range of personal data processing activities including cross-border data transfer. The draft measures would provide additional guidance on the compliance audit requirements under China’s Personal Information Protection Law.