State Internet Information Office

Ministry of Industry and Information Technology of the People’s Republic of China

Ministry of Public Security of the People’s Republic of China

make

No. 12

The “Regulations on the In-depth Synthesis Management of Internet Information Services” were reviewed and adopted at the 21st office meeting of the Cyberspace Administration of China on November 3, 2022, and approved by the Ministry of Industry and Information Technology and the Ministry of Public Security. It is hereby announced and will be effective from 2023 Effective from January 10th.

Zhuang Rongwen, Director of the Cyberspace Administration of China

Jin Zhuanglong, Minister of Industry and Information Technology

Minister of Public Security Wang Xiaohong

November 25, 2022

Provisions on the In-depth Synthesis Management of Internet Information Services

Chapter 1 General Provisions

Article 1 In order to strengthen the in-depth integrated management of Internet information services, promote the core socialist values, safeguard national security and social public interests, and protect the legitimate rights and interests of citizens, legal persons and other organizations, in accordance with the “Cybersecurity Law of the People’s Republic of China” and the “Cybersecurity Law of the People’s Republic of China” The Data Security Law of the Republic of China, the Personal Information Protection Law of the People’s Republic of China, the Measures for the Administration of Internet Information Services and other laws and administrative regulations formulate these regulations.

Article 2 These regulations shall apply to the application of deep synthesis technology to provide Internet information services (hereinafter referred to as deep synthesis services) within the territory of the People’s Republic of China. If laws and administrative regulations provide otherwise, such provisions shall prevail.

Article 3 The national cybersecurity and informatization department is responsible for coordinating the governance and related supervision and management of deep synthetic services across the country. The telecommunications department under the State Council and the public security department are responsible for the supervision and management of deep synthesis services in accordance with their respective responsibilities.

Local cybersecurity and informatization departments are responsible for coordinating the governance and related supervision and management of deep synthetic services within their respective administrative regions. Local telecommunications authorities and public security departments are responsible for the supervision and management of deep synthetic services within their respective administrative regions according to their respective responsibilities.

Article 4 To provide deep synthesis services, we must abide by laws and regulations, respect social morality and ethics, adhere to the correct political direction, public opinion guidance, and value orientation, and promote the upward development of deep synthesis services.

Article 5 Relevant industry organizations are encouraged to strengthen industry self-discipline, establish and improve industry standards, industry guidelines and self-discipline management systems, and urge and guide deep synthesis service providers and technical supporters to formulate and improve business specifications, conduct business in accordance with the law and accept social supervision.

Chapter 2 General Provisions

Article 6 No organization or individual may use deep synthesis services to produce, copy, publish, or disseminate information prohibited by laws and administrative regulations, and shall not use deep synthesis services to engage in activities that endanger national security and interests, damage the country’s image, infringe on social and public interests, or disrupt the economy. and social order, infringement of the legitimate rights and interests of others and other activities prohibited by laws and administrative regulations.

Deep synthesis service providers and users are not allowed to use deep synthesis services to produce, copy, publish, or disseminate false news information. If news information produced and released based on deep synthesis services is reprinted, news information released by Internet news information source units shall be reprinted in accordance with the law.

Article 7 Deep synthesis service providers shall implement the main responsibilities of information security and establish and improve management systems for user registration, algorithm mechanism review, science and technology ethics review, information release review, data security, personal information protection, anti-telecom network fraud, emergency response, etc. , with safe and controllable technical support measures.

Article 8 Deep synthesis service providers shall formulate and disclose management rules and platform conventions, improve service agreements, perform management responsibilities in accordance with the law and contracts, and remind deep synthesis service technology supporters and users in a conspicuous manner of their information security obligations.

Article 9 Deep synthesis service providers shall authenticate the real identity information of users of deep synthesis services in accordance with the law based on mobile phone numbers, identity document numbers, unified social credit codes or national online identity authentication public services, and shall not authenticate users of deep synthesis services who have not authenticated. Deep synthesis service users of identity information authentication provide information publishing services.

Article 10 Deep synthesis service providers shall strengthen the management of deep synthesis content and adopt technical or manual methods to review the input data and synthesis results of deep synthesis service users.

Deep synthesis service providers should establish and improve feature databases for identifying illegal and harmful information, improve database entry standards, rules and procedures, and record and retain relevant network logs.

If a deep synthesis service provider discovers illegal or harmful information, it shall take disposal measures in accordance with the law, keep relevant records, and promptly report to the cybersecurity and informatization department and relevant competent authorities; it shall also take warnings, limit functions, and suspend relevant users of deep synthesis services in accordance with the law and contracts. Services, account closure and other disposal measures.

Article 11 Deep synthesis service providers shall establish and improve a rumor refutation mechanism. If they discover that deep synthesis services are used to produce, copy, publish, or disseminate false information, they shall promptly take measures to refute rumors, save relevant records, and report to the cybersecurity and informatization department and relevant competent authorities. Report.

Article 12 Deep synthesis service providers should set up convenient entrances for user complaints and public complaints and reports, publish the processing procedures and feedback time limits, and timely accept, process and feedback the results.

Article 13 Internet application stores and other application distribution platforms shall implement safety management responsibilities such as shelf review, daily management, and emergency response, and verify the security assessment and filing of deep synthesis applications; any violations of relevant national regulations shall be promptly punished Take measures such as delisting, warning, suspension of service, or removal from shelves.

Chapter 3 Data and Technical Management Specifications

Article 14 Deep synthesis service providers and technical supporters shall strengthen training data management and take necessary measures to ensure the security of training data; if training data contains personal information, they shall comply with relevant regulations on personal information protection.

If deep synthesis service providers and technical supporters provide face, voice and other biometric information editing functions, they should prompt users of the deep synthesis service to notify the individuals being edited in accordance with the law and obtain their separate consent.

Article 15 Deep synthesis service providers and technical supporters should strengthen technical management and regularly review, evaluate, and verify the mechanism of generating synthesis algorithms.

Deep synthesis service providers and technical supporters who provide models, templates and other tools with the following functions must conduct security assessments themselves or entrust professional institutions to conduct security assessments in accordance with the law:

(1) Generate or edit biometric information such as faces, voices, etc.;

(2) Generate or edit non-biometric information such as special objects and scenes that may involve national security, national image, national interests and social public interests.

Article 16 Deep synthesis service providers shall take technical measures to add identification that does not affect user use to the information content generated or edited by using their services, and save log information in accordance with laws, administrative regulations and relevant national regulations.

Article 17 If a deep synthesis service provider provides the following deep synthesis services that may cause public confusion or misunderstanding, it shall prominently mark the reasonable location and area of ​​the generated or edited information content to remind the public of the deep synthesis situation:

(1) Intelligent dialogue, intelligent writing and other services that simulate natural persons to generate or edit text;

(2) Editing services that generate speech such as synthesized human voices, imitated voices, or significantly change personal identity characteristics;

(3) Editing services such as face generation, face replacement, face manipulation, posture manipulation and other character image and video generation or significant changes in personal identity characteristics;

(4) Immersive simulation scene generation or editing services;

(5) Other services that have the function of generating or significantly changing information content.

If a deep synthesis service provider provides deep synthesis services other than those specified in the preceding paragraph, it shall provide a prominent identification function and prompt users of the deep synthesis service to carry out prominent identification.

Article 18 No organization or individual may use technical means to delete, tamper with, or conceal the deep synthetic logos specified in Articles 16 and 17 of these Regulations.

Chapter 4 Supervision, Inspection and Legal Responsibilities

Article 19 In-depth synthesis service providers with public opinion attributes or social mobilization capabilities shall perform registration, change, and cancellation registration procedures in accordance with the “Internet Information Service Algorithm Recommendation Management Regulations”.

Deep synthesis service technology supporters shall refer to the provisions of the preceding paragraph to perform registration, change, and cancellation registration procedures.

Deep synthesis service providers and technical supporters who have completed the registration should indicate their registration number and provide a public information link in a prominent position on the websites, applications, etc. that provide external services.

Article 20 If a deep synthesis service provider develops and launches new products, new applications, or new functions with public opinion attributes or social mobilization capabilities, it shall conduct a security assessment in accordance with relevant national regulations.

Article 21 The cybersecurity and informatization departments, telecommunications authorities, and public security departments shall carry out supervision and inspection of deep synthesis services in accordance with their duties. Deep synthesis service providers and technical supporters shall cooperate in accordance with the law and provide necessary technical, data and other support and assistance.

If the cybersecurity and informatization departments and relevant competent authorities discover that deep synthesis services have significant information security risks, they may, in accordance with their duties and in accordance with the law, require deep synthesis service providers and technical supporters to take measures such as suspending information updates, user account registration, or other related services. Deep synthesis service providers and technical supporters should take measures as required to make rectifications and eliminate hidden dangers.

Article 22 If deep synthesis service providers and technical supporters violate these regulations, they shall be punished in accordance with relevant laws and administrative regulations; if serious consequences are caused, they shall be severely punished in accordance with the law.

If an act constitutes a violation of public security management, the public security organs shall impose public security administrative penalties in accordance with the law; if it constitutes a crime, criminal liability shall be pursued in accordance with the law.

Chapter 5 Supplementary Provisions

Article 23 The meanings of the following terms in these regulations:

Deep synthesis technology refers to technology that uses generative synthesis algorithms such as deep learning and virtual reality to produce text, images, audio, video, virtual scenes and other network information, including but not limited to:

(1) Technologies for generating or editing text content such as chapter generation, text style conversion, question and answer dialogue, etc.;

(2) Text-to-speech, voice conversion, voice attribute editing and other technologies for generating or editing voice content;

(3) Technologies for generating or editing non-speech content such as music generation and scene sound editing;

(4) Face generation, face replacement, character attribute editing, face manipulation, posture manipulation and other technologies to generate or edit biometric features in images and video content;

(5) Image generation, image enhancement, image restoration and other technologies that generate or edit non-biological features in images and video content;

(6) Three-dimensional reconstruction, digital simulation and other technologies for generating or editing digital characters and virtual scenes.

Deep synthesis service providers refer to organizations and individuals that provide deep synthesis services.

Deep synthesis service technical supporters refer to organizations and individuals that provide technical support for deep synthesis services.

Deep synthesis service users refer to organizations and individuals who use deep synthesis services to produce, copy, publish, and disseminate information.

Training data refers to the annotation or benchmark data set used to train the machine learning model.

Immersive simulation scenes refer to highly realistic virtual scenes that are generated or edited using deep synthesis technology and are available for participants to experience or interact with.

Article 24 Deep synthesis service providers and technical supporters engaged in online publishing services, online cultural activities and online audio-visual program services shall also comply with the regulations of the press and publication, culture and tourism, radio and television authorities.

Article 25 These regulations will come into effect on January 10, 2023.