Science: Big Model Filing

In recent years, China has successively issued regulatory documents relating to the management of algorithmic recommendation and deep synthesis, as well as the management of generative AI services, initially building up a regulatory mechanism for AI technologies and services in specific fields. Specifically in the field of generative AI services, under the regulatory framework of the Interim Measures for the Administration of Generative AI Services (hereinafter referred to as the "Interim Measures").A system of algorithmic filing and generative AI filing (hereinafter "Large model filing") constitutes the practical mechanism of the "dual filing system".

Article 19 of the Administrative Provisions on Depth Synthesis of Internet Information Services stipulates that "Depth synthesis service providers with public opinion attributes or social mobilization capabilities shall perform or handle relevant procedures such as filing, change and cancellation in accordance with the Administrative Provisions on Algorithmic Recommendation of Internet Information Services".The large model filing is only more than half a year since the date of implementation of the Interim Measures, and enterprises have relatively little experience in the process, rules and specific matters related to security assessment of the large model filing.

In this paper, we will look at big models and big model application compliance:Algorithm filing, security assessment, big model go-live filingIt also explains the regulatory requirements, specific processes, required materials, security assessment matters, etc., and provides a how-to guide for large model compliance.

Algorithm filing

Algorithmic filing is an important part of big model filingNo matter whether the final product service form is a web page, app, small program, as long as it involves the depth of the synthesis technology services (text, images, audio, video, virtual reality, etc.) need to carry out the algorithm for the record, to obtain the record number is equivalent to the driver's license that needs to be obtained before driving on the road.This process can take anywhere from 2-4 months..

1. Relevant provisions:

Regulations on the Management of Deep Synthesis of Internet Information ServicesArticle 19 specifies that those with the attributes of public opinion or social mobilization capacityDeep Synthesis Service Provider, should be in accordance with the "Internet Information Service Algorithm Recommendation Management Regulations" to fulfill the record and change, cancel the record procedures.Technical supporter of deep synthesis servicesReference should be made to the fulfillment of the filing and change and cancellation of the filing procedures.

Article 17 of the Interim Measures for the Administration of Generative Artificial Intelligence Services It is stipulated that those providing generative artificial intelligence services with public opinion attributes or social mobilization capabilities should carry out safety assessment in accordance with relevant national regulations and perform algorithm filing and change and cancellation filing procedures in accordance with the "Regulations on the Administration of Algorithm Recommendation for Internet Information Services".

2. Algorithm filing process and information:

• Master Information Filling: Platform to official filing site https://beian.cac.gov.cn After completing the account registration and filling in the main information, you need to wait for the backend staff to pass the audit before you can continue to fill in the algorithm information and product and function information.
• Algorithm Information Filling: Includes the Algorithm Security Self-Assessment Report, the content to be publicized, and the algorithm detailed attribute report. Public disclosure refers to algorithm transparency, specific functions and logic; attributes refer to basic attributes and detailed attributes including data, models, strategies, and risk prevention mechanisms. A response is usually provided within 30 working days.
• Product and function information is filled in: Associated product and function information or fill in the technical service method, this step needs to be submitted for review together with the algorithm information filling.

security assessment

1. relevant provisions

National Internet Information Office and the Ministry of Public Security, released in November 2018Provisions on Security Assessment of Internet Information Services with Public Opinion Attributes or Social Mobilization CapabilitiesNoting that the attributes of public opinion and the ability to mobilize socialInternet information serviceAll require a security assessment.This assessment is for technology service providers in the application category and not for technology providers., which can be judged on a model-specific basis.

2. Evaluation process

Large model on-line filing

1. relevant provisions

Interim Measures for the Management of Generative Artificial Intelligence ServicesArticle 17 states that the provision of generative artificial intelligence services with public opinion attributes or social mobilization capabilities should carry out safety assessments in accordance with relevant national regulations.

Security assessments for large model filings are based onAdministrative Provisions on Security Assessment of New Technologies and Applications for Internet News and Information ServicesThe new Internet technologies and applications referred to in the Administrative Provisions on Security Assessment of New Technologies and Applications for Internet News and Information Services refer to Internet websites, applications, forums, blogs, micro blogs, public accounts, instant messaging tools, webcasting, and other innovative applications with news and opinion attributes or social mobilization capabilities (including functionality and forms of applications) and related supporting technologies that are used to provide Internet news and information services. supporting technologies.Large models fall within the scope of new technologies and applications within the meaning of the regulations.

The Basic Requirements for the Safety of Generative Artificial Intelligence Services (hereinafter referred to as the "Basic Requirements") officially released by the National Network Security Standardization Technical Committee on February 29th.Basic Requirements as a companion guide for large model filingsChapter 9, "Security Assessment Requirements", details the points to be covered by the security assessment required for filing, and Chapter 8, "Other Requirements", and Appendix A are the detailed requirements for the necessary attachments to the security assessment materials.

2. Filing process

1) Report to the local Internet Information Office and get the filing form;

(2) Enterprises are prepared to fill in the materials according to the form and assessment points;

(3) Starting the assessment within the enterprise, preparing relevant materials and preparing test accounts;

(4) Material attachments and test accounts are submitted to the local Internet Information Office for review;

(5) belonging to the local Netcom Office material review and technical test audit passed, the local reported to the Central Office of Netcom; failed, modify the material or adjust the model ability to submit for review again, the specific adjustments to which aspects according to the local Netcom feedback;

(6) The Central Internet Information Office for material review and technical review, through, the enterprise issued a record number; failed, need to re-online filing.

3. Material Requirements

(1) Large model on-line filing form, contains the following specifics:

• Basic information: name of the model, main functions, applicable population, scope of services, etc.
• Model development: model filing status, training arithmetic resources (self-developed models), training corpus and labeled corpus sources and sizes, corpus legitimacy, architecture of algorithmic models and training frameworks.
• Service and security prevention: reasoning about arithmetic resources, service methods and objects, etc., illegal content interception measures, model update and upgrade information, etc.
• Security assessment: basic information, assessment.
• Voluntary Commitment: Commitment to the authenticity of the information filled in and signature confirmation.
• Attachments and Remarks: The attachments include security assessment report, model service agreement, corpus annotation rules, list of intercepted keywords, and assessment test questions.

(2) Security assessment reports:The submitted report should containcorpus security assessment, model security assessment, and security measures assessment, and should form an overall assessment conclusion in the assessment report. Requirements for each type of assessment can be found in the specific articles of the Basic Requirements.

(3) Model service agreements:Generally, the rules and privacy policy of the products and services are included, and should be submitted in cooperation with the legal department.

(4) Corpus labeling rules:Including the introduction of the labeling team, functionality and safety labeling rules, labeling process and so on.

(5) List of intercepted keywords: total size should not be less than 10,000The keywords should cover at least 17 security risks in A.1 and A.2 of the Basic Requirements for the Security of Generative Artificial Intelligence Services, and there should be no fewer than 200 keywords for each of the security risks in A.1 and no fewer than 100 keywords for each of the security risks in A.2.

(6) Assessment test question sets:

• This test set needs to include a Generated Content Test Bank, a Rejected Content Test Bank, and a Non-Rejected Test Bank.
• The test question classification meets the relevant risk types in the Generative Artificial Intelligence Service Security Fundamentals Requirements and has a minimum number of requirements.
• Test questions are suggested to be "questions" (including subject-verb-object), not just short words or long articles.
• Generating a content test question bank suggests clearly marking which questions are to be rejected and which are to be answered.

All of the above submissions can be referencedSafety Requirements for Generative Artificial Intelligence ServicesThe Basic Requirements, as a guideline document to guide and direct the safe development of generative AI services, does not have mandatory legal effect per se, but provides practical guidance and regulatory reference for the legal and compliant provision of generative AI services under the existing legal framework for cyberspace governance.When submitting relevant materials, enterprises can check whether the requirements are met specifically according to the provisions of the Basic Requirements one by one.

Since the big model filing, the practice requirements of the big model filing are in the process of dynamic adjustment, which to a certain extent reflects the importance that the regulatory authorities attach to the big model filing: with the accumulation of practical experience, the filing requirements will be adjusted in a timely manner so as to fit the current development of generative artificial intelligence services.

Appendix: Large Model Filing Queries