HK releases Guideline concerning Generative AI

The Guideline is tailored for the following types of stakeholders:

1. Technology developers, i.e. those who commission the development or determine the use of technology.
2. Service providers, including platform providers who provide services with additional features and tools based on existing technology.
3. Service users, including content creators and disseminators of generative content.

Key points in the Guideline

Generative AI leverages various machine learning algorithms and automatically can generate content such as texts, images and audio recordings.

Recognising that generative AI technology has the potential to bring about unpredictable security risks and ethical issues, the Guideline provides guidance on best practices for secure development and design to ensure the AI technology’s reliability.

Technical limitations and service risks

• The Guideline first emphasises the technical limitations inherit in the generative AI model, e.g. model hallucination and model bias.
• The proposed AI governance framework includes a four-tiered risk classification system, categorising AI systems into “unacceptable risk”, “high risk”, “limited risk” and “low risk”. Each category of “risk” corresponds to a specific regulatory strategy. For example, “unacceptable risk” systems, which could affect human safety, the Guideline suggests that these should be fully prohibited and their development should result in legal liability. For “low risk” systems, i.e. systems with minimal risks (e.g. spam filters), the Guideline suggests that only self-certification of risks is required.

Governance framework

• The Guideline introduces a governance framework based on five dimensions: (i) personal data privacy, (ii) intellectual property, (iii) crime prevention, (iv) reliability and trustworthiness, and (v) system security. Under this governance framework, stakeholders should clearly define the scope of their actions and accurately assess potential risks.
• The Guideline also puts forward five key principles of governance: (i) compliance with laws and regulations, (ii) security and transparency, (iii) accuracy and reliability, (iv) fairness and objectivity, and (v) practicability and efficiency. While these principles give general guidance to stakeholders, some specific recommendations are given, e.g. it is recommended that service providers design and offer user-friendly and efficient fact-checking tools, such as data retrieval interfaces or intelligent comparison tools, to assist users in manually verifying generated content, in order to ensure the accuracy / reliability of generated content, thereby avoiding or minimising AI hallucinations.

Practical guidelines for stakeholders

• The Guideline also offers various recommendations for the three main types of stakeholders:
• Technology developers: it is recommended that they build various internal teams (e.g. data team, quality control team and compliance team) to ensure security and compliance with laws and regulations; undergo comprehensive testing before deployment of AI applications; and conduct regular compliance reviews and assessments.
• Service providers: it is recommended that they establish a responsible generative AI service framework, including content governance (e.g. ensuring that their service systems do not generate illegal or inappropriate content), as well as measures to manage personal data privacy (e.g. adopt advanced anonymisation techniques and enhanced encryption technologies in handling personal data where necessary).
• Service users: they are encouraged to bear responsibility when utilising generative AI technology, e.g. by indicating explicitly whether generative AI has been involved in content generation or decision-making, and proactively verifying the authenticity and appropriateness of generated content.

Conclusion

Consistent with the approach adopted in other jurisdictions, Hong Kong has adopted a non-binding framework to regulate the use of AI, and is using existing statute laws (e.g. the Personal Data (Privacy) Ordinance and the Copyright Ordinance) to tackle specific legal issues relating to AI systems.

AI technology is developing at a speed that makes its nature and trajectory difficult to predict. The use of soft laws (such as the present Guideline) as part of the Hong Kong’s regulatory framework can support innovation and compliance in a balanced manner.

However, as AI becomes more mature and increasingly widely used, it remains to be seen whether new statutes or revisions to existing statutes are required to keep pace with the latest and ongoing developments.

[1] The Hong Kong Generative AI Research and Development Center (HKGAI), which was established with funding support from InnoHK, was commissioned to assist in research and formulation of the Guideline.