On October 12, the National Information Security Standardization Technical Committee (NISSTC) issued the Basic Security Requirements for Generative Artificial Intelligence Service (Draft for Comment) (the "Draft") to solicit public opinions.

The Draft identifies the basic requirements for the security of generative artificial intelligence (AI) services, covering training data, model security, security measures, and security assessment. With a view to supporting the Interim Measures for the Management of Generative Artificial Intelligence Services, the Draft requires relevant providers to carry out security assessment item by item pursuant to the requirements in this document before submitting to the competent authority the filing application for launching generative AI services, and to submit the assessment report along with the supporting materials at the time of filing. Among others, regarding the security assessment method, providers shall meet the requirements in four aspects, including "security assessment shall be conducted before the service is launched and when major changes are made, and may be carried out independently or by entrusting a third-party assessment agency".

(Source: National Information Security Standardization Technical Committee)