Notes from the Asia-Pacific region: China issues new AI ethics guidelines, Hong Kong conducts compliance checks

Mainland China and Hong Kong remain extremely active in improving and enhancing artificial intelligence governance and digital trust. 

On 19 May, China's National Cybersecurity Standardization Technical Committee released the Guidelines for Ethical Security of AI Applications 1.0, marking the first comprehensive guidance targeting ethics issues across the entire AI lifecycle. 

The guidelines make it clear that AI purports to benefit human well-being, serve society and achieve sustainable development, and emphasize the significance of human oversight in AI development and deployment. 

China previously issued multiple AI policies or rules, such as the 2022 Opinions on Strengthening the Governance of Science and Technology Ethics and the Measures for Ethical Review and Services of AI Technology, but those frameworks were either soft-law policies, sector-specific rules with limited application or fragmented ethical requirements tied mainly to algorithm governance and data protection. 

Now, for the first time, guidelines cover the full AI life cycle, from development and service provision to application, and expand to broaden the application scope to emerging AI innovations including agentic and humanoid AI. 

The guidelines establish nine AI ethics principles: advance human well-being; respect right to life; fairness and impartiality; risk rationality; transparency; privacy and security; controllability and credibility; agile governance; and inclusive benefits and shared gains. 

They also identify six major ethical risks: weakening of human oversight; disruption of public order; misinformation and knowledge distortion; algorithmic discrimination; infringement of individual rights; and damage to ecosystems.

For key AI stakeholders, the guidelines provide operational guidance in the full AI life cycle. AI developers are required to follow the principles of safety, fairness, privacy, transparency and remain accountable through the entire life cycle. They must satisfy security assessment requirements and take precautions in designing agentic and humanoid AI services. 

AI service providers must introduce compulsory human oversight for high-risk scenarios such as financial, healthcare, education and other scenarios which have concerns for national security, public interest or significant implications for personal and property safety of individuals. AI services should be equipped with functions of human intervention and be capable of handling emergencies. 

While AI users are encouraged to improve AI literacy, they are expected to use AI legally, properly and responsibly, and should not over rely on AI. 

Recently, regulators in Shanghai, Zhejiang and several other provinces launched a four-month AI compliance enforcement campaign, targeting training data safety, AI "poisoning," using AI for misinformation, creating illegal content and harming children. 

Similarly, Hong Kong's regulator has been active in promoting the safe deployment of AI by conducting several rounds of AI compliance checks. The Office of the Privacy Commissioner for Personal Data released the findings of the compliance checks 19 May.

The compliance checks cover a total of 60 organizations, 95% of which have used AI in their day-to-day operations, with the scope of application ranging from day-to-day administrative support, customer service, marketing and risk management, to research and development, human resources management and corporate communications. 

The findings show that all organizations reviewed formulated "Personal Information Collection Statements," specified data retention periods and implemented appropriate security measures in the collection and/or use of personal data through AI systems. Furthermore, most organizations adopted the "human-in-the-loop" approach in monitoring AI systems, and conducted regular internal audits and/or independent assessments on AI systems, which demonstrated prudence in the application of AI across various sectors. 

Moving forward, the PCPD proposes practical recommendations for the development and use of AI, and also encourages organizations to explore the "AI Security" thematic webpage, which provides one-stop access to information on safeguarding personal data privacy when using AI.