[author]QIU Yaokun
[content]
QIU Yaokun,
Associate Professor,
KoGuan Law School of Shanghai Jiao Tong University, China Institute for Socio-Legal Studies, Doctor of Law
Abstract: While generative artificial intelligence possesses content production capabilities that rival or even surpass human intelligence, it does not inherently present regulatory challenges fundamentally different from those previously encountered. The existing artificial intelligence regulatory framework can still be employed to address these challenges, thereby promoting the further rationalization and improvement of this framework. Regarding operational processes, the technical complexity, conflicts of interest, and intensified human-machine interaction in generative AI increase the inherent difficulties of process regulation. However, process regulation should be appropriately positioned as a supplementary regulatory measure, with a focus on building trust through adequate disclosure and increased user participation. In terms of output results, generative AI functions similarly to search algorithms and serves platform interests. Therefore, the dominant role of outcome regulation should be maintained, requiring safety, controllability, fairness, and justice, while adhering to the principle that artificial intelligence should be human-centered and serve the public interest. Concerning input data, generative AI further highlights the importance of balancing data protection and utilization in personal information protection, copyright protection, and the maintenance of fair competition. While ensuring data compliance, legal interpretations should provide more available data for model development, but it is crucial to ensure that the greater social benefits generated by such data are universally shared by a wider societal group.
Keywords: Generative Artificial Intelligence; Legal Regulation; Algorithm Regulation; Data Compliance
Introduction
The emergence of powerful generative artificial intelligence technologies, exemplified by models like DeepSeek, Sora, and GPT-4.5, which demonstrate content generation capabilities comparable to or even exceeding human intelligence, has once again ignited both anticipation and apprehension regarding future technological advancements and their governance . This rapid evolution, also noted in various discussions about the potential of large language models and the prompt regulatory responses in China, underscores the pressing need to understand and manage the societal implications of these technologies.1 In response to these developments, the legal community has focused on a range of critical issues. These include the copyrightability and patentability of AI-generated content, the appropriate allocation of benefits derived from it, and the various risks associated with the data, algorithms, and information content generated by AI . These are standard legal concerns that naturally arise with any new technology capable of producing creative outputs and impacting established rights and responsibilities. Discussions are also underway regarding the fair distribution of legal responsibilities among technology providers, service providers, and product providers, aiming to update, transform, and even iterate existing AI governance frameworks, and to contemplate the opportunities and challenges that generative AI presents to law and the judicial system itself .
However, a fundamental question remains a subject of ongoing debate: does generative AI necessitate distinct legal regulation? This preliminary issue has yet to receive a satisfactory answer. Notably, a foundational regulatory framework targeting algorithms and artificial intelligence has already been established through laws and regulations such as Article 24 of the Personal Information Protection Law, the Internet Information Service Algorithm Recommendation Management Provisions, the Internet Information Service Deep Synthesis Management Provisions, and the Guiding Opinions on Strengthening the Comprehensive Governance of Internet Information Service Algorithms, alongside the more recent Interim Measures for the Management of Generative AI Services.5 Given this existing body of AI-related laws in China, a key consideration is whether this framework is adequate to address the novel challenges posed by generative AI, or if the promulgation of specific regulations like the Interim Measures for the Management of Generative AI Services indicates a perceived inadequacy.5 Some scholars argue affirmatively, believing that the extended application and legal interpretation of existing rules cannot resolve the existential "long-term concerns" for human survival in both the real and virtual worlds caused by the enabling and embedded nature of generative AI . Conversely, other scholars express skepticism, asserting that the "risk legislation theory" conflates risk types and risk levels, thus rendering special legislation unnecessary . Nevertheless, regardless of whether the legal community enthusiastically embraces or cautiously observes this new technology, there is a prevailing assumption, to varying degrees, that generative AI possesses unique characteristics warranting special regulatory consideration. This academic debate underscores the complexity of regulating a rapidly evolving technology and the lack of consensus on the best approach.
This paper aims to challenge this assumption. It seeks to address emerging generative AI within the existing artificial intelligence regulatory framework by examining its regulation from three perspectives: operational processes, output results, and input data . The central inquiry is whether generative AI presents regulatory challenges that the current system cannot accommodate, or if its characteristics as a regulated object can still be encompassed within the existing framework, merely serving to prompt the further rationalization and improvement of the artificial intelligence regulatory system . This sets the central thesis of the paper, focusing on the adaptability of the current regulatory system rather than advocating for entirely new legislation. Consequently, this paper is not only a specialized study proposing regulatory strategies for generative AI but also an attempt to reflect on the strengths and weaknesses of the entire artificial intelligence regulatory system and its various theoretical optimization approaches. Ultimately, it endeavors to propose a more reasonable overall solution for artificial intelligence regulation: starting with the specific characteristics of the technology, comparing it with similar technologies to identify universal technical principles, and then returning to scenario-based regulation of technical details . This reveals the paper's ambition to contribute to the broader discussion on AI regulation beyond just generative AI, advocating for a balanced approach that prioritizes innovation while ensuring safety. Regarding the perennial issue of balancing development and security in the field of artificial intelligence, this paper's regulatory approach of "no new entity if not necessary" leans more towards fostering development. It hopes to appropriately alleviate regulatory pressure on emerging technologies and industries, while the emphasis on an overall regulatory framework can still safeguard fundamental security and prevent the neglect of existing artificial intelligence problems due to an excessive focus on new issues. The paper's structure will be based on these three key aspects (process, output, input data), providing a systematic approach to analyzing the regulatory challenges and potential solutions within the existing framework.
1 Process Regulation with a More Subsidiary Role
1.1 Specific Requirements and Inherent Difficulties of Process Regulation
Process regulation of artificial intelligence necessitates enhancing algorithm transparency, enabling individuals to understand and oversee its operational procedures . For instance, the first paragraph of Article 24 of the Personal Information Protection Law stipulates that "personal information processors using personal information for automated decision-making shall ensure the transparency of the decision-making process..." . Similarly, Article 12 of the Internet Information Service Algorithm Recommendation Management Provisions encourages algorithm recommendation service providers to "...optimize the transparency and explainability of rules for searches, sorting, selections, pushing, and displays, to avoid adverse effects on users and prevent and reduce disputes" . This existing legal framework demonstrates a clear intention to regulate the "black box" of algorithms by requiring disclosure of their mechanisms and mandating registration for those with significant societal influence.
More specifically, given the technical complexity and commercial confidentiality of code, process regulation and algorithm transparency in artificial intelligence do not mandate the public disclosure of code, directly presenting the technical expression of algorithms to users and regulators . Instead, they require the explanation of algorithms, illustrating the basic principles, objectives, and main operational mechanisms of algorithms in a scenario-based and hierarchical manner, thereby fostering trust in the algorithm . For example, Article 16 of the Internet Information Service Algorithm Recommendation Management Provisions states that "algorithm recommendation service providers shall conspicuously inform users of their provision of algorithm recommendation services and appropriately publicize the basic principles, objectives, and main operational mechanisms of the algorithm recommendation services" .
Furthermore, artificial intelligence service providers bear additional explanatory obligations towards users whose rights are significantly affected by algorithms . For example, the first paragraph of Article 24(3) of the Personal Information Protection Law states that "where decisions with a significant impact on individual rights and interests are made through automated decision-making methods, individuals have the right to request the personal information processor to provide an explanation..." . Similarly, Article 17(3) of the Internet Information Service Algorithm Recommendation Management Provisions stipulates that "where algorithm recommendation service providers' application of algorithms has a significant impact on users' rights and interests, they shall provide explanations and bear corresponding responsibilities in accordance with the law" .
Moreover, algorithm filing and security assessments serve as further extensions of algorithm explanation, representing specialized explanations provided to regulators. For example, Article 24(1) of the Internet Information Service Algorithm Recommendation Management Provisions states that "algorithm recommendation service providers with public opinion attributes or social mobilization capabilities shall, within ten working days from the date of providing services, fill in the service provider's name, service form, application field, algorithm type, algorithm self-assessment report, proposed public information, and other information through the internet information service algorithm filing system to complete the filing procedures" . Article 27 of the same law also mandates that "algorithm recommendation service providers with public opinion attributes or social mobilization capabilities shall conduct security assessments in accordance with relevant national regulations" . Article 15 of the Internet Information Service Deep Synthesis Management Provisions contains similar stipulations . China has indeed established a system for process regulation, as evidenced by the algorithm registry created by the 2022 regulation on recommendation algorithms, requiring providers with public opinion or social mobilization capabilities to file information about their algorithms, including training data sources and security self-assessments.
However, the approach of enhancing transparency as the primary goal of process regulation faces significant inherent difficulties due to three main reasons . Firstly, the introduction of machine learning has increased the complexity of technology, further widening the gap between artificial and human intelligence. Both the learning process and its outcomes are difficult for humans to comprehend, even for technical experts . The inherent complexity of advanced AI, particularly deep learning models, makes full transparency and explainability practically challenging, even for experts.7 As AI models become more sophisticated, their decision-making processes become less interpretable, creating a fundamental barrier to achieving complete transparency and fostering user trust based on understanding. Secondly, process transparency, especially code disclosure, can conflict with the protection of private rights such as intellectual property and trade secrets, and may also jeopardize national security and social order, harming public interests . Consequently, private entities possessing the technology often lack the motivation to disclose information and may even engage in misleading disclosures . The economic and strategic value of generative AI technology creates strong incentives for companies to protect their intellectual property, directly clashing with demands for transparency in their models and algorithms. Furthermore, revealing the inner workings could facilitate misuse. Finally, and most importantly, fundamental and insurmountable differences exist between technology and humanity . We struggle to fully understand machine learning-based artificial intelligence in terms of scientific cognition and cannot grasp it through the lens of intuitive common sense . Therefore, it is difficult to trust this fundamentally different entity, especially given that artificial intelligence frequently makes errors, either lacking the capability to complete designated tasks or possessing excessive power that infringes upon the interests of others and the public interest .
1.2 Challenges of Generative Artificial Intelligence to Process Regulation
Generative artificial intelligence employs even more complex technologies, involves more intense conflicts of interest, and generates more significant human-machine distinctions, thus posing greater challenges to process regulation .
Firstly, the technical complexity of generative artificial intelligence presents a greater challenge to process regulation . Regarding technical principles, generative artificial intelligence differs significantly from human intelligence and other previous types of artificial intelligence . Its content generation process typically starts with an initial word or a segment of text . The trained model, based on specific patterns and rules learned during the training process and in conjunction with the current context, predicts the next word or character and continuously generates subsequent content in this manner until it reaches the set generation length or an end marker . This predictive nature, relying on patterns learned from vast datasets, is a core characteristic of generative AI.
In terms of model structure, while generative artificial intelligence shares a three-layer structure (foundation model—professional model—service application) with other types of artificial intelligence, its foundation model exhibits stronger interactivity, universality, and enabling capabilities . It also demonstrates a surge in emergent abilities and possesses the potential to serve consumers, businesses, and governments across various sectors, enabling a multitude of industries and paving the way towards general artificial intelligence . This potential, however, inevitably entails more substantial social risks . The sheer scale and complexity of generative AI models, with parameters in the trillions, render traditional methods of process regulation, like code disclosure or detailed algorithmic explanations, largely ineffective.
Regarding parameter scale, the ultra-large-scale parameters of generative artificial intelligence render various attempts to implement process transparency increasingly ineffective. Generating trust or exercising control based on thorough understanding becomes even less feasible . For example, the Transformer deep learning model underlying the GPT series introduces a self-attention mechanism in the feedforward neural network and boasts parameter counts reaching hundreds of trillions with exponential growth . This model is a classic black-box algorithm, currently defying global interpretation, and the credibility of local supplementary explanations is questionable, potentially undermining technical trust and misleading policy formulation . Data shows that GPT-1 had 117 million parameters, GPT-2 had 1.5 billion, GPT-3 reached an astounding 175 billion, and while GPT-4's parameter count remains undisclosed, multiple predictions suggest it will reach 100 trillion . The parameters of Sora and GPT-4o are expected to grow even more exponentially .
Secondly, the process regulation of generative artificial intelligence will also trigger greater conflicts of interest . On one hand, as a nascent technology highly valued by major corporations and even nations and still in a rapid development phase, generative artificial intelligence technology has significant demands for intellectual property and trade secret protection . The transparency requirements of process regulation clearly clash sharply with these demands . For example, the US House of Representatives Foreign Affairs Committee overwhelmingly passed the Enhancing National Frameworks for Overseas Restriction of Critical Exports Act on May 23, 2024 . By supplementing AI-related definitions, granting presidential regulatory power, and increasing the licensing obligations for Americans engaged in AI model export-related activities, this act aims to control the export of AI models, particularly open-source models . This has a significant and far-reaching impact on the development of many "wrapper" models in China that are based on the secondary fine-tuning of open-source large models, highlighting the significant conflict between the important need to protect generative artificial intelligence technology and process regulation . The economic and strategic value of generative AI technology creates strong incentives for companies to protect their intellectual property, directly clashing with demands for transparency in their models and algorithms.
On the other hand, disclosing the technical principles of generative artificial intelligence, especially its technology information related to content governance, will also exacerbate algorithm evasion and algorithm calculation issues, posing a serious threat to social public safety and even national security . It is well known that generative artificial intelligence can be used to generate illegal and non-compliant information and to teach illegal and criminal behaviors . To coordinate the performance optimization and legal compliance of generative artificial intelligence, another artificial intelligence that plays a censorship role needs to be nested externally to prevent the output of illegal and non-compliant generation results . However, this artificial intelligence review is extremely easy to circumvent: simply by converting appropriate prompts and expressing them in ways such as learning knowledge, the artificial intelligence can be induced to generate content that it should not . If the technical principles of generative artificial intelligence and its related censorship artificial intelligence are disclosed, this algorithm evasion and algorithm calculation will inevitably become easier, and the resulting harmful consequences will become more widespread and serious . Furthermore, revealing the inner workings could facilitate misuse.
Finally, the surge in interactivity of generative artificial intelligence seems to narrow the human-machine gap, but upon closer examination, the distinction between humans and machines still exists. The surge in interactivity can both strengthen trust and exacerbate fear . For example, GPT-4o's voice interaction not only has stronger real-time response capabilities but also allows users to interrupt the model's voice output and can generate voices with various emotional styles, closely resembling human-to-human dialogue . However, the basic principles of its model training and operation have not changed . Its behavior and reactions are still based on algorithmic processing of data rather than genuine understanding or emotional experience . Its so-called "creativity" is actually limited by preset parameters and the dataset used for training .
Therefore, we cannot treat them as similar entities and place emotional needs upon them . If we are truly misled by their superficial creative and empathetic abilities and excessively trust and even rely on them, it may lead to the weakening or even loss of decision-making power and dominance in many important matters , as well as various errors arising from artificial intelligence being too powerful or not powerful enough . For example, technological dependence in smart justice may challenge the principle of exclusive power, create difficulties in judicial supervision, and make it difficult to determine and allocate responsibility . More importantly, since current artificial intelligence has not yet reached the level of strong artificial intelligence and largely depends on technology developers, owners, and providers, their power and status in fact mean that the latter's power increases, status elevates, and the possibility of undue influence increases . So the distinction between humans and machines has not been eliminated; stronger interactivity is just a superficial phenomenon, actually burying greater security risks and potential for loss of control . The gap in understanding and trust still exists and may even widen further . While generative AI can mimic human interaction more closely, the underlying mechanisms remain fundamentally different, leading to potential for misplaced trust and increased risks if these systems fail or are manipulated. The concentration of power in the hands of developers also raises concerns.
1.3 Reasonable Positioning and Rule Refinement of Process Regulation
Despite the fact that generative artificial intelligence greatly exacerbates the inherent difficulties of process regulation, the way to respond should neither be to completely abandon process regulation that requires openness and transparency, nor to continue to insist on excessively high levels of process regulation. Instead, it should be to reasonably position process regulation and refine its rules . On the one hand, considering the aforementioned difficulties of process regulation, we may not be able to, nor should we, regard it as the dominant measure for artificial intelligence regulation . It would be best to position it as a supplementary regulatory measure, supporting the regulation of results and data discussed below . On the other hand, with the goal of building trust, we should refine the relevant rules for algorithm transparency and algorithm explanation so that developers can explain the safety and trustworthiness of their artificial intelligence to the public and regulators.
In fact, since the aforementioned inherent difficulties have long existed, this positioning and refinement are not new . Research also shows that the effectiveness of algorithm explanation often depends on the disclosing entity's willingness to disclose, the explained object's ability to understand, and the matching of explanation technology, with highly uncertain consequences . Moreover, the relationship between algorithm explanation and algorithm trust is neither sufficient nor necessary . Algorithm trust depends more on the trust basis of the scenario, the consistency of human-machine judgment, and other factors . However, the amplification of technical complexity, conflicts of interest, and the human-machine divide by generative artificial intelligence will inevitably strongly promote the accelerated development of this reasonable positioning and rule refinement, thereby making the system architecture of the entire artificial intelligence regulation more rational and the implementation effect better . The challenges of process regulation are not unique to generative AI, and previous research on algorithm explainability provides valuable lessons. The heightened difficulties in achieving process transparency with generative AI will necessitate a shift towards more realistic and achievable regulatory goals in this area.
In this regard, the relevant provisions of the Interim Measures for the Management of Generative AI Servicesdo not differ from previous regulations, nor do they highlight new positioning or refine new rules . Article 4(5) stipulates the general principle of process transparency: "Providing and using generative artificial intelligence services shall comply with laws and administrative regulations, respect social morals and ethics, and abide by the following provisions: (5) Based on the characteristics of service types, take effective measures to enhance the transparency of generative artificial intelligence services..." . Article 17 stipulates the filing and security assessment system: "Those providing generative artificial intelligence services with public opinion attributes or social mobilization capabilities shall conduct security assessments in accordance with relevant national regulations and complete algorithm filing and modification, and cancellation of filing procedures in accordance with the Internet Information Service Algorithm Recommendation Management Provisions" . Article 19(1) stipulates the obligation to explain to relevant competent authorities: "Relevant competent authorities shall conduct supervision and inspection of generative artificial intelligence services in accordance with their responsibilities, and providers shall cooperate in accordance with the law, explain the sources, scale, types, labeling rules, algorithm mechanisms, and principles of training data as required, and provide necessary technical and data support and assistance" . The initial regulations for generative AI in China largely mirror existing approaches to algorithm regulation, suggesting an initial reliance on established frameworks. The fact that the Interim Measures reiterate existing principles of transparency and accountability indicates a cautious approach, initially applying familiar regulatory tools to this new technology.
But how to maintain control over or generate trust in generative artificial intelligence under the premise of impossible complete understanding? The former requires control over results and data as discussed below, which will not be elaborated here ; the latter requires developers to aim for trust and make appropriate information disclosures about generative artificial intelligence . In fact, due to the limited development of neuroscience and brain science, we do not fully understand human intelligence either, and there is also a black box problem . However, we can trust human decisions. On the one hand, we have minimized the risk of decision-making errors through a series of institutional designs. More importantly, on the other hand, even if we do not fully understand the brain's operation process, we basically understand the general thinking process, and this understanding is based on our actual thinking experience and the accumulation of increasing scientific knowledge . We trust human institutions and have a basic understanding of human reasoning, which fosters trust despite the complexity of the human brain. A similar approach, focusing on building reliable AI systems and providing understandable explanations of their function, can foster trust in AI.
Therefore, despite the aforementioned difficulties, to gain more public and policymaker support for generative artificial intelligence, technology developers should still make good-faith efforts in appropriate information disclosure to enable both parties to better understand the technology's operational processes and potential values and risks . Proactive and accessible communication from developers is crucial for building public confidence and facilitating informed policymaking. For example, developers of generative artificial intelligence can regularly publish transparency reports detailing the working principles, data collection and processing methods, and algorithm decision-making processes of artificial intelligence ; or they can explain the latest developments, application cases, and potential social impacts of generative artificial intelligence technology to the public by holding open online seminars, workshops, or lectures ; or they can adopt more intuitive and easy-to-understand methods to display its workflow and decision results when designing the user interface of generative artificial intelligence . By actively engaging with the public and policymakers through clear and understandable explanations, developers can demystify the technology and foster a more informed and trusting environment.
Furthermore, sometimes trust is not based on fuller information disclosure but on stable expectations formed through long-term transactions . This requires developers of new technologies to involve users more deeply in the entire lifecycle of generative artificial intelligence development, application, and optimization, enhancing users' understanding and trust in algorithms through personal participation and eliminating fear of the technology black box . Direct user involvement can increase understanding and trust by demystifying the technology and allowing users to experience its capabilities and limitations firsthand. In the development phase, developers can invite users to participate in the preliminary design of artificial intelligence products through user surveys, focus group discussions, or co-creation workshops . In the application phase, to help users better understand artificial intelligence technology, developers can provide online tutorials, user manuals, or interactive learning modules to explain the working principles, advantages, and limitations of artificial intelligence ; at the same time, developers should strive to improve the transparency of artificial intelligence by displaying the algorithm's decision-making process to users through visualization tools or explanatory interfaces . In the optimization phase, developers can establish a continuous feedback mechanism to allow users to report problems encountered during use, evaluate the actual performance of artificial intelligence, and then propose improvement suggestions to help developers iterate and optimize the technology . Additionally, developers can establish user communities to provide a platform for users to share experiences, exchange skills, and engage in frank direct communication with developers on the potential risks and ethical issues of artificial intelligence technology, and to demonstrate the measures they have taken to ensure safety and fairness, thereby establishing a deeper level of symbiotic cooperation . By involving users in the development process, providing clear explanations during application, and actively seeking feedback for optimization, developers can foster a sense of partnership and build stronger trust in the technology.
2 Outcome Regulation with a More Dominant Role
2.1 Specific Requirements and Inherent Difficulties of Outcome Regulation
Outcome regulation of artificial intelligence requires that the output results are safe, controllable, fair, and just, and must not cause harm or discrimination . Its essence lies in the requirement that artificial intelligence, as a technological tool, must be human-centered and serve the public interest, neither infringing upon the overall interests of society nor the interests of the constituent parts (especially vulnerable groups) of society . Outcome regulation in China prioritizes ensuring that AI technologies, including generative AI, align with national values and do not produce harmful or discriminatory content.
On one hand, artificial intelligence should ensure safety and controllability and must not cause harm to national security, social public safety, and the safety of private personal and property . For example, Article 6 of the Internet Information Service Algorithm Recommendation Management Provisionsstates that "algorithm recommendation service providers shall adhere to mainstream value orientations, optimize algorithm recommendation service mechanisms, actively disseminate positive energy, and promote the upward and virtuous development of algorithm applications. Algorithm recommendation service providers shall not use algorithm recommendation services to engage in activities prohibited by laws and administrative regulations that endanger national security and social public interests, disrupt economic order and social order, or infringe upon the legitimate rights and interests of others, shall not use algorithm recommendation services to disseminate information prohibited by laws and administrative regulations, and shall take measures to prevent and resist the dissemination of adverse information" . Articles 7-15 of the same provisions implement the information service management requirements of positive guidance and safeguarding the bottom line through institutional construction, technical review, information security management, user tag management, page ecosystem management, news service licensing, and anti-monopoly and anti-unfair competition measures . The principles stipulated in Article 6(1) of the Internet Information Service Deep Synthesis Management Provisions are similar, and Article 6(2) specifically emphasizes the governance of false news information: "Deep synthesis service providers and users shall not use deep synthesis services to produce, reproduce, publish, or disseminate false news information. When reprinting news information produced and published based on deep synthesis services, they shall reprint news information released by internet news information source units in accordance with the law" . Articles 7-13 also implement information service management requirements in a similar manner as mentioned above . The emphasis on "mainstream values" and the prohibition of harmful content reflect the Chinese government's broader approach to internet governance, extending these principles to AI outputs.
On the other hand, artificial intelligence should maintain fairness and justice and must not implement unreasonable differential treatment based on economic, political, or social factors . Ensuring fairness and preventing discriminatory outcomes are key aspects of AI outcome regulation in China, particularly concerning vulnerable populations and market competition. For example, Article 24(1) of the Personal Information Protection Law states that "personal information processors using personal information for automated decision-making shall ensure that the decision-making...results are fair and just and shall not implement unreasonable differential treatment against individuals in terms of transaction prices and other transaction conditions" . Articles 18-21 of the Internet Information Service Algorithm Recommendation Management Provisions respectively stipulate special outcome regulation obligations for the rights of minors, the elderly, laborers, and consumers to strengthen the protection of vulnerable groups and maintain social fairness . Article 17 of the Anti-Monopoly Committee's Guidelines on Anti-Monopoly in the Platform Economy further lists the factors that can be considered when analyzing whether differential treatment constitutes a transaction: "(1) implementing differentiated transaction prices or other transaction conditions based on big data and algorithms, according to the transaction counterparty's payment ability, consumption preferences, usage habits, etc.; (2) implementing differentiated standards, rules, and algorithms; (3) implementing differentiated payment conditions and transaction methods" . The regulations aim to prevent AI from exacerbating existing social inequalities or creating new forms of discrimination through biased algorithms or unfair practices.
However, due to the inevitable conflict between artificial intelligence development and security, outcome regulation also has inherent difficulties . Specifically, both safety and controllability, and fairness and justice are vague standards or principles that, in practical application, cannot provide precise prior guidance for behavior, and may especially impair the improvement of technical efficiency in the pursuit of safety . For example, if the accident probability of autonomous vehicles is not compared with that of non-autonomous vehicles, and only the possibility of autonomous vehicles causing accidents and endangering road traffic safety and the personal and property safety of other drivers, passengers, and pedestrians is used as a basis, it may hinder industrial development due to excessive pursuit of safety and controllability of results . Similarly, if reasonable transaction habits and industry practices such as new user discounts and membership discounts are not considered, and only the implementation of differential treatment for different users by e-commerce platforms or shared economy platforms is used as a basis, it may restrict the development of the new economy due to excessive pursuit of fairness and justice of results . Generally speaking, the greater compliance pressure and potential abuse of regulatory power borne by the output result end are not conducive to the "illegal rise" of new technologies : the development potential of artificial intelligence applications may be restricted, and the entire society, including the currently disadvantaged groups, may miss the Kaldor-Hicks improvement brought about by artificial intelligence development . Defining and enforcing broad principles like "fairness" and "safety" in the context of complex AI technologies is challenging and carries the risk of hindering innovation if not carefully balanced.7 Overly strict or poorly defined outcome regulations could create significant compliance burdens for AI developers and limit the potential benefits of these technologies, highlighting the need for a nuanced and adaptable regulatory approach.
2.2 Challenges of Generative Artificial Intelligence to Outcome Regulation
From the perspective of output results, generative artificial intelligence, on the contrary, has not posed newer and greater challenges to the existing regulatory system , because its actual function is similar to search algorithms, and its outcome regulation can also refer to the existing regulatory measures taken for search algorithms . Despite the completely different technical principles and the differences in output results between the two, the user experience and core functionality of generative AI in providing information bear a resemblance to search engines, suggesting that similar regulatory principles might apply. Admittedly, the technical principles of the two are completely different, and the output results also differ : search algorithms output a collection of information needed by the user, realizing the matching function between people and information; generative artificial intelligence outputs the direct information needed by the user, realizing the information production function . However, in terms of technical function, especially user experience, both are based on user input information, obtaining the result that best matches the intent contained in the information through algorithms, and providing users with the information they hope to obtain . The only difference is the presentation method: the former only provides a collection of information related to the question, while the latter can directly provide the answer without requiring users to further filter and refine the search results . Therefore, generative artificial intelligence and search algorithms have functional similarities .
Judicial practice and industry practice can also corroborate this functional similarity . On the one hand, in foreign judicial practice, search engine platforms, in order to resist algorithm regulation, argue that the information calculated and displayed by their algorithms also constitutes a kind of speech, and that intervention and regulation of algorithms is an infringement of freedom of speech, thus becoming more similar to the "answers" provided by generative artificial intelligence . Moreover, since its inception, the internet has been burdened with the controversy of whether it is merely a pipeline or an editor, and the extent of responsibility it should bear . Its "editor" identity and the subsequent increasing guidance and governance capabilities of internet platforms over user speech are also becoming increasingly similar to the answers provided by generative artificial intelligence . On the other hand, both Google and Microsoft, the two internet giants in the search engine field, are actively introducing generative artificial intelligence to compensate for the shortcomings of current search engines in accurately answering questions, so as to improve search efficiency and user experience . Baidu Search has also quickly integrated its own generative artificial intelligence "Wenxin Yiyan," trying to leverage the advantages of accumulated Chinese corpus data and strive not to lag behind in another round of new technology competition . The legal arguments made by search engines and the evolving role of internet platforms in content moderation further blur the lines between information retrieval and information generation, supporting the analogy with generative AI. The industry trend of integrating generative AI into search engines reinforces the functional overlap and suggests that these technologies are seen as enhancements or replacements for traditional search functionalities.
From this, it can also be seen that generative artificial intelligence can largely enhance or even replace search engines . From a longer time dimension of internet development, the development of generative artificial intelligence is in fact inherently consistent with the development of internet platforms, so a certain degree of regulatory continuity can be maintained . Generally speaking, internet platforms use data and algorithms as tools to allocate scattered social resources, thereby establishing bilateral markets within enterprises, with their digital nature serving as the basis for their bilaterality . Specifically, search algorithms and recommendation algorithms, based on user input information and combined with other information expressed by users through filled-in data and behavioral performance, as well as information on goods, services, and information providers, extract and display the most likely desired items for users in a certain order, thereby facilitating market transactions . However, the allocation of scattered social resources still has an efficiency ceiling, and the capabilities of new information technology have not been fully utilized . Therefore, the internet platform model centered on matching has a trend of transitioning to a model centered on production . For information, this means that it is best not to merely provide a collection of information but to directly provide answers . Thus, the bilaterality of internet platforms is negated by their digital nature, ultimately becoming unilateral platforms that actively provide information, goods, and services, which in turn requires the technical support of generative artificial intelligence, just like the development of search engines towards ChatGPT . Generative AI represents a potential evolution of internet platforms, shifting from simply connecting users with information to actively generating and providing it, suggesting a degree of continuity in the underlying platform model. The progression of internet platforms from directories to search engines to potentially generative AI-powered information providers suggests an underlying trend towards more direct and efficient information delivery, which could inform regulatory approaches.
Furthermore, the essential similarity between generative artificial intelligence and internet platform models lies not only in the fact that the former represents the future development direction of the latter and matching-based artificial intelligence but also in that the process of its training, operation, evaluation, and optimization is a replication of the internet platform model . Generative artificial intelligence, on the one hand, collects massive amounts of data for training, evaluating, and optimizing models, and on the other hand, collects user input information as prompts for content production . In fact, it postpones and internalizes the information provider side of search engines . It is precisely for this reason that it shares similarities with matching-based artificial intelligence in terms of data input and model training, and outputs similar results to search engines, with similar issues of benefit distribution . In this sense, it best reflects the subject status of internet platforms and the speech nature of their information content : it is not only an information editor but also an editorial writer, and therefore, while enjoying rights such as freedom of speech and copyright, it should also bear corresponding legal responsibilities . The operational lifecycle of generative AI closely resembles the data-driven model of internet platforms, with data collection, user interaction, and continuous improvement being central to both. By analyzing the operational parallels, the paper strengthens the argument that generative AI can be understood and regulated within the existing framework for internet platforms. The content generated by AI should be viewed as a form of expression originating from the platform, carrying both the privileges and responsibilities associated with speech and authorship. By positioning generative AI as a form of platform-generated content, the paper argues for applying existing legal principles related to online speech and content liability.
2.3 Continued Application and Overall Reflection on Outcome Regulation
Since generative artificial intelligence, from the perspective of output results, does not pose fundamentally different regulatory issues, and given the greater limitations of the process regulation approach caused by generative artificial intelligence technology as mentioned above, the legal compliance of output results should occupy a dominant position in the regulation of generative artificial intelligence and even general artificial intelligence regulatory systems . Focusing on the tangible outputs of generative AI allows for regulation based on established legal principles related to content, safety, and fairness, without requiring deep technical understanding of the underlying algorithms. This is because even the most complex technology inevitably produces real-world consequences and impacts, which can serve as the starting point for regulation . Moreover, outcome regulation is an area where public authorities are more proficient in judgment and do not require the assistance of technical personnel . Just as our trust in professionals is often based on their success rate (lawyers' win rates, doctors' cure rates, teachers' student pass rates, politicians' promise fulfillment rates, etc.) rather than on understanding or comprehending their professional processes, if we can control generative artificial intelligence by imposing relevant legal requirements on its output results, thereby proving that it will not cause harmful consequences and will only create social value, then even if we do not fully understand its technical process, we do not need to worry about it "losing control" and can therefore use it . A pragmatic regulatory approach should prioritize controlling harmful outcomes and ensuring beneficial uses, allowing for the adoption of generative AI when its positive societal impact can be demonstrated and negative consequences can be effectively managed. If its consequences cannot be controlled and its harmlessness cannot be proven, then limiting or even suspending its use is a more preferable solution . The focus should be on the real-world impact of generative AI. If it can be shown to be safe and beneficial, it should be allowed; if not, its use should be restricted, regardless of the complexity of its internal workings. The aforementioned solution does not require difficult technical identification and can instead return this problem to more capable technical personnel . Therefore, the dominant application of outcome regulation and the coordination of process regulation also imply a more reasonable division of labor between legal professionals and technical experts . This regulatory approach allows legal professionals to focus on applying established legal principles to AI outputs, while technical experts can concentrate on developing and ensuring the safety and reliability of the underlying technologies.
In this regard, the relevant provisions of the Interim Measures for the Management of Generative AI Servicesalso do not differ from previous regulations . Its Article 4, Items (1), (2), (3), and (4) stipulate the basic principles of outcome compliance: "(1) Adhere to the core socialist values and must not generate content that is prohibited by laws and administrative regulations, such as content inciting subversion of state power or the overthrow of the socialist system, endangering national security and interests, harming the national image, inciting secession, undermining national unity and social stability, promoting terrorism and extremism, promoting ethnic hatred and ethnic discrimination, violence, obscenity, and harmful false information; (2) Take effective measures during algorithm design, training data selection, model generation and optimization, and service provision to prevent discrimination based on ethnicity, belief, nationality, region, gender, age, occupation, health, etc.; (3) Respect intellectual property rights, business ethics, and maintain business secrets, and must not use advantages in algorithms, data, platforms, etc., to engage in monopolistic and unfair competition behaviors; (4) Respect the legitimate rights and interests of others, must not endanger the physical and mental health of others, and must not infringe upon the portrait rights, reputation rights, honor rights, privacy rights, and personal information rights of others" . Article 9, Paragraph 1, first sentence, stipulates its general network information security obligation: "Providers shall bear the responsibility of network information content producers in accordance with the law and fulfill network information security obligations" . Article 14 stipulates the measures that should be taken after discovering illegal content: "If a provider discovers illegal content, it shall promptly take measures such as stopping generation, stopping transmission, and eliminating the content, take measures such as model optimization training for rectification, and report to the relevant competent authorities. If a provider discovers that a user is using generative artificial intelligence services to engage in illegal activities, it shall take measures such as warnings, limiting functions, and suspending or terminating the provision of services to the user in accordance with the law and agreements, preserve relevant records, and report to the relevant competent authorities" . The Interim Measures largely focus on regulating the outputs and uses of generative AI, reflecting the dominance of outcome-based regulation in this area.
Firstly, in terms of outcome compliance, the more specific and primary requirement should still be safety and controllability, preventing new technologies from causing harm to national security, social public safety, and private personal and property safety . Ensuring that generative AI does not produce content that violates national security or public order is a paramount concern in China's regulatory approach. Since artificial intelligence generates "content," it is only natural to apply relevant content governance laws and regulations to it and equip it with corresponding manual review and user feedback mechanisms : the "nine prohibitions" in the Network Security Law, Internet Information Service Management Measures, and Regulations on the Governance of the Network Information Content Ecology can effectively safeguard the bottom line of content security, and Article 4 of the aforementioned Interim Measures for the Management of Generative AI Services basically continues these prohibitions . The extension of existing content control regulations to generative AI reflects the government's commitment to maintaining a stable and secure online environment. However, the technical principles of generative artificial intelligence determine that it is particularly prone to hallucination, i.e., continuously predicting the next word based on pre-trained patterns and rules, where the pursuit of formal coherence overrides the pursuit of content correctness, ultimately generating formally standardized but substantively erroneous information that is difficult to distinguish between truth and falsehood, and the quantity is often huge or hidden within massive amounts of information . Therefore, its content security problem faces particular difficulties . Regarding this, the current solution mainly involves using content labels to raise users' awareness (Article 12 of the Interim Measures for the Management of Generative AI Services) , but attention should be paid to the prominence and actual effect of the labels . The tendency of generative AI to produce false information poses a significant challenge for outcome regulation, requiring specific measures like labeling and the development of more robust verification mechanisms. In the future, we expect further technological development to mitigate or even eliminate the hallucination problem or to develop verification algorithms in response.
Secondly, outcome compliance also requires that the output results of generative artificial intelligence must remain fair and just and must not implement unreasonable differential treatment based on economic, political, or social factors . Preventing bias and ensuring fairness in the outputs of generative AI requires careful attention to the data used for training and ongoing monitoring and feedback mechanisms. Generative artificial intelligence may produce biases and differences, assigning incorrect or negative characteristics to individuals in certain groups ; it may also lead to insufficient focus, paying more attention to the information of one group while ignoring other groups ; it may also output discriminatory or insulting language expressions . Therefore, in addition to ensuring data diversity, balance, and correct labeling during the training process, it is necessary to supervise and review the generated content, promptly discover and correct any potential discrimination therein, and ensure the fairness and justice of the output results ; at the same time, a user feedback mechanism should be established to encourage users to report any potential discrimination therein to developers for timely correction and improvement ; in particular, it is necessary to utilize public wisdom to discover unreasonable aspects hidden beneath reasonable differential treatment and expose deep-seated discrimination issues.
Finally, whether it is safety and controllability or fairness and justice, the essence is that generative artiicial intelligence as a technological tool must be people-oriented and serve the public interest . While the imposition of greater legal responsibility will indeed increase the development costs of generative artificial intelligence, the argument that its development will be hindered and may cause greater insecurity or loss of social welfare may also be biased . Because whether it is developing or governing generative artificial intelligence, the essence is to enhance social public interests, only the methods adopted are different, and the corresponding cost-benefit calculations also vary . If necessary outcome regulation requirements are not imposed and technological freedom is allowed to develop unchecked, then digital platforms and digital capital that control the technology will only consider how to maximize their own interests, and the social costs of technological development often cannot enter their cost-benefit calculations . We cannot ignore the other side of the costs that may arise from free development simply because the costs generated by imposing regulatory requirements are more obvious and visible .
3 Data Compliance Requiring Greater Balancing of Interests
3.1 Specific Requirements and Inherent Difficulties of Data Compliance
Data compliance for artificial intelligence requires that input data comply with three aspects of legal requirements: personal information protection, copyright protection, and fair competition . Data compliance for AI involves navigating a complex landscape of regulations designed to protect various rights and interests related to the data used for training and operation.
Regarding personal information protection, firstly, the prerequisite for processing personal information is to meet the legal basis stipulated by law, among which obtaining informed consent from individuals is the most important . Compliance with China's PIPL is a critical aspect of AI data governance, requiring careful attention to the collection, processing, and transfer of personal information used in AI systems.27 Secondly, the processing of personal information should meet the requirements of purpose limitation and minimization and provide opt-out options . Thirdly, even for legally public personal information, processing should be limited to a reasonable scope, excluding parts explicitly rejected by individuals, and obtaining individual consent again when it has a significant impact on individual rights . The stringent requirements of the PIPL necessitate that AI developers implement robust data protection measures, including obtaining valid consent and adhering to principles of data minimization and purpose limitation.
Regarding copyright protection, artificial intelligence companies need to either obtain permission from copyright holders or pay infringement damages when unauthorized use occurs, unless it constitutes fair use . The use of copyrighted material for training AI models raises significant legal questions regarding copyright infringement and the scope of fair use.
Regarding fair competition, artificial intelligence companies' use of data crawlers to obtain data from other companies may constitute unfair competition, and may even constitute the crime of illegally intruding into computer information systems or the crime of illegally obtaining computer information system data or illegally controlling computer information systems . Obtaining training data through methods like web scraping can raise legal issues related to unfair competition, particularly if it involves accessing proprietary data or disrupting the business operations of others.
Whether it is personal information protection, copyright protection, or competition regulation, all face the inherent difficulty of balancing data protection and utilization . Finding the right balance between protecting data-related rights and enabling the use of data for AI development is a fundamental challenge in regulating this technology. On the one hand, the interests of personal information subjects, copyright holders, and data holders need to be protected; otherwise, it may cause negative consequences such as infringement of information privacy and information self-determination, insufficient incentives for innovation and creation, and unfair impact on business operations . The damage suffered by personal rights and traditional industries during the "illegal rise" of the internet can serve as evidence . On the other hand, excessive protection of the rights of personal information, copyright, and data holders is also not conducive to the full circulation and utilization of data and the full development and growth of new technologies and new industries . It may even be inconsistent with the interests of personal information subjects, copyright holders, and data holders, because data circulation and utilization also promote their interests . For example, individuals can enjoy more accurate recommendation services, copyright holders can expand their reputation benefits and conveniently use others' copyrights to carry out further creation, and data holders can share more benefits generated by data aggregation and processing . Therefore, the Personal Information Protection Law balances data protection and utilization through other legal bases besides informed consent, reasonable processing of legally public information, distinction between sensitive and non-sensitive information, etc. . The Copyright Law balances data protection and utilization through fair use, statutory licenses, the idea-expression dichotomy, etc. . The Anti-Unfair Competition Law balances data protection and utilization through case-by-case interest weighing, thereby serving the balance between artificial intelligence development and security . Overly strict regulations can hinder innovation, while insufficient protection can lead to harm and erode trust. Effective AI regulation requires a nuanced approach that carefully weighs the competing interests of data protection and data utilization, aiming to maximize the societal benefits of AI while minimizing potential harms.
3.2 Challenges of Generative Artificial Intelligence to Data Compliance
The training and optimization of generative artificial intelligence also require data, and its scale is so large that the legal risks in personal information protection, copyright protection, and fair competition have greatly increased . The insatiable data appetite of generative AI models intensifies the legal complexities and potential liabilities related to data compliance across various legal domains. Firstly, it is necessary to collect a large amount of data from various sources and types and preprocess it to clean and unify the format ; then, according to the characteristics and needs of the task, select an appropriate generative model, feed the input data to the model, so that it can master the statistical rules therein through supervised learning or unsupervised learning to generate output ; finally, through verification and evaluation, continuously adjust parameters and optimize model performance until it reaches the required level and has the ability to generate high-quality and diverse output . Each stage of the generative AI lifecycle, from initial data acquisition to ongoing model refinement, presents potential data compliance challenges that need to be addressed.
Every step of this process requires massive data support, thus potentially conflicting with the requirements of personal information protection, copyright protection, and fair competition . It is necessary to ensure data compliance, avoid related legal risks, and thereby prevent the algorithm output obtained through data training and optimization from causing harmful results.
The aforementioned data sources are very broad, but in terms of type, they mainly include three aspects: public data, purchased data, and internal data, and each faces different degrees of data compliance risks . Different sources of data come with varying levels of inherent legal risk, requiring tailored compliance strategies. Understanding the origin of training data is crucial for assessing and mitigating potential legal risks associated with personal information, copyright, and fair competition.
Firstly, public data includes both publicly released data by government agencies, academic institutions, or some enterprises (such as ImageNet, COCO, WMT, etc.) and data collected from the internet through automated web crawler technology (such as web page content, user-generated content, news works, etc.) . Regarding personal information protection, the compliance requirements for this part of the data seem relatively light, only needing to meet the reasonable scope required for processing public personal information, refusal exceptions, and partial separate consent . However, the scale of data required for generative artificial intelligence training will lead to the compliance pressure for refusal exceptions and partial separate consent still being too great, and it is even more difficult to contact the subjects of public data . While public data might seem like a readily available resource, its use for training generative AI at scale presents significant legal hurdles related to privacy, copyright, and fair competition. The vastness of the internet and the prevalence of copyrighted material online mean that using publicly available data for AI training requires careful consideration of intellectual property rights and the potential for unfair competition claims related to data acquisition. The difficulty of obtaining consent or managing opt-outs at this scale also poses privacy challenges.
Regarding copyright protection, since the standard for identifying legally protected works is relatively low, public data is very likely to contain a large number of copyrights, especially user-generated content and news works . Therefore, generative artificial intelligence training will bear a heavy copyright compliance burden, and the existence of orphan works will further increase this burden . Regarding fair competition, as mentioned above, disputes caused by web crawlers are the hardest hit area of internet unfair competition . Even if the behavior does not constitute infringement of personal information or copyright, anti-unfair competition may become the catch-all clause for generative artificial intelligence data compliance.
Secondly, purchased data includes both specific types of professional datasets purchased from data providers (such as professional literature and reports in the fields of medicine, law, finance, etc.) and data collected through crowdsourcing platforms that users use to exchange for rewards or recognition (such as Baidu Crowdsourcing, Ant Crowdsourcing, NetEase Crowdsourcing, etc.), as well as data from partners and third parties . This part of the data has relatively small legal risks because the paid price is presumed to be reasonable . Even when data is acquired through commercial transactions, AI companies must ensure that the data suppliers have the necessary rights and have complied with relevant data protection and copyright regulations. However, problems still exist: on the one hand, whether the data provider itself has the right to sell and transmit relevant data, whether it has informed individuals of the name or identity, contact information, processing purpose, processing method, and types of personal information of the personal information recipient, and obtained the individual's separate consent, or whether it is the copyright holder or has obtained the copyright holder's permission . On the other hand, whether the generative artificial intelligence company, as the data purchaser and recipient, processes personal information within the aforementioned scope of processing purpose, processing method, and types of personal information, or re-obtains individual consent to change the original processing purpose and processing method, and whether it uses the copyright within the scope, nature, region, and duration of the license.
Thirdly, internal data includes both data collected and generated by the enterprise itself and data generated through computer simulations for training models in the absence of sufficient real-world data . The compliance requirements for this part of the data are relatively lighter, not only because it accounts for a smaller proportion but also because it has fewer stakeholders and is easier to determine, with relatively simple legal relationships . Even when using their own data, AI developers must ensure they have followed legal requirements for data collection and processing, including obtaining consent where necessary and adhering to data minimization principles. However, the lightness is only relative; the enterprise itself still needs to meet the aforementioned legal and regulatory requirements for data collection, and the related burden is not exempted .
3.3 Balancing Interests and Legal Interpretation of Data Compliance
Generative artificial intelligence as an emerging digital technology's demand for massive data further amplifies the difficulty of balancing data protection and utilization . The unprecedented scale of data required for generative AI training necessitates a re-evaluation of the balance between data protection and access to facilitate innovation. If overly heavy responsibilities related to personal information protection, copyright protection, and fair competition are imposed on it in terms of data processing, it may be detrimental to its long-term development and the release of its potential positive social benefits, and even more detrimental to China's competitive dominance in the new round of technological revolution . Striking the right balance in data regulation is crucial for enabling the growth of the generative AI industry and ensuring China remains competitive in this rapidly evolving field. Therefore, Article 7(1) of the Interim Measures for the Management of Generative AI Services' requirement to "use data and foundational models that have lawful sources" may in fact impose an overly heavy legal burden on enterprises , potentially leading to rights protection claims from personal information and copyright holders or anti-unfair competition lawsuits filed by data holders . Considering the ultra-large scale of data used by generative artificial intelligence, massive rights protection actions will not only be unbearable for technology developers but also for public authorities such as courts. The broad requirement for lawful data sources could create significant compliance challenges and potential legal liabilities for generative AI companies due to the vast amounts of data involved and the complexities of proving lawful sourcing for every piece of data. The sheer scale of data used in generative AI makes it practically difficult to ensure perfect compliance with all data sourcing regulations, potentially leading to widespread legal challenges that could hinder the industry's growth.
Therefore, regarding personal information, in principle, relevant compliance requirements can continue to be followed: taking obtaining individual consent or meeting other circumstances stipulated by laws and administrative regulations as the basis for processing, improving informed consent, exit mechanisms, and compensation for interests, and collecting real, accurate, objective, and diverse training data covering different ethnic groups, genders, ages, cultures, etc., to avoid bias, while ensuring correct labeling of training data to eliminate potential quality issues or unfair treatment . Articles 7(3)-(5), Article 8, and Article 11 of the Interim Measures for the Management of Generative AI Services continue this compliance approach . However, regulatory improvement plans may include: placing more emphasis on legal bases other than individual consent; broadening the interpretation of processing purposes to reduce processing restrictions; appropriately relaxing regulatory requirements for legally public personal information, appropriately expanding the "reasonable scope," and reducing the application of refusal exceptions and partial separate consent . While maintaining strong personal information protection is important, some adjustments to the regulatory framework might be necessary to facilitate the development of generative AI by providing more flexibility in data usage while still safeguarding fundamental rights. A more nuanced approach to personal information regulation for AI training could involve exploring alternative legal bases for processing, broadening the scope of permissible uses, and streamlining consent requirements for publicly available data, while still ensuring adequate protection for sensitive information.
Regarding copyright, the appropriate interpretation of the fair use system can become an important lever for balancing copyright protection and utilization . A flexible interpretation of fair use could facilitate the training of generative AI models on vast datasets of copyrighted material without unduly burdening developers, especially if the use is non-commercial and transformative. If the use of copyrighted material by generative artificial intelligence is only for the purpose of training models and not for generating works that may compete for market share with it or reduce its market revenue, then it is more likely to be considered fair use . This is because "using another person's published works for personal study, research, or appreciation" falls under fair use . Although the training process of generative artificial intelligence is different from the human learning process, it still belongs to learning in a broad sense, i.e., the process of inputting knowledge to gain intelligence . More importantly, this technological development can also further empower creators, enabling them with more powerful tools or providing more unexpected inspiration. However, if the output results of generative artificial intelligence are identified as works and enjoy copyright, then the use of copyright in its training process should obtain permission and pay reasonable consideration. However, the copyright status of AI-generated outputs needs careful consideration.
Regarding fair competition, the restraint of anti-unfair competition regulation should be maintained to avoid solidifying the interests of vested interests and hindering the development of emerging technologies and industries . Generally speaking, the use of public data by generative artificial intelligence companies has not touched the bottom line of laws or social norms . If competition regulation is carried out, it may only protect the interests of vested interests, while the promotion of competition order and even social welfare is limited . Specifically, the general clause in Article 2 of the Anti-Unfair Competition Law is too broad and may become a catch-all clause, so its application should be restricted to avoid "thankless" legal regulation . However, social norms, business customs, and industry practices can still play a flexible regulatory role, and after gradually forming stable rules, they can guide the law or rise to the level of law . Admittedly, there is a large degree of either-or competition between data protection and utilization. If utilization is strengthened, it inevitably means weakening protection. However, if it is necessary to obtain greater Kaldor-Hicks improvement, perhaps we have to choose the lesser of two evils and temporarily sacrifice some data protection-related interests for the development of generative artificial intelligence and the greater social benefits it may create . However, it should be remembered that the greater social benefits created by balancing data protection and utilization should more universally benefit a wider social group, rather than making generative artificial intelligence, which has involved huge social costs, a tool for a few to seek benefits, and this requires imposing the outcome regulation requirements mentioned above on the output results of generative artificial intelligence . Overly aggressive application of anti-unfair competition law could stifle innovation in the generative AI sector by restricting access to and use of data, potentially benefiting established companies at the expense of new entrants and overall progress.
Conclusion: Rethinking Artificial Intelligence Regulation
This paper has explored the legal regulation of generative artificial intelligence based on the existing artificial intelligence regulatory system. By considering the characteristics of generative AI at each stage from input to operation to output, it has examined whether there are any regulatory challenges that cannot be addressed. Finally, it has fine-tuned the entire regulatory scheme to make it not only more suitable for generative AI regulation but also a more rational overall scheme for artificial intelligence regulation . Overall, this regulatory scheme still follows a scenario-based approach, but it is based on technical analysis and comparison to avoid falling into the trap of overly specific "special regulation," preventing the granting of excessive exemptions or the imposition of excessive burdens on new technologies, and enabling a certain degree of uniformity in the regulation of various new technologies . Therefore, in the concluding section, this paper hopes to reflect methodologically on artificial intelligence regulation and even technology regulation in general .
The scenario-based regulation method is a powerful tool for addressing new technology issues, especially the complexity and conflicts of interest of new technologies . However, the scenario-based method itself faces three problems : firstly, substantive insufficiency—scenario theory and specific analysis of specific problems do not seem to have essential differences, and the classification and grading management commonly used in real law enforcement is also a kind of scenario-based approach, so introducing a theoretical label provides limited substantive help to the analysis ; secondly, a lack of fairness—due to its lack of systematicity, it may cause horizontal and vertical inconsistencies, which is not conducive to universal fairness relative to individual cases, and the analysis efficiency is also lost due to the specificity of the scenario, resulting in insufficient efficiency and fairness ; finally, circular reasoning—since the law itself has norms for the behavioral expectations of specific scenarios, using scenario analysis to refine legal provisions has concerns about circular reasoning, and due to the disruption of the existing social order and interest structure by new technologies, there is a lack of corresponding social norm consensus, thus relying more on enacted law to judge new issues . Therefore, the seemingly perfect scenario-based regulation method is in fact not perfect, and problems such as substantive insufficiency, lack of fairness, and the possibility of leading to circular reasoning greatly reduce its practical effectiveness.
Therefore, some scholars have attempted to replace the scenario-based regulation method with a systematic and modular regulation method, using the degree of autonomy and the level of risk as the basis for systematically and modularly regulating new technologies . However, at the operational level, the two indicators of autonomy and risk level are not independent but are intertwined and difficult to separate, so they are not suitable as a basis for division ; moreover, using the level of risk as an evaluation indicator easily confuses the type of risk with the degree of risk, leading to regulatory misjudgment , while using the degree of autonomy as an evaluation indicator easily excessively reduces the responsibility of developers and users, leading to an imbalance in the distribution of risks and benefits . More importantly, at the principle level, systematic and modular regulation methods still need to be implemented in specific scenarios and adapted to specific scenarios; otherwise, they will always face the problem of the gap between general norms and specific facts . Therefore, although systematic and modular regulation methods are conducive to alleviating the problems of substantive insufficiency and lack of fairness in scenario-based regulation methods, their substantive content still needs to be filled, requiring further development, and they cannot completely avoid scenario-based regulation. Rather, it can be said that they are further optimizations of the consideration indicators of scenario-based regulation.
Other scholars use the different functions of different technologies as the basis for differentiated regulation, for example, distinguishing between the productive and auxiliary functions of artificial intelligence . However, the analysis in this paper shows that the functionalist regulation method may not have universality . For the issue of the utilization and protection of information and data, it is appropriate to distinguish between its display and auxiliary functions to impose different levels of protection and thereby reasonably promote its utilization . But for the regulation of algorithms and artificial intelligence, distinguishing between productive and auxiliary functions may have limited practical benefit for regulation : from the perspective of technical comparison, artificial intelligence algorithms with different functions still have similarities in terms of process, results, and data, all reflecting the control mode of digital platforms and digital capital, and requiring the resolution of the coordination problem between development and governance . Therefore, under the scenario-based review based on technical comparison, the functionalist regulation method may only have conceptual classification significance, while its substantive contribution to technology regulation is limited, and it still needs to return to scenario-based regulation.
Therefore, as seen from the legal regulation of generative artificial intelligence above, although the scenario-based regulation scheme has problems such as substantive insufficiency, lack of fairness, and potential for circular reasoning, using the degree of autonomy, level of risk, or technical function as regulatory levers still cannot construct an effective artificial intelligence regulation scheme and is insufficient to address the regulatory issues raised by specific technologies, very likely oscillating between differentiated regulation and unified regulation. Therefore, starting from the characteristics of specific technologies, comparing them with similar technologies to discover universal technical principles, and then returning to scenario-based regulation of technical details may still be a relatively feasible and desirable regulatory scheme.