Compliance Considerations for AI Data Centers in China

Published:

The Rising Demand for Intelligent Computing Centres in AI Development

Computing power is fundamental to AI development, forming a core element alongside data and algorithms. With the widespread adoption of AI applications, particularly the popularity of open-source large models like DeepSeek, the demand for computing power has surged globally. Given the high costs of building and maintaining local infrastructure, most companies now rely on intelligent computing centres for support.

These centres are cloud platforms dedicated to AI applications and big data processing, utilising high-performance hardware such as GPUs (graphics processing units) and FPGAs (field-programmable gate arrays) to deliver exceptional computing power. As the landscape of AI continues to evolve, the importance of selecting the right intelligent computing centre has never been more critical.

The “East Data, West Computing” Initiative

In December 2023, China introduced the “East Data, West Computing” initiative, positioning computing power as a new productivity driver in the digital economy. This initiative promotes the development of cross-regional intelligent computing centres, aiming to balance the distribution of computing resources across the country. However, this shift also brings forth a new compliance challenge for companies deploying AI: how to select an appropriate intelligent computing centre.

Credential Requirements

When selecting an intelligent computing centre, enterprises should verify the supplier’s operational licences to ensure supply chain stability.

Operational Licences

In China, providers must secure the appropriate licences under the Telecommunications Regulations to offer computing power services. These typically include permits for internet data centre operations (B11), electronic data interchange (B21), and internet content providers (B25). The required licences vary by service type, specifically a B11 permit for IaaS/PaaS (Infrastructure as a Service/Platform as a Service) models and an extra B25 permit for PaaS/SaaS (Platform as a Service/Software as a Service) models.

Technical Qualifications

Intelligent computing centres offering specialised support must hold the appropriate qualifications. According to the Ministry of Natural Resources’ 2024 Notice on Strengthening the Security Management of Mapping Geospatial Information for Intelligent Connected Vehicles, all collection, storage, transmission, processing, and map production of geodata transmitted back by intelligent connected vehicles must be performed by entities with certified surveying and mapping qualifications for navigation electronic map production. This effectively prohibits conventionally licensed intelligent computing centres from legally processing raw geospatial information without upgraded certifications.

Preferential Policies

Free trade zones offer preferential policies and streamlined channels for licensed telecom businesses. The Beijing Free Trade Zone has issued a negative list for outbound data, assisting companies in planning cross-border data transmission. The Hainan Free Trade Port provides dedicated channels for international data centre operations, along with special measures for outbound evaluations and overseas chip selection. Shanghai Lingang facilitates the filing, evaluation, and offshore processing of outbound data.

Compliance Obligations

Tiered Protection Scheme

Article 21 of China’s Cybersecurity Law requires that all domestic network systems implement a tiered protection scheme. Intelligent computing centres should also assist enterprise clients in securing their applications under this framework.

Mandatory Standards

If an intelligent computing centre’s products or services are included in the Catalogue of Critical Network Equipment and Cybersecurity-specific Products, the enterprise must observe the General Security Requirements for Critical Network Equipment.

Security Maintenance

Article 22 of the Cybersecurity Law mandates that intelligent computing centres provide continuous security maintenance over the agreed or prescribed period. Amid the rapid growth of the industry, businesses should prioritise robust security maintenance throughout the service term to avoid potential performance slowdowns.

Cybersecurity Scrutiny

Under the Measures for Cybersecurity Scrutiny, operators of critical information infrastructure must undergo scrutiny when procuring network products and services that affect or may affect national security. Intelligent computing centres may be classified as such infrastructure. If their core technology suppliers are based overseas and fail the scrutiny, service disruptions could occur. Companies should clearly delineate contingency measures and liability in their service agreements to prevent intelligent computing centres’ misuse of force majeure clauses.

Rights and Liabilities

Intellectual Property Clauses

While users retain the IP rights to AI-generated works, intelligent computing centres may include clauses in their agreements that favour their own interests. For instance, if a centre’s proprietary algorithm significantly contributes to an AI-generated work, it might claim joint ownership or acquire specific rights under contractual provisions.

Intellectual Property Infringement Liability

Due to their diverse service offerings, intelligent computing centres may be classified as network service providers under the law. In accordance with Article 1197 of the Civil Code, if a centre exercises actual control over infringing behaviour or fails to take reasonable measures upon becoming aware, such as suspending services or removing infringing material, it may be held jointly liable.

In China’s first AI-generated voice personality rights case, the Beijing Internet Court ruled that a cloud computing platform named as a defendant bore no liability due to a lack of subjective fault. Going forward, it is anticipated that AI computing centres will increasingly face IP and personality rights litigation. Companies should therefore carefully review the liability clauses in service agreements when selecting an intelligent computing centre.

Takeaways

In conclusion, enterprises should conduct comprehensive legal compliance assessments when selecting an AI computing centre. This includes examining operational licences and security histories for any past data incidents or regulatory violations. Clear contractual terms must establish data handling procedures and storage protocols, with supplemental agreements as needed.

Special attention should be given to IP and trade secret protections to avoid ownership disputes. Contracts should also address contingency plans for scenarios like hardware suppliers failing cybersecurity scrutiny, while mandating specific response measures and liability terms for potential data breaches and cybersecurity incidents to mitigate risks.

As the demand for intelligent computing centres continues to grow, understanding the complexities of compliance, rights, and liabilities will be essential for businesses navigating this evolving landscape.

Related articles

Recent articles