32 ASIAN LEGAL BUSINESS CHINA • 亚洲法律杂志-中国版 NOVEMBER 2023 GC INSIGHT spurred TMT companies to explore best compliance practices that meet both industry and corporate needs. Zhu tells ALB that as an online ride-hailing platform with hundreds of millions of users, T3 GO has been attaching great importance to user information protection and compliance with relevant legal obligations since its founding and has formulated strict rules and process requirements. In this process, the in-house team has taken on multiple tasks. According to Zhu, “the team first built up a compliance system framework for data protection and processing based on relevant laws and regulations and in light of the company’s actual products and business, and set up an online management process and control mechanism for each aspect of data processing. Second, as regards business projects involving data-based cooperation and product design involving user information, the in-house team proactively intervened to give compliance assessments at the early stage, proposed effective compliance solutions, and continues to track the implementation of the compliance solutions during actual business operations.” The team also attaches great importance to offering internal training. Zhu says that data compliance will continue to be a key compliance task for the in-house team in the future. “My team will adjust and optimize the plan to implement data compliance from time to time as legal and regulatory requirements continue to change and evolve, so as to ensure our compliance and sustainability as an Internet company.” Xing concedes that Du Xiaoman, being a fintech enterprise, “handles personal credit information, biometric identification information, and other highly sensitive data, the leakage of which will cause serious consequences. Data compliance risks are like the Sword of Damocles hanging over the company’s head. Therefore, Du Xiaoman has established a comprehensive data compliance framework and has summarized a set of effective work methods.” Xing sums up this framework in four aspects. “The first is to ‘prioritize rules.’ We have established a set of data management rules throughout the organization, set red lines and bottom lines for all business operations. Second, we have established a set of dynamic, full lifecycle compliance management and control system for data processing to ensure compliance throughout the dynamic flow of data, from collection to deletion.” “Third, we have established a mechanism to respond to users’ personal information rights. Customers can expect timely feedback on any opinions or assertions regarding personal data. Finally, we also pay special attention to the division of tasks when it comes to data management and have built a fourdimensional data management system featuring different layers of ‘decisionmaking, management, operation, and execution,’ preliminarily establishing the principle that ‘whoever manages the business should manage business data and manage data security.’” AIGC-RELATED NEW TASKS Apart from data compliance, when it comes to other compliance topics that have been of concern lately, both GCs point to challenges that new technologies, especially AIGC technology, will pose to compliance in the future. “Current hot topics in technological development, such as ChatGPT, are also compliance areas that the in-house team will focus on in the future,” says Zhu. “The application of AIGC tools in China is currently constrained by many laws and regulations, especially rules in the fields of data compliance and algorithm compliance. Meanwhile, China keeps a close watch on technological ethics issues and infringements brought by AIGC tools. Going forward, as relevant laws and regulations are promulgated and become effective, we will keep a close track and provide pertinent and timely legal advice for business units.” Du Xiaoman, who focuses on solving core technical problems in financial applications, has recently stated that “in the next five years, the application of generative AI in the financial field will become its most important strategic direction.” In fact, earlier in May, Du Xiaoman officially open-sourced China’s first 100-billionparameter Chinese financial large model - “Xuanyuan.” In September, the “Xuanyuan 70B” large financial model was also officially open-sourced. Therefore, the Du Xiaoman team is already in action in providing legal and compliance support for AIGC technology. According to Xing, “despite taking on a lot of pressure and challenges to support the development of the company’s large model, the in-house team feels fortunate to be able to get involved in such a large innovation space.” Xing shares that AIGC’s legal risks mainly exist in the following aspects: “First, compliance risks of open-source software; second, intellectual property compliance and IP protection issues; third, relevant data compliance risks; fourth, cybersecurity risks. The fifth involves compliance risks of the generated content, which is unique to the AIGC field. According to existing rules, service providers must review, manage, and control the risks of the contents generated by AIGC products and shall bear corresponding liabilities.” Moving forward, “we will continue to support the company in developing new AIGC tools in a compliant manner. Our key tasks will include assessing the risks of specific scenarios of AIGC products and services and developing mitigation plans to help the company maintain competitive edges in the XING JING 邢璟