OpenAI prohibits Chinese companies from using its API. Will Microsoft Azure OpenAI be the next compliance option?

Written by: Huang Peng, senior lawyer at Shanghai Mankiw Law Firm

June 25, OpenAI 向 API（应用接口）用户推送官方邮件，告知自 7 月 9 日起，将阻止来自未列入支持国家和地区名单的区域的 API 流量，如要继续使用 OpenAI 的服务，需要在受支持的区域进行访问。

There was a lot of discussion at the time, and the media even described OpenAI's move as "cutting off supply." Some people think it is because of the US's suppression policy against China; some people think it is to prevent the domestic large model from being packaged and obtaining corpus. In fact, OpenAI has never opened its services to the domestic market. "Cutting off supply" is an exaggeration. It is more accurate to say that it has strengthened the ban. Therefore, all companies in my country that call API interfaces are essentially in a non-compliant state, which does not comply with OpenAI's policies or domestic laws. So, where should these companies go next?

Migrate with the trend

In July 2023, the Cyberspace Administration of China and relevant departments jointly launched the "Interim Measures for the Administration of Generative Artificial Intelligence Services", which is the first special legislation for generative artificial intelligence in the world. According to the measures, providers of generative artificial intelligence services must use data and basic models with legal sources; OpenAI did not file algorithms and generative artificial intelligence services in accordance with domestic regulatory requirements. At the same time, according to OpenAI's policy, GPT services are not provided to Chinese users.

Under the "double violation", "shell" applications using the OpenAI API interface are in a state of being banned from operation at any time, which is not a good thing for a long-term project. The reason why domestic supervision still maintains a certain "leniency" is that the industry is in its early development stage after all, and the intensity of law enforcement has also gone from loose to tight. This ban by OpenAI can force domestic projects to develop in compliance.

Under the current situation, choosing domestic AI models for migration has become one of the key solutions that all applications that use Open API interfaces need to consider. At the same time, domestic large models have also lost no time in launching "relocation" solutions.

Through migration, the functions of the original application can be maintained stable, and the application and the company behind it can avoid breach of contract due to the loss of OpenAI API. In addition to examining the cost-effectiveness, applications can give priority to large models that have been registered with generative artificial intelligence services to avoid new compliance issues. It is worth noting that as of March 2024, a total of 117 large models in my country have been registered with the Cyberspace Administration of China.

However, since OpenAI released the announcement, some articles have suggested that applications using OpenAI API can be migrated to Azure OpenAI. The reason given is that Microsoft has cooperated with OpenAI and has not banned Chinese users from using it. So, can these applications adopt this suggestion and how compliant are they?

Azure OpenAI

First, let’s take a look at what Azure OpenAI is.

Azure OpenAI is a service provided by Microsoft that provides REST API access to OpenAI's large language models, including GPT-4, GPT-4 Turbo with Vision, GPT-3.5-Turbo, and the Embedding family of models. The Azure OpenAI service is fully controlled by Microsoft; Microsoft hosts the OpenAI models in the Azure environment, and the service does not interact with any services operated by OpenAI (such as ChXiaobai NavigationatGPT or OpenAI API). Moreover, Microsoft also joined the migration feast after OpenAI’s “supply cut” incident.

Unlike OpenAI, Azure OpenAI does not restrict Chinese users from using it, which has been confirmed both in official publicity and verbal responses from staff. However, paradoxically, an official product available service area document seems to indicate that it is not available in China.

So, if Chinese companies that use the OpenAI API interface to develop AI projects choose to migrate their projects to Azure OpenAI, can they rest assured about compliance?

Compliance in doubt

As a global service, Microsoft has a complete data compliance policy. For example, it promises that data will not be open to OpenAI, will not be used to improve OpenAI or Microsoft's products and services, can be deleted at any time, prevent the generation of harmful content, and comply with the requirements of the EU GDPR and ISO 27001, ISO 27002 and ISO 27018. However, according to information obtained by Attorney Mankiw, Azure OpenAI's compliance policy is not specifically adapted to Chinese law. Therefore, the compliance of using Azure OpenAI is still questionable in the following aspects.

Question 1: Data outflow

Azure's Chinese service is operated by 21Vianet, a domestic company, and its data center is located in China. However, Azure OpenAI is a global service, and its data center is located outside China. When domestic key information infrastructure operators or other data processors transmit sensitive personal information, personal information, or important data that exceeds certain standards, they need to report data outbound to the national cybersecurity and informatization department.SafetyThis is a huge compliance cost for domestic users, and since Azure OpenAI itself has not been found to have passed domestic evaluation and certification, it is difficult to guarantee that it can pass smoothly.

Question 2: Failure to complete filing

According to the "Internet Information Service Algorithm Recommendation Management Regulations", "Internet Information Service Deep Synthesis Management Regulations" and "Interim Measures for the Management of Generative Artificial Intelligence Services", all generative artificial intelligence services with public opinion attributes or social mobilization capabilities should carry outSafetyAfter searching, Azure OpenAI has not completed the registration of algorithms and large models. Therefore, it is difficult for users who want to provide services to the domestic public to prove that they are using the basic model from a legal source and meet other regulatory requirements.

Summarize：Azure OpenAI is an option for companies that want to use it for internal R&D and operations, not for the public, and do not involve personal information or important data; otherwise, the compliance risks of using Azure OpenAI should be carefully evaluated. Since I do not have complete information, I have tried to analyze the compliance of Azure OpenAI based on public information. If there are any discrepancies in the facts, please contact Microsoft to correct them.

Worst Case

Some industry insiders have suggested that restrictions can be circumvented by using overseas servers or creating reverse proxies. This solution is to counter the blockade through technical means, but it cannot solve any compliance issues. On the contrary, doing so will increase dataSafetyIn terms of operations, domestic Apple and Android app stores can remove such apps; the stability of app services also needs to be questioned.

summary

In the context of OpenAI restricting the use of its API in China, existing domestic AI companies must carefully assess compliance risks when considering migrating data to Azure OpenAI or other international services. At the same time, in the face of legal challenges brought about by new technologies, companies should actively explore localized solutions rather than blindly seeking "substitutions" to achieve compliance development in an ever-changing technological environment.

The article comes from the Internet:OpenAI prohibits Chinese companies from using its API. Will Microsoft Azure OpenAI be the next compliance option?

Related recommendations: TRON Hackathon Season 6 concluded with great success

This year's competition attracted 962 teams to participate, bringing together many innovativeBlockchainThe project also demonstrates the profound strength of the TRON network. Geneva, Switzerland, May 16, 2024 - TRON DAOIt is announced that the sixth season of TRON Hackathon jointly organized by HTX DAO, BitTorrent Chain and JustLend DAO has come to a successful conclusion. This…