On June 25, OpenAI sent an official email to API (application interface) users, informing them that starting from July 9, API traffic from regions not included in the list of supported countries and regions will be blocked. If you want to continue using OpenAIs services, you need to access them in supported regions.
There was a lot of discussion at the time, and the media even described OpenAIs move as cutting off supply. Some people think it is because of the USs suppression policy against China; some people think it is to prevent the domestic large model from being packaged and obtaining corpus. In fact, OpenAI has never opened its services to the domestic market. Cutting off supply is an exaggeration. It is more accurate to say that it has strengthened the ban. Therefore, all companies in my country that call API interfaces are essentially in a non-compliant state, neither in line with OpenAIs policies nor in line with domestic laws. So, where should these companies go next?
Migrate with the trend
In July 2023, the Cyberspace Administration of China and relevant departments jointly launched the Interim Measures for the Administration of Generative Artificial Intelligence Services, which is the first special legislation for generative artificial intelligence in the world. According to the measures, providers of generative artificial intelligence services must use data and basic models with legal sources; OpenAI did not register algorithms and generative artificial intelligence services in accordance with domestic regulatory requirements. At the same time, according to OpenAIs policy, GPT services are not provided to Chinese users.
Under the double violation, shell applications using the OpenAI API interface are in a state of being banned from operation at any time, which is not a good thing for a long-term project. The reason why domestic supervision still maintains a certain degree of tolerance is that the industry is in its early development stage after all, and the intensity of law enforcement has also gone from loose to tight. This ban by OpenAI can force domestic projects to develop in compliance.
Under the current situation, choosing domestic AI models for migration has become one of the key solutions that all applications that use Open API interfaces need to consider. At the same time, domestic large models are also rushing to launch relocation solutions.
Through migration, the functions of the original application can be maintained stable, and the application and the company behind it can avoid breach of contract due to the loss of OpenAI API. In addition to considering the cost-effectiveness, applications can give priority to large models that have been registered with generative artificial intelligence services to avoid new compliance issues. It is worth noting that as of March 2024, a total of 117 large models in my country have been registered with the Cyberspace Administration of China.
However, since OpenAI released the announcement, some articles have suggested that applications using OpenAI API can be migrated to Azure OpenAI. The reason given is that Microsoft has cooperated with OpenAI and has not banned Chinese users from using it. So, can these applications adopt this suggestion and how compliant are they?
Azure OpenAI
First, lets take a look at what Azure OpenAI is. Azure OpenAI is a service provided by Microsoft that provides REST API access to OpenAIs large language models, including GPT-4, GPT-4 Turbo with Vision, GPT-3.5-Turbo, and the Embedding model series. The Azure OpenAI service is completely controlled by Microsoft; Microsoft hosts OpenAI models in the Azure environment, and the service does not interact with any services operated by OpenAI (such as ChatGPT or the OpenAI API). Moreover, Microsoft also joined the migration feast after the OpenAI supply cut incident.
Unlike OpenAI, Azure OpenAI does not restrict Chinese users from using it, which has been confirmed both in official publicity and verbal responses from staff. However, paradoxically, an official product available service area document seems to indicate that it is not available in China.
So, if Chinese companies that use the OpenAI API interface to develop AI projects choose to migrate their projects to Azure OpenAI, can they rest assured about compliance?
Compliance in doubt
As a global service, Microsoft has a complete data compliance policy. For example, it promises that data will not be open to OpenAI, will not be used to improve OpenAI or Microsofts products and services, can be deleted at any time, prevent the generation of harmful content, and comply with the requirements of the EU GDPR and ISO 27001, ISO 27002, and ISO 27018. However, according to information learned by Attorney Mankiw, Azure OpenAIs compliance policy is not specifically adapted to Chinese law. Therefore, the compliance of using Azure OpenAI is still questionable in the following aspects.
Question 1: Data outflow
Azures Chinese service is operated by Chinas 21Vianet, and its data center is located in China. However, Azure OpenAI is a global service, and its data center is outside China. When domestic key information infrastructure operators or other data processors transmit sensitive personal information, personal information, and important data that exceeds certain standards, they need to apply to the national cybersecurity and informatization department for data outbound security assessment and pass personal information protection certification. This is a huge compliance cost for domestic users, and since Azure OpenAI itself has not been found to have passed domestic assessment and certification, it is difficult to guarantee that it can pass smoothly.
Question 2: Failure to complete filing
According to the Internet Information Service Algorithm Recommendation Management Regulations, Internet Information Service Deep Synthesis Management Regulations and Interim Measures for the Management of Generative Artificial Intelligence Services, all generative artificial intelligence services with public opinion attributes or social mobilization capabilities should conduct security assessments and perform algorithm and model filing procedures. After searching, Azure OpenAI has not completed the filing of algorithms and large models. Therefore, for users who want to provide services to the domestic public, it is difficult to prove that the basic model is from a legal source and meet other regulatory requirements.
Summary: Azure OpenAI is an option for companies that want to use it for internal RD and operations, not for the public, and not involving personal information or important data; otherwise, the compliance risks of using Azure OpenAI should be carefully evaluated. Since I do not have complete information, I have tried to analyze the compliance of Azure OpenAI based on public information. If there are any discrepancies, please contact Microsoft to correct them.
Worst Case
Some industry insiders have suggested that restrictions can be circumvented by using overseas servers or creating reverse proxies. This solution is to counter the blockade through technical means, but it cannot solve any compliance issues. On the contrary, doing so will increase the risk of data security and privacy. In terms of operations, domestic Apple and Android app markets can remove such apps; the stability of application services is also a big question mark.
summary
In the context of OpenAI restricting China from using its API, existing domestic AI companies must carefully assess compliance risks when considering migrating data to Azure OpenAI or other international services. At the same time, in the face of legal challenges brought about by new technologies, companies may need to actively explore localized solutions rather than blindly seeking substitution to achieve compliance development in an ever-changing technological environment.
