Computing power is fundamental to AI development, forming a core element alongside data and algorithms. With the widespread adoption of AI applications, especially the popularity of open-source large models like DeepSeek, the demand for computing power has surged globally. Given the high costs of building and maintaining local infrastructure, most companies now rely on intelligent computing centres for support.
These centres are cloud platforms dedicated to AI applications and big data processing, utilising high-performance hardware such as GPUs (graphics processing units) and FPGAs (field-programmable gate arrays) to deliver exceptional computing power.
In December 2023, China introduced the “East Data, West Computing” initiative, positioning computing power as a new productivity driver in the digital economy and promoting the development of cross-regional intelligent computing centres. Against this backdrop, a new compliance challenge has emerged for companies deploying AI: How to select an appropriate intelligent computing centre.
Credential requirements
Li Tianhang
Senior Partner
Hui Ye Law Firm
Tel: +86 21 5237 0950
E-mail: tianhang.li@huiyelaw.com
When selecting an intelligent computing centre, enterprises should verify the supplier’s operational licences to ensure supply chain stability.
Operational licences. In China, providers must secure the appropriate licences under the Telecommunications Regulations to offer computing power services. These typically include permits for internet data centre operations (B11), electronic data interchange (B21) and internet content providers (B25). The required licences vary by service type, specifically a B11 permit for IaaS/PaaS (infrastructure as a service/platform as a service) models and an extra B25 permit for PaaS/SaaS (platform as a service/software as a service) models.
Technical qualifications. Intelligent computing centres offering specialised support must hold the appropriate qualifications. According to the Ministry of Natural Resources’ 2024 Notice on Strengthening the Security Management of Mapping Geospatial Information for Intelligent Connected Vehicles, all collection, storage, transmission, processing and map production of geodata transmitted back by intelligent connected vehicle must be performed by entities with certified surveying and mapping qualifications for navigation electronic map production. This effectively prohibits conventionally licensed intelligent computing centres from legally processing raw geospatial information without upgraded certifications
Preferential policies. Free trade zones offer preferential policies and streamlined channels for licensed telecoms businesses. The Beijing Free Trade Zone has issued a negative list for outbound data, assisting companies in planning cross-border data transmission. The Hainan Free Trade Port provides dedicated channels for international data centre operations, along with special measures for outbound evaluations and overseas chip selection. Shanghai Lingang facilitates the filing, evaluation and offshore processing of outbound data.
Compliance obligations
Shi Yuhang
Partner
Hui Ye Law Firm
Tel: +86 21 5237 0950
E-mail: yuhang.shi@huiyelaw.com
Tiered protection scheme. Article 21 of China’s Cybersecurity Law requires that all domestic network systems implement a tiered protection scheme. Intelligent computing centres should also assist enterprise clients in securing their applications under this framework.
Mandatory standards. If an intelligent computing centre’s products or services are included in the Catalogue of Critical Network Equipment and Cybersecurity-specific Products, the enterprise must observe the General Security Requirements for Critical Network Equipment.
Security maintenance. Article 22 of the Cybersecurity Law mandates that intelligent computing centres provide continuous security maintenance over the agreed or prescribed period. Amid the rapid growth of the industry, businesses should prioritise robust security maintenance throughout the service term to avoid potential performance slowdowns.
Cybersecurity scrutiny. Under the Measures for Cybersecurity Scrutiny, operators of critical information infrastructure must undergo scrutiny when procuring network products and services that affect or may affect national security. Intelligent computing centres may be classified as such infrastructure.
If their core technology suppliers are based overseas and fail the scrutiny, service disruptions could occur. Companies should clearly delineate contingency measures and liability in their service agreements to prevent intelligent computing centres’ misuse of force majeure clauses.
Rights and liabilities
Intellectual property clauses. While users retain the IP rights to AI-generated works, intelligent computing centres may include clauses in their agreements that favour their own interests. For instance, if a centre’s proprietary algorithm significantly contributes to an AI-generated work, it might claim joint ownership or acquire specific rights under contractual provisions.
Intellectual property infringement liability. Due to their diverse service offerings, intelligent computing centres may be classified as network service providers under the law. In accordance with article 1197 of the Civil Code, if a centre exercises actual control over infringing behaviour, or fails to take reasonable measures upon becoming aware, such as suspending services or removing infringing material, it may be held jointly liable.
In China’s first AI-generated voice personality rights case, the Beijing Internet Court ruled that a cloud computing platform named as a defendant bore no liability due to a lack of subjective fault. Going forward, it is anticipated that AI computing centres will increasingly face IP and personality rights litigation. Companies should therefore carefully review the liability clauses in service agreements when selecting an intelligent computing centre.
Takeaways
In conclusion, enterprises should conduct comprehensive legal compliance assessments when selecting an AI computing centre. This includes examining operational licences and security histories for any past data incidents or regulatory violations. Clear contractual terms must establish data handling procedures and storage protocols, with supplemental agreements as needed.
Special attention should be given to IP and trade secret protections to avoid ownership disputes. Contracts should also address contingency plans for scenarios like hardware suppliers failing cybersecurity scrutiny, while mandating specific response measures and liability terms for potential data breaches and cybersecurity incidents to mitigate risks.
Li Tianhang is a senior partner at Hui Ye Law Firm. He can be contacted by phone at +86 21 5237 0950 and by email at tianhang.li@huiyelaw.com
Shi Yuhang is a partner at Hui Ye Law Firm. He can be contacted by phone at +86 21 5237 0950 and by email at yuhang.shi@huiyelaw.com