生成式人工智能服務安全基本要求（英文版）

1

TC260

NationalCybersecurityStandardizationTechnicalCommittee

TC260-003

BasicSafetyRequirementsfor

GenerativeArtificialIntelligenceServices

Releasedon2023-02-29

ReleasedbytheNationalCybersecurityStandardizationTechnicalCommittee

2

TableofContents

1.Scope 4

2.NormativeReferenceDocuments 4

3.TerminologyandDefinitions 4

4.GeneralProvisions 5

5.CorpusSafetyRequirements 5

5.1CorpusSourceSafetyRequirements 5

5.2CorpusContentSafetyRequirements 7

5.3CorpusAnnotationSafetyRequirements 8

6.ModelSafetyRequirements 9

7.SafetyMeasureRequirements 10

8.OtherRequirements 12

8.1KeywordLibrary 12

8.2TestQuestionBankforGeneratedContent 13

8.3RefusaltoAnswerTestQuestionBank 13

8.4ClassificationModels 14

9.SafetyAssessmentRequirements 14

9.1AssessmentMethods 14

9.2CorpusSafetyAssessment 16

9.3GeneratedContentSafetyAssessment 16

9.4RefusaltoAnswerAssessment 16

AppendixAMajorSafetyRisksinCorporaandGeneratedContent 18

References 20

3

Preface

ThisdocumentisreleasedbytheReleasedbytheCybersecurityStandardizationTechnical

Committee(SAC/TC260).

DraftingunitsofthisdocumentincludetheChinaElectronicsStandardizationInstitute,NationalComputerNetworkEmergencyResponseTechnicalTeam/CoordinationCenterofChina,BeijingZhongguancunLaboratory,ZhejiangUniversity,ShanghaiArtificialIntelligenceLaboratory,BeijingUniversityofPostsandTelecommunications,BeijingBaiduNetcomScienceTechnologyCo.,Ltd.,BeijingBaichuanIntelligentTechnologyCo.,Ltd.,FudanUniversity,AlibabaCloudComputingCo.,Ltd.,ShanghaiXiYuTechnologyCo.,Ltd.,ShanghaiSenseTimeIntelligentTechnologyCo.,Ltd.,iFLYTEKCo.,Ltd.,ShanghaiSuiyuanTechnologyCo.,Ltd.,BeijingZhupuhuazhangTechnologyCo.,Ltd.,ChinaUniversityofPoliticalScienceandLaw,BeijingShenyanTechnologyCo.,Ltd.,BeijingInstituteofTechnology,ShanghaiJiaoTongUniversity,TsinghuaUniversity,InstituteofSoftwareChineseAcademyofSciences,InstituteofInformationEngineering,ChineseAcademyofSciences,BeijingUniversityofAeronauticsandAstronautics,BeijingVenustechCyberSecurityTechnologyCo.,Ltd.,HuaweiCloudComputingTechnologiesCo.,Ltd.,AntTechnologyGroupCo.,Ltd.,ShellFindingHome(Beijing)TechnologyCo.,Ltd.,ChinaCybersecurityReviewCertificationandMarketRegulationBigDataCenter,TheThirdResearchInstituteoftheMinistryofPublicSecurity,NationalInformationCenter,NationalComputerNetworkandInformationSecurityManagementCenterBeijingBranch,GuangzhouDongyueInformationTechnologyCo.,Ltd.,ChinaMobileCommunicationsGroupCo.,Ltd.,HangzhouYunluZhidaoTechnologyCo.,Ltd.,andChinaUnitedNetworkCommunicationsCo.,Ltd.

PrincipaldraftersofthisdocumentincludeYaoXiangzhen,ShangguanXiaoli,HaoChunliang,ZhangZhen,XuKe,RenKui,YangMin,ChenYang,QinZhan,TanZhixing,ZhangYanting,WangZhibo,ZhouLinna,YangZhongliang,ChengJin,Bao,ZhangLinghan,SunYanxin,PengTao,QiuLipeng,JiangHui,HeYanzhe,YangGuang,ZhaoYanwei,HongYanqing,WangShijin,GuoJianling,XuHao,PengJuntao,MeiJingqing,HuoQichao,XuXiaogeng,WangJiao,WangFengjiao,WangFengjiao,ZhangMi,ZhangYuan,ZhangLiwu,WangRui,JiaKai,ZhaoJing,ShiLin,ZhangYan,XueWisdom,HeYongchun,LinGuanchen,WangYuchen,ZhengZimu,ZhangYutong,YangYuchen,XuHuiyu,WangXiaochen,ZhaoRuibin,JiangWeiqiang,DingZhiguo,LiuNan,LiuXiyao,KangYongmeng,CaoEurope,WuNianjing,TaoYe.

4

BasicSafetyRequirementsforGenerativeArtificialIntelligenceServices

1.Scope

Thisdocumentstipulatesthebasicrequirementsforthesafetyaspectsofgenerativeartificialintelligence(AI)services,includingcorpussafety,modelsafety,safetymeasures,andsafetyassessment.

Thisdocumentappliestoserviceproviderstocarryoutsafetyassessmentsandimprovesafetylevel.Italsoprovidestherelevantcompetentauthoritieswithareferenceforassessing

thesafetylevelofgeneratedAIservices.

2.NormativeReferenceDocuments

Thecontentsofthefollowingdocuments,throughnormativereferenceinthistext,constituteindispensableprovisionsofthisdocument.Amongthem,fordatedreferences,onlytheeditioncorrespondingtothatdateappliestothisdocument.Forundatedreferences,thelatestedition(includingallamendmentorders)appliestothisdocument.

GB/T25069--2022InformationSecurityTechniques-Terminology

3.TerminologyandDefinitions

ThetermsanddefinitionsdefinedinGB/T25069-2022andlistedbelowapplytothisdocument.

3.1

GenerativeArtificialIntelligenceService

Theservicethatutilizesgenerativeartificialintelligencetechnologiestoofferservicesthat

generatetext,images,audio,videoandothercontentforthepublicinthePeople'sRepublic

ofChina.

3.2

ServiceProvider

OrganizationsorindividualsthatprovidegenerativeAIservicesintheformofinteractiveinterfaces,programmableinterfaces,etc.

3.3

TrainingData

Alldatathatservedirectlyasinputformodeltraining,includinginputdatainthepre-training

andoptimizationtrainingprocesses.Note:Hereinafterreferredtoas"corpus".

5

3.4

SamplingQualifiedRate

Thepercentageofsamplesthatdonotcontainanyofthe31safetyriskslistedinAppendixAofthisdocument.

3.5

FoundationModel

Deepneuralnetworkmodelstrainedonextensivedatasets,designedforuniversalapplications,andcapableofbeingfinelytunedtosuitawiderangeofspecificdownstreamtasks.

3.6

IllegalandUnhealthyInformation

Acollectivetermfor11typesofillegalinformationand9typesofunhealthyinformationspecifiedintheProvisionsonEcologicalGovernanceofNetworkInformationContent.

Note:Theillegalandunhealthyinformationconcernedinthisdocumentmainlyreferstoinformationthatencompassesthe29safetyriskslistedinSectionsA.1toA.4oftheAppendixA.

4.GeneralProvisions

ThisdocumentsupportstheInterimMeasuresfortheAdministrationof

GeneratedArtificialIntelligenceServices,andputsforwardthebasicsafetyrequirementsthatserviceprovidersmustfollow.Whenaserviceprovidergoesthroughthefilingproceduresinaccordancewiththerelevantrequirements,itshallconductsafetyassessmentsinaccordancewiththerequirementsofChapter9ofthisdocumentandsubmittheassessmentreport.

Inadditiontothebasicrequirementsputforwardbythisdocument,serviceprovidersshallcarryoutothersafetyworkontheirownwithrespecttocybersecurity,datasecurity,personalinformationprotection,etc.inaccordancewithChineselawsandregulationsandtherelevantrequirementsofnationalstandards.Serviceprovidersshouldpaycloseattentiontothelong-termrisksthatgenerativeAImaybring,treatAIthatmaydeceivehumans,replicateandtransformthemselves,andparticularlyscrutinizethepotentialforgenerativeAItobeexploitedincreatingmalwareordevelopingbiologicalorchemicalweapons

5.CorpusSafetyRequirements

5.1CorpusSourceSafetyRequirements

6

Requirementsforserviceprovidersareasfollows.

a)CorpusSourceManagement:

1)Priortocollectingdatafromaspecificcorpussource,itisessentialtoperformasafetyassessmentofthatsource.Ifthecorpuscontainsmorethan5%illegalandunhealthyinformation,collectionfromthissourcemustbeavoided;

2)Followingdatacollectionfromaspecificcorpussource,athoroughverificationofthecollectedcorpusmustbeundertaken.Iftheverificationrevealsthatthecontentexceeds5%intermsofillegalandunhealthyinformation,thissourcecorpusshouldnotbeutilizedfortrainingpurposes.

b)CombinationofCorpusfromDifferentSources:Itisnecessarytoenhancethe

diversityofsourcesforcorpora.Foreachlanguage,suchasChineseandEnglish,aswellasforeachtypeofcontent,includingtext,images,audio,andvideo,multiplesourcesshouldbeutilized.Furthermore,ifoverseascorporaareused,abalancedapproachshouldbeadoptedtointegratecorporafrombothdomesticandoverseassources.

c)CorpusSourceTraceability:

1)Whenusinganopen-sourcecorpus,itisnecessarytosignorobtainanopen-sourcelicenseagreementorrelevantauthorizationdocumentforthatcorpussource;

Note1:Insituationswhereaggregatednetworkaddresses,datalinks,etc.,areabletopointtoorgenerateotherdata,ifitisnecessarytousethecontentthuspointedtoorgeneratedascorpus,itshallbetreatedasaself-collectedcorpus.

2)Whenaself-collectedcorpusisused,properrecordofself-collectionisrequiredanditisprohibitedtocollectthecorpuswhichhasbeenidentifiedasuncollectiblebyothers.Note2:Self-collectedcorporaincludeself-producedcorporaandcorporacollectedfromtheinternet.

Note3:Corporawhichareclearlyidentifiedasuncollectible,e.g.webpagedatawhichhavebeenclearlyidentifiedasuncollectiblebyrobotsagreementorothertechnicalmeansforrestrictingcollection,orpersonalinformationforwhichtheindividualhasrefusedtocollect.

3)Whenusingcommercialcorpora:

-Itisnecessarytosignalegallyvalidtransactioncontract,cooperationagreement,etc.;

-Whenthetransactionorcooperationpartiesareunabletoprovideguaranteesorrelevantproofsregardingthesource,qualityandsafetyofthecorpora,saidcorporashallnotbeused.

7

-Itisnecessarytoreviewthecorpora,guaranteesandmaterialsprovidedbythetransactionorcooperationparties.

4)Whenusers’inputareusedascorpora,therecordofuserauthorizationshallbeinplace.

d)Informationthatisblockedinaccordancewiththerequirementsofcybersecurity-related

lawsandregulationsofChinashallnotbeusedcorpora.

5.2CorpusContentSafetyRequirements

Therequirementsforserviceprovidersareasfollows.

a)FilteringofCorpusContent:Methodssuchaskeywords,classificationmodels,andmanualsamplinginspectionshallbeadoptedtothoroughlyfilteroutallillegalandunhealthyinformationincorpora.

b)IntellectualPropertyRights:

1)Apersonresponsiblefortheintellectualpropertyrights(IPR)ofthecorpusaswellasgeneratedcontentshallbeappointedandanIPRmanagementstrategyshallbeestablished;

2)Beforeacorpusisusedfortraining,itiscrucialtoassessandidentifyanysignificantrisksofIPRinfringementwithinthecorpus.Serviceprovidersshallnotuseanycorpusidentifiedtohaveinfringementissuestocarryouttraining.Forexample,ifacorpuscontainsliterary,artistic,orscientificworks,specialattentionshallbepaidtoidentifycopyrightinfringementissuesinthecorpusaswellasinthegenerated

content;

3)Amechanismforlodgingcomplaintsandreportonintellectualpropertyissuesmustbeinplace;

4)TheuserserviceagreementmustnotifyusersabouttheIPR-relatedriskswhenusinggeneratedcontentandestablishamutualunderstandingregardingtheresponsibilitiesandobligationsforidentifyingintellectualpropertyconcerns;

5)TheIPR-relatedstrategyshallbeupdatedpromptlyinresponsetonationalpoliciesandthird-partycomplaints;

6)ThefollowingIPRmeasuresshouldbeadopted:

-DisclosingthesummaryinformationoftheIPR-relatedaspectsofthecorpusto

8

thepublic;

-SupportingthirdpartiestoinquireabouttheuseofcorporaandrelatedIPRcircumstancesincomplaintandreportingchannels

c)Personalinformation:

1)Priortousinganycorpuscontainingpersonalinformation,theusershallsecureconsentfromtheindividualinvolvedorensuretheactioncomplieswiththeapplicablelawsandadministrativeregulations;

2)Priortousinganycorpuscontainingsensitivepersonalinformation,theusershallsecureconsentfromtheindividualinvolvedorensuretheactioncomplieswiththeapplicablelawsandadministrativeregulations;

5.3CorpusAnnotationSafetyRequirements

Requirementsforserviceprovidersareasfollows.

a)Annotators:

1)Serviceprovidersshallconducttheirownsafetytrainingforannotators,coveringtopicssuchastaskguidelines,tooloperation,qualityinspectionanddatasecuritymanagementprotocols;

2)Serviceprovidersshallevaluatetheperformanceoftheannotators,certifyingthosewhomeetthestandardwithannotationqualifications.Theyshallalsoestablishmechanismsforregularre-trainingandevaluationaswellasthesuspensionorcancellationofannotationqualificationswhennecessary.Evaluationcriteriashouldencompasscomprehensionofannotationguidelines,proficiencyintooluse,abilitytoassesssafetyrisks,anddatasecuritymanagementskills.

3)Serviceprovidersshallclearlydelineatefunctionsofannotatorsintoatleastdataannotationanddatareviewandensurethatthesameannotatorsshallnotundertakemultiplefunctionsunderthesameannotationtask;

4)Serviceprovidersshallallocateadequateandreasonabletimeforannotatorstoperformeachannotationtask.

b)AnnotationGuidelines:

1)Theannotationguidelinesshall,ataminimum,includesuchcontentasannotation

9

objectives,dataformats,annotationmethods,andqualityindicators;

2)Distinctguidelinesforfunctionalannotationandsafetyannotationshallbeformulated,coveringatleastdataannotationanddatareview;

3)Functionalannotationguidelinesmustbeabletoguideannotatorstoproduceauthentic,precise,unbiasedanddiversifiedannotatedcorporaaccordingtothefeaturesofspecificdomains;

4)Safetyannotationguidelinesshallguideannotatorstoannotatethemainrisksassociatedwiththecorporaandgeneratedcontent,providingcorrespondingguidelinesforall31typesofsafetyrisksinAppendixAofthisdocument.

c)AccuracyofAnnotatedContent:

1)Forfunctionalannotation,manualsampling-inspectionshallbemadeoneachbatchofannotatedcorpora.Re-annotationshallbemadeincaseofinaccuratecontentandcancelationoftheannotatedcorporaisrequiredincaseofanyillegalandunhealthyinformationinsuchcorpora;

2)Forsafetyannotation,eachannotatedcorpusshallbereviewedandapprovedbyatleastoneauditor;

d)Anisolatedstorageshouldbeadoptedfordatawithsafetyannotation.

6.ModelSafetyRequirements

Serviceprovidersmustadheretothefollowingrequirements:

a)Ifaserviceproviderusesthird-partyfoundationmodelstoprovideservices,itshallusethosethathavebeenregisteredwiththecompetentregulatoryauthorities.

b)SafetyofModel-generatedContent:

1)Treatthesafetyofgeneratedcontentasaprimarymetricforassessingthequalityofoutcomesduringthetraining;

2)Conductsafetyassessmentsofuserinputsineveryconversation,guidingthemodeltogeneratepositiveandconstructivecontent;

3)Implementongoingmonitoringandevaluationmechanismstopromptlyaddressanysafetyconcernsdetectedindeliveryofservicesandoptimizethemodelthroughtargetedinstructionfine-tuning,reinforcementlearningandothermethods.

10

Note:Model-generatedcontentreferstooriginalcontentthatisdirectlyoutputbythemodelwithoutotherprocessing.

c)AccuracyofGeneratedContent:Technicalmeasuresshallbeemployedtoimprovethegeneratedcontent’sresponsivenesstotheintentoftheuser'sinput,alignthedataandexpressioncontainedinthegeneratedcontentmorecloselywithscientificunderstandingandmainstreamperception,andminimizeinaccuracies.

d)ReliabilityofGeneratedContent:Technicalapproachesshallbeutilizedtoenhancethelogicalstructureofthecontentformatandthevolumeofvaluableinformation,therebyincreasingtheutilityofthegeneratedcontentforusers.

7.SafetyMeasureRequirements

Requirementsforserviceprovidersareasfollows.

a)Applicablepeople,occasionsandusageofthemodel:

1)Fullydemonstratethenecessity,applicability,andsafetyofdeployinggenerativeAIacrossvariousfieldswithinthescopeofservices;

2)Implementadequateprotectivemeasuresthatmatchtherisklevelsandscenariosiftheserviceisusedforcriticalinformationinfrastructure,automaticcontrol,medicalinformationservices,psychologicalcounseling,andfinancialinformationservices,amongothers.

3)Forservicestargetingminors:

-Allowguardianstosetupanti-addictionmeasuresforminors;

-Avoidofferingpaidservicesthatareinappropriateforminors’civilcapacity;

-Prioritizethedisplayofcontentthatsupportsminors’well-being.

4)Forservicesnotintendedforminors,employtechnicalormanagementmeasurestoblockminors’access.

b)TransparencyofService:

1)Serviceswithaninteractiveinterfaceshalldisclosetothepublicapplicablepeople,occasions,usagesandotherinformationatvisiblespotslikethewebsite'smainpageandinformationaboutfoundationmodelusageshouldalsobedisclosed.

2)Serviceswithaninteractiveinterfaceshoulddisclosethefollowinginformationat

11

easy-to-seespotslikethewebsite'smainpageandserviceagreementtousers:

-Theservice’slimitations;

-Summariesofthemodelsandalgorithmsemployed;

-Detailsonthecollectedpersonalinformationanditsapplicationwithintheservice.

3)Servicesofferedthroughprogrammableinterfacesmustincludetheinformationmentionedintheabove1)and2)intheirdocumentation.

c)CollectionofUserInputforTraining:

1)Provideuserswithamethodtowithdrawtheirinputfrombeingusedfortraining,suchasthroughsettingoptionsorvoicecommands.Thisopt-outmethodsuchassettingoptionshouldbeeasilyaccessible,requiringnomorethan4clicksfromthemaininterface;

2)Clearlyinformusersofboththestatusofuserinputcollectionandtheopt-outmethodintheabove1);

d)Thelabelingofcontentsuchasimages,videosandothersmustcomplywithrelevantnationalregulationsandstandards.

e)ComputingSystemsforTrainingandInference:

1)Assessthesafetyofthesupplychainforchips,software,tools,andcomputationalresources,focusingontheircontinuityandstability;

2)Thechosenchipsshouldenablehardware-basedsecureandtrustedbootingprocesses,alongwithsecurityverification,ensuringthegenerativeAIsystem'soperationinasecureenvironment.

f)AcceptanceofComplaintsandReportsfromthePublicorUsers:

1)Provideaccessiblechannelsforcomplaintsandfeedbacks,includingbutnotlimitedtotelephone,email,interactiveinterface,andSMSortheircombination;

2)Establishclearrulesandtimelinesforaddressingcomplaintsandreports.

g)ProvidingServicestoUsers:

1)Employkeywordsandclassificationmodelstocheckuserinputs,takingmeasures

12

suchastemporaryservicesuspensionagainstuserswhoinputillegalandunhealthyinformationthreeconsecutivetimesorfivetimesinaggregateinoneday,orobviouslyinducethegenerationofillegalandunhealthyinformationinaccordancewithlawandagreement

2)Refusetoanswerquestionsthatareobviouslyextreme,aswellasthosethatobviouslyinducethegenerationofillegalandunhealthyinformation,whileensuringnormalresponsestootherquestion;

3)Putinplacemonitoringpersonneltoenhancethegeneratedcontent’squalityandsafetyinatimelymanner,andensurethenumberofthemonitoringpersonnelproportionatetotheservice'sscale.

Note:Themonitoringpersonnel’sdutiesincludekeepingupwithnationalpoliciesandanalyzingthird-partycomplaintsinatimelymanner.

h)ModelUpdatingandUpgrading:

1)Formulateasafetymanagementstrategyforupdatingandupgradingmodels;

2)Establishaprotocolforconductingsafetyassessmentsagainaftersignificantupdatesorupgrades.

i)ServiceStabilityandContinuity:

1)Separatetrainingandinferenceenvironmentstopreventdataleaksandunauthorized

access;

2)Continuouslymonitortheinputfrommodelsformaliciousinputattacks,likeDDoS,XSS,orinjectionthreats;

3)Conductregularsecurityauditforusedframeworksandcode,focusingonvulnerabilitiesinopen-sourcesoftwaretoidentifyandrectifysecuritygaps.

4)Createbackupandrecoveryprotocolsfordata,models,frameworks,andtools,emphasizingtheimportanceofmaintainingbusinessoperations.

8.OtherRequirements

8.1KeywordLibrary

Requirementsareasfollows.

a)Thekeywordlibraryshallbecomprehensiveandshouldincludeatleast10,000keywordsintotal.

13

b)Thekeywordlibraryshalladequatelyrepresentthescopeofsafetyrisks,coveringatleastthe17safetyriskslistedinSectionsA.1andA.2ofAppendixAofthisdocument.EachsafetyriskcategoryinSectionA.1oftheAppendixAshouldincludenolessthan

200keywords,andeachinSectionA.2ofAppendixAshouldincludenolessthan100keywords.

c)Thelibrarymustbeupdatedregularlytoalignwithcurrentcybersecurityneedsandtheupdatefrequencyshouldbeatleastonceaweek.

8.2TestQuestionBankforGeneratedContent

Requirementsareasfollows.

a)Thequestionbankshallcoveracomprehensivearrayoftopicsandshouldincludenolessthan2,000questions.

b)Thetestquestionbankshallincludetypicalquestions,fullyaddressing31typesofsecurityrisksdetailedinAppendixA,andthereshouldbeatleast50questionsforeachrisktypeinSectionsA.1andA.2ofAppendixA,andnofewerthan20questionsforeachoftheotherrisktypes.

c)Operationalproceduresanddeterminationbasisshallbeestablishedforidentifyingall

31typesofsafetyrisksbasedonthetestquestionbank;

d)Thetestquestionbankshallbeupdatedinatimelymannertokeeppacewiththeevolvinglandscapeofcybersecuritythreats,andtheupdatefrequencyshouldbeatleastonceamonth.

8.3RefusaltoAnswerTestQuestionBank

Requirementsareasfollows.

a)Atestquestionbankshallbebuiltaroundquestionswhichthemodelshallrefuseto

answer:

1)Thisbankshallbecomprehensiveandshouldcontainatleast500questions;

2)Thisbankshallincludetypicalquestions,addressingthe17typesofsafetyriskslistedininSectionsA.1andA.2ofAppendixAofthisdocument,andthereshouldbeatleast20questionspertypeofsafetyrisk.

b)Atestquestionbankshallbebuiltaroundquestionsthatthemodelshallnotrefuseto

14

answer:

1)Thisbankshallbecomprehensiveandshouldcontainatleast500questions;

2)Thisbankshallrepresentvariousfacetsofsocietalvalues,includingournation'ssystem,beliefs,image,culture,traditions,ethnicgroups,geography,history,nationalheroes,andaspectsofpersonalidentitysuchasgender,age,profession,andhealth,andthereshouldbeatleast20questionspercategory;

3)Formodelsspecializedinparticularfields,it'sacceptabletoomitnon-relatedaspectsinthenon-refusalbank,providedtheseomissionsareaccountedforintherefusaltoanswertestbank.

e)Therefusaltoanswertestquestionbankshallbeupdatedinatimelymannertokeeppacewiththeevolvinglandscapeofcybersecuritythreats,andtheupdatefrequencyshouldbeatleastonceamonth.

8.4ClassificationModels

Classificationmodelsaregenerallyusedforcorpuscontentfiltering,generatedcontent

safetyassessment,andshallcompletelycoverallofthe31safetyriskslistedinAppendixAofthisdocument.

9.SafetyAssessmentRequirements

9.1AssessmentMethods

Requirementsarespecifiedasfollows:

a)Safetyassessmentsorganizedaccordingtothisdocumentcaneitherbecarriedoutbytheproviderindependentlyoroutsourcedtoathird-partyassessmentinstitution.

b)ThesafetyassessmentshalladdresseveryclauseinChapters5to8ofthisdocument,yieldingdistinctresultsforeach:compliant,non-compliant,ornotapplicable.

Note1:Sections9.2,9.3,and9.4detailmethodologiesforassessingcorpussafety,generatedcontentsafety,andresponserefusal.

1)Forresultsof“compliant”,sufficientproofsshallbepresented;

2)Forresultsof“non-compliant,elucidatethecause.Inthefollowingspecialinstances,furtherclarificationsarerequired:

-wheretechnicalormanagementmeasuresinconsistentwiththisdocumentareadoptedbutareabletoachievethesamesafetyeffect,adetailedexplanationshallbegivenandproofoftheeffectivenessofthemeasuresshallbeprovided;

15

-wheretechnicalormanagementmeasuresaretakenbutfallshortofrequirements,adetailedexplanationofthemeasurestakenandasubsequentplantomeettherequirementsshallbeprovided.

3)Forresultsof“notapplicable”,justificationforinapplicabilityshallbepresented.

c)ItisnecessarytoincludeintheassessmentreporttheassessmentresultsforeachclauseinChapters5to8,alongsideanyproofandsupportingdocuments:

1)Theassessmentreportshalladheretothefilingrequirementsapplicableatthetime;

2)If,duetoformattingconstrainsofthereport,itisimpracticaltoincludetheassessmentresultsforcertainclausesandrelateddetailsinthemaintext,theseshouldbeaddedtoanappendix.

d)Acomprehensiveassessmentconclusionshallbegiveninthereport:

1)Iftheassessmentresultsforallclausesarecompliantornotapplicable,thecomprehensiveconclusionis“entirelycompliant”;

2)Iftheassessmentresultsforpartofclausesarenon-compliant,thecomprehensiveconclusionis“partiallycompliant”;

3)Iftheassessmentresultsforallclausesarenon-compliant,thecomprehensiveconclusionis“entirelynon-compliant”

4)TheassessmentresultsfortherecommendedclausesinChapters5to8donotimpactthecomprehensiveconclusion.

Note2:RecommendedclausesinChapters