中国正在推动建设世界科技强国,来自各类新兴TMT领域的企业在此过程中扮演着重要角色。领先TMT企业的总法律顾问和ALB分享了企业法务部门如何在产品创新与合规之间寻找平衡、新技术的发展如何带来全新的合规议题,以及他们如何引领法务部门的数智化建设。
过去两年中国TMT行业所经历的“强监管时代”或将结束。根据国金证券研究所今年早些时候发布的《TMT崛起》系列报告,2021-2022年的政策调整期过后,TMT板块正迎来“政策回暖、供需修复”的新时代,快速发展的生成式人工智能技术(“AIGC技术”)也给“技术+场景”不断带来新的想象空间,“TMT可能已经具备成为市场新主线的所有重要特征”。
事实上,即便在过去几年变化的市场和政策环境下,TMT企业也普遍未失“初心”,延续着对于技术和产品创新的坚持。而在强监管背景下为企业创新提供支持,更凸显出TMT企业法务部门的专业能力,以及工作智慧。
T3出行是总部位于南京的一家智慧出行领域企业,其总法律顾问朱春雨对ALB坦言:“智慧出行是充分竞争的行业,T3一直面临来自巡游出租车、互联网巨头、传统汽车厂商等同业者较大的竞争压力。能从诸多同业者中脱颖而出,一方面依赖T3稳健的精细化运营能力,另一方面就是通过持续的业务创新,吸引和服务不断迭代的消费需求和出行体验。”
朱春雨举了个例子:“为了融合更多运力以满足不同时段和区域的快速用车需求,法务部门协同业务团队推出了聚合平台模式和网巡一体模式,充分吸纳和调动社会闲散车辆和传统巡游出租车的运力资源,利用平台的订单聚合能力和信息处理能力,有效提升公司的服务效率和体验。”
在上述业务创新过程中,“公司面临相关行业监管法规未出台,各层级各区域的监管部门态度不一致,存在较大不确定的合规风险”。为此,法务部门“一方面在业务上线前提供前瞻性的法律研究,为业务项目在不同区域落地提供合规指引;另一方面研判监管部门对于聚合平台、网巡融合的监管趋势,对各行政区域的监管部门进行访谈和沟通,促进监管部门对新业务的了解和认同”。
此外,法务部门还在具体项目中充分利用合同和准入准出流程严格控制承运人的准入资质,设计细致的各方权责条款,同时引入外部保险公司承担溢出的业务风险和赔偿责任,最终实现了为业务创新发展保驾护航,朱春雨介绍道。
邢璟是度小满法律合规部总经理,他坦言,在快速发展而又受到严格监管的金融科技领域,“平衡业务创新与合规是我们一直在思考并面对的问题”。
邢璟分享道,在切入具体场景之前,法务部门首先应把握原则和方向,即“在金融监管日益严格的背景下,鼓励、尊重符合金融基本属性的适度创新”,具体来说,就是要判断一项金融产品创新是否能够服务于实体经济、普惠金融、维护客户的正当权益,“只要符合这样的原则,大方向就不会错,尤其在支持法律规定尚未明确领域的创新时,把握好原则方向就更为重要”。
具体到上述思路在产品创新过程中的落地,邢璟举了个例子。“最近几年利用互联网金融产品从事电信诈骗、洗钱等犯罪的案例非常多,人工智能等技术的爆发也降低了犯罪门槛,比如深度伪造技术对在线目标人脸、语音、表情等信息的模仿能力极强,严重扰乱了传统所谓的‘眼见为实’。于是我们开展创新,将包含生物认证、防深伪、视觉风控在内的计算机视觉技术应用于尽职调查,判断客户的真实身份和交易意图,用于反洗钱、反电信诈骗等场景。”
这一过程中,业务和法务团队也面临了新的信息保护合规问题。“反洗钱尽职调查,势必需要客户提供个人信息,这其中就会涉及到信息保护的合规问题。”邢璟介绍道,于是度小满法律合规部采取了一系列信息保护手段,既包括事前履行告知义务,也包括信息收集后妥善履行内部管理职责,值得注意的是,由于过程中国家发布了《人脸识别技术应用安全管理规定(试行)》征求意见稿,“我们现在的内部制度于是对标参考征求意见稿制定,在合规尺度里有一定的预判性,以保障数据处理满足监管趋势,其实是提出了更高的内部要求”。
打造数据合规最佳实践
过去几年,伴随数据合规“三大法”落地,以及针对企业数据违法的“亿元级罚单”的出现,数据合规已经从前沿议题,变成了“应有之义”和“重中之重”,对于掌握海量数据的TMT企业来说尤为如此。不过,较大的合规压力也帮助TMT企业纷纷探索出了符合行业和企业需求的最佳合规实践。
朱春雨告诉ALB,作为拥有上亿用户的网约车平台,T3出行在公司创立之初就非常重视用户信息的保护和相关法律义务的遵从,“对于网络和数据的风险管控,公司从产品、运营、数据、安全、合规等众多方面制定了严格的规范和流程要求”。
过程中,法务作为重要的合规管理团队承担起了多重任务。朱春雨具体介绍道:“法务首先根据相关法律法规,结合公司的实际产品和业务情况,制定了数据保护和处理的合规制度框架,并搭建了数据处理各环节的线上管理流程和控制机制。其次,对于涉及数据合作的业务项目和涉及用户信息的产品设计,法务在业务项目立项初期就主动介入并给予合规评估,提出有效的合规解决方案,并在业务实际运营中持续跟踪合规方案落地情况。”
此外,法务团队也非常重视开展公司内部培训活动,以及和业务部门持续展开评估监测和案件处置演练的重要性。朱春雨坦言,未来一段时间数据合规将继续成为T3出行法务团队重点关注的合规课题,“团队将随着法律和监管要求的不断变化与发展,不时调整与优化数据合规落地方案,确保作为互联网公司的合规性与可持续发展性”。
作为金融科技领域企业,邢璟也坦言,度小满“处理的个人信用信息、生物识别信息等数据敏感程度高,一旦泄露后果严重,数据合规风险就像是悬在企业头上的达摩克利斯之剑。因此,度小满以《网络安全法》《数据安全法》《个人信息保护法》为依据,建立了完整的数据合规工作蓝图和框架,总结出了一套行之有效的工作方法”。
邢璟把这套框架总结为四方面。“首先是‘制度先行’,在整个公司建立一套数据管理制度体系,为所有业务设定红线、划定底线,通过制度明确各个岗位的职责,使公司的各类数据活动都纳入法规和制度范围内;其次是建立一整套动态的数据处理全生命周期合规管控体系,保障数据从采集到删除,在动态流转过程中是合规的。”
“第三,我们遵照《个保法》要求,搭建了用户个人信息权利响应机制,客户如果针对个人数据有任何意见和权利主张,都可以得到及时反馈,充分保障了客户对个人信息的自我决定权。”
“最后,我们还特别关注数据管理的职能分工,构建了“决策层-管理层-运行层-操作层”四维一体的数据管理体系。初步确立了‘谁管业务,谁管业务数据,谁管数据安全’的原则。”有了四个层级的架构,数据管理变得“权利清晰、上下贯通,形成了坚固防线”。
AIGC带来新合规议题
数据合规之外,谈到近期关注的其他合规话题,作为引领技术和创新发展的TMT企业代表,受访总法律顾问都提到了新技术,尤其AIGC技术对于未来合规的挑战。
“当前科技发展的热门主题,比如ChatGPT等,也是法务团队未来重点关注的合规话题。”朱春雨说。“ChatGPT这类AIGC服务在中国的应用目前受多部法律法规的约束,尤其是数据合规、算法合规等领域法律法规及政策,同时,国家也很关注AIGC服务带来的科技伦理与侵权问题。未来随着相关法律法规的颁布和生效,我们也将持续跟踪并及时给业务部门提供相关的法律意见。”
作为金融科技企业,度小满专注于解决金融领域应用的核心技术难题,在不久前的以“生成未来”为主题的百度世界2023大会上,度小满表示“未来五年,生成式AI在金融领域的应用,将成为度小满最重要的战略方向,度小满将不断加大金融垂类大模型及应用的布局和投入,和业界一起把握机遇,推动新一轮金融科技发展浪潮”。
其实早先在今年5月,度小满正式开源了国内首个千亿级中文金融大模型——“轩辕”。9月,“轩辕70B”金融大模型也正式开源,相比通用大模型,“轩辕”金融大模型经过海量金融数据训练,对金融知识理解更专业、更精准,可控性、安全性更高。数据显示,在C-Eval及CMMLU两项权威榜单中,度小满轩辕大模型均高分位居榜首。
对于度小满法律合规团队来说,为AIGC技术提供法律合规支持则已经是实践之中的动作。邢璟告诉ALB, “法律合规团队支持公司自身大模型的开发是承担了很大的压力和挑战,但我们也很幸运,能够在这么大的创新空间里参与实践”。
邢璟介绍道,AIGC的法律风险主要存在于几方面:“一是开源软件合规的风险;二是知产合规性和知识产权保护问题;三是相关的数据合规风险;四是网络安全风险;五是信息内容的合规风险,这是AIGC领域有特色的规范,根据现有规则,AIGC产品输出和合成的内容要由服务提供方进行内容风险审核和管控,并承担相应责任。”
下一步,邢璟表示,“我们会继续助力公司在AIGC赛道上新业务的合规发展,主要工作包括评估AIGC产品服务的具体场景的风险并出具缓释方案,支持公司在科技领域保持竞争性优势地位”。
用知识产权创造价值
过去几年,中国强调以创新打造新的国家实力,对于知识产权的重视也日益增强,对TMT企业的法务部门来说,保护公司知识产权,并探索知识产权资产创造价值的渠道,成为了愈发重要的工作内容。
对此,邢璟坦言:“在数字经济社会快速发展的当下,知识产权对于科技企业的创新、竞争和可持续发展都至关重要。知识产权作为公司重要的无形资产,可以为企业品牌价值、技术创新、产品创新保驾护航,能加持公司科技创新属性,是企业科技创新竞争力的最客观标志。”
在展开知识产权工作的过程中,度小满积累了不少独特实践和心得。邢璟总结道:“我们组建了专门的知识产权管理团队,做到术业有专攻由专业团队为整个度小满的知识产权事项提供服务;此外,我们以制度为引领,搭建了一整套知识产权保护体系,全面覆盖商标、著作权、专利、商业秘密保护、开源软件等的保护使用和争议解决,并定期对这些制度进行监督评价。”
此外,度小满还注重制定标准化流程,如《版权维权指南》《专利申请流程指引》等提高知识产权的保护效率,并利用度小满商标、版权、专利管理系统提升工作效率;设定了“预防为主、打击为辅”的商标保护防线;同时不断创新宣贯手段,提升全员知产合规意识,进而形成全体员工尊重知识产权、保护知识产权的良好氛围。
保护之外,度小满也强调利用知识产权创造实在的价值。“我们加强了知识产权成果的运用,通过加强自主知识产权的许可、授权、转让等运营使用,将公司每年的大量技术投入、创新产品、研发成果等,真正转化为权利和价值。我们还会利用知产成果帮助业务部门和公司申请知识产权试点单位、吴文俊人工智能奖、企业双软认证、高新企业认证和知识产权体系认证等各项国家级、行业级资质及奖项,提升公司的整体影响力。”
通过知识产权为公司创造价值也是T3出行法务团队的重要工作内容。朱春雨告诉ALB,这项工作主要从三方面展开。“第一,结合公司的技术发展战略,法务协同产品研发部门制定了以专利版权为基础的技术研发路径,配备专业团队深入挖掘专利机会,强化专利导航和技术布局,引导技术研发的资源投入。”
“第二,面对激烈的市场竞争,我们有针对性地分析同业者的专利数据和布局,确定公司的专利规避及应对策略,提升公司知识产权风险防范能力。第三,知识产权证券化是已被实践证明能够有效盘活知识产权的工具,我们目前也在积极尝试通过ABS的方式进行融资,为公司发展提供资金支持。”
促升法务部门数智化发展
在帮助公司探索AIGC等新科技领域合规发展的同时,邢璟指出,度小满法律合规部本身也希望能够借助AIGC技术,实现部门内部的提升和未来的数智化发展。
他告诉ALB,“这样的期待一是简化合同相关的工作,协助合同内容智能审查;二是协助诉讼工作,通过对案例进行检索、分析,出具建议方案。AIGC技术还能帮助法律合规部实现一些更为综合的功能,比如阶段性的整体法律风险汇总分析,以积累的数据展开分析,生成报告;再如,作为未来能力制度化的工具,把各种资源通过AIGC汇总,形成交互平台。”
他进一步表示,“我们始终积极拥抱并学习AIGC新技术,也在综合国内外同业的最佳实践进行探索,力争应用我们自己的轩辕大模型能够实现在法律这一垂直领域内的一些尝试和探索。“
在T3出行,朱春雨指出,法务部也“一直重视和致力于依托数智技术工具来提高合同和合规的管理能力,提升内部协同的效率”。
具体来说,“在合同电子化方面,目前我们实现了签约分级管理:针对标准格式、签约频次高、无金额且低风险的合同,法务为签约对象分发APP的签约链接和权限完成线上签约;对于较为标准、有金额且有诉讼风险的合同,法务通过第三方电子签约系统进行身份认证并完成签订管理;对于重要非标且高风险的合同,我们通过线上审核线下用印的方式,在保证签约效率的同时也有效保证了协议的法律效力”。
而在诉讼管理工作中,“我们构建了一套数智化案件管理方案,涵盖案件申请和接收、证据收集与分析、流程监控、卷宗阅览、沟通互动等功能,实现了诉讼流程的可视化。通过这个诉讼系统,保证各部门快速协同,打破信息壁垒”。
“未来,我们还将继续探索和深化数智化管理工具的更多精细功能,如业务咨询工单系统、法研协同系统等,提升法务支持业务的能力与效率。”朱春雨表示。
REGULATIONS & ROBOTS: IN CONVERSATION WITH TMT GCs
With China setting its sights on becoming a global power in science and technology, companies in various emerging TMT fields play an important role in this process. Two general counsel of leading TMT companies share with ALB how in-house teams balance innovation and compliance, how the development of new technologies triggers new compliance issues, and how they lead the digital transformation of their legal teams.
The strong regulatory era that China's TMT industry has experienced over the past two years may be coming to an end. According to the "Rise of TMT" series of reports issued by Guojin Securities Research Institute earlier this year, following a period of policy adjustments in 2021-2022, the TMT sector is ushering in a new era of "policy re-alignment and supply and demand recovery," and the rapid development of generative artificial intelligence technology ("AIGC technology") continues to expand the space for new imaginations of "technology + scenarios." "TMT may have already amassed all the important characteristics to become a new main theme of the market."
In fact, despite the changing market and policy environments in the past few years, most TMT companies have continued to work on technological and product innovation. Supporting innovation under tightened regulation further highlights TMT in-house teams' professional competency and wisdom.
Zhu Chunyu, general counsel of T3 GO, a Nanjing-based smart travel company, tells ALB: "Smart travel is a highly competitive industry. T3 GO has always faced stiff competition from taxis, Internet giants, traditional auto manufacturers, and other players. We are able to stand out from so many peers partly because of our ongoing business innovation, which helps to attract and serve constantly changing consumer demands and travel experiences."
Zhu gives an example: "Recently, the in-house team has collaborated with business units to launch a new platform to integrate both taxi and privately-owned vehicle resources that are underutilised to meet increased ride-hailing needs from the clients."
During the aforementioned business innovation, "we were faced with relatively large compliance risks because relevant regulations had not been promulgated, and the attitudes of regulators in different regions were also inconsistent." As such, the in-house team "on the one hand, provided forward-looking legal research before the business went live to offer compliance guidance for different regions; on the other hand, conducted studies and engaged in talks with regulators to facilitate their understanding and approval of the new business."
Xing Jing, general manager of Du Xiaoman Legal and Compliance Department, shares that in the rapidly developing yet strictly regulated field, namely the fintech field, where his company operates, "balancing business innovation and compliance is something we have always been thinking about and facing."
To Xing, before focusing on any specific scenario, the in-house team must first grasp some general principles. Specifically, the in-house team should judge whether a financial product innovation can serve the real economy and the goal of inclusive finance, as well as safeguard the legitimate rights and interests of customers. "As long as innovation conforms to these principles, we will not be on the wrong track."
When it comes to translating the above ideas into product innovation, Xing gives the following example. "In recent years, there have been many cases of Internet financial products being used for telecommunications fraud and money laundering. The growth of artificial intelligence and other technologies has also lowered the bar for committing crimes. For example, deep fake technology has a tremendous ability to imitate the faces, voices, expressions, and other information of online targets. My team thus embarked on innovation to deploy computer vision technologies, such as biometric authentication, anti-deep fake, and visual risk control, to determine a customer's real identity and transaction intention for use in scenarios such as anti-money laundering and anti-telecommunications fraud."
However, during this process, they have encountered new data protection compliance issues. "The anti-money laundering due diligence inevitably requires clients to provide personal information, which involves compliance issues related to information protection." Xing explains that the Du Xiaoman legal team has thus taken a series of data protection measures, including fulfilling notification obligations in advance and properly discharging internal management duties after data collection.
UPHOLDING DATA COMPLIANCE
In the past few years, with the implementation of the "three major laws" on data compliance and the imposition of "billion yuan fines" on corporate data breaches, data compliance has changed from a cutting-edge issue to an "obligation" and a "top priority." This is particularly true for TMT companies that possess massive amounts of data. On the other hand, greater compliance pressure has also spurred TMT companies to explore best compliance practices that meet both industry and corporate needs.
Zhu tells ALB that as an online ride-hailing platform with hundreds of millions of users, T3 GO has been attaching great importance to user information protection and compliance with relevant legal obligations since its founding and has formulated strict rules and process requirements.
In this process, the in-house team has taken on multiple tasks. According to Zhu, "the team first built up a compliance system framework for data protection and processing based on relevant laws and regulations and in light of the company's actual products and business, and set up an online management process and control mechanism for each aspect of data processing. Second, as regards business projects involving data-based cooperation and product design involving user information, the in-house team proactively intervened to give compliance assessments at the early stage, proposed effective compliance solutions, and continues to track the implementation of the compliance solutions during actual business operations."
The team also attaches great importance to offering internal training. Zhu says that data compliance will continue to be a key compliance task for the in-house team in the future. "My team will adjust and optimise the plan to implement data compliance from time to time as legal and regulatory requirements continue to change and evolve, so as to ensure our compliance and sustainability as an Internet company."
Xing concedes that Du Xiaoman, being a fintech enterprise, "handles personal credit information, biometric identification information, and other highly sensitive data, the leakage of which will cause serious consequences. Data compliance risks are like the Sword of Damocles hanging over the company's head. Therefore, Du Xiaoman has established a comprehensive data compliance framework and has summarised a set of effective work methods."
Xing sums up this framework in four aspects. "The first is to 'prioritise rules.' We have established a set of data management rules throughout the organisation set red lines and bottom lines for all business operations. Second, we have established a set of dynamic, full lifecycle compliance management and control systems for data processing to ensure compliance throughout the dynamic data flow, from collection to deletion."
"Third, we have established a mechanism to respond to users' personal information rights. Customers can expect timely feedback on any opinions or assertions regarding personal data. Finally, we also pay special attention to the division of tasks when it comes to data management and have built a four-dimensional data management system featuring different layers of 'decision-making, management, operation, and execution,' preliminarily establishing the principle that 'whoever manages the business should manage business data and manage data security.'"
AIGC-RELATED NEW TASKS
Apart from data compliance, when it comes to other compliance topics that have been of concern lately, both GCs point to challenges that new technologies, especially AIGC technology, will pose to compliance in the future.
"Current hot topics in technological development, such as ChatGPT, are also compliance areas that the in-house team will focus on in the future," says Zhu. "The application of AIGC tools in China is currently constrained by many laws and regulations, especially rules in the fields of data compliance and algorithm compliance. Meanwhile, China keeps a close watch on technological ethics issues and infringements brought by AIGC tools. Going forward, as relevant laws and regulations are promulgated and become effective, we will keep a close track and provide pertinent and timely legal advice for business units."
Du Xiaoman, who focuses on solving core technical problems in financial applications, has recently stated that "in the next five years, the application of generative AI in the financial field will become its most important strategic direction." In fact, earlier in May, Du Xiaoman officially open-sourced China's first 100-billion-dollar-parameter large Chinese financial model - "Xuanyuan." In September, the "Xuanyuan 70B" large financial model was also officially open-sourced.
Therefore, the Du Xiaoman team is already in action in providing legal and compliance support for AIGC technology. According to Xing, "despite taking on a lot of pressure and challenges to support the development of the company's large model, the in-house team feels fortunate to be able to get involved in such a large innovation space."
Xing shares that AIGC's legal risks mainly exist in the following aspects: "First, compliance risks of open-source software; second, intellectual property compliance and IP protection issues; third, relevant data compliance risks; fourth, cybersecurity risks. The fifth involves compliance risks of the generated content, which is unique to the AIGC field. According to existing rules, service providers must review, manage, and control the risks of the contents generated by AIGC products and shall bear corresponding liabilities."
Moving forward, "we will continue to support the company in developing new AIGC tools in a compliant manner. Our key tasks will include assessing the risks of specific scenarios of AIGC products and services and developing mitigation plans to help the company maintain competitive edges in the technology field."
CREATING VALUE WITH IP
In the past few years, China has been driving efforts to build new national strength through innovation and has started to pay increasing attention to IP. For TMT in-house teams, protecting their companies' IP and exploring channels to create value from IP assets have also become increasingly important.
"IP nowadays is crucial to the innovation, competitiveness, and sustainable development of technology companies," admits Xing. Therefore, Du Xiaoman has developed a lot of unique practices and gained a lot of experience in its IP work. "We have set up a dedicated IP management team to provide services for all of Du Xiaoman's IP matters. In addition, we have established a complete IP protection framework to cover the protection of trademarks, copyrights, patents, and trade secrets, the protection and use of open-source software, as well as dispute resolution."
In addition, Du Xiaoman also focuses on developing standardised processes and innovative publicity and implementation methods to raise the IP compliance awareness of all employees, thereby forming a favourable atmosphere where all employees respect and protect IP.
Apart from protection, Du Xiaoman also emphasises the use of IP to create real value. "We have stepped up the use of IP. By strengthening the licensing, authorisation, assignment, and other operations of proprietary IP, we truly convert our huge annual technological investment into rights and value," Xing introduces.
Tapping IP to create value is also an important part of the work of T3 GO's in-house team. According to Zhu, this work mainly focuses on three aspects. "First, we worked with product R&D departments to explore patent opportunities, reinforce patent navigation and technology layout, and guide investment in technology R&D resources."
"Second, amid fierce market competition, we have analysed the patent data and portfolios of competitors to determine our strategies and improve our IP risk prevention capabilities. Third, with IP securitisation now a proven tool to effectively revitalise IP, we are currently actively trying to raise funds through ABS to provide financial ammunition for the company's growth."
PROMOTING DIGITAL TRANSFORMATION
While helping the company explore compliant development in new technology fields, Xing points out that the Du Xiaoman legal team itself also hopes to leverage AIGC technology to achieve self-improvement and digital transformation.
He tells ALB, "Such expectations first involve simplifying contract-related work, assisting in the intelligent review of contract content; secondly, aiding in litigation work by retrieving and analysing cases to provide suggested solutions. AIGC technology can also help legal compliance departments achieve more comprehensive functions, such as periodic overall legal risk summary analysis, using accumulated data for analysis, and generating reports. Furthermore, as a tool for future capability institutionalisation, it gathers various resources through AIGC to form an interactive platform."
He further states, "We are always actively embracing and learning about new AIGC technologies. We are also exploring comprehensive practices from both domestic and international peers, striving to apply our own XuanYuan large model to make some attempts and explorations in the legal vertical domain."
Zhu of T3 Go says the in-house team has "always valued digital technology tools and been committed to relying on such tools to improve contract and compliance management capabilities and raise the efficiency of internal collaboration."
Specifically, in terms of electronic contracts, they currently adopt tiered contract signing management. And for litigation management, "we have built a set of digital case management solutions, covering functions such as case application and reception, evidence collection and analysis, process monitoring, file reading, communication and interaction, etc., to achieve visualisation of the litigation process. This litigation system enables rapid coordination among departments and breaks down information barriers."
"Looking ahead, we will continue to explore and deepen more sophisticated functions of digital management tools, such as a business query ticketing system and a legal research collaboration system, to improve the capabilities and efficiency of the in-house team to support business," says Zhu.