Hong Kong Issues Generative Artificial Intelligence Technical and Application Guideline
Published 8 May 2025
Matthew Murphy
On 15 April 2025, Hong Kong’s Digital Policy Office (“DPO”) issued it’s “Generative Artificial Intelligence Technical and Application Guideline”. The Guideline documents the technical background and governance principles of generative AI, and provides a practical guide to technology developers, service providers and service users.
The Guideline establishes a GenAI governance framework focusing on data protection, intellectual property, crime prevention, reliability and trustworthiness, and system security. The Guideline also outlines key principles of governance which are in line with international practices, including the OECD AI Principles. Such principles include security and transparency, accuracy and reliability, and fairness and objectivity.
As far as risk management is concerned, the Guideline proposes a four-tier classification of AI systems, by classifying AI systems into “unacceptable risk”, “high risk”, “limited risk” and “low risk”. Depending on which tier an AI system falls, recommendations are provided in order to manage risk.
The Guideline has also put forward recommendations for key stakeholder groups. “Technology Developers” are encouraged to establish comprehensive and dedicated teams (such as a data team and a quality control team) to ensure compliance with applicable laws and regulations, manage data responsibly, and prevent discrimination. “Service Providers” should develop a responsible GenAI service framework and identify specific opportunities that can deliver significant value. “Service Users” are encouraged to familiarise themselves with the terms of use of the relevant platform or tool. Additionally, they should adhere to appropriate citation and attribution practices to clearly indicate whether GenAI has played a role in content creation or decision-making.
To observe the Guideline (though it is non-binding), businesses involved in the development and deployment of AI in Hong Kong should thoroughly review their AI operations and internal AI policies, identify their respective roles as defined under the Guideline (note that an organisation may assume multiple roles simultaneously), and take proactive steps to fulfill the obligations associated with their specific roles.
In keeping with Hong Kong’s relatively relaxed approach in this area, the Guideline has been well received so far by the community and stakeholders. Of course, as AI technology and practices continue to develop, the Guideline will be adapted as required. Stakeholders would be wise to keep the Guideline in mind as they develop and use AI systems in Hong Kong for risk management and legal reasons at least.
The Guideline establishes a GenAI governance framework focusing on data protection, intellectual property, crime prevention, reliability and trustworthiness, and system security. The Guideline also outlines key principles of governance which are in line with international practices, including the OECD AI Principles. Such principles include security and transparency, accuracy and reliability, and fairness and objectivity.
As far as risk management is concerned, the Guideline proposes a four-tier classification of AI systems, by classifying AI systems into “unacceptable risk”, “high risk”, “limited risk” and “low risk”. Depending on which tier an AI system falls, recommendations are provided in order to manage risk.
The Guideline has also put forward recommendations for key stakeholder groups. “Technology Developers” are encouraged to establish comprehensive and dedicated teams (such as a data team and a quality control team) to ensure compliance with applicable laws and regulations, manage data responsibly, and prevent discrimination. “Service Providers” should develop a responsible GenAI service framework and identify specific opportunities that can deliver significant value. “Service Users” are encouraged to familiarise themselves with the terms of use of the relevant platform or tool. Additionally, they should adhere to appropriate citation and attribution practices to clearly indicate whether GenAI has played a role in content creation or decision-making.
To observe the Guideline (though it is non-binding), businesses involved in the development and deployment of AI in Hong Kong should thoroughly review their AI operations and internal AI policies, identify their respective roles as defined under the Guideline (note that an organisation may assume multiple roles simultaneously), and take proactive steps to fulfill the obligations associated with their specific roles.
In keeping with Hong Kong’s relatively relaxed approach in this area, the Guideline has been well received so far by the community and stakeholders. Of course, as AI technology and practices continue to develop, the Guideline will be adapted as required. Stakeholders would be wise to keep the Guideline in mind as they develop and use AI systems in Hong Kong for risk management and legal reasons at least.