On June 25th, OpenAI sent an official email to API (Application Programming Interface) users, informing them that starting from July 9th, API traffic from regions not included in the supported country and region list will be blocked. To continue using OpenAI's services, access must be made from supported regions.
This move by OpenAI has sparked widespread discussion, with the media describing it as a "cut-off" of services. Some believe it is due to the U.S.'s policy of pressure on China, while others think it is to prevent domestic large-scale model replication and data acquisition. In fact, OpenAI has never opened its services to the domestic market. The term "cut-off" is an exaggeration; it is more accurate to say that it has strengthened its ban. As a result, all enterprises in China that use the API are essentially in a non-compliant state, neither complying with OpenAI's policy nor with domestic laws. So, where should these enterprises go next?
Migration in Response
In July 2023, the Cyberspace Administration of China, in conjunction with relevant departments, introduced the "Interim Measures for the Management of Generative Artificial Intelligence Services," the world's first specific legislation for generative artificial intelligence. According to the measures, providers of generative artificial intelligence services must use data and basic models from legal sources. However, OpenAI has not filed algorithm records or generative artificial intelligence service records in accordance with domestic regulatory requirements. At the same time, according to OpenAI's policy, it does not provide GPT services to Chinese users.
Under the "dual violation," applications using the OpenAI API are at risk of being banned from operation at any time, which is not good for long-term projects. The reason why domestic regulations still maintain a certain level of "tolerance" is that the industry is still in the early stages of development, and the enforcement intensity also has a process from loose to strict. OpenAI's ban can force domestic projects to move towards compliant development.
In the current situation, choosing to migrate to domestic AI models has become one of the key solutions that all applications using the Open API need to consider. At the same time, domestic large-scale models are also actively launching "relocation" plans.
Through migration, the original application's functionality can be maintained, and the application and the company behind it can avoid contractual issues due to losing access to the OpenAI API. While considering cost-effectiveness, applications should prioritize large models that have been filed with the Cyberspace Administration, to avoid new compliance issues. It is worth noting that as of March 2024, a total of 117 large models in China have been filed with the Cyberspace Administration.
However, since OpenAI's announcement, some articles have suggested that applications using the OpenAI API can migrate to Azure OpenAI. The reason given is that Microsoft has already partnered with OpenAI and has not prohibited Chinese users from using it. So, can these applications adopt this suggestion, and how compliant is it?
Azure OpenAI
First, let's take a look at what Azure OpenAI is. 
Azure OpenAI is a service provided by Microsoft that allows access to OpenAI's large language models through a REST API. These models include GPT-4, GPT-4 Turbo with Vision, GPT-3.5-Turbo, and the Embedding Model series. Azure OpenAI is fully controlled by Microsoft; Microsoft hosts OpenAI models in the Azure environment, and this service does not interact with any services operated by OpenAI (such as ChatGPT or OpenAI API). Moreover, after the "cut-off" event by OpenAI, Microsoft has joined this migration feast. 
Unlike OpenAI, Azure OpenAI does not restrict Chinese users from using it, which has been confirmed in both official promotions and verbal responses from staff. However, contradictorily, a file on the available service regions seems to indicate that it is not available in China. 
So, for enterprises in China using the OpenAI API for AI projects, if they choose to migrate their projects to Azure OpenAI, can they rest assured of compliance?
Compliance Doubts
As a global service, Microsoft has a complete data compliance policy. It promises not to open data to OpenAI, not to be used to improve OpenAI or Microsoft's products or services, to be deletable at any time, to prevent the generation of harmful content, and to comply with the requirements of the EU's GDPR and ISO 27001, ISO 27002, and ISO 27018. However, according to information obtained by lawyer Mankun, Azure OpenAI's compliance policy has not been specifically adapted to Chinese law. Therefore, the compliance of using Azure OpenAI remains in doubt in the following aspects.
Doubt 1: Data Export
Azure's China services are operated by domestic Century Internet, with data centers in China. However, Azure OpenAI is a global service with data centers outside China. When operators of domestic critical information infrastructure or other data processors transmit sensitive personal information, personal information, or important data beyond a certain standard, they need to apply for a data export security assessment and pass personal information protection certification from the National Cyberspace Administration. This represents a significant compliance cost for domestic users, and since Azure OpenAI itself has not been found to have undergone domestic assessment and certification, it is difficult to ensure a smooth passage.
Doubt 2: Uncompleted Filing
According to the "Regulations on the Management of Algorithm Recommendations for Internet Information Services," "Regulations on the Deep Synthesis Management of Internet Information Services," and the "Interim Measures for the Management of Generative Artificial Intelligence Services," providers of generative artificial intelligence services with public opinion attributes or social mobilization capabilities should conduct security assessments and complete algorithm and model filing procedures. A search shows that Azure OpenAI has not completed algorithm and large model filing. Therefore, for users who want to provide services to the domestic public, it is difficult to prove that they have used legal basic models and met other regulatory requirements.
Summary: For enterprises that want to use it for internal research and operation, not for the public, and not involving personal information or important data, Azure OpenAI is an option; otherwise, the compliance risks of using Azure OpenAI should be carefully evaluated. Due to the lack of complete information, based on publicly available information, I have attempted to analyze the compliance of Azure OpenAI. If there are any discrepancies, please contact Microsoft for correction.
Worst Case Scenario
Some industry insiders have suggested bypassing restrictions by using overseas servers or creating reverse proxies. This approach involves using technical means to circumvent the blockade but does not solve any compliance issues. On the contrary, doing so will increase the risks of data security and privacy. In terms of operation, domestic app markets for Apple and Android can remove such applications; the stability of application services also becomes a big question mark.
Conclusion
In the context of OpenAI restricting China from using its API, existing AI enterprises in China must carefully evaluate compliance risks when considering migrating their data to Azure OpenAI or other international services. At the same time, in the face of the legal challenges brought by new technologies, enterprises may need to actively explore localized solutions rather than blindly seeking "substitution," to achieve compliant development in the ever-changing technological environment.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
