Large generative AI models (LGAIMs), such as ChatGPT, GPT-4 or Stable Diffusion, are rapidly transforming the way we communicate, illustrate, and create. However, AI regulation, in the EU and beyond, has primarily focused on conventional AI models, not LGAIMs. This paper will situate these new generative models in the current debate on trustworthy AI regulation, and ask how the law can be tailored to their capabilities. After laying technical foundations, the legal part of the paper proceeds in four steps, covering (1) direct regulation, (2) data protection, (3) content moderation, and (4) policy proposals. It suggests a novel terminology to capture the AI value chain in LGAIM settings by differentiating between LGAIM developers, deployers, professional and non-professional users, as well as recipients of LGAIM output. We tailor regulatory duties to these different actors along the value chain and suggest strategies to ensure that LGAIMs are trustworthy and deployed for the benefit of society at large. Rules in the AI Act and other direct regulation must match the specificities of pre-trained models. The paper argues for three layers of obligations concerning LGAIMs (minimum standards for all LGAIMs; high-risk obligations for high-risk use cases; collaborations along the AI value chain). In general, regulation should focus on concrete high-risk applications, and not the pre-trained model itself, and should include (i) obligations regarding transparency and (ii) risk management. Non-discrimination provisions (iii) may, however, apply to LGAIM developers. Lastly, (iv) the core of the DSA content moderation rules should be expanded to cover LGAIMs. This includes notice and action mechanisms, and trusted flaggers. In all areas, regulators and lawmakers need to act fast to keep track with the dynamics of ChatGPT et al.

翻译：大型生成式AI模型（LGAIMs），如ChatGPT、GPT-4或Stable Diffusion，正迅速改变我们沟通、图解和创作的方式。然而，欧盟及其他地区的AI监管主要聚焦于传统AI模型，而非LGAIMs。本文将把这些新型生成式模型置于当前可信AI监管的讨论中，探讨法律如何根据其能力进行定制。在奠定技术基础后，本文的法律部分分四步展开，涵盖：（1）直接监管，（2）数据保护，（3）内容审核，以及（4）政策建议。本文提出一套新颖术语，通过区分LGAIM开发者、部署者、专业与非专业用户以及LGAIM输出的接收者，来捕捉LGAIM环境中的AI价值链。我们将监管责任量身分配给价值链上的不同参与者，并提出确保LGAIM可信且服务于社会整体利益的策略。《AI法案》及其他直接监管规则必须与预训练模型的特性相匹配。本文主张针对LGAIM建立三层义务（所有LGAIM的最低标准；高风险用例的高风险义务；AI价值链上的协作）。总体而言，监管应聚焦于具体的高风险应用，而非预训练模型本身，并应包含（i）透明度义务和（ii）风险管理。然而，（iii）非歧视条款可适用于LGAIM开发者。最后，（iv）《数字服务法案》内容审核规则的核心应扩展至覆盖LGAIM，这包括通知与行动机制以及可信举报人制度。在所有领域，监管者和立法者需迅速行动，以跟上ChatGPT等模型的发展动态。