摘要: 生成式人工智能的广泛应用，在带来技术红利的同时，也使得数据安全风险从传统的信息系统安全层面，延伸至更加复杂关键的数据内容安全与数据利用安全层面，这些风险贯穿于其数据采集、算法处理、内容输出三个环节。我国现行刑法在应对数据安全风险时存在一定问题，突出表现为刑法“数据控制”治理理念与生成式人工智能“数据利用”发展需求的矛盾，以及涉生成式人工智能犯罪刑事责任归责困难的问题，这便需要刑法对数据安全治理理念从“数据控制”向“数据利用”进行转变，同时对涉生成式人工智能犯罪中涉及的多主体归责机制进一步完善，明确生成式人工智能能否成为具备刑事责任能力的独立刑事主体。

Abstract: The widespread application of generative artificial intelligence has brought technological dividends while extending data security risks from traditional information system protection to more complex and critical aspects of data content security and data utilization security. These risks permeate three key stages: data collection, algorithmic processing, and content output. China’s current criminal law exhibits certain limitations in addressing data security risks, notably manifesting as conflicts between the “data control” governance philosophy of criminal law and the developmental needs of generative AI’s “data utilization”, as well as challenges in determining criminal liability for AI-related offenses. This necessitates a shift in criminal law’s data security governance paradigm from “data control” to “data utilization”, alongside further refinement of multi-stakeholder accountability mechanisms for AI-related crimes. It is imperative to clarify whether generative AI can be recognized as an independent criminal entity with full criminal liability capacity.