What the SFC’s November 2024 circular (24EC55) requires of licensed corporations using AI language models in Hong Kong — four core principles and extra rules for high-risk uses.
dgm is an independent osFoundry integration partner — not affiliated with osFoundry’s maker (OS LLC), and dgm has no completed client integrations yet.
Hong Kong licensed corporations using AI language models must follow the SFC’s November 2024 circular. This guide summarises its four core principles and the extra rules for high-risk uses.
What the circular covers
The SFC’s circular to licensed corporations on the use of generative AI language models (reference 24EC55, dated 12 November 2024) applies to all licensed corporations using AI language models in regulated activities — whether in-house, group, third-party or open-source.
The four core principles
(1) Senior-management oversight and accountability; (2) AI model risk management — validation, end-to-end testing and ongoing monitoring; (3) cybersecurity and data risk management; and (4) third-party risk management. For high-risk uses — such as providing investment recommendations or advice to investors — there are extra requirements, including human review before output reaches the user and disclosure that the user is interacting with AI.
How to comply
Put senior management on the hook, validate and monitor the model, secure the data, manage third parties, and add human-in-the-loop and disclosure for high-risk uses. osFoundry’s managed cloud pins data to the US, EU or Japan — it does not currently offer a Hong Kong managed region (its nearest managed region is Japan). To keep data in Hong Kong, the honest path is self-hosting osFoundry (BYO Cloud) inside a Hong Kong cloud region such as AWS Asia Pacific (Hong Kong) ap-east-1, Microsoft Azure East Asia (Hong Kong SAR) or Google Cloud asia-east2 (Hong Kong), or running models locally on-device.
Where dgm fits
dgm is an independent integration partner that helps Hong Kong businesses adopt osFoundry — scoping a first use case, handling the build, and connecting AI to the systems you already run. dgm is independent of osFoundry’s maker (OS LLC) and has no completed client integrations yet, so everything described here is a service offered, not a past result. If you want to scope a practical first project, dgm can help you map it out.