With the rapid evolution of artificial intelligence (AI) technology, the regulatory frameworks for AI in the Asia–Pacific (APAC) region continue to develop quickly. Policymakers and regulators have been prompted to consider either reviewing existing regulatory frameworks to ensure their effectiveness in addressing emerging risks brought by AI, or proposing new, AI-specific rules or regulations. Overall, there appears to be a trend across the region to promote AI uses and developments, with most jurisdictions focusing on high-level and principle-based guidance. While a few jurisdictions are considering regulations specific to AI, they are still at an early stage. Further, privacy regulators and some industry regulators, such as financial regulators, are starting to play a role in AI governance.

This blog post provides an overview of various approaches in regulating AI and managing AI-related risks in the APAC region.  

  • AI-Specific Laws and Regulations

Several jurisdictions in the region are moving toward AI-specific regulations, including the People’s Republic of China (hereinafter referred to as China), South Korea, and Taiwan.

  • China has been most active in shaping regulations specific to generative AI technologies since 2023. It has taken a multifaceted approach that combines AI-specific regulations, national standards and technical guidance to govern generative AI services and the regulatory focus has been on services that are provided to the public in China. The Interim Administrative Measures for Generative Artificial Intelligence Services represent a milestone as the first comprehensive regulation specifically addressing generative AI services (a summary of this regulation can be found in our previous post here). Several non-binding technical documents and national standards have been issued or are being drafted to further implement this regulation. Prior to the regulation that specifically addresses generative AI services, China had issued regulations for deep synthesis and algorithmic recommendations. Further, China promulgated rules on conducting an ethical review of scientific activities involving generative AI.
  • Beyond a few provisions on narrow aspects scattered in other regimes, South Korea does not presently have a comprehensive AI-specific regulatory framework. Proposed in early 2023, the draft Act on Fostering the AI Industry and Securing Trustworthy AI remains currently pending before the National Assembly. If enacted, it would set out the first comprehensive legislative framework governing the usage of AI in South Korea, generally reflecting an approach that would permit AI usage and developments subject to subsequent safeguards if and as needed. In parallel, the Personal Information Protection Commission (PIPC) has been advocating for a flexible approach to AI based on self-regulation, with support from the PIPC. Furthermore, the Korean Fair Trade Commission (KFTC) will soon start a detailed study to identify potential AI-induced risks in terms of consumer protection as well as unfair or anti-competitive practices, which might result in KFTC-supervised self-regulation of certain AI aspects through industry codes of conduct supplemented by a set of guidelines on AI, or even proposed legislation or amendments to existing consumer protection or antitrust rules. 
  • Similarly, Taiwan is drafting a basic law governing AI, i.e., the Basic Law for Development of Artificial Intelligence, which will set out fundamental principles for AI development and for the government to promote the development of AI technologies. However, it is still uncertain whether and when Taiwan will pass this draft law.
  • Non-binding AI Principles and Guidelines

Other jurisdictions in the APAC region take a voluntary approach for the moment, relying on non-binding principles and guidelines as well as existing laws to address AI-related issues. Such jurisdictions include Australia, Japan, Singapore, India, Hong Kong, Thailand and Vietnam.

For instance, Australia has so far taken a soft-law approach. Australia’s AI Ethics Principles were published in 2019, setting out principles for certain aspects in relation to AI governance, including fairness, privacy protection and security, reliability and safety, transparency and explainability, and accountability. Similarly, Japan has no comprehensive AI-specific regulation but only provides non-binding guidance. Singapore, India, Hong Kong, Thailand and Vietnam also have their own AI-related guidelines.

In addition to non-binding guidelines, some regulators also provide practical tools for AI services. For instance, Singapore launched an AI governance testing framework and toolkit in May 2022 and the initiative of a generative AI evaluation sandbox in October 2023, providing a common baseline of evaluation testing methods and benchmarks to assess generative AI products.

In these jurisdictions that have not yet issued specific AI regulations, enforcement in relation to AI could be carried out under existing laws. For instance, in order to understand the implications of the development and use of AI on data privacy in Hong Kong, the privacy regulator of Hong Kong – the Office of the Privacy Commissioner for Personal Data (PCPD) – carried out compliance checks on 28 organizations from August 2023 to February 2024 to understand their practices regarding the collection, use and processing of personal data in the development or use of AI, as well as their AI governance structure. Some jurisdictions have started to experiment with the best approach to regulate AI services, even though AI regulations are not in place yet. For instance, India’s regulator – the Ministry of Electronics and Information Technology – issued a non-binding advisory on March 1, 2024, asking all AI tools (including AI models, software using generative AI or any algorithms) currently being tested, in development or are potentially unreliable, to seek approval from the government before being released to the public. However, the requirement mandating government approval of AI tools was soon withdrawn by an advisory issued later in that month.

The fast development of AI technologies certainly poses new regulatory challenges for APAC governments. With China being the first jurisdiction to adopt AI-specific regulations, there will still be uncertainties going forward regarding how other regulators in the APAC region will address the risks brought by AI. It will be sensible for companies that develop or deploy AI technologies in the APAC region to closely monitor these developments and be prepared.

* * *

This blog post was written with contributions from Shutaro Kuwahara.

This information is not intended as legal advice. Readers should seek specific legal advice before acting with regard to the subjects mentioned herein.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Yan Luo Yan Luo

Yan Luo advises clients on a broad range of regulatory matters in connection with data privacy and cybersecurity, antitrust and competition, as well as international trade laws in the United States, EU, and China.

Yan has significant experience assisting multinational companies navigating the…

Yan Luo advises clients on a broad range of regulatory matters in connection with data privacy and cybersecurity, antitrust and competition, as well as international trade laws in the United States, EU, and China.

Yan has significant experience assisting multinational companies navigating the rapidly-evolving Chinese cybersecurity and data privacy rules. Her work includes high-stakes compliance advice on strategic issues such as data localization and cross border data transfer, as well as data protection advice in the context of strategic transactions. She also advises leading Chinese technology companies on global data governance issues and on compliance matters in major jurisdictions such as the European Union and the United States.

Yan regularly contributes to the development of data privacy and cybersecurity rules and standards in China. She chairs Covington’s membership in two working groups of China’s National Information Security Standardization Technical Committee (“TC260”), and serves as an expert in China’s standard-setting group for Artificial Intelligence and Ethics.

Photo of Xuezi Dan Xuezi Dan

Xuezi Dan is an associate in the Beijing office of Covington and Burling LLP. Her practice focuses on data privacy and cybersecurity. Xuezi helps clients understand and navigate the increasingly complex privacy regulatory issues in China. She has worked closely with many leading…

Xuezi Dan is an associate in the Beijing office of Covington and Burling LLP. Her practice focuses on data privacy and cybersecurity. Xuezi helps clients understand and navigate the increasingly complex privacy regulatory issues in China. She has worked closely with many leading international companies on matters ranging from cross-border data transfer, data localization, data protection program, and cybersecurity regulatory compliance.

Photo of Laurie-Anne Grelier Laurie-Anne Grelier

Laurie-Anne Grelier Laurie-Anne Grelier assists global companies, especially Asian multinationals, with navigating complex areas of European competition law, including antitrust and cartel investigations, the clearance of mergers, the structuring of distribution, collaborative and other commercial arrangements, and issues related to abuse of dominant…

Laurie-Anne Grelier Laurie-Anne Grelier assists global companies, especially Asian multinationals, with navigating complex areas of European competition law, including antitrust and cartel investigations, the clearance of mergers, the structuring of distribution, collaborative and other commercial arrangements, and issues related to abuse of dominant position. Ms. Grelier also assists these companies in litigation before the European Courts, as well as with state aid and trade matters.