º¬Ðß²ÝÉçÇø

While generative AI and large-language models are anticipated to bring significant benefits to business, governments in asia are eager to regulate against potential misuse

CHINA

HONGKONG

INDIA

JAPAN

PHILIPPINES

RUSSIA

TAIWAN

Shape of China¡¯s AI regulations and prospects

In 2025, during the Chinese New Year, China¡¯s AI model, DeepSeek, gained global attention by surpassing ChatGPT to become the most downloaded app on the Apple application store in both China and the US. This indicates China¡¯s progress in AI and is in line with its national strategy.

In 2017, the State Council introduced the New Generation AI Development Plan with a ¡°three step¡± legislation roadmap. By 2020, the goal was to match global AI standards. By 2025, China aimed for major breakthroughs in AI theory and the world-leading technology and applications for industrial and social progress. Looking ahead to 2030, China aspires to be a global leader in AI.

This article examines China¡¯s AI regulation, focusing on its legislative framework, compliance, law enforcement and future prospects.

Legislative framework

China¡¯s AI regulation is built on a multi-level framework of laws and regulations, covering data compliance, algorithm compliance, cybersecurity and ethics.

Data compliance. China¡¯s data compliance is guided by fundamental laws and regulations, including the:

1. 1. Personal Information Protection Law (2021);
   2. Data Security Law (2021); and
   3. Regulation on Network Data Security Management (NDSM), which is set to take effect in 2025.

Cybersecurity. The regulatory framework for cybersecurity is based on laws and regulations, such as the:

1. 1. Cybersecurity Law (CSL) (2017); and the
   2. NDSM, effective in 2025.

Ethical review. For ethical review, the system is based on the following fundamental laws and regulatory documents:

1. 1. Law on the Progress of Science and Technology (revised in 2022); and
   2. Measures for Science and Technology Ethics Review (Trial) (2023).

Algorithm compliance. Under algorithm compliance, there are both departmental and local regulations. The following frameworks apply under departmental regulations:

1. 1. Provisions on the Security Assessment of Internet-based Information Services with Attribute of Public Opinions or Capable of Social Mobilisation (2018);
   2. Provisional Measures for the Administration of Generative Artificial Intelligence Services (GAI measures, effective in 2023);
   3. Administrative Provisions on Deep Synthesis of Internet-based Information Services (2023); and
   4. Administrative Provisions on Algorithm Recommendation for Internet Information Services (2023).

Meanwhile, the following frameworks are established under local regulations:

1. 1. Regulations on Promoting the Development of Artificial Intelligence Industry in Shanghai (2022);
   2. Regulations on the Promotion of Artificial Intelligence Industry in the Shenzhen Special Economic Zone (2022);
   3. Fujian Province Artificial Intelligence Industry Development Project Management Measures (2024); and
   4. Guiding Opinions on Accelerating the Development of the Artificial Intelligence Industry in Zhejiang Province (2023).

Aside from the departmental and local regulations, China¡¯s primary regulations on algorithm compliance include the Regulations on the Identification of Artificial Intelligence-Generated Synthetic Content (Draft for Comment).

To further implement the above-mentioned laws and regulations, China has also successively introduced a series of national and industry standards and specifications. For all industries, they include:

1. 1. Code of Ethics for the New Generation Artificial Intelligence (2021);
   2. Basic Security Requirements for Generative Artificial Intelligence Services (2024); and
   3. Cybersecurity Technology ¨C Labelling Method for Content Generated by Artificial Intelligence (Draft for Comment).

For the medical industry, they include:

1. 1. Regulatory Rules for Internet-based Diagnosis and Treatment (Trial) (2022);
   2. Guiding Principles for the Classification and Definition of AI-based Medical Software Products (2021); and
   3. Guiding Principles for the Review of Artificial Intelligence Medical Device Registrations (2022).

Finally, for the intelligent-connected vehicles industry, Good Practice for the Administration of Road Tests and Demonstrative Application of Intelligent and Connected Vehicles (Trial) (2021) serves as the industry standard.

Compliance requirements

The GAI measures focus on generative AI service providers, imposing legal obligations like algorithms, content, IP, training corpus and data annotation compliance.

Algorithm filing and security assessment. AI services in China with ¡°public opinion or social mobilisation capabilities¡± must file their algorithm mechanisms with the Cyberspace Administration of China. This includes text, pictures, voice and video-generation AI services. Services without these attributes are exempt from filing. Non-compliant AI providers may face severe penalties, from service suspension to criminal liability. All AI services must also pass a security assessment before filing. Failed services cannot be launched, and existing ones need rectification or removal. These regulations ensure AI services operate safely in China.

Content marking. AI service providers must label generated or edited content using non-intrusive identifiers and retain log information as required by laws. Deep-synthesis services that may cause public confusion need to clearly label content in an appropriate location. No one is allowed to use technical means to delete, alter or conceal these labels. These regulations promote transparency and prevent misinformation in AI-generated content.

Science and technology ethics review. AI providers conducting research in sensitive areas, including algorithm models, applications and systems that influence public opinion and societal awareness, must establish a science and technology ethics (review) committee. They must also carry out ethical risk assessments and review work in compliance with the law.

Data compliance. The data compliance obligations include:

1. 1. Training data. Obligations include the corpus source security obligations, corpus content security obligations, corpus annotation security obligations, and the establishment of compliant lexicons and question banks;
   2. Input data. Providers are not allowed to collect unnecessary personal information, illegally retain input information and usage records that can identify the user¡¯s identity, or illegally provide the input information and usage records of users to others. Deep synthesis providers shall obtain their separate consent; and
   3. Output content. Generative AI must comply with laws, respect for morality and ethics, and uphold socialist values. Content that threatens the state and society, or promotes harmful ideologies and false information, must be avoided.

Law enforcement practice

While AI development has brought great convenience, it has also raised challenges that exceed existing legal boundaries, prompting China to accelerate legislative improvements.

Judicial practice. AI-related judicial cases mainly involve personality and IP rights infringement.

1. 1. Infringement of personality rights. In 2021, the Beijing Internet Court handled an AI-related personality rights case in which a public figure sued over an app¡¯s ¡°AI companions¡±. The court found the defendant liable, as its design and algorithms promoted user-generated content. The case was later recognised as typical in 2022. In 2024, the court issued its first ruling on AI-generated voice infringement, ordering compensation. That same year, it heard two ¡°AI face-swapping¡± cases, ruling that the unauthorised use of models¡¯ images for templates violated the plaintiffs¡¯ personal information rights, requiring compensation and an apology.
   2. Infringement of intellectual property rights. In 2023, the Beijing Internet Court ruled on China¡¯s first AI-generated painting copyright case, protecting relevant works. The Guangzhou Internet Court also handled an AI-related painting copyright infringe-ment case, ordering comp-ensation. In 2024, China¡¯s first AI-generated audio-visual work infringe-ment case entered pre-trial proceedings. The plaintiff accused the defendant of infringement and demanded comp-ensation. The case is ongoing.

Administrative supervisory practice. AI-related administrative penalties have mainly revolved around enterprise qualifications and consumer rights protection. So far, no cases have involved penalties for personal information protection, data security or network security violations.

Prospects

Tech development and industry use. A series of domestic AI tools such as DeepSeek, Doubao and Kimi have emerged. DeepSeek innovates algorithms by optimising architecture to boost computing power efficiency, challenging the traditional power-centred model. Thus, China¡¯s AI and related technologies are set for faster development and have broad prospects.

AI law formulation. Although no major fundamental AI legislation was passed in 2024, the introduction of detailed regulations and active participation in shaping international rules indicate steady legislative efforts. In the near future, China may introduce the Artificial Intelligence Law (basic law). This bill was included in the legislative plan as early as 2023, and listed as a preparatory review project in the State Council¡¯s legislative agenda in 2024.

AI legislation: Efficiency v safety

China has built a highly systematic AI regulatory framework through ¡°legislation first, ethical guidance and classified governance¡±. The key for future legislation and practice is balancing technology innovation with risk control. The rise of domestic AI tools like DeepSeek will speed up the process of Artificial Intelligence Law, and China may offer a ¡°Chinese model¡± for global AI governance, balancing efficiency and safety.

BEIJING DACHENG LAW OFFICES
Floor 9/24/25, No.100 Century Avenue
Shanghai, China
Tel: +86 21 5878 5888

Back to top

---

Hong Kong¡¯s patchwork AI regulatory structure

Artificial intelligence (AI) regulation in Hong Kong is evolving within a fragmented, sector-specific framework. Different regulatory bodies oversee various industries, leading to a patchwork of guidelines rather than a unified regulatory structure. For instance, the Hong Kong Monetary Authority (HKMA) regulates AI applications in the banking sector, the Securities and Futures Commission (SFC) oversees AI in financial services, and the Office of the Privacy Commissioner for Personal Data (PCPD) provides guidance on data privacy in the use of AI across all sectors.

Additionally, common law principles address AI-related harms not specifically covered by existing regulations, allowing for legal recourse in disputes arising from AI deployment. While this overall approach allows for tailored oversight, it can create compliance challenges for businesses operating across multiple sectors.

This chapter of the guide focuses on key areas that require particular attention on the use of AI in Hong Kong. The authors first examine high-risk AI applications such as financial services, medical services and legal services, where AI use presents heightened regulatory and ethical concerns. We then explore sector-specific considerations, highlighting industries where AI adoption is particularly impactful, or where regulation is advancing quickly.

Following this, the authors discuss AI governance within organisations, explaining how businesses can integrate AI responsibly using structured oversight models such as the ¡°three lines of defence¡±. Finally, we consider data privacy concerns, which are particularly relevant given the large volume of sensitive information processed by AI tools.

By examining these critical areas, this chapter provides a practical framework to help businesses navigate Hong Kong¡¯s AI regulatory landscape while ensuring compliance and effective risk management.

High-risk AI applications

High-risk AI applications in Hong Kong reflect global trends, particularly in investment advice, fraud detection, legal advice and hiring. These applications and others are considered high-risk because they involve sensitive data such as personal information, affect consumer rights, or have significant financial and legal consequences.

For example, AI-driven investment advice may lead to unsuitable product recommendations, creating financial exposure for consumers and firms. Similarly, AI-powered fraud detection must be highly accurate to avoid false positives or negatives.

AI fraud detection is commonly used in financial services, e-commerce and cybersecurity, where machine learning models assess transaction patterns, user behaviour and device data to identify potential fraud in real time.

Such systems must be carefully monitored to prevent bias and ensure compliance with Hong Kong¡¯s data protection and anti-fraud regulations. Legal AI tools handling case law analysis and contract drafting must ensure accuracy and fairness, while AI-based hiring tools need safeguards against bias and discrimination.

Regulatory bodies such as the SFC and HKMA have issued guidance addressing these types of risks in the financial services context. The SFC¡¯s Circular on Generative AI requires licensed corporations to conduct risk assessments on the use of AI language models and sets out guiding principles for such risk assessment. Licensed corporations must also implement risk mitigation measures and monitoring mechanisms for AI-driven financial services. Meanwhile, the HKMA¡¯s High-Level Principles on Artificial Intelligence provide recommended practices for AI governance. Regulatory sandboxes, such as the HKMA Gen AI Sandbox, offer businesses opportunities to test high-risk AI applications in a controlled environment.

Businesses implementing AI in high-risk areas may consider assessing applicable regulatory frameworks, incorporating human-in-the-loop mechanisms for oversight and ensuring continuous monitoring to mitigate risks.

Sector-specific AI

The use of AI in some sectors warrants particular attention due to regulatory focus, rapid technological advancements or the critical nature of AI applications. In this section, we discuss a range of sector examples.

In the banking and financial services sector, AI is widely used for robo-advisers, fraud detection and customer service. For example, it was reported in February 2024 that ICBC Asia in Hong Kong invested in AI technology to identify potentially fraudulent transactions and investigate alleged scams.

The HKMA and SFC require firms to implement governance frameworks that prioritise model explainability, cybersecurity and risk-based oversight.

The healthcare sector is leveraging AI for diagnostics, patient care tools and operational efficiency. However, liability risks and data privacy concerns remain significant. For example, the PCPD notes that ¡°healthcare providers use AI to analyse medical records and assist doctors in diagnoses¡±, and it gives ¡°AI-assisted medical imaging analytics or therapies¡± as an example of high-risk AI use. The PCPD emphasises the need for human oversight to ¡°reduce the risk of significant adverse impacts on individuals materialising during deployment¡±.

The legal sector is also increasingly adopting AI for tasks including contract analysis, legal research and document automation. The Law Society of Hong Kong¡¯s 2024 position paper highlights the need for specialised roles such as legal knowledge engineers ¨C also known as ¡°prompt engineers¡± ¨C who develop knowledge bases, encode legal rules and optimise AI outputs. Legal technologists and automation specialists can also play a key role in implementing and managing AI tools, requiring expertise in areas like natural language processing, logic programming and workflow automation.

In the judicial context, specific guidelines have been introduced to ensure AI use aligns with principles of judicial independence, impartiality and accountability, emphasising that AI may not be used to usurp or encroach on judicial functions but may support and facilitate judicial work.

AI governance

For businesses using AI, regulatory compliance and risk management are key considerations. A governance framework can help organisations balance innovation with accountability. The authors have assisted financial institutions with reviewing their policies for AI use.

A model we have seen includes the three lines of defence framework, which helps integrate AI oversight across different functions within a business. The three lines of defence framework is widely used by financial institutions in corporate compliance and applies to their day-to-day operations to enhance efficiency.

The framework aims to balance compliance obligations with AI innovation by ensuring independent checks at multiple levels:

• • The first line of defence consists of business units that develop and deploy AI-driven tools for uses including customer engagement, fraud detection and process automation. These units must ensure AI-driven decisions align with regulatory expectations and ethical considerations such as bias mitigation and transparency in decision-making.
  • The second line of defence includes risk management and compliance teams that assess AI models for vulnerabilities, cybersecurity threats and regulatory alignment. Many organisations use AI risk assessment frameworks, drawing from the HKMA and SFC best practices to ensure AI systems remain compliant and robust.
  • The third line of defence involves independent audits to validate AI governance and risk management effectiveness. These periodic reviews help businesses detect potential regulatory gaps, enhance accountability and strengthen trust in AI-driven processes.

Data privacy and AI

As AI systems process increasing volumes of sensitive data, data privacy has become a key regulatory concern in Hong Kong. The ¡°Artificial Intelligence: Model Personal Data Protection Framework¡±, published by the PCPD in June 2024, provides detailed guidelines on the handling of personal data by organisations (including financial institutions) procuring, implementing and using AI systems that involve personal data.

Adopting a risk-based approach, the PCPD framework provides recommendations for local enterprises, while the Data Protection Principles under the Personal Data (Privacy) Ordinance (cap 486) remains applicable.

An increasing concern is data scraping, in which AI models collect publicly available online data without explicit consent for unauthorised uses such as reselling the data, facilitating cyberattacks, committing identity fraud, or enabling unsolicited direct marketing and spam messages.

The PCPD has warned that data scraping can lead to significant privacy risks. The PCPD¡¯s joint statement on data scraping highlights that businesses using AI must take proactive measures to ensure compliance with data protection laws.

Conclusion

In the absence of a unified AI regulatory framework, businesses and other stakeholders that proactively address high-risk AI applications, tailor industry-specific compliance strategies and establish robust AI governance models will be better positioned to mitigate regulatory risks.

Companies may consider thoroughly assessing applicable regulations, engaging with regulatory sandboxes and implementing governance structures such as the three lines of defence model. Data privacy remains a central issue, and organisations may consider best practices in data protection, including anonymisation and transparent AI decision-making.

A proactive approach to governance, risk management and regulatory engagement will be essential for businesses looking to integrate AI while maintaining compliance. Expert legal guidance can help navigate the evolving AI landscape and ensure responsible, compliant AI deployment that aligns with business objectives.

STEVENSON, WONG & CO.
39/F, Gloucester Tower,
The Landmark, 15 Queen¡¯s
Road Central, Hong Kong
Tel: +852 2526 6311
Email: info@sw-hk.com

Back to top

---

Call for focused approach to AI regulation in India

India has a robust services-based economy encompassing diverse sectors including IT services, telecoms, e-commerce, healthcare and financial services. These factors position it as a significant data depository that can drive development of AI, specifically GenAI.

Recognising the transformative and economic potential of AI, the government has been taking proactive measures aimed at monetising this growth, evidenced by initiatives such as the IndiaAI Mission, IndiaAI Dataset Platform and AIKosha, directed towards delivery of essential or routine services.

Additionally, multiple policy briefs and sectoral consultation papers have highlighted the need to bring effective regulatory oversight over AI, ensuring it is developed and deployed safely, fairly and with accountability.

The national approach is primarily directed towards encouraging AI innovation, along with mandating a principles-based approach to AI ethics. The government is prioritising AI-driven economic growth by creating frameworks to foster AI innovation, recommending ethical standards, and promoting investment in digital infrastructure and skill development programmes.

As such, regulation of AI remains an evolving issue, with the government striving to balance technological advancement with regulatory oversight, while taking steps as a relevant stakeholder in the global conversation on AI governance.

In contrast to jurisdictions like the EU, with prescriptive AI-specific laws, this regulatory approach has been somewhat reactive and lacks materiality at this stage.

For example, India has yet to frame a comprehensive legal framework (whether under a new law or by amending existing laws) tailored to AI governance.

While sectoral requirements exist, both binding and advisory, these are fragmented across multiple regulators like the Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), Telecom Regulatory Authority of India (TRAI) and Competition Commission of India (CCI), each interpreting AI governance through its own institutional lens.

This decentralised approach has resulted in some business uncertainty. To address issues arising from AI use while navigating this evolving landscape, India must move towards a more unified and proactive approach to its regulation and governance.

Regulatory approach so far

The government has, at different instances, argued for both a hands-off approach and more direct intervention, creating unpredictability for AI developers. Recent developments include:

• • In 2024, the Ministry of Electronics and Information Technology (MeitY) issued an advisory requiring prior approval for deploying AI models, along with mandating platforms and intermediaries to implement measures to prevent dissemination of deepfakes and algorithmic discrimination, label AI-generated content, and inform users of unpredictability of AI.

However, following some industry pushback, this advisory was withdrawn and replaced with a revised version that is non-binding in nature. A more direct approach was expected from the Digital India Act (DIA), a proposed unified law regulating high-risk AI systems, bringing algorithmic accountability, zero-day threat and vulnerability assessment, and AI-based ad targeting and content moderation. The government is still working on drafting this law and continues reconsidering the timing of its release.

• • In January 2025, the MeitY released its Report on AI Governance Guidelines Development, which advocates some of the issues discussed in connection with the DIA, such as amended intellectual property laws addressing AI-based infringement and copyrightability of AI outputs, regulation of bias and discrimination arising from the use of AI, and activity-based regulation of AI based on risk mitigation. The report also encourages a sandbox approach for low-risk use of AI, and advocates voluntary commitments from the industry (through content provenance, red teaming, model cards, etc.) to help the government¡¯s information gathering objective via AI.
  • Various sector-specific regulatory bodies like the SEBI, RBI and BIS have made efforts to address AI-related concerns applicable to their regulated entities. The positive news is that the MeitY report advocates a ¡°whole of government¡± approach so a unified AI policy framework can be applied across industries.

Key legal issues

Several critical legal issues remain unresolved, such as:

AI bias and algorithmic accountability. AI systems have been criticised for exhibiting bias, especially in hiring, lending, law enforcement and healthcare. This bias often arises from use of skewed or incomplete data during the training phase.

Unfortunately, º¬Ðß²ÝÉçÇø current legal framework lacks provisions that mandate fairness, transparency and accountability in AI systems, and their inherent training data. The MeitY report acknowledges the concerns related to AI bias, but stops short of recommending specific regulatory requirements aimed at mitigating such risks.

As a result, AI developers continue to operate with limited or no legal safeguards, and users remain at risk of algorithmic discrimination and lack adjudication safeguards in the event of a risk/loss.

Data privacy and AI training. While the Digital Personal Data Protection Act, 2023 (DPDP Act) itself does not regulate AI, it will have indirect implications on the way AI systems are developed and deployed, particularly when they make use of personal data.

For example, the DPDP Act does not apply to public data; given that many AI applications will use such data, insights on this would be helpful. Further, it allows data holders to seek changes to their data, which is a difficult task if that data has already been used in AI training. Exploratory use of data for AI training may also not be possible, as the DPDP Act requires purpose and data-based content to be obtained from the data holders.

Copyright conundrum. The use of copyrighted material to develop and train AI systems may lead to the creation of derivative works and thereby lead to infringement actions. The MeitY report also categorises this use of copyrighted data as infringement.

However, it fails to clarify what degree of similarity with the copyrighted material should be present for a successful claim of infringement. It indicates that, since the current law provides limited means of enforcement of infringement claims of copyright holders, the law will need to be updated to strengthen their position, as well as due diligence measures implemented by AI developers prior to accessing copyrighted content.

As AI becomes more capable of generating creative works, questions surrounding the copyrightability of AI-generated content have become increasingly important. But in India there is no clear legal stance on whether AI-created content is eligible for copyright protection, or if human involvement is necessary for authorship claims. This uncertainty creates challenges for businesses and creators who are unsure of their rights.

Intermediary liability. The classification of AI models as intermediaries under º¬Ðß²ÝÉçÇø Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, requires careful legal scrutiny, particularly in light of section 79 of the Information Technology Act, 2000 (IT Act). The safe harbour protections under this provision are contingent on intermediaries not modifying or selecting content, a condition that most AI-based systems may not satisfy.

The intermediary liability framework under the IT Act needs updating to reflect the realities of AI systems, ensuring that AI-generated content is not misclassified under legacy definitions of publishers or intermediaries.

Responsibility. Another core issue in AI regulation is determining who should bear responsibility ¨C the developer who builds the AI model, the deployer who integrates it into applications, both in different capacities, or even users who apply prompts in increased use of AI via APIs?

These issues are not dealt with under present law, and while the MeitY argues that existing laws will continue to regulate instances of abuse or violation of AI use, interpretative practices on allocation of liability and accountability will continue unless sufficient guidance is provided.

Conclusion

º¬Ðß²ÝÉçÇø approach to AI regulation has made significant strides in terms of policy, but continues to grapple with uncertainty when it comes to definitive legislation. Although the MeitY report has sparked discussions on key regulatory challenges, concrete measures may take time. While the DIA was expected to regulate some issues, latest news suggests the government is reconsidering introducing a unified law until the implications and benefits of AI are fully understood in º¬Ðß²ÝÉçÇø unique context.

Moving forward, a balanced and thoughtful approach to AI-specific legislation is crucial to foster business certainty, support user rights and enable responsible innovation.

AZB & PARTNERS
AZB House, A-8, Sector 4,
Noida ¨C 201301, National Capital Region, India
Tel: +91 120 417 9999; +91 120 692 3700

Back to top

---

Artificial intelligence and the law in the Philippines

The Philippines edged up the rankings, from 65th to 56th, in the latest Government AI Readiness Index 2024, which assesses the readiness of artificial intelligence (AI) in 188 countries.

The index, published by Oxford Insights, is based on 40 indicators spread across 10 dimensions and three core pillars, namely, government, technology sector, as well as data and infrastructure.

Of the three, the Philippines scored highest under the government pillar, at 74.49 out of 100 (up from 65.43), followed by data and infrastructure at 62.45 (up from 56.13).

However, the technology pillar has some catching up to do, scoring only 38.58, up from 34.38. These scores fairly reflect recent initiatives in the legal and policy space involving emerging technologies.

Strategic roadmap

The Department of Trade and Industry (DTI) now seeks to address the barriers to AI adoption, releasing its National AI Strategy Roadmap 2.0, which incorporates emerging themes like AI ethics and governance, among others.

Under this new roadmap, increasing the national budget for national research and development spending is prioritised to meet UNESCO¡¯s R&D spending recommendation of 1% of the country¡¯s gross domestic product.

It also outlines seven strategic imperatives, which include:

1. 1. establishing a robust, connected and networked environment;
   2. improving data access and value extraction;
   3. transforming education and nurturing future AI talent;
   4. fostering an AI ecosystem that prioritises ethical considerations; and
   5. mastering and pushing the boundaries of AI R&D.

This recent initiative adds to earlier policy initiatives in the AI space including: the Department of Science and Technology AI Roadmap for 2022-2028; the DTI¡¯s (first) National AI Strategy Roadmap; and numerous policy statements in the 2023-2028 Philippine Development Plan on the importance of tapping the potential of emerging digital technologies to unlock new markets and deliver new goods and services.

Specific imperatives

In connection with the first and second strategic imperatives, the National Economic and Development Authority is pushing for passage of the Konektadong Pinoy (Connected Filipino) Bill (Senate Bill 2699). This proposed legislation seeks to promote competition in data transmission services in the telecoms sector by adopting an open access policy.

It defines open access as a system of allowing the use of data transmission networks and associated facilities by data transmission industry participants subject to fair, reasonable and non-discriminatory terms in a transparent manner.

Policy makers have observed that internet service continues to be one of the most expensive in the Asean region; and that while internet speed has significantly improved in the past couple of years, it remains below the global average.

As regards the third strategic imperative, Republic Act (RA) No. 11927, the Philippine Digital Workforce Competitiveness Act (2022), was recently enacted to enhance the skills and competitiveness of the workforce in human and digital technology and innovation.

Another is RA No. 11899, the Second Congressional Commission on Education Act II, which aims to prioritise the adoption of digital transformation in education and institutionalise educational reforms through the promotion of digital literacy and the development of necessary core competencies and 21st century skills.

However, the country acknowledges that a skills mismatch remains a pressing concern as education and training systems have yet to align with skills demanded in the labour market.

Thus, early last year, the Tatak Pinoy (Proudly Filipino) Act was enacted, with a Tatak Pinoy Strategy (TPS) structured according to five specific pillars:

1. 1. human resources;
   2. infrastructure;
   3. technology and innovation;
   4. investment; and
   5. sound financial management.

Under the law, Tatak Pinoy investments and projects would be incorporated in the Strategic Investment Priority Plan (SIPP) based on some eligibility criteria, with all duly identified Tatak Pinoy investment activities and projects automatically included in the list of priority activities.

Particularly under the first pillar (human resources), a roadmap promoting academe-industry linkage developing programmes to match industry demands will be created. This in turn resulted in the launch of the Academe-Industry Matching (AIM!) Programme late last year.

As for the fourth pillar, the Board of Investments amended the 2022 SIPP to fortify the education sector and thereby enhance the nation¡¯s workforce capabilities.

The amendment allows foreign higher education institutions to set up branch campuses in partnership with local entities ¨C provided the latter are at least 60% Filipino-owned ¨C and also provides for the establishment of education cities.

Combined, these initiatives are crucial, considering that under the 2022 SIPP, R&D and activities adopting advanced digital production technologies of the fourth industrial revolution, including robotics and AI, are already included in the List of Priority Activities that may be eligible for several tax incentives.

In relation to the fourth strategic imperative, the Department of Information and Communications Technology and the Civil Service Commission have sought public consultation on its draft joint memorandum circular titled Principles and Guidelines for an Ethical and Trustworthy Use of Artificial Intelligence (AI) in the Government.

Confirming the country¡¯s adoption of the OECD¡¯s AI principles, UNESCO¡¯s global standards on AI, and the Asean guide on AI governance, the draft provides that the use of AI systems should be:

1. 1. justified;
   2. appropriate in the context, and not exceeding what is necessary; and
   3. proportionate to achieve legitimate aims in accordance with governing rules and regulation.

On the other hand, as educational institutions continue to explore and leverage potential benefits of AI, the Department of Education encourages educational institutions to use AI tools responsibly, but has yet to come up with AI guidelines for the education sector. Under the fifth mentioned imperative, the DTI has also launched the Centre for AI Research to serve as a hub for AI-driven R&D.

Privacy and AI

Contrary to the usual perception, there is a law that regulates the use of AI in the Philippines ¨C although in a very limited sense ¨C and that is through the lens of data privacy/data protection.

Consistent with this observation, the National Privacy Commission (NPC) issued a December 2024 advisory on the application of the Data Privacy Act (DPA) to AI Systems Processing Personal Data during their development or deployment, including training and testing.

As data used to train LLMs is largely from publicly available internet sources, the advisory reiterates that publicly available personal data does not lose legal protection simply because it has been made public or is publicly accessible.

More importantly, controllers must institute appropriate and effective governance mechanisms to ensure the responsible and ethical processing of personal data in the development or deployment of AI systems. Controllers must also implement mechanisms to allow for meaningful human intervention to be carried out by authorised persons.

The advisory additionally requires controllers to implement mechanisms to allow their data subjects to contest automated decisions when its effect poses significant risk to their rights and freedoms.

Notably, the advisory did not use the word ¡°sole¡± or ¡°solely¡±, unlike earlier NPC issuances relating to automated processing/decisions, which could mean that the decision may or may not be a completely automated one.

However, the data subject¡¯s ability to question is premised on an automated decision that ¡°poses a significant risk to the rights and freedoms of a data subject¡±, which is narrower than the phrase ¡°significantly affects or will affect¡± in an earlier issuance.

Take note that the issuance is simply an advisory and therefore only serves as a guideline to concerned entities and individuals. Wisely, the NPC avoided the question of how a data subject¡¯s ¡°right to be informed¡± of the ¡°meaningful information about the logic involved, as well as the significance and the envisaged consequences of such [automated] processing for the data subject¡± applies in the AI context. This is a grey area involving much deeper issues.

DIVINALAW
8/F Pacific Star Bldg., Sen. Gil Puyat Ave.
cor. Makati Ave., Makati City, Philippines
Tel: +63 2 8822 0808
Email: info@divinalaw.com

Back to top

---

Development of AI regulations in Russia

Russia is developing a legal framework to regulate artificial intelligence (AI) and experts say there is no immediate need for comprehensive regulation. Instead, it is sufficient to focus on improving ethical and technical standards to set boundaries for developers and users of AI technologies.

Existing Russian regulations directly or indirectly affect the development and use of AI, potentially leading to certain legal risks that require careful consideration by businesses and developers.

General regulatory developments

The development of AI is a state policy priority. Russia has adopted several acts defining key objectives and directions for AI development in the country, as well as implementation mechanisms, which include:

1. 1. The National Strategy for AI Development until 2030;
   2. The Strategy for the Development of the Information Society in the Russian Federation for 2017-2030;
   3. The Concept for the Development of Regulation of Artificial Intelligence and Robotics Technologies until 2024; and
   4. Federal projects ¡°Artificial Intelligence¡± and ¡°Regulatory Framework for the Digital Environment¡± under the National ¡°Digital Economy¡± Programme.

These documents, however, only reflect the strategic goals for AI development in Russia.

Regulatory sandbox

In 2020, laws were adopted to create conditions for AI development in Russia. The main one focuses on creating experimental legal regimes (ERLs), or regulatory sandboxes ¨C a tool allowing the implementation of innovations in test mode.

To create an ELR, a company or individual entrepreneur must develop a project, submit it and obtain approval from authorities.

Intellectual property

In most countries, including Russia, intellectual property regulations do not protect AI-generated content. In cases where an author has made a creative contribution to a work, and AI has been used only as a tool, this resulting content may be protected by copyright.

Third-party rights. Many AI systems are trained on large datasets, while users are practically unrestricted in forming queries and can:

1. 1. generate results that reproduce (fully or partially); or
   2. emulate the style of a real author. While case two falls outside IP regulation, the first may be illegal and lead to liability for the respective rights holder, even in cases of partial reproduction. For example, if an AI user creates an image that reproduces individual elements of a protected work, the criterion of a substantial part may be used to establish infringement ¨C the rights holder controls not only the use of the entire object but also its substantial parts.

The substantial part is not interpreted literally (e.g. more than 50% of the work). It is determined based on qualitative and quantitative criteria, which interact like communicating vessels: the smaller one is, the larger the other must be.

Accordingly, if individual elements of a protected work are reproduced in a generated object, the court will analyse whether protected (substantial) elements were used. If such elements are found, the use of the generated object may be deemed illegal, with a ban on its use.

Personal data

Personal data in one form or another may be used in AI operations: by developers to train AI models; by users to generate various results; and in other cases. Such processing must comply with personal data legislation.

Potential issues vary depending on the subject¡¯s status and include the following:

Extraterritorial application of Russian law. In 2022, an extraterritorial provision was added to the Russian Data Protection Law. Collecting data from Russian citizens based on a contract or consent is recognised as sufficient grounds for applying Russian personal data law to foreign entities.

Legal grounds for processing. A company may process personal data only if there are legal grounds (e.g. consent).

Use of sensitive data. AI systems may be used, among other things, to analyse voices or images of individuals. In certain cases, these may be classified as biometric personal data, which are subject to stricter controls and regulations.

Localisation. When collecting personal data of Russian citizens, their storage and certain other actions must be carried out using databases located in Russia.

Cross-border data transfer. Transferring data abroad needs compliance with special requirements:

1. 1. assessing the recipient; and
   2. notifying the competent authority (Roskomnadzor) of the transfer.

Automated decision making. The law prohibits making decisions that have legal consequences or otherwise affecting the rights of the subject based solely on automated processing of personal data without written consent.

Application of legal, organisational and technical measures to ensure personal data security. These measures are primarily aimed at properly organising work with personal data and, ultimately, protecting their confidentiality.

Moral rights

The publication and further use of a person¡¯s image, including photographs, video recordings, or works of art depicting them, are generally permitted only with the person¡¯s consent.

Moral rights are inseparable from the individual (including their appearance, artistic or everyday image, voice and other perceptible manifestations of individuality) and are protected by law. Thus, for instance, a person¡¯s voice (including a generated voice) is protected and its use requires consent.

Advertising

AI may be used to create advertising materials and the subsequent distribution of such ads must comply with advertising legislation.

The law establishes several requirements for advertising. It must inter alia be truthful, fair, complete and ethical. Additional requirements are established for certain advertised objects (e.g. alcohol, medical devices and financial services). If AI is used to create advertising materials, it is necessary to ensure that the resulting product complies with legal requirements.

Prohibited information

Russian legislation defines various types of prohibited information. If prohibited information is identified, authorities (often with the help of a telecoms operator or hosting provider) initiates a procedure to block the information resource. If the prohibited information is removed, access may be restored, except in cases of permanent restriction.

Blocking procedures may vary depending on the type of information (e.g. extrajudicial or judicial blocking, with or without notification).

If a company plans to use AI to create materials for subsequent distribution, it is recommended to:

1. 1. analyse the list of prohibited information;
   2. identify the most relevant to its activities; and
   3. prevent their distribution.

Recommendation technologies

Recommendation technologies are subsets of AI or data mining providing information based on the collection and analysis of user preferences.

Resource owners using recommendation technologies must fulfill several obligations, including:

1. 1. Prohibiting the use of recommendation technologies that violate the rights and interests of people and companies or provide information prohibited by Russian law;
   2. Informing users on the use of recommendation technologies and providing information about the resource owner and their email address; and
   3. Publishing the rules for using recommendation technologies in Russian. The rules must describe the processes and methods used, and the types of information collected.

Liabilities

Under current state policy, responsibility for all consequences of AI systems lies with an individual or legal entity. Existing civil and criminal liability mechanisms do not require fundamental changes, and can be applied in cases of harm caused by AI.

Civil liability. If an individual, legal entity or their property is harmed, the person causing the harm must fully compensate the victim. This provision is universal and applies to all torts not explicitly regulated by law.

Thus, the general tort principle applies, meaning that liability for harm caused by AI lies with the person who caused the harm, provided their actions constitute a civil offence.

Depending on the circumstances, the responsible party may be the AI developer, the owner of exclusive rights to the AI, the AI user, the manufacturer of goods, or the provider of services using AI. The court will determine this on a case-by-case basis, most likely based on some expert opinion.

Criminal liability. AI is defined as a means of committing a crime (merely a tool), and the criminal law provisions on liability are fully applicable to crimes committed using AI technologies.

SEAMLESS Legal (SL Legal)
10 Presnenskaya Naberezhnaya,
Block C, 123112 Moscow, Russia
Tel: +7 49 5786 4000
Email: info@seamless.legal

Back to top

---

Taiwan¡¯s AI strategy and regulatory framework

The government of Taiwan has adopted a proactive approach to support the AI industry, promoting industrial development through policy measures and corresponding legal frameworks. In the latter half of 2024, the National Science and Technology Council (NSTC) introduced the draft AI Basic Act, which was submitted to the Executive Yuan (Taiwan¡¯s cabinet) for review in early 2025.

In parallel, Taiwan has amended laws to address AI-driven fraud, deepfake activities and election manipulation. The government also plans to enact new legislation on data governance and open data and to address the data-driven characteristics of AI.

AI government policies

Taiwan¡¯s government actively supports the development of professional AI chips, AI hardware, and large-scale language models to promote the comprehensive growth of AI research and applications. Meanwhile, the manufacturing, finance, healthcare, agriculture and retail sectors are encouraged to integrate AI for digital transformation. These are the measures:

1. 1. Education and talent development. The Ministry of Education launched the Befriended with AI education programme to boost AI literacy at the compulsory education level. Universities and industry partners are collaborating to cultivate specialised AI and interdisciplinary talents, enhancing overall R&D capacity.
   2. AI chip technology and vertical applications. Leveraging Taiwan¡¯s competitive advantage in semiconductors and ICT hardware, the AI on Chip Taiwan Alliance supports the development of cutting-edge AI chip technology and its industry-specific applications.
   3. AI computing and localised large-language model development. The National Centre for High-Performance Computing collaborated with private sector actors to develop TAIWANIA 2, a supercomputer dedicated to AI.

Using the TAIWANIA 2 supercom-puter, the National Applied Research Laboratories launched TAIDE, a large-scale localised language model tailored to Taiwanese data. TAIDE uses public data (including judgments, Constitutional Court interpretations and other court decisions from Taiwan¡¯s Judicial Yuan) to refine traditional Chinese-language models. The model supports languages such as Taiwanese and Hakka. It aims to integrate AI into the agriculture, education and automation industries.

1. 4. AI product and system evaluation. The Ministry of Digital Affairs (MODA), in co-operation with the National Institute of Cyber Security and the Industrial Technology Research Institute, has established the Artificial Intelligence Evaluation Centre.

This centre will establish certification mechanisms and guidelines for AI products, as wel as systems to ensure safer and more interpretable AI applications.

Legal responses to AI challenges

Despite rapid advances in AI technology, legal challenges remain. The Legislative Yuan is prioritising cases where AI or deepfake technology is used for fraudulent or election manipulation purposes. Meanwhile, MODA is drafting and revising legal frameworks for data governance. The NSTC¡¯s draft AI Basic Act is intended to lay the groundwork for interagency collaboration and unified regulation of AI. These efforts fall into three core areas:

1. 1. Prevent fraud and regulate deepfakes. AI can be weaponised to spread false information or commit fraud. To address these risks, the government has adopted a strategy to use AI to combat AI fraud. The National Institute of Cyber Security uses AI algorithms to detect bot accounts and suspicious advertisements, facilitating rapid blocking and removal actions.

Recognising that deepfakes or other synthetic technologies can compromise election integrity and facilitate money laundering or fraud, relevant amendments have been made to the Criminal Code, the Fraud Crime Hazard Prevention Act, the Public Officials Election and Recall Act, the Presidential and Vice Presidential Election and Recall Act, and the Money Laundering Control Act. These amendments establish criminal liability for disseminating false information or committing crimes using deepfake technology. They also require online advertising platforms to disclose instances where such technology is employed.

1. 2. Data governance and use. Open government data: High-quality training datasets are essential for AI research and development. MODA aims to expand access to official records (e.g. government documentation systems and various public data) and consolidate tens of thousands of datasets for large-scale language models such as TAIDE.

New legislation on data innovation: MODA is drafting the Act for the Promotion of Data Innovation and Utilisation, which is aimed at increasing the accessibility of open data, providing shared data at low or no cost, and establishing cross-industry data-sharing mechanisms that facilitate the exchange of reliable, high-quality data.

Mitigating data use risks: The use of data is subject to the Copyright Act, the Personal Data Protection Act and other relevant regulations. The Intellectual Property Office has issued a ruling on the use of AI, suggesting that without the consent or authorisation of the copyright holder of logo images, the use of AI technology to generate output may constitute a reproduction of others¡¯ works. As a result, the vice premier of the Executive Yuan is overseeing a regulatory review involving all relevant ministries and agencies with the aim of creating a more flexible data governance framework.

In parallel, the draft amendments to the Personal Data Protection Act will be rolled out with substantially updated provisions, and the Personal Data Protection Commission Prep-aratory Office will be established, bolstering personal data protection in an era where ¡°data is the new oil of the digital economy¡±.

1. 1. Draft fundamental act on artificial intelligence. To ensure that AI technology aligns with human rights, privacy, industrial competitiveness and the public interest, the NSTC introduced the draft AI Basic Act in 2024, which was submitted to the Executive Yuan for review in 2025. The Executive Yuan is expected to forward it to the Legislative Yuan for enactment. Key elements of the draft include:

Definition and scope of AI: The definition of AI is crucial because it determines the scope of the regulation. The draft act ensures broad coverage of AI techniques and approaches, ranging from basic knowledge-based algorithms to sophisticated neural networks.

Guiding principles of AI: The draft act sets out guiding principles for AI R&D, including sustainability, human autonomy, privacy, data governance, security, transparency, explainability, fairness and accountability. It reflects international frameworks such as the OECD, G7, and the EU AI Act. In particular, the act highlights the need to promote and use non-sensitive data.

Risk-based management: MODA will be given the authority to classify AI risks in line with international standards, with enforcement by respective sector-specific regulators. This provision aims to promote AI innovation within safety parameters, highlighting potential impacts on child welfare, consumer protection, labour markets and data privacy.

Data privacy and openness: Data openness and governance must be mandated to ensure the availability of adequate, high-quality, non-sensitive data for AI models while protecting personal data.

Adaptive legislation and cross-agency collaboration: Each ministry and agency must review its regulatory framework and report to the Executive Yuan to ensure alignment with the rapid technological evolution of AI. For example, the Ministry of Labour may implement vocational training programmes that focus on AI¡¯s implications for the workforce, whereas the Ministry of Environment may need to work with other agencies to balance AI¡¯s significant energy consumption with environmental sustainability.

Conclusion

Taiwan plays a critical role in the global AI landscape with its advanced and robust ICT and semiconductor industries, as well as expertise in server manufacturing. These achievements exemplify the nation¡¯s industrial resilience and technological depth while highlighting the government¡¯s effective policymaking, from nurturing AI talent and fostering industrial innovation to refining AI laws. Taiwan is diligently building a comprehensive policy and legal framework around AI, demonstrating its commitment and efficacy as it advances into the AI era.

LEE AND LI, ATTORNEYS-AT-LAW
8F, No 555, Sec 4, Zhongxiao E Rd
Taipei 110055, Taiwan, ROC
Tel: 886 2 2763 8000
Email: attorneys@leeandli.com

Back to top