含羞草社区

As artificial intelligence reshapes economies and industries, jurisdictions across Asia are racing to set the rules for the AI age

INDONESIA

JAPAN

KOREA

PHILIPPINES

TAIWAN

THAILAND

VIETNAM

Building trust in the algorithm: Indonesia’s emerging AI framework

Indonesia has emerged as a leading player in the region’s digital ecosystem and is increasingly positioned at the forefront of AI adoption. The government set out its long-term AI vision through the Artificial Intelligence National Strategy for Indonesia 2020-2045: AI Towards Indonesia Vision 2045. A 2023 Kearney report analysing global business trends projected that AI could contribute USD366 billion to Indonesia’s GDP by 2030.

As Indonesia moves forward with this ambition, its AI governance framework remains at an early stage, reflecting the broader challenge of aligning legislative and institutional responses with the country’s fast-moving technological development.

This regulatory gap presents both challenges and opportunities to strengthen accountability, enhance legal certainty, and build public trust in AI technologies. It also makes Indonesia’s evolving approach to AI governance – through existing legal instruments, emerging policy initiatives and ongoing regulatory efforts – particularly worthy of closer examination.

Framework and governance

Existing legal instruments governing AI. Indonesia has yet to introduce a law or regulation that specifically addresses AI-related matters. Instead, the operation and use of AI are subject to existing general laws and regulations. These include those governing the operation of electronic system regulations in the Electronic Information and Transactions Law, amended by Law No.1 of 2026 on Criminal Adjustment (EIT Law) and Government Regulation No.71 of 2019 on the Provision of Electronic Systems and Transactions.

Under this framework, AI may be construed as an “electronic agent”, defined as “a device within an electronic system created to perform certain actions on specific electronic information automatically, which is operated by a person”.

However, this definition is arguably inadequate for AI systems because AI operates not merely in an “automatic” manner but often autonomously, exhibiting human-like adaptive behaviour and complex problem solving capabilities. Such autonomy enables AI to generate personalised and context-specific output, rather than producing purely binary results like other conventional programming models.

In the absence of a detailed regulation governing the use and development of AI, the Ministry of Communication and Digital Affairs (MOCD) issued Circular Letter No.9 of 2023 on Artificial Intelligence Ethics (CL9) that essentially provides general guidelines on the values, ethics and control of AI-based consultation, analysis and programming activities undertaken by businesses undertakings and electronic system operators (ESOs).

Specifically, the operation of AI must uphold ethical values, notably inclusivity, security, accessibility, transparency, credibility and accountability.

In practical terms, AI operators are expected to: take responsibility for safeguarding society in use of data; ensure that AI is not used as a decision maker on matters concerning humanity; prevent discrimination and other harmful actions; and consider risk management and crisis management.

In addition to these generally applicable frameworks, AI deployment is also subject to sector specific regulation in certain industries. For example, the Financial Service Authority (OJK) overseeing financial service sectors has published the Indonesian Banking Artificial Intelligence Governance, which introduces:

1. 1. AI guiding principles including: reliability (AI decisions are dependable for banks to achieve their objectives); accountability (AI operators can be held responsible for proper functioning of AI systems); and human oversight (to ensure human intervention throughout the AI systems process, from precautionary measures and potential biases to preventing AI from generating output that contravenes ethical values and objectives);
   2. AI system risk management and classification (i.e. a series of frameworks to assess and classify the risk of AI systems according to the EU AI Act); and
   3. Guidelines for banks on implementing AI in their systems, encompassing all stages of the AI lifecycle, and serving as a minimum reference for the use of AI across banking operations and business processes.

The OJK has also introduced the Code of Conduct for Responsible and Trustworthy Artificial Intelligence in the Financial Technology Industry, which provides normative expectations regarding fairness, transparency, explainability and human oversight in the use of AI within financial technology services, complementing legal obligations under data protection and consumer protection regimes.

Emerging AI-specific policies and development. While Indonesia has yet to adopt a comprehensive and binding legal framework specifically governing AI, recent developments indicate the growing policy?driven approach to AI governance.

In this context, the MOCD published the National AI Roadmap White Paper in August 2025, which:

1. 1. Covers the conceptual framework of AI, issues analysis and government policy direction and strategy to address AI-related issues, including establishing a National AI Co-ordination Task Force to synchronise various stakeholders and harmonise sectoral laws and regulations in accordance with international standards;
   2. Introduces an AI lifecycle of conception, data collection, pre-processing, data processing, post-processing and evaluation of AI, in which each stage would be subject to certain principles to minimise risks associated with each stage; and
   3. Outlines key principles of AI governance including dignity, justice, accountability, personal data protection, transparency, security, sustainability, integrity, inclusivity, human involvement and oversight.

Complementing the AI roadmap, the MOCD also published the AI Ethical Guidelines to strengthen the ethical framework in CL9. The guidelines provide a general self-assessment questionnaire to help businesses evaluate AI systems against ethical standards. This includes questions on how to detect and mitigate AI biases, whether there are clear and sufficient accountability and redress measures, and whether AI decision-making processes are explainable to its users.

In parallel, as part of a broader effort to harmonise the country’s laws and regulations, the government is preparing a presidential regulation on AI. This is intended to address overarching policy concerns relating to accountability and security in the AI sector, and to function as a central reference point for aligning AI related initiatives across ministries and agencies.

Once enacted, it is expected to encourage regulatory harmonisation by requiring sectoral authorities to align their AI regulations and policies with the presidential regulation. However, no definitive timeline has been confirmed as to when this presidential regulation will be issued.

Key legal challenges

Notwithstanding recent developments, several legal and institutional issues continue to shape Indonesia’s approach to governing AI.

1. 1. Lack of unified legal definition of AI and fragmented regulatory approaches. Despite the numerous laws and regulations applicable to AI, Indonesia does not yet have a unified definition of AI. This creates uncertainty as to whether AI should be treated merely as an electronic agent like other programming models, or as a distinct new technology capable of making its own decisions. The current regulatory landscape governing AI remains fragmented. This approach could lead to overlapping authorities, inconsistent standards and regulatory gaps. As a result, business undertakings may face uncertainty in compliance requirements, while regulators may struggle to co-ordinate oversight effectively. Strengthening inter-institutional co-ordination and developing a more integrated regulatory framework is therefore important for effective AI governance.
   2. Privacy risks. The growing use of AI also raises concerns about personal data protection (PDP). AI development frequently involves collecting and processing large datasets, sometimes obtained through scraping publicly available information that may include personal data and sensitive personal data. When individuals are unaware that their data is being used to train/develop AI systems, issues of legal basis, transparency and accountability arise. To address these risks, AI developers must ensure that their practices align with the provisions in the PDP Law, and its implementing regulations in the future.
   3. Unclear liability and accountability framework. Indonesian law does not consider AI as a separate legal subject, leaving liability for AI-related harm to be determined based on a broader legal framework, such as the EIT Law and Indonesian Criminal Code. Liability therefore attaches only to individuals or business undertakings that unlawfully design, deploy or use AI. To date, there are no court decisions or specific legal provisions that clarify the issue of liability arising from the use of AI.

Conclusion

As Indonesia accelerates the integration of AI across sectors, the main challenge is not technological capability, but governance readiness.

Key legal gaps remain, including uncertainty over the definition of AI, privacy risks, inadequate child protection, and unresolved questions of liability and accountability.

The MOCD’s AI roadmap reflects a co-ordinated policy effort to guide AI development and inter-institutional alignment.

But while these initiatives provide important foundation, meaningful progress will depend on their incorporation into binding legal instruments that offer legal certainty and effective enforcement.

Ali Budiardjo Nugroho Reksodiputro
(ABNR Counsellors at Law)
Graha CIMB Niaga, 24th Floor
Jl. Jend. Sudirman Kav. 58
Jakarta 12190
Tel: +62 21 250 5125/5136
Fax: +62 21 250 5001
Email: info@abnrlaw.com

Back to top

---

Japan’s AI governance: Flexibility & good design

Japan became the second major Asia-Pacific economy to enact AI-specific legislation last summer with the Japan Act on Promotion of Research, Development and Utilisation of Artificial Intelligence-Related Technologies (Act No.53 of 2025).

Japan’s sober strategy should be a welcome approach to companies developing, providing and using AI, given sensational reversals in the EU AI Act’s framework, patchwork US State AI laws, and the penalties, registration requirements and broad compliance regimes of other developed economies.

In comparison, Japan has deliberately constructed a layered governance architecture that combines its new promotional statute, detailed voluntary guidelines, and the reliable enforcement power of existing law.

The result is a system thoughtfully designed, light enough to attract and support investment and research activity; flexible, with clear foundational bodies and principles to be elevated into place as international norms and domestic risks crystallise; and predictable, allowing for substantial adaptive lead time and reserving hard legal consequences only for areas of well-established and confirmed law.

Three layers, one strategy

The framework statute. The potential impact of AI on developed economies requires the highest level of government attention. But the actual shape of that impact is far from a settled outcome.

The definition of AI-related technology in the AI Promotion Act reflects this broad impact: technology that substitutes for human cognitive reasoning and judgement abilities, as well as information processing systems that use such technology.

Recognising this dynamic, the Act establishes the necessary top-level architecture without prematurely prescribing rules, creating an AI Strategic Headquarters within the Cabinet Office, chaired by the prime minister.

It first met in September 2025, approving an AI Basic Plan in December, anchored by a five-year, JPY1 trillion (USD6.3 billion) public investment commitment beginning in fiscal year 2026.

However, this framework carries no impulsive or looming sanctions, instead imposing only a “co-operation duty” on AI business users to align with emerging government policy.

Elevation layer. Where the Act sets the direction, voluntary guidelines do the gradual lifting, for example:

1. 1. Article 13 of the Act provides for the government to establish guidelines ensuring appropriateness of AI research, development and use. Under that power, the AI Strategic Headquarters immediately published the Guidelines for Ensuring Appropriateness (December 2025).
   2. The Digital Agency’s government procurement guidelines (May 2025) establish a chief AI officer in every ministry and a procurement check sheet that evaluates AI suppliers on governance, data handling, output quality and risk management.
   3. The AI Guidelines for Business version 1.1 (METI and MIC, March 2025) are currently the most detailed articulation of government expectations, organising guidance around three actor categories – AI developers, providers and business users – while applying a risk-based approach that scales governance to each system’s capabilities and context.

A separate AI Contract Checklist (METI, February 2025) provides clause-by-clause guidance for structuring AI development and service agreements across three procurement models.

These instruments are not legally binding. But they are not optional either. Over time, as courts become accustomed to the new technologies, compliance with guidelines may increasingly be treated as evidence of reasonable care under Japan’s general tort framework (Civil Code, Articles 709 and 715), meaning that organisations not implementing the voluntary layer can still adjust their posture before facing exposure under any future hard-law layer.

Enforcement backstop. In the areas where guardrails are well tested, Japan’s existing statutes apply to AI systems with full force. As prominent examples: the Act on the Protection of Personal Information (APPI) governs data collection, purpose limitation, cross-border transfers, and prompt inputs; the Copyright Act governs training data and output infringement; the Product Liability Act imposes strict liability for AI embedded in products; the Unfair Competition Prevention Act protects trade secrets; and the Antimonopoly Act addresses competition concerns.

Hard edges

The perception that Japan is “soft on AI” masks a few sharp enforcement edges. Four areas deserve particular attention.

Data protection is tightening. The APPI applies where personal information or personal data is involved across every stage of the AI lifecycle – training data collection, model development, inference, prompt inputs and outputs.

On 9 January 2026, the Personal Information Protection Commission published its Policy Direction to amend the APPI, proposing administrative monetary penalties for the first time. Japan currently has no general administrative monetary penalty regime under APPI. This change would alter the enforcement calculus.

The same Policy Direction proposes additional targeted consent exemptions for certain data use cases centred on statistical information creation (including AI development), new protection for children’s data, and classification of certain biometric-related data as sensitive. If enacted, implementation can be expected around 2027.

Separately, the government’s earlier caution regarding DeepSeek – alerting that its data is stored on servers in China, subject to Chinese law – signals that vendor location is a concrete compliance risk factor.

Copyright’s safe harbour is narrowing. Copyright Act Article 30-4 provides one of the world’s broadest exceptions for AI training, permitting use of copyrighted works for information analysis without rights-holder consent. But the exception is being tested.

In August 2025, three of Japan’s largest newspaper groups – Yomiuri Shimbun, Nikkei, and Asahi Shimbun – filed separate lawsuits against Perplexity AI alleging unauthorised “scraping” of more than 100,000 articles. Separately, the government asked that OpenAI address copyright concerns on its Sora video-generation model.

The Agency for Cultural Affairs has, meanwhile, published its General Understanding on AI and Copyright in Japan (May 2024), clarifying that while training may be permissible, reproducing protected creative expression can infringe copyright.

The Article 30-4 proviso is likely where the next round of litigation will be fought. This generally untested proviso bars the use of copyrighted works that would “unreasonably prejudice” rights holders’ interests.

Competition enforcement is arriving. The Japan Fair Trade Commission published a Generative AI Report in June 2025 analysing market concentration, data access barriers and the potential for algorithmic collusion. It also moved to investigate AI search services and their use of news content. Companies building or deploying AI systems that process competitor data or influence market pricing should expect increasing scrutiny.

Sector regulators are engaging. The Financial Services Agency published an AI discussion paper in March 2025 (updated in March 2026) setting expectations for model risk management and explainability in financial institutions. Healthcare AI is subject to the Pharmaceutical and Medical Device Act’s pre-market review for AI-enabled medical devices. The trend is clear: general AI guidelines are being translated into sector-specific expectations.

What to do now

Six priorities stand out for businesses in Japan’s AI market. First, map roles under the AI Guidelines – developer, provider or business user – recognising that many organisations hold multiple roles simultaneously, and implement the governance expectations for each.

Second, build an AI inventory with internal risk classifications. Japan mandates no prescribed risk taxonomy, so these must be developed independently.

Third, structure vendor contracts using the METI’s contract checklist, paying particular attention to input data handling, output ownership, restrictions on use of input data for model training, and audit rights.

Fourth, implement trade secret controls for AI tool use. Inputting confidential information into external AI services risks destroying the “secrecy management” status required for protection under the Unfair Competition Prevention Act.

Fifth, if selling to government, prepare for the procurement check sheet and establish relationships with ministry chief AI officers.

Sixth, for AI research laboratories and companies working with them, engage with the AI Safety Institute’s evaluation frameworks and monitor the draft Principle Code for advanced AI systems, which is now in public consultation.

Looking ahead

Several developments will shape the near-term landscape.

The APPI amendment bill, if enacted, will introduce Japan’s first administrative monetary penalty regime for data protection violations and create more tailored consent exemptions for certain AI-related data uses. Organisations should be prepared for this simultaneous tightening and loosening.

The Principle Code for advanced AI may also impose more concrete expectations on foundation model developers and providers.

Tokyo District Court proceedings against Perplexity, meanwhile, will begin to define the practical boundaries of Article 30-4’s copyright training exception.

The Economic Security Promotion Act’s designation of “specified critical technologies” may additionally extend to advanced AI, with implications for export controls and international research collaboration.

Japan’s AI governance is often misread as incomplete. It is, more accurately, deliberately adaptive: designed to promote innovation while preserving the capacity to regulate forcefully when needed.

The question for businesses is not whether Japan’s approach will harden, but only at what pace, and in which areas. Companies building governance programmes around the voluntary framework will find hardening of Japan’s guardrails, when it comes, to be manageable and expected. Companies mistaking “soft” for “optional” will not.

Kojima Law Offices
Akasaka Tameike Tower 7F
Akasaka 2-17-7 Minato-ku
Tokyo 107-0052 Japan
Tel: +81 3 3222 1401
Email: godsoe@kojimalaw.jp

Back to top

---

Korea’s new AI Basic Act: Characteristics and significance

President Lee Jae-myung has clearly defined AI as a “game changer” that will shift the global economic paradigm, presenting it as a core engine for South Korea’s technology-led growth during his service term.

In line with this national strategy and goals, the new AI Basic Act came into effect in January 2026. Similar to the EU AI Act, it regulates AI systems that pose significant risks to human life, physical safety and fundamental rights as high-impact AI areas, while also reflecting government commitments to developing AI technology and related industries and ensuring safety for the people.

Although the enforcement of penalty provisions has been postponed for one year, it is attracting global attention as the world’s first enforceable law to implement mandatory regulations for high-impact AI business operators.

Contents of AI Basic Act

1. 1. 

      Regulation principles of high-impact AI areas. The definition of “high-impact AI” in the AI Basic Act is identical to the “high-risk system” in the EU AI Act, suggesting the operator regulation mechanism is very similar. However, the AI Basic Act is conspicuously characterised by a system where business operators first take voluntary measures to ensure AI safety and reliability, with ex-post supervision by the Minister of Science and ICT (MSIT) added. While there are penalty sanctions against violations, the maximum administrative fine is KRW30 million (USD20,300).

      1. Specifically, the AI Basic Act lacks the same level of compulsory enforcement through sanctions as the EU AI Act. It requires AI operators to self-review in advance whether they fall under high-impact AI and recommends that they establish risk management plans through business operator obligations and related notices.
      2. Unlike the EU AI Act’s regulatory system – which requires high-risk AI model developers to undergo verification (conformity assessment) and attach a CE marking for market distribution beforehand – there is no mandatory pre-market control over high-impact AI systems unless the operator voluntarily requests the minister of the MSIT to confirm the high-impact AI status. The minister is granted legal authority to determine whether a product or service can be classified as high-impact AI.
   2. AI technology development and industry vitalisation. While the AI Basic Act establishes a management and supervision system for high-impact AI to protect users through regulations, it also stipulates government support and promotion for AI utilisation. Specifically, it defines the government’s role as supporting AI technology development, safe use, and technology standardisation.
      1. It also mandates that SMEs be prioritised when implementing AI industry support measures, and includes provisions for promoting startups and attracting foreign investment. Furthermore, it enables the designation of AI clusters for functional, physical and regional clustering of related companies and organisations, and emphasises policies related to AI data centres.
   3. Regulatory gap for general purpose AI (GPAI) models. The AI Basic Act lists safety assurance obligations for high-impact AI operators such as risk identification, assessment and mitigation throughout the model’s lifecycle, similar to the EU AI Act. However, the cumulative computation threshold for training is set 10 times higher than the EU’s, effectively excluding domestic operators from these regulations.
      1. In other words, the AI Basic Act can be seen as encouraging the development of industrially specialised (vertical) GPAI models through an intentional regulatory gap for super-scale GPAI models.
   4. High-impact AI areas. The AI BasicAct lists 10 high-impact regulated areas, but its scope can be narrower compared to those of the EU AI Act. For example, in the financial industry, the AI Basic Act considers “judgement or evaluation in loan screening” among high-impact AI areas, making its practical application scope much narrower than the “creditworthiness” and “credit scoring” gateway regulated by the EU AI Act.
      1. Likewise, the AI Basic Act classifies AI use only in recruitment as high-impact, leaving the worker’s management as unregulated, unlike the EU AI Act.
   5. Business operator obligations.
      1. Ensuring transparency: The AI Basic Act protects final users by imposing a transparency obligation to notify or display the fact that AI is being used when providing products or services using high-impact or generative AI. While the EU AI Act imposes transparency obligations on model providers so that deployers can understand and properly use AI outputs, the AI Basic Act only mandates transparency obligation in informing the final user of the AI’s use.
      2. Copyright issues: Since the AI Basic Act lacks special provisions for GPAI, there is no mention of compliance with copyright law similar to the EU AI Act. Furthermore, because South Korea’s current Copyright Act lacks exception clauses like TDM (text and data mining), copyright infringement disputes during AI model training and development could become a significant legal issue. Considering this, the AI Basic Act stipulates that the Minister of MSIT shall promote policies for production, collection, management, distribution and utilisation of training data.
      3. Safety assurance obligations: Due to the considered reasoning of setting the technical threshold for operators’ obligations 10 times higher than the EU AI Act, these obligations are realistically targeted at global big tech GPAI operators doing business in the South Korean market. Consequently, such foreign operators will be indirectly regulated by designating a domestic agent under the AI Basic Act.
      4. Fundamental rights impact assessment: This is a voluntary recommendation to allow high-impact AI model deployers to systematically identify and analyse the negative impact on fundamental rights before market launch and take voluntary corrective actions. Unlike the EU AI Act where model providers have mandatory transparency obligations to help deployers interpret AI outputs for appropriate utilisation, the AI Basic Act’s enforcement decree only stipulates data requests and cooperation between two parties, encouraging users to strive for fundamental rights impact assessments.

Evaluation of the act

1. 1. While the MSIT is the primary ministry for the AI Basic Act, the Ministry of the Interior and Safety (MOIS), responsible for general public affairs, recently passed the Public AI Act. Due to this, South Korea came to have a separate regulatory structure where AI is used within the e-government administrative system, centred on public data to support overall public administration.
      1. While the Public AI Act is a special law for utilising AI based on public data, the AI Basic Act is a general law that materialises basic principles and guidelines for AI development and use through business operators. Symbolically, the AI Basic Act declares as a fundamental principle, in article 3, that AI should improve the quality of people’s lives through safety and reliability, stipulating the state’s responsibility to devise measures so all citizens can adapt stably to the changes brought by AI, alongside technology development and industrial use.
   2. The AI Basic Act requires that comprehensive and action plans from the existing Framework Act on Intelligent Informatisation be considered when establishing government-wide AI promotion plans. However, it establishes the National AI Strategy Committee, chaired by the president, to deliberate and decide on major policies for AI development and build a foundation
      of trust. This confirms the Lee Jae-myung administration’s strong will to prioritise the national goal of becoming a top-three AI global power, making AI-related South Korean government policies and decision making a top priority.
   3. As it is the basic law, even if individual laws in various fields, including the MOIS’s Public AI Act, may be enacted or amended in the near future by government entities, the governance of AI-related organisations within the government, the government’s role, and the obligations of AI-related business operators are expected to be maintained within the framework of the AI Basic Act.

In this process, the National AI Strategy Committee is expected to act as the final national control tower with the minister of the MSIT, whose status has been recently elevated to deputy prime minister, playing a co-ordinating role within the executive branch. Particularly, as the minister of the MSIT is also supported by the Basic Act on the Promotion of Data Industry and Use of Data to implement various policies for the data industry, the role and weight of the MSIT have become greater than ever.

LIN LLC
13F, 10, Seochojungang-ro 24-gil,
Seocho-gu, Seoul 06606, Korea
Tel: +82 2 3477 8695
Email: lin@law-lin.com

Back to top

---

Philippines AI regulation: e-governance, education guidelines, open access and cybersecurity

The past year was marked by significant legal and regulatory developments in the field of artificial intelligence (AI) as the government, together with its partners and other stakeholders, continue to acknowledge the need for a whole-of-government approach, not just in the related areas of innovation and competitiveness, but also in the area of governance.

The Philippines recently enacted the E-Governance Act, expressly recognising the necessity of leveraging the power of information and communications technology in the delivery of public services to drive national development and progress. Accordingly, one of its objectives is to foster an informed and data-driven decision-making process for policymakers by utilising data analytics results, among other pertinent factors.

Among several e-government programmes sought to be developed or enhanced under the law include the Human Capital Management Information System (HCMIS), which seeks to automate HR-related functions in government by utilising analytics to provide insights necessary for strategic HR functions such as performance management, forecasting, promotion and succession planning. The government is interested in tapping the benefits of automation with the help of AI, thereby opening doors for more investment and/or partnerships with the private sector.

As mentioned in a previous article for this publication, one of the seven strategic imperatives under the country’s National AI Strategy Roadmap 2.0 (NAISR 2.0) is transforming education and nurturing future AI talent. In line with this, the country’s Department of Education has very recently issued its Foundational Guidelines on Artificial Intelligence in Basic Education, which provides the framework for the responsible integration of AI in basic education based on the principle of safe innovation.

The guideline’s framework is anchored on three interrelated areas:

1. 1. AI in education, with key features including an emphasis on:
      1. Human oversight, making clear that AI is a support tool and therefore not a substitute for professional judgement or classroom management, and
      2. Transparency, by requiring disclosures of AI use where appropriate;
   2. Education on AI, which focuses on the development of digital literacy, critical thinking, and ethical awareness so that educators and learners can interact with AI tools safely, assess AI outputs critically, and make informed decisions; and finally,
   3. AI for education systems, which covers the use of AI to enhance education governance, planning, monitoring and school operations.

Under this last area (3), while the Department of Education acknowledges the importance of partnerships and multisectoral collaborations, it requires potential vendors/partners, among others, to agree not to train models on the department’s data.

One of the principles that underpin the guidelines’ framework is risk proportionate regulation, where the department categorises AI applications and usage by risk, applying stricter controls to high-risk uses while enabling safe innovation for minimal or limited risk tools. Risk classifications, in turn, are determined by the system’s purpose and context of use rather than the specific user.

Prior to the implementation of AI technologies, schools are required to undergo Digital Maturity Assessment, and prior to use, the AI system must be registered with the department’s AI Registry.

Another strategic imperative under NAISR 2.0 is establishing a robust, connected and networked environment. In line with this, the country recently enacted the Konektadong Pinoy (Connected Filipino) Act.

Recognising the importance of digital inclusivity and the need to narrow the digital divide, the law pursues an “open access” policy for all qualified data transmission industry participants (DTIPs) in all segments of the data transmission network. DTIPs include VoIP service providers, internet service providers (ISPs), and satellite systems providers or operators (SSPOs) to the extent of their businesses engaged in data transmission services. Companies that qualify as DTIPs can put up or lease their own networks without the need for a congressional franchise. Instead, DTIPs must register with the National Telecommunications Commission (NTC).

“Open access” refers to the system of allowing the use of data transmission networks and associated facilities in a transparent manner, subject to fair, reasonable, and non-discriminatory terms. For instance, the government shall come up with a list of digital infrastructure and services (access list) that is owned, leased or operated by an access provider, access to which is considered necessary to enable an access seeker to offer data transmission services competitively.

The parameters for inclusion in the list are that the access must:

1. 1. Promote competition, entry and expansion of new players; and
   2. Encourage the efficient use of and investment in digital infrastructure.

Access providers shall grant access to digital infrastructure and services contained in the access list on an open, fair, reasonable and non-discriminatory basis, subject to the technical feasibility of the access seeker’s request. Should there be a dispute, the same may be brought to the NTC for resolution.

Any refusal to provide access may result in administrative fines unless the refusal is based on failure to pay open market fees, or where granting access will expose the access provider to security risks detrimental to its technical operations, as confirmed by the Department of Information and Communications Technology (DICT).

The law also requires:

1. 1. The passive infrastructure owner, lessor or operator to make available for co-location and co-use its passive infrastructure, which are necessary for or capable of supporting data transmission networks or services on an open, fair, reasonable and non-discriminatory basis subject to technical feasibility; and
   2. This passive infrastructure is to be built especially in remote, unserved and underserved areas. If a big player refuses access without a valid technical or safety reason, smaller providers may bring the dispute to the NTC, either for enforcement or mediation.

To address legitimate concerns on cybersecurity arising from an “open access” policy, the law requires DTIPs to secure a cybersecurity certification from a reputable third-party organisation within two years from registration; otherwise, it may be suspended or its registration cancelled.

From an international perspective, the above-mentioned legal and policy directions are in line with the country’s assumption of the Asean chair on 1 January 2026, under the theme “Navigating our future together”, where the responsible advancement of AI is expected to play a significant role. The Philippine president emphasised this as he presented his vision of the three Asean pillars: peace and security; economic; and socio-cultural at the national launch of the Philippine chair of Asean 2026.

Philippines Grok takedown highlights AI privacy risks

Earlier this year, the DICT ordered the takedown of AI tool Grok in the Philippines for allowing the generation of malicious content and material involving real people, and even prominent figures, without their knowledge and consent, thereby potentially violating the country’s Cybercrime Prevention Act among other penal laws. However, the takedown was lifted a few days later, after xAI (Grok’s developer) committed to implementing corrective measures.

Considering the close regulatory proximity between AI applications and data protection law, the National Privacy Commission (NPC) recently joined other data protection authorities in issuing a joint statement on AI-generated imagery and the protection of privacy, which expressed concern about AI systems that generate realistic images and videos depicting identifiable individuals without their knowledge and consent, and the harms it may cause.

Although data protection authorities acknowledge that regulatory intervention may be necessary, it urges organisations to:

1. 1. 1. Implement robust safeguards to prevent the misuse of personal information;
      2. Ensure meaningful transparency, including acceptable uses and consequences of misuse;
      3. Provide effective and accessible mechanisms for individuals to request the removal of harmful content involving personal information; and
      4. Address specific risks to children.

DIVINALAW
8/F Pacific Star Bldg,
Sen Gil Puyat Ave cor Makati Ave,
Makati City 1200, Philippines
Tel: +63 2 8822 0808
Email: info@divinalaw.com

Back to top

---

Taiwan’s AI Basic Act 2026: Legal framework, risk rules, policy impact

In 2026, the most significant milestone in AI law in Taiwan should be the enactment of the Artificial Intelligence Basic Act (AI Basic Act), which came into effect in January 2026.

Although this statute primarily sets the fundamental principles guiding Taiwan’s AI policy and regulatory framework, it signals the government’s strong commitment to fostering AI development and lays the groundwork for future AI legislation and regulation.

Principles guiding Taiwan’s AI governance framework

The AI Basic Act establishes seven fundamental principles that aim to guide Taiwan’s AI development: sustainable development and well-being; human autonomy; privacy protection and data governance; cybersecurity and safety; transparency and explainability; fairness and non-discrimination; and accountability.

While the order of these principles does not necessarily indicate their relative importance, it is notable that sustainable development is listed first, followed by human autonomy and privacy protection.

Similar to other jurisdictions, Taiwan emphasises transparency, explainability, fairness and non-discrimination.

It is also worth highlighting that the inclusion of “accountability” indicates a significant development in Taiwan’s legal system.

In Taiwan, this term is frequently used in discussing and establishing a governance framework. However, it is rarely expressly codified in Taiwan law.

Taiwan’s policy framework for AI growth and investment

Legal interpretation. The AI Basic Act mandates the government to establish comprehensive regulations governing the research, development and application of AI.

In cases where conflicts arise between these new AI laws and existing legislation, the promotion of any new technologies and services will always take precedence, provided that the seven fundamental principles are upheld.

Support and funding. The AI Basic Act obliges the government to provide reasonable use measures, assistance and support during the AI develop- ment, training, testing and impact assessment phases.

This suggests that Taiwan may facilitate AI developers’ access to training data through mechanisms deemed “reasonable” or based on the “fair use” provisions under the Copyright Act.

The government is tasked with promoting AI R&D, application and infrastructure, conducting resource planning, and offering support, guidance and incentives to the AI industry, including tax benefits and financial incentives.

To encourage innovation and sustainable growth, sector-specific authorities may establish or enhance experimental environments, such as regulatory sandboxes, to foster AI product and service development, similar to the EU’s approach under the AI Act.

Within its fiscal capacity, the government must allocate sufficient budgetary resources and adopt necessary measures to ensure continuous funding for AI policy implementation and development.

AI risk classification under Taiwan’s AI Basic Act

The AI Basic Act divides AI risks into two categories: high-risk and non-high-risk. High-risk AI applications must carry appropriate warnings and alerts.

While the act hints that certain AI products, services or uses may eventually be deemed “prohibitive”, it does not explicitly specify what these will be.

The Ministry of Digital Affairs (MODA) is empowered to classify AI risks, referencing international standards and norms to develop a risk classification framework.

The MODA will assist sectoral regulators in formulating risk-based AI management policies. Based on this framework, regulators may guide industry self-regulation or establish codes of conduct.

The MODA is also responsible for developing tools and methods to help other regulators assess AI risks.

If a regulator finds that an AI application infringes on life, bodily integrity, liberty or property; disrupts social order, security or the ecological environment; or violates laws related to bias, discrimination, false advertising, misinformation or fabrication, it may restrict or prohibit such applications.

This provision opens the door for sectoral regulators to propose new laws restricting or banning certain AI uses.

Regarding high-risk AI applications, the government must clearly define the elements of liability attribution and establish mechanisms for remedies, compensation or insurance.

Taiwan’s AI data governance framework

The AI Basic Act calls on the government to establish mechanisms for open data, data sharing and data reuse to improve the quality of AI training data in Taiwan.

At the same time, it stresses privacy protection by requiring sectoral authorities to collaborate with privacy regulators to ensure data minimisation throughout AI development.

IP rights and training data in Taiwan

Intellectual property rights can pose challenges for AI training.

Taiwan’s IP authorities have taken a conservative stance on copyright issues related to AI.

In June 2025, a landmark court ruling held that using web-crawling technology to develop database-related services resulted in criminal liability and significant civil damages.

This decision raises concerns about the legality of acquiring training data from the internet.

Beyond imposing an obligation on the government to provide “reasonable use” measures during AI development, the AI Basic Act additionally requires efforts to improve the quality and quantity of the data available for AI as part of its aim to ensure that all training data and outputs reflect Taiwan’s diverse cultural values while also safeguarding IP rights.

AI talent and labour rights protection in Taiwan

The act mandates the continuous promotion of AI and AI ethics education across schools, industries, organisations, society and public institutions to enhance digital literacy. The government is also tasked with advancing AI development policies, and encouraging collaboration among public, private and academic sectors.

This includes fostering interdisciplinary co-operation, facilitating talent and technology exchanges, and supporting the relevant developments in infrastructure.

The government commits to using AI to protect labour rights and interests. It will proactively address the skills gap caused by AI advancements, increase workforce participation, safeguard economic security and uphold labour dignity.

Employment counselling and support will be provided to individuals displaced by AI technologies, tailored to their abilities and needs.

Taiwan’s two-year AI law reform timeline

Under the AI Basic Act, the government must review existing laws, regulations and administrative measures within its authority.

If any are inconsistent with the act or if gaps exist, the government will enact, amend or repeal laws and improve administrative measures within two years from January 2026.

Before enacting or amending laws, if existing legislation lacks relevant provisions, the central competent authority of each sector will interpret and apply the AI Basic Act accordingly.

Outlook

With the AI Basic Act now in force, the Taiwan government has clearly demonstrated its strong commitment to advancing AI development while upholding key principles.

It is expected that additional policies and incentives will be introduced to support AI growth and also benefit Taiwanese companies.

As the MODA develops AI risk classification systems and assists other agencies in assessing AI risks and shaping future policies, new laws and regulations are likely to follow.

The next two years will be a critical period for AI development in Taiwan, both legally and technologically.

Lee and Li, Attorneys-at-Law
8F, No. 555, Sec 4, Zhongxiao E Rd,
Taipei 110055, Taiwan
Tel: +886 2 2763 8000
Email: attorneys@leeandli.com

Back to top

---

Comprehensive policy: Thailand’s AI governance framework

In response to the rapid advancement of artificial intelligence (AI) and evolving global digital trends, Thailand has undertaken significant efforts to establish a comprehensive national policy framework aimed at fostering an AI ecosystem.

This framework seeks to promote the responsible development and deployment of AI technology to enhance Thailand’s economic competitiveness and improve quality of life, with targeted implementation by 2027.

In furtherance of this national AI policy, regulatory authorities have initiated efforts to develop and refine the applicable legal framework, including the drafting of Thailand’s first unified AI legislation.

Pending the composing and enactment of such comprehensive legislation, sector-specific regulators have proactively issued guidelines applicable to regulated entities within their respective jurisdictions, including financial institutions, banks, insurance companies, securities and derivatives business operators, and digital asset service providers.

Concurrently, cross-sectoral regulatory bodies, notably the Personal Data Protection Committee (PDPC) and the National Cyber Security Agency (NCSA), have promulgated guidelines applicable to all business operators within their regulatory purview.

While unified AI legislation has not been enacted, the design, development and use of AI in Thailand in various industries is still subject to existing sector-specific legislation.

National AI policy

The Thai cabinet approved the Thailand National AI Strategy and Action Plan (2022-2027) in July 2022, aiming to establish an AI development and application ecosystem by 2027.

The strategy is built around five pillars:

1. 1. Preparing social, ethical, legal and regulatory readiness for AI;
   2. Developing national infrastructure;
   3. Increasing human capability and AI education;
   4. Driving AI technology and innovation; and
   5. Promoting AI adoption in public and private sectors.

The above-mentioned national AI committee, under the National Digital Economy and Society Committee (NDESC), was established in August 2022, chaired by the prime minister.

Comprehensive legislation

Following the national AI strategy, the government has been developing comprehensive AI legislation to govern and promote AI adoption in Thailand. The first set of draft legislation consists of two laws.

First, the draft Royal Decree on Business Operations that Use Artificial Intelligence Systems, issued by the Office of the National Digital Economy and Society Commission (ONDE) under the Ministry of Digital Economy and Society (MDES), adopts a risk-based approach modelled on the EU AI Act.

Second, the draft Act on the Promotion and Support of AI Innovations, issued by the Electronic Transactions Development Agency (ETDA), focuses on building the AI ecosystem through provisions on sandboxes, data sharing, standards and risk assessment. Both drafts were issued for public hearing in 2022-2023.

The ETDA acknowledged that earlier drafts modelled on the EU’s framework needed updating to reflect Thailand’s evolving legal and technological landscape. In June 2025, the MDES, through the ETDA, introduced the (Draft) Principles of the Law on Artificial Intelligence for public hearing.

The draft AI principles are organised around five key areas:

1. 1. Risk-based requirements. Rather than specifying prohibited or high-risk AI categories in primary legislation, the framework delegates that authority to a central enforcement agency and sectoral regulators, which are considered best positioned to assess risks in their respective domains. Providers of high-risk AI would be required to implement risk management systems aligned with international standards (e.g., ISO/IEC 42001:2023), appoint local representatives in Thailand if they are offshore providers and report serious incidents. Deployers of high-risk AI must, among other things, ensure human oversight, maintain operational logs, ensure input data quality and notify individuals whose rights may be affected.
   2. Innovation support. The principles propose exceptions for text and data mining of online data and regulatory sandboxes for AI testing in controlled conditions. Sandbox participants acting in good faith would benefit from a safe harbour against penalties, though civil liability for damages would still apply.
   3. General principles. The framework affirms that AI-generated actions must be attributable to a human, prohibits denial of legal effect to AI-assisted contracts or administrative decisions, and establishes protections against unforeseeable AI errors. Individuals may have the right to be notified when AI is used, explaining AI-driven decisions, and to contest those decisions, although these rights may be limited to high-risk AI contexts.
   4. Regulators. No new regulatory body is proposed. Instead, the existing AI Governance Centre under the ETDA would oversee implementation including research, guidance, sandbox support and international co-operation.
   5. Legal enforcement. The enforcement agency and sectoral regulators would be empowered to issue administrative orders to cease prohibited or non-compliant AI services. Enforcement mechanisms include ordering digital platforms to remove or block services, seize products containing prohibited AI, and co-ordinate with MDES to direct internet service providers to block access within Thailand.

The draft AI principles, once revised after the hearing, will be transformed into a draft AI Act for further public hearing before proceeding through the legal enactment process.

Existing applicable laws

Without effective AI legislation, existing laws apply to AI adoption throughout the AI lifecycle – from design and testing to deployment and monitoring.

Key examples include:

1. 1. Liability. Under the Civil and Commercial Code, general wrongful act principles may impose civil liability for AI-caused damages.
   2. Data governance. Collection, use, disclosure and overseas transfer of personal data in AI systems are subject to the Personal Data Protection Act. Collection of computer data, including web scraping, could violate the Computer Related Crime Act (CCA). For critical information infrastructure organisations, the Cybersecurity Act is applied to ensure national cybersecurity measures are implemented.
   3. Content regulation and transparency. The CCA, Consumer Protection Act, Criminal Code and Child Protection Act restrict harmful, false, defamatory or obscene AI-generated content. The DPS Decree requires certain platforms to disclose algorithmic ranking and decision-making parameters.

In addition to the above-mentioned examples, laws such as the Copyright Act, Trademark Act, Gender Equality Act, Persons with Disabilities Empowerment Act, and Trade Competition Act, as well as the Thai Constitution, may be applicable, depending on the issue in question.

Sector-specific frameworks

While AI legislation has not been enacted, several regulators have proactively issued guidelines for their regulated businesses. Although certain guidelines carry no legal binding effect, regulatory bodies expect compliance to foster adherence with existing regulations.

Key sector-specific AI guidelines are:

1. 1. Banking and financial services. The Bank of Thailand issued Guiding Principles for Artificial Intelligence Risk Management in September 2025, applicable to financial institutions and payment service providers, covering AI lifecycle management, risk assessment, data governance, cybersecurity, transparency and human oversight.
   2. Capital markets. The Securities and Exchange Commission of Thailand issued a governance framework for AI and machine learning applicable to securities, derivatives and digital asset operators. It establishes four core principles – fairness, legal and ethical compliance, accountability, and transparency – with guidance on risk management, documentation and lifecycle monitoring.
   3. Insurance. The Office of Insurance Commission issued AI governance guidelines for insurance companies in 2025, addressing risk management, security, transparency, fairness and consumer protection in AI applications, particularly in high-risk processes such as underwriting and claims management.
   4. Data protection. In February 2026, the Personal Data Protection Committee released draft Guidelines on Personal Data Protection in AI Development and Use. The guidelines address stakeholder roles, require data processing agreements to include model training prohibitions, mandate data protection impact assessments for high-risk AI, and establish security measures throughout the AI lifecycle.
   5. Cybersecurity. The National Cyber Security Agency released AI security guidelines in September 2025, providing recommendations on protecting AI systems from cyber threats aligned with ISO/IEC 42001:2023 and the National Institute of Standards and Technology’s AI risk management framework.

Conclusion and outlook

Thailand has taken significant steps towards establishing a comprehensive AI governance framework, though it has not yet enacted AI-specific legislation. The draft AI principles, once finalised and enacted, will provide the foundational regulatory structure.

Meanwhile, sector-specific regulators have moved proactively to issue guidelines covering financial services, capital markets, insurance, data protection and cybersecurity.

Organisations deploying AI in Thailand should closely monitor legislative developments and assess compliance with existing legislation, aligning governance, risk management and transparency practices with existing guidelines to ensure readiness for the anticipated regulatory framework.

Tilleke & Gibbins
Supalai Grand Tower, 26th Floor
1011 Rama 3 Road, Chongnonsi
Yannawa, Bangkok 10120
Tel: +66 2056 5555
Email: bangkok@tilleke.com

Back to top

---

Vietnam’s multi-layered AI development framework

Vietnam’s emerging governance framework for artificial intelligence (AI) is developing through a multi-layered structure comprising three components:

1. 1. Policy instruments setting national priorities for AI development;
   2. Regulatory framework governing development, provision, deployment and use of AI; and
   3. Technical standards and voluntary guidelines.

Policy level. At policy level, the foundation for a strategic framework for AI development and governance was laid in 2021 by the National Strategy for Research, Development and Application of AI until 2030, aimed at strengthening the national AI ecosystem and positioning Vietnam as a regional AI innovation hub.

Subsequently, resolution No.57-NQ/TW (2024) identified AI as a key driver of science, technology, innovation and national digital transformation. AI was also designated as a strategic technology under decision No.1131/QD-TTg (2025) listing priority technologies across sectors.

Regulatory framework. At the legislative level, the new Law on Artificial Intelligence took effect on 1 March 2026, establishing the core regulatory framework governing development, provision, deployment and use of AI systems.

Controlled testing for emerging AI technologies is implemented under the Law on Science, Technology and Innovation.

The AI Law is expected to be further operationalised through implementing instruments, most notably a draft decree guiding the AI Law, and draft decision of the prime minister identifying high-risk AI systems (both published in February 2026). A decision establishing priority datasets for AI development is also anticipated.

Compliance obligations may also arise under sectoral regulatory regimes, including data protection, cybersecurity, banking, consumer protection, e-commerce and intellectual property, particularly where AI systems are used in automated decision-making or data-driven services.

Technical standards and non-binding guidelines. Vietnam’s AI governance framework is also supported by technical standards and voluntary guidelines. A key instrument is decision No.1290/QD-BKHCN (2024), providing guidelines for responsible research and development of AI systems, and represents Vietnam’s first national AI ethics code. The Ministry of Science and Technology (MST) encourages organisations to adopt these principles – though they are not legally binding – to promote responsible AI development.

Vietnam has also begun incorporating international AI technical standards into its national standards system. While these standards are not legally binding unless incorporated into legislation or National Technical Regulations, they provide guidance on AI terminology, lifecycle management, robustness, governance frameworks and machine learning systems, helping align Vietnam’s AI governance ecosystem with international standards.

Regulation under AI Law

Scope of application. The AI Law applies to Vietnamese organisations and individuals, as well as foreign entities engaging in AI-related activities in Vietnam, but excludes those solely for national defence, security and cryptography purposes.

A defining feature of the AI Law is regulating by role rather than by industry, distinguishing between:

1. 1. Developers who design, build, train, test or fine-tune AI models and control technical methods, training data or model parameters;
   2. Providers who place AI systems on the market or put them into use under their own name;
   3. Deployers who use AI systems under their control in professional or commercial activities;
   4. Users who interact with AI systems or rely on their outputs; and
   5. Affected persons whose lawful rights or interests may be directly or indirectly impacted by the deployment or outputs of AI systems.

Risk-based classification as first compliance gate. At AI Law’s core is a regulatory model in which AI systems are classified as high, medium or low risk.

1. 1. High risk: AI systems that may cause significant harm to life, health, lawful rights and interests, or national and public interests. The prime minister will issue a list identifying such systems. The draft AI decree also allows exclusions, including systems used for technical data processing, internal operations, controlled research environments or advisory purposes with human oversight. But systems posing significant risks to national security or public order may be designated as high risk.
   2. Medium risk: AI systems that may confuse or influence users where they cannot recognise that they are interacting with AI-generated content or an AI system. Certain systems are excluded, including those performing purely technical editing or used in clearly fictional contexts such as filmmaking or gaming, unless they simulate real persons or events for commercial, financial or political purposes.
   3. Low risk: All remaining systems. This classification framework functions as the primary gateway to compliance, determining whether obligations such as classification notification, conformity assessment and other governance requirements apply. Providers are responsible for initial classification prior to deployment, while deployers must reassess classification if the system is materially modified or used in a different context.

Governance based on risk levels

1. 1. High-risk AI systems. Classification as high risk triggers extensive governance obligations across the AI lifecycle.
      1. 1. Risk notification: Providers must notify the MST of classification results through the national AI portal before deployment.
         2. Conformity assessment: Certain high-risk systems must undergo conformity assessment before deployment and after significant modifications, through either third-party certification or provider self-assessment depending on regulatory requirements.
         3. Transparency obligation: Providers must ensure users can recognise when they are interacting with AI systems and AI-generated content is clearly labelled. Deployers must disclose when AI-generated or edited content is made public.
         4. Incident management: Developers, providers, deployers and users must ensure system safety and address incidents promptly. Serious incidents need remedial measures and competent authorities must be notified.
         5. Local presence for foreign providers: Foreign providers supplying high-risk AI systems must establish a lawful contact point in Vietnam, and in certain cases maintain a commercial presence or authorised representative.
         6. Lifecycle governance obligations: High-risk systems are subject to ongoing obligations relating to risk management, data governance, documentation, human oversight and regulatory co-operation.
   2. Medium-risk and low-risk AI systems. As with high-risk systems, providers of medium-risk systems are required to conduct risk classification and submit corresponding notification to the MST.

Providers and deployers must comply with transparency obligations and be prepared, on request, to explain the system’s purpose, operation, key input data and risk management measures, without being required to disclose source code, detailed algorithms or other trade secrets. Deployers are also responsible for explaining system operation, risk controls, incident handling measures and safeguards for the lawful rights and interests of affected persons.

Low-risk AI systems, by contrast, are subject to a largely post-hoc oversight model. Providers and deployers are only required to account for such systems when there are indications of legal violations or adverse impacts on lawful rights or interests, while users remain free to use low-risk systems for lawful purposes at their own responsibility.

Regulatory requirements

In addition to governance under the AI Law, several sector-specific regulations impose additional requirements on deployment and use of AI in regulated industries.

In banking and finance, the State Bank of Vietnam has issued a draft circular on safety and risk management for AI deployment. Financial institutions must complete pre-deployment procedures, including risk classification documentation, information security testing, impact assessments for high-risk systems, and operational safety plans covering monitoring and incident response. The draft also introduces transparency requirements and prohibits using AI to exploit customer vulnerabilities or promote unsuitable financial products.

Under consumer protection, operators of large digital platforms must periodically assess and report their use of AI technologies and provide information to competent authorities for regulatory supervision.

In e-commerce, the Law on E-Commerce requires transparency where algorithms or AI-based recommendation systems are used to rank or display goods on digital marketplaces. Platforms must disclose the main criteria used by these algorithms and allow users to enable or disable such features.

For data protection, AI-related data processing is governed by the Law on Personal Data Protection. Organisations using personal data for AI training or analytics must ensure processing occurs for legitimate purposes and implement safeguards such as access controls, encryption and compliance with data subject rights and cross-border transfer requirements. The Data Law further establishes principles governing data management, sharing, and infrastructure relevant to AI development.

Outlook

Vietnam has taken a significant step towards establishing a comprehensive legal framework for AI governance. While the AI Law provides the foundational regulatory structure, several implementing instruments remain under development and will further clarify compliance obligations.

As Vietnam’s digital economy expands, the regulatory approach is likely to evolve towards a more integrated governance model combining AI-specific regulations, sectoral oversight, and internationally aligned technical standards. Organisations deploying AI systems should therefore closely monitor regulatory developments and strengthen internal governance, risk management and transparency practices to prepare for the next phase of AI regulation.

Tilleke & Gibbins
789 Office Building, 9th Floor, 147 Hoang Quoc Viet Street
Nghia Do Ward, Hanoi, Vietnam
Tel: +84 24 3772 6688
Viettel Tower A, 25th Floor, Suite 2506, 285 Cach Mang Thang Tam
Hoa Hung Ward, Ho Chi Minh City, Vietnam
Tel: +84 28 6284 5678
Email: vietnam@tilleke.com

Back to top