AI Regulation Tracker / Regional hub
Asia-Pacific AI Regulation Tracker
The AI laws, rules and enforcement across Asia-Pacific that change what a professional must do, organized by country. We update this as new rules land.
China
- China's rules for human-like AI companionsFiling, AI-nature disclosure and safeguards for companion and emotional chatbots, effective July 15.
Taiwan
- Taiwan's AI Basic ActSeven principles; high-risk duties left to sector regulators.
- FSC AI guidelines for financeLifecycle AI governance for banks, insurers and securities firms.
- Banking AI standardA named senior officer must own the AI; disclose human-or-machine.
- Insurer AI self-regulationExplainability and fair-treatment duties on underwriting and claims AI.
- Robo-advisors into statutory rulesA higher capital floor and large fines for automated advice.
- New data authority for AIAmended PDPA and an independent Personal Data Protection Commission.
- TFDA rules for diagnostic AINew validation criteria for CADe and CADx medical devices.
- Courts use AI, you must verifyAI output may not be the sole basis for a decision.
- Draft AI-in-hiring rulesNotice, a final human decision and an explainable result.
- Coming AI-content labeling dutyAn emerging duty to label AI output and disclose the bot.
Japan
- AI Promotion ActNo fines, but a comply-or-explain disclosure and public-naming risk.
- AI Business Guidelines v1.2Governance for AI agents and physical AI.
- FSA on AI adviceThe suitability and explanation duty survives autonomous AI advice.
- Article 30-4 training limitsFree-to-train has real carve-outs for rights-holders.
- Data bill: statistical-processing laneAn AI-training lane, with tighter profiling rules.
- Bar's five AI rules for lawyersVerify output, protect confidentiality, watch Article 72.
- Patent attorney AI warningPasting an invention into AI can breach confidentiality and novelty.
- IDATEN for learning medical AIA pre-agreed change plan and post-market monitoring.
- METI AI contract checklistA template to allocate AI liability, IP and indemnity.
- DS-920 for government AIProcurement and use rules for generative AI in government.
South Korea
- Foreign AI firms name an agentLarge foreign providers must appoint a Korea-based representative.
- AI-generated content labelsWatermark or metadata, plus a deepfake notice.
- High-impact AI dutiesAI in loans, hiring and care owes an explanation and human oversight.
- Draft financial-AI codeA named human would own every AI credit decision.
- Automated-decision rightsPeople can refuse, and get an explanation and human re-review.
- Generative-AI privacy rulebookWhen training on public data is legal, plus the DeepSeek order.
- Generative-AI medical devicesAn approval pathway for generative-AI medical devices.
- AI hiring as high-impactDisclose-and-justify, with a hiring-law amendment planned.
- Court sanctions proposalCost-shifting and bar referral for AI-fabricated citations.
- Election deepfake banA 90-day ban and AI-content labels outside it.
Vietnam
- Law on AI: risk tiersClassify every system by risk; high-risk faces conformity certs.
- Privacy law AI opt-outA right to object to automated decisions and profiling.
- Decree 356 reworks privacyNew impact-assessment duties, a DPO role and transfer steps.
- Draft AI banking rulesHuman review of challenged AI decisions; a 24-hour incident report.
- Fintech AI sandboxAI credit scoring runs only inside a State Bank sandbox.
- Decree 147: real names, takedownsReal-name verification and rapid takedowns.
- Data Law export gateState approval before core data leaves the country.
- Chatbot disclosure dutyYour support bot must let users know it is AI.
- Generative-AI transparencyWatermark AI content and disclose training data.
- Draft medical-data rulesAI use of patient data would need authorization.
Indonesia
- Court widens the DPO mandateAny single trigger now requires a data protection officer.
- AI credit-scoring licensingA license, a capital floor, and data localization.
- Draft AI-content labelingA coming platform duty to label AI content (not yet in force).
- Draft hospital-AI oversightValidation before hospital algorithms are used.
- Automated-decision and DPIAObject to solely-automated decisions; run a DPIA for high-risk AI.
- OJK AI governance for banksA six-stage lifecycle benchmarked to the EU AI Act.
- Privacy duties, no enforcer yetDuties are live but the data-protection agency does not exist.
- Draft AI risk tiersEU-style tiers, framed as carrying no sanctions of their own.
- ITE Law AI backstopThe instrument that governs AI content and deepfakes today.
- P2P lending credit checksA stronger duty to assess credit and disclose funding risk.
Australia
- APRA CPS 230 AI vendor riskCritical AI and cloud vendors are now material service providers.
Sponsored Training
Informational analysis for working professionals, not legal advice. Confirm how any rule applies to your situation with qualified counsel.