Peru's AI Law Deadline Hits 6 Sectors Sept 10 | TLY

AI Regulation Tracker  /  Regulation deadline

Peru Sets September 10, 2026 AI Compliance Deadline for Six Priority Sectors

Peru's implementing regulation for its AI law (DS 115-2025-PCM) is in force and gives firms in health, education, justice, security, economy and finance until September 10, 2026 to meet risk-based AI obligations. US companies with Peruvian operations in those sectors are in scope.

Peru Sets September 10, 2026 AI Compliance Deadline for Six Priority Sectors regulation briefing
The Leveraged Years AI Regulation Tracker

Peru has moved from an AI statute to an enforceable rulebook with a dated compliance deadline, putting it among the first countries in Latin America to reach that stage, according to regional legal analyses. The regulation implementing Law 31814, approved by Decreto Supremo 115-2025-PCM, entered into force on January 22, 2026. It sets the first hard deadline for September 10, 2026, and that deadline lands on the sectors where AI decisions carry the most weight.

What the regulation requires

The rule promotes AI use for economic and social development, but it attaches conditions. It runs on a risk-based model that sorts systems by the harm they can cause. Systems judged high-risk face stricter duties than those in lower tiers, and uses with the potential for irreversible, significant harm to fundamental rights are prohibited outright. The core obligations center on three things: algorithmic transparency, protection of personal data, and respect for copyright and intellectual property across how AI is built and used.

For high-risk systems, transparency has a concrete meaning. The operator must inform the user in advance, clearly and simply, about the purpose and use of the AI system. The regulation also requires human oversight for decisions that affect health, education, justice, finance and other essential services, and it requires records of a system's logic, its data sources, and its expected social and ethical impacts. Non-discrimination, privacy and security run through the framework as governing principles.

Who has to act, and by when

The September 10, 2026 deadline covers public entities and private firms operating AI in six priority sectors: health, education, justice, security, economy and finance. Any AI use not otherwise scheduled also falls under that same 2026 date. The regulation then phases in the rest of the economy. Transport, commerce and labor have until September 10, 2027. Production, agriculture, energy and mining have until September 10, 2028. The staggering gives lower-priority sectors more runway, but it gives the six named sectors none to spare.

That sequencing is a signal in itself. Peru put the sectors that handle patients, students, court matters, public safety and money first. These are the same domains where AI errors are hardest to reverse and where regulators worldwide are concentrating attention.

What it does not do

The regulation is not a ban on AI, and it is not a technical certification scheme. It does not prohibit particular models or set numerical accuracy thresholds. It does not replace Peru's existing personal-data protection regime; it leans on it. And the September 10 deadline is a compliance milestone for covered entities, not a promise of immediate penalty enforcement across every use case. What it does do is make the risk classification, documentation and transparency duties operative, so that a firm running AI in a priority sector without them is out of step with a binding rule rather than a draft proposal.

The cross-border angle for US readers

This is not a distant development for US compliance teams. A US company with Peruvian operations in any of the six priority sectors, a hospital group, a lender, an insurer, an education provider or a security contractor, is in scope and on the same September 10, 2026 clock as a domestic firm. The model will also look familiar. Peru's risk-based, transparency-first structure echoes the European approach rather than the lighter-touch, principles-based route some regulators favor. For US firms tracking where global AI regulation is heading, Peru is a useful data point: a mid-size economy that has already converted an AI law into an enforceable regulation with real dates attached, and it did so quickly.

What to do this quarter

The practical work is inventory and classification. Firms should list the AI systems touching their Peruvian operations, decide which sit in the six priority sectors, and grade each by risk. High-risk systems need the fuller package: advance user notice, human oversight of consequential decisions, and a documentation file covering logic, data sources and impact. Building that record before September 10 puts a firm in a defensible position, and much of the same work transfers to other jurisdictions moving in the same direction.

Frequently Asked Questions

What changed with Peru's AI regulation?

The regulation implementing Law 31814, approved by Decreto Supremo 115-2025-PCM, entered into force on January 22, 2026. It applies a risk-based framework to AI and sets a first compliance deadline of September 10, 2026 for six priority sectors, covering algorithmic transparency, personal-data protection and copyright safeguards.

Who is affected and by when?

Public entities and private firms using AI in health, education, justice, security, economy and finance must comply by September 10, 2026. Transport, commerce and labor follow in 2027; production, agriculture, energy and mining in 2028. US firms with Peruvian operations in the 2026 sectors are included.

What are the main obligations for high-risk AI systems?

Operators must give users advance, clear notice of a system's purpose and use, maintain human oversight of decisions affecting health, education, justice, finance and essential services, and keep records of the system's logic, data sources and expected social and ethical impacts, all within a risk-based model.

Does the regulation ban AI or set accuracy thresholds?

No. It promotes AI use while imposing conditions. It prohibits only uses that risk irreversible, significant harm to fundamental rights, and it sets transparency, oversight and documentation duties rather than numerical accuracy thresholds or a blanket ban on specific models.

Browse the full AI Regulation News tracker

Informational analysis for working professionals, not legal advice. Confirm how any rule applies to your situation with qualified counsel.