Photo of Xuezi Dan

Xuezi Dan

Xuezi Dan is an associate in the firm’s Beijing office. Her practice focuses on regulatory compliance, with a particular focus on data privacy and cybersecurity. Xuezi helps clients understand and navigate the increasingly complex privacy regulatory issues in China.

She also has experience advising clients on general corporate and antitrust matters.

With the rapid evolution of artificial intelligence (AI) technology, the regulatory frameworks for AI in the Asia–Pacific (APAC) region continue to develop quickly. Policymakers and regulators have been prompted to consider either reviewing existing regulatory frameworks to ensure their effectiveness in addressing emerging risks brought by AI, or proposing new, AI-specific rules or regulations. Overall, there appears to be a trend across the region to promote AI uses and developments, with most jurisdictions focusing on high-level and principle-based guidance. While a few jurisdictions are considering regulations specific to AI, they are still at an early stage. Further, privacy regulators and some industry regulators, such as financial regulators, are starting to play a role in AI governance.

This blog post provides an overview of various approaches in regulating AI and managing AI-related risks in the APAC region.  

  • AI-Specific Laws and Regulations

Several jurisdictions in the region are moving toward AI-specific regulations, including the People’s Republic of China (hereinafter referred to as China), South Korea, and Taiwan.

  • China has been most active in shaping regulations specific to generative AI technologies since 2023. It has taken a multifaceted approach that combines AI-specific regulations, national standards and technical guidance to govern generative AI services and the regulatory focus has been on services that are provided to the public in China. The Interim Administrative Measures for Generative Artificial Intelligence Services represent a milestone as the first comprehensive regulation specifically addressing generative AI services (a summary of this regulation can be found in our previous post here). Several non-binding technical documents and national standards have been issued or are being drafted to further implement this regulation. Prior to the regulation that specifically addresses generative AI services, China had issued regulations for deep synthesis and algorithmic recommendations. Further, China promulgated rules on conducting an ethical review of scientific activities involving generative AI.
  • Beyond a few provisions on narrow aspects scattered in other regimes, South Korea does not presently have a comprehensive AI-specific regulatory framework. Proposed in early 2023, the draft Act on Fostering the AI Industry and Securing Trustworthy AI remains currently pending before the National Assembly. If enacted, it would set out the first comprehensive legislative framework governing the usage of AI in South Korea, generally reflecting an approach that would permit AI usage and developments subject to subsequent safeguards if and as needed. In parallel, the Personal Information Protection Commission (PIPC) has been advocating for a flexible approach to AI based on self-regulation, with support from the PIPC. Furthermore, the Korean Fair Trade Commission (KFTC) will soon start a detailed study to identify potential AI-induced risks in terms of consumer protection as well as unfair or anti-competitive practices, which might result in KFTC-supervised self-regulation of certain AI aspects through industry codes of conduct supplemented by a set of guidelines on AI, or even proposed legislation or amendments to existing consumer protection or antitrust rules. 
  • Similarly, Taiwan is drafting a basic law governing AI, i.e., the Basic Law for Development of Artificial Intelligence, which will set out fundamental principles for AI development and for the government to promote the development of AI technologies. However, it is still uncertain whether and when Taiwan will pass this draft law.
  • Non-binding AI Principles and Guidelines

Continue Reading Overview of AI Regulatory Landscape in APAC

On September 28, 2023, the Cyberspace Administration of China (“CAC”) issued draft Provisions on Standardizing and Promoting Cross-Border Data Flows (Draft for Comment) (规范和促进数据跨境流动规定(征求意见稿)) (draft “Provisions”) (Chinese version available here) for a public consultation, which will conclude on October 15, 2023. 

The draft Provisions propose

Continue Reading China Proposes Significant Changes to Cross-Border Transfer Rules

On April 11, 2023, the Cyberspace Administration of China (“CAC”) released draft Administrative Measures for Generative Artificial Intelligence Services (《生成式人工智能服务管理办法(征求意见稿)》) (“draft Measures”) (official Chinese version available here) for public consultation.  The deadline for submitting comments is May 10, 2023.

The draft Measures would regulate generative Artificial Intelligence (“AI”) services that are “provided to the public in mainland China.”  These requirements cover a wide range of issues that are frequently debated in relation to the governance of generative AI globally, such as data protection, non-discrimination, bias and the quality of training data.  The draft Measures also highlight issues arising from the use of generative AI that are of particular concern to the Chinese government, such as content moderation, the completion of a security assessment for new technologies, and algorithmic transparency.  The draft Measures thus reflect the Chinese government’s objective to craft its own governance model for new technologies such as generative AI.

Further, and notwithstanding the requirements introduced by the draft Measures (as described in greater detail below), the text states that the government encourages the (indigenous) development of (and international cooperation in relation to) generative AI technology, and encourages companies to adopt “secure and trustworthy software, tools, computing and data resources” to that end. 

Notably, the draft Measures do not make a distinction between generative AI services offered to individual consumers or enterprise customers, although certain requirements appear to be more directed to consumer-facing services than enterprise services.Continue Reading China Proposes Draft Measures to Regulate Generative AI

On March 7, 2023, during the annual National People’s Congress (“NPC”) sessions, China’s State Council revealed its plan to establish a National Data Bureau (NDB) as part of a broader reorganization of government agencies. The plan is being deliberated by the NPC and is expected to be finalized soon. 

According to the draft plan, the new National Data Bureau will be a deputy ministry-level agency under the National Development and Reform Commission (“NDRC”), China’s main economic planning agency that is in charge of industrial policies.  The new bureau will be responsible for, among other areas, “coordinating the integration, sharing, development, and utilization of data resources,” and “pushing forward the planning and building of a Digital China, a digital economy, and a digital society.” 

The plan specifies the new agency will take over certain portfolios currently managed by the Communist Party’s Central Cyberspace Affairs Commission (the party organ that supervises the Cyberspace Administration of China, “CAC”) and the NDRC. Specifically, the NDB will assume responsibility for “coordinating the development, utilization, and sharing of important national data resources, and promoting the exchange of data resources across industries and across departments,” a function currently performed by CAC.  The NDB will also absorb the NDRC teams responsible for promoting the development of the digital economy and implementing the national “big data” strategy.Continue Reading China Reveals Plan to Establish a National Data Bureau

In addition to the two developments we reported on in our last blog post, on July 7, 2022, the long-waited, final version of the Measures for Security Assessment of Cross-border Data Transfer (《数据出境安全评估办法》, “Measures”) were released by the Cyberspace Administration of China (“CAC”).  With a

Continue Reading China Releases Measures for a Security Assessment of Cross-Border Data Transfers To Take Effect in September 2022

After more than seven months since China’s Personal Information Protection Law (《个人信息保护法》, “PIPL”) went into effect, Chinese regulators have issued several new (draft) rules over the past few days to implement the cross-border data transfer requirements of the PIPL.  In particular, Article 38 of the PIPL sets out three legal mechanisms for lawful transfers of personal information outside of China, namely: (i) successful completion of a government-led security assessment, (ii) obtaining certification under a government-authorized certification scheme, or (iii) implementing a standard contract with the party(-ies) outside of China receiving the data.  The most recent developments in relation to these mechanisms concern the standard contract and certification.

Chinese Government Issues Draft SCCs

On June 30, 2022, the Cyberspace Administration of China (“CAC”) released draft Provisions on the Standard Contract for the Cross-border Transfers of Personal Information (《个人信息出境标准合同规定(征求意见稿)》, “Draft Provisions”) for public consultation.  The full text of the Draft Provisions can be found here (currently available only in Mandarin Chinese).  The public consultation will end on July 29, 2022.Continue Reading Cross-border Data Transfer Developments in China