African Union
The African Union's Continental AI Strategy sets the stage for a unified approach to AI governance across the continent.
Artificial intelligence (AI) has made enormous strides in recent years and has increasingly moved into the public consciousness.
Subscribe
We encourage you to subscribe to receive AI-related updates.
Explore Trendscape Our take on the interconnected global trends that are shaping the business climate for our clients.
Increases in computational power, coupled with advances in machine learning, have fueled the rapid rise of AI. This has brought enormous opportunities, as new AI applications have given rise to new ways of doing business. It has also brought potential risks, from unintended impacts on individuals (e.g., AI errors harming an individual's credit score or public reputation) to the risk of misuse of AI by malicious third parties (e.g., by manipulating AI systems to produce inaccurate or misleading output, or by using AI to create deepfakes).
Governments and regulatory bodies around the world have had to act quickly to try to ensure that their regulatory frameworks do not become obsolete. In addition, international organizations such as the G7, the UN, the Council of Europe and the OECD have responded to this technological shift by issuing their own AI frameworks. But they are all scrambling to stay abreast of technological developments, and already there are signs that emerging efforts to regulate AI will struggle to keep pace. In an effort to introduce some degree of international consensus, the UK government organized the first global AI Safety Summit in November 2023, with the aim of encouraging the safe and responsible development of AI around the world. The EU is also implementing the first comprehensive horizontal legal framework for the regulation of AI systems across EU Member States (the EU AI Act is addressed in more detail here: AI watch: Global regulatory tracker - European Union, and you can read our EU AI Act Handbook here).
Most jurisdictions have sought to strike a balance between encouraging AI innovation and investment, while at the same time attempting to create rules to protect against possible harms. However, jurisdictions around the world have taken substantially different approaches to achieving these goals, which has in turn increased the risk that businesses face from a fragmented and inconsistent AI regulatory environment. Nevertheless, certain trends are becoming clearer at this stage:
Businesses in almost all sectors need to keep a close eye on these developments to ensure that they are aware of the AI regulations and forthcoming trends, in order to identify new opportunities and new potential business risks. But even at this early stage, the inconsistent approaches each jurisdiction has taken to the core questions of how to regulate AI is clear. As a result, it appears that international businesses may face substantially different AI regulatory compliance challenges in different parts of the world. To that end, this AI Tracker is designed to provide businesses with an understanding of the state of play of AI regulations in the core markets in which they operate. It provides analysis of the approach that each jurisdiction has taken to AI regulation and provides helpful commentary on the likely direction of travel.
Because global AI regulations remain in a constant state of flux, this AI Tracker will develop over time, adding updates and new jurisdictions when appropriate. Stay tuned, as we continue to provide insights to help businesses navigate these ever-evolving issues.
The African Union's Continental AI Strategy sets the stage for a unified approach to AI governance across the continent.
Voluntary AI Ethics Principles guide responsible AI development in Australia, with potential reforms under consideration.
The enactment of Brazil's proposed AI Regulation remains uncertain with compliance requirements pending review.
AIDA expected to regulate AI at the federal level in Canada but provincial legislatures have yet to be introduced.
The Interim AI Measures is China's first specific, administrative regulation on the management of generative AI services.
Despite congressional activity on AI in Colombia, regulation remains unclear and uncertain.
The Council of Europe is developing a new Convention on AI to safeguard human rights, democracy, and the rule of law in the digital space covering governance, accountability and risk assessment.
The successful implementation of the EU AI Act into national law is the primary focus for the Czech Republic, with its National AI Strategy being the main policy document.
The EU introduces the pioneering EU AI Act, aiming to become a global hub for human-centric, trustworthy AI.
France actively participates in international efforts and proposes sector-specific laws.
The G7's AI regulations mandate Member States' compliance with international human rights law and relevant international frameworks.
Germany evaluates AI-specific legislation needs and actively engages in international initiatives.
Hong Kong lacks comprehensive AI legislative framework but is developing sector-specific guidelines and regulations, and investing in AI.
National frameworks inform India’s approach to AI regulation, with sector-specific initiatives in finance and health sectors.
Israel promotes responsible AI innovation through policy and sector-specific guidelines to address core issues and ethical principles.
Japan adopts a soft law approach to AI governance but lawmakers advance proposal for a hard law approach for certain harms.
Kenya's National AI Strategy and Code of Practice expected to set foundation of AI regulation once finalized.
Nigeria's draft National AI Policy underway and will pave the way for a comprehensive national AI strategy.
Position paper informs Norwegian approach to AI, with sector-specific legislative amendments to regulate developments in AI.
The OECD's AI recommendations encourage Member States to uphold principles of trustworthy AI.
Saudi Arabia is yet to enact AI Regulations, relying on guidelines to establish practice standards and general principles.
Singapore's AI frameworks guide AI ethical and governance principles, with existing sector-specific regulations addressing AI risks.
South Africa is yet to announce any AI regulation proposals but is in the process of obtaining inputs for a draft National AI plan.
South Korea's AI Act to act as a consolidated body of law governing AI once approved by the National Assembly.
Spain creates Europe's first AI supervisory agency and actively participates in EU AI Act negotiations.
Switzerland's National AI Strategy sets out guidelines for the use of AI, and aims to finalize an AI regulatory proposal in 2025.
Draft laws and guidelines are under consideration in Taiwan, with sector-specific initiatives already in place.
Turkey has published multiple guidelines on the use of AI in various sectors, with a bill for AI regulation now in the legislative process.
Mainland UAE has published an array of decrees and guidelines regarding regulation of AI, while the ADGM and DIFC free zones each rely on amendments to existing data protection laws to regulate AI.
The UK prioritizes a flexible framework over comprehensive regulation and emphasizes sector-specific laws.
The UN's new draft resolution on AI encourages Member States to implement national regulatory and governance approaches for a global consensus on safe, secure and trustworthy AI systems.
The US relies on existing federal laws and guidelines to regulate AI but aims to introduce AI legislation and a federal regulation authority.
Voluntary AI Ethics Principles guide responsible AI development in Australia, with potential reforms under consideration.
Australia has not yet enacted any wide-reaching AI technology-specific statutes or regulations.
To date, technology-specific responses to AI have resulted in voluntary guidance only:
In recent years, the Australian Government has conducted a number of public consultations and reviews as it considers how best to approach AI Regulation:
There are no AI technology-specific statutes or regulations in Australia.
It remains to be seen whether Australia will pursue technology-specific regulation at all. For now, existing laws including the laws outlined immediately below are considered technology-neutral and applicable to development, deployment and end-use of AI in Australia.
A non-exhaustive list of these laws affecting development, deployment and/or use of AI in Australia include:
Notably, obligations arising under the Privacy Act 1988 and the Australian Privacy Principles (APPs) apply to any personal information input into an AI system, as well as the output data generated by AI (where it contains personal information).11 The Privacy and Other Legislation Amendment Act 2024 introduced an additional privacy policy disclosure obligation where: (i) automated decision making is deployed by a regulated entity and that decision could significantly affect the rights or interests of an individual; and (ii) personal information about the individual is used in the operation of the computer program to make the decision or do the thing that is substantially and directly related to making the decision.
The Federal Government had also proposed the Communications Legislation Amendment (Combatting Misinformation and Disinformation) Bill, which was tabled in September 2024. This was intended to provide the Australian Communications and Media Authority (ACMA) with regulatory powers to combat online misinformation and disinformation, extending to content on digital platforms that are generated by AI. However, this Bill was later withdrawn, in part due to a lack of bipartisan support.12
Since Australia has not enacted AI technology-specific legislation, there is no single legal definition of AI adopted or used consistently across statutes or regulations.
The Voluntary AI Standard does not define AI; however, it does define "safe and responsible AI" as requiring that "AI should be designed, developed, deployed and used in a way that is safe. Its use should be human-centered, trustworthy and responsible. AI systems should be developed and used in a way that provides benefits while minimizing the risk of negative impact to people, groups, and wider society."
There are presently a limited number of laws that make clear reference to AI, notably:
In recent compliance guidance materials (discussed below), the Office of the Australian Information Commissioner (OAIC) has adopted from the OECD the following definition of AI as: "a machine-based system that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments. Different AI systems vary in their levels of autonomy and adaptiveness after deployment."
As part of its public consultation processes, the Australian Government has sought feedback on whether it should implement a principles-based approach or a list-based approach (as adopted in the EU and Canada) to define "high-risk AI".
As noted above, there are no AI technology-specific statutes or regulations in Australia akin to wide-reaching legislation such as the European Union's AI Act.
The pre-existing laws outlined above are domestic legislation, but in some circumstances have extraterritorial effect, they will also have extraterritorial effect. For example,
As noted above, there are no wide-reaching AI technology-specific statutes or regulations in Australia. To date, the focus of the Consultation, Interim Response and Proposals Paper has not been sector-specific, and it is expected that any AI-specific regulations will apply across all sectors of the Australian economy.
Sector-specific guidance has been issued by some federal regulators. For example:
As noted above, and in the absence of AI technology-specific regulation, an entity or individual's compliance obligations under Australian law generally continue to apply on a technology-neutral basis.
AI developers and users should also note that the proposed mandatory AI guardrails impose compliance requirements on Australian organizations. These requirements include: (i) establishing internal governance protocols to ensure compliance with the guardrails; (ii) maintaining records to enable third parties to assess compliance; and (iii) undertaking conformity assessments in order to certify compliance with the guardrails.
While voluntary, the AI Ethics Principles are designed to ensure AI is "safe, secure and reliable" by: (i) achieving safer, more reliable and fairer outcomes for all Australians; (ii) reducing the risk of negative impact on those affected by AI applications; and (iii) assisting businesses and governments to practice the highest ethical standards when designing, developing and implementing AI. By implementing the AI Ethics Principles, as well as the Voluntary AI Safety Standard which seeks to address similar issues, businesses can begin to develop the practices needed for future AI regulatory environments.
The proposed mandatory guardrails (the future of which remains unclear at this point in time) would seek to set clear regulatory expectations from the Australian Government on the safe and responsible use of AI. They focus on providing Australian businesses with: (i) greater regulatory certainty over the AI landscape; (ii) mechanisms to mitigate risks and harms associated with AI; and (iii) public trust in the development and deployment of AI in Australia in high-risk settings.
Specific laws, including the provisions under the Online Safety Act for high-impact generative AI internet services and the disclosure obligations for automated decision-making under the Privacy Act are more targeted at certain use cases for AI technologies.
As noted above, there are no specific statutes or regulations in Australia that directly regulate AI and currently no classification of AI systems based on risk.
In the Interim Response, the Australian Government indicated that it would adopt a risk-based framework to AI regulation, meaning the regulatory requirements will be commensurate to the level of risk posed by the specific use, deployment or development of AI where, for example, higher risk AI applications will likely include uses that may result in negative impacts for people that are difficult or impossible to reverse.
This risk-based framework is further reflected in the Proposals Paper, which outlines a risk-based approach for possible mandatory AI guardrails enforced in Australia. If the Government were to proceed with implementing mandatory AI guardrails, it would consider: (i) the levels of risk and key attributes of identified risks; and (ii) the balance of ex ante (preventative) and ex post (remedial) regulatory measures to successfully mitigate against identified risks.
In addition, specific risk categories were identified in the Proposals Paper:
As noted above, there are no specific statutes or regulations in Australia that directly regulate AI. The voluntary AI Ethics Principles identify the following broad principles for ensuring safe, secure and reliable AI:
The Voluntary AI Safety Standard identifies the following principles for ensuring safe, secure and reliable AI:
The Proposals Paper suggested transitioning from the current voluntary AI guardrails, as outlined in the Voluntary AI Safety Standard, to mandatory guardrails. If mandatory guardrails were enacted (which remains unclear at this stage) organizations developing or deploying high-risk AI systems would be required to adhere to the first nine voluntary guardrails listed above, with the tenth proposed mandatory guardrail (Conformity Assessments) differing from the tenth voluntary guiderail, emphasizing ongoing stakeholder engagement to evaluate stakeholders' needs and circumstances based on safety, diversity, inclusion and fairness.
The Proposal Paper and its mandatory guardrails have been developed based on AI regulations enforced in Canada and Europe, specifically the Artificial Intelligence and Data Act in Canada and the EU AI Act in Europe.
There is currently no AI specific regulator in Australia.
Existing federal regulators, including the OAIC, the eSafety Commissioner (who oversees the Online Safety Act), ASIC, and the ACCC are all very active regulators in the Australian marketplace and, as outlined above, have demonstrated a willingness to provide compliance guidance in the absence of AI technology-specific legislation.
As noted above, there is no AI technology-specific statutes or regulations in Australia.
The use, deployment or development of AI may be subject to enforcement and penalties if it breaches other, non-AI specific statutes and regulations.
For example, maximum penalties for breaches of the Privacy Act – which now includes the automated decision-making disclosure obligations outlined above – can be up to $3.3 million for an interference with privacy and $333,000 where an infringement notice is issued for a specific breach of the Australian Privacy Principles.
1 See the AI Ethics Principles (2019) here.
2 See the Voluntary AI Safety Standard here.
3 See the Consultation discussion paper here.
4 See the Interim Response here.
5 See the Proposals Paper here.
6 See the ACCC's report "Digital platform services inquiry" (March 2025) here.
7 See Productivity Commission's report "Harnessing data and digital technology" here.
8 See the Online Safety Act 2021 here.
9 You can read Australian Competition and Consumer Commission v Trivago N.V. [2020] FCA 16 here.
10 See the Corporations Act 2001 here.
11 See the Privacy Act 1988 here.
12 See the press release for the Communications Legislation Amendment (Combatting Misinformation and Disinformation) Bill 2024 here.
13 See OAIC guidance on privacy and the use of commercially available AI products here.
14 See OAIC guidance on privacy and developing and training generative AI models here.
15 See ASIC's report "Beware the gap: Governance arrangements in the face of AI innovation" (October 2024) here.
16 See the Australian Institute of Company Director's guidance, "A Director's Gude to AI Governance" here.
White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.
This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.
© 2025 White & Case LLP