Australia
Voluntary AI Ethics Principles guide responsible AI development in Australia, with potential reforms under consideration.
Artificial intelligence (AI) has made enormous strides in recent years and has increasingly moved into the public consciousness.
Increases in computational power, coupled with advances in machine learning, have fueled the rapid rise of AI. This has brought enormous opportunities, as new AI applications have given rise to new ways of doing business. It has also brought potential risks, from unintended impacts on individuals (e.g., AI errors harming an individual's credit score or public reputation) to the risk of misuse of AI by malicious third parties (e.g., by manipulating AI systems to produce inaccurate or misleading output, or by using AI to create deepfakes).
Governments and regulatory bodies around the world have had to act quickly to try to ensure that their regulatory frameworks do not become obsolete. In addition, international organizations such as the G7, the UN, the Council of Europe and the OECD have responded to this technological shift by issuing their own AI frameworks. But they are all scrambling to stay abreast of technological developments, and already there are signs that emerging efforts to regulate AI will struggle to keep pace. In an effort to introduce some degree of international consensus, the UK government organized the first global AI Safety Summit in November 2023, with the aim of encouraging the safe and responsible development of AI around the world.
Most jurisdictions have sought to strike a balance between encouraging AI innovation and investment, while at the same time attempting to create rules to protect against possible harms. However, jurisdictions around the world have taken substantially different approaches to achieving these goals, which has in turn increased the risk that businesses face from a fragmented and inconsistent AI regulatory environment. Nevertheless, certain trends are becoming clearer at this stage:
Businesses in almost all sectors need to keep a close eye on these developments to ensure that they are aware of the AI regulations and forthcoming trends, in order to identify new opportunities and new potential business risks. But even at this early stage, the inconsistent approaches each jurisdiction has taken to the core questions of how to regulate AI is clear. As a result, it appears that international businesses may face substantially different AI regulatory compliance challenges in different parts of the world. To that end, this AI Tracker is designed to provide businesses with an understanding of the state of play of AI regulations in the core markets in which they operate. It provides analysis of the approach that each jurisdiction has taken to AI regulation and provides helpful commentary on the likely direction of travel.
Because global AI regulations remain in a constant state of flux, this AI Tracker will develop over time, adding updates and new jurisdictions when appropriate. Stay tuned, as we continue to provide insights to help businesses navigate these ever-evolving issues.
Voluntary AI Ethics Principles guide responsible AI development in Australia, with potential reforms under consideration.
The enactment of Brazil's proposed AI Regulation remains uncertain with compliance requirements pending review.
AIDA expected to regulate AI at the federal level in Canada but provincial legislatures have yet to be introduced.
The Interim AI Measures is China's first specific, administrative regulation on the management of generative AI services.
The Council of Europe is developing a new Convention on AI to safeguard human rights, democracy, and the rule of law in the digital space covering governance, accountability and risk assessment.
The successful implementation of the EU AI Act into national law is the primary focus for the Czech Republic, with its National AI Strategy being the main policy document.
The EU introduces the pioneering EU AI Act, aiming to become a global hub for human-centric, trustworthy AI.
France actively participates in international efforts and proposes sector-specific laws.
The G7's AI regulations mandate Member States' compliance with international human rights law and relevant international frameworks.
Germany evaluates AI-specific legislation needs and actively engages in international initiatives.
National frameworks inform India’s approach to AI regulation, with sector-specific initiatives in finance and health sectors.
Israel promotes responsible AI innovation through policy and sector-specific guidelines to address core issues and ethical principles.
Japan adopts a soft law approach to AI governance but lawmakers advance proposal for a hard law approach for certain harms.
Kenya's National AI Strategy and Code of Practice expected to set foundation of AI regulation once finalized.
Nigeria's draft National AI Policy underway and will pave the way for a comprehensive national AI strategy.
Position paper informs Norwegian approach to AI, with sector-specific legislative amendments to regulate developments in AI.
The OECD's AI recommendations encourage Member States to uphold principles of trustworthy AI.
Saudi Arabia is yet to enact AI Regulations, relying on guidelines to establish practice standards and general principles.
Singapore's AI frameworks guide AI ethical and governance principles, with existing sector-specific regulations addressing AI risks.
South Africa is yet to announce any AI regulation proposals but is in the process of obtaining inputs for a draft National AI plan.
South Korea's AI Act to act as a consolidated body of law governing AI once approved by the National Assembly.
Spain creates Europe's first AI supervisory agency and actively participates in EU AI Act negotiations.
Switzerland's National AI Strategy sets out guidelines for the use of AI, and aims to finalize an AI regulatory proposal in 2025.
Draft laws and guidelines are under consideration in Taiwan, with sector-specific initiatives already in place.
Turkey has published multiple guidelines on the use of AI in various sectors, with a bill for AI regulation now in the legislative process.
Mainland UAE has published an array of decrees and guidelines regarding regulation of AI, while the ADGM and DIFC free zones each rely on amendments to existing data protection laws to regulate AI.
The UK prioritizes a flexible framework over comprehensive regulation and emphasizes sector-specific laws.
The UN's new draft resolution on AI encourages Member States to implement national regulatory and governance approaches for a global consensus on safe, secure and trustworthy AI systems.
The US relies on existing federal laws and guidelines to regulate AI but aims to introduce AI legislation and a federal regulation authority.
The enactment of Brazil's proposed AI Regulation remains uncertain with compliance requirements pending review.
Brazil intends to regulate AI through Bill No. 2,338/2023 ("Brazil's Proposed AI Regulation"), although there are currently no specific codified laws, statutory rules or regulations in Brazil that directly regulate AI.
When Brazil's Proposed AI Regulation will come into effect, and what its final text will entail, remains unclear. It must yet be scrutinized and voted on in both the Federal Senate and the House of Representatives, before being approved by the president, and so the details remain subject to change. There is currently no expected date for the next developments in the legislative procedure.
There are various laws that do not directly seek to regulate AI but may affect its development or use in Brazil. A non-exhaustive list of key examples includes:
Intellectual property laws may affect several aspects of AI development and use.
Given Brazil's Proposed AI Regulation is not yet law, there is currently no legally recognized definition of AI in Brazil. Nevertheless, at the time of publication, Brazil's Proposed AI Regulation defines an AI system as "a computational system, with varying degrees of autonomy, designed to infer how to achieve a given set of objectives, using approaches based on machine learning and/or logic and knowledge representation, through input data from machines or humans, with the aim of producing predictions, recommendations, or decisions that may influence the virtual or real environment."5
Brazil's Proposed AI Regulation currently has a broad territorial scope. Based on the current draft, it will apply to the development, implementation, and use of AI systems within Brazilian territory, without making a distinction between national and foreign entities.
Brazil's Proposed AI Regulation does not currently adopt a sector-specific focus. Based on the current draft, it will apply to the development, implementation, and use of AI systems irrespective of sector.
Brazil's Proposed AI Regulation will introduce obligations for the following AI system agents:
Brazil's Proposed AI Regulation aims to protect fundamental rights and ensures the implementation of secure and reliable systems for the benefit of the human person, the democratic regime, and scientific and technological development.
Brazil's Proposed AI Regulation categorizes AI systems according to different levels of risk:
Every AI system shall undergo a preliminary assessment conducted by the supplier to classify its degree of risk, and risk assessments must be undertaken prior to the AI system being placed onto the market or used in service.8
Brazil's Proposed AI Regulation aims to establish a detailed approach to compliance requirements. By way of an example, Brazil's Proposed AI Regulation currently requires:
AI system providers and operators must also establish governance structures and internal processes capable of ensuring the security of systems and compliance with the rights of affected individuals, which shall include, at least:
In addition, AI system providers and operators of high-risk AI systems must adopt the following governance measures and internal processes:
The Executive Branch is expected to designate a competent authority, which will be the agency or entity of the Federal Public Administration responsible for implementing and overseeing Brazil's Proposed AI Regulation.12 It is still unclear whether this authority will be a new or existing agency, such as the National Data Protection Authority.
Pursuant to Brazil's Proposed AI Regulation, the competent authority will have a range of enforcement measures to consider. Specifically, the competent authority may:
Additionally, as a general rule in Brazil, individuals and legal entities that violate the law and cause harm to others, whether material or moral, may be ordered by a court to pay compensation.
1 See Brazil's Proposed AI Regulation here. It was proposed on May 3, 2023 before the Federal Senate.
2 See the Brazilian Data Protection Law here.
3 See Law No. 8,078/1990 here.
4 See Law No. 9,610/1998 here.
5 See Article 4, I of Brazil's Proposed AI Regulation.
6 See Article 4, II of Brazil's Proposed AI Regulation here.
7 See Article 4, III of Brazil's Proposed AI Regulation here.
8 See Article 13 of Brazil's Proposed AI Regulation here.
9 See Article 31 of Brazil's Proposed AI Regulation here. "Serious security incidents" include, for example, when there is a risk to the life and physical integrity of individuals, disruption of critical infrastructure operations, serious damage to property or the environment, as well as serious violations of fundamental rights.
10 See Article 19 of Brazil's Proposed AI Regulation here.
11 See Articles 19 and 20 of Brazil's Proposed AI Regulation here. Certain further information must also be provided upon request, while respecting industrial and commercial confidentiality.
12 See Articles 4, V, 32 and 33 of Brazil's Proposed AI Regulation here.
White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.
This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.
© 2024 White & Case LLP
Daniel Mair (Trainee Solicitor, White & Case, Paris) contributed to this publication.
Ciro Torres Freitas
Partner, Pinheiro Neto Advogados
+55 11 32478781
cfreitas@pn.com.br
André Zonaro Giacchetta
Partner, Pinheiro Neto Advogados
+55 11 32478968
azgiacchetta@pn.com.br