Status of the AI Regulations

Currently, there are no specific laws, statutory rules, or regulations in Hong Kong that directly regulate AI. However, the Hong Kong government has published various voluntary guidelines. For instance:

In July 2024, the Digital Policy Office issued the Ethical Artificial Intelligence Framework. This framework outlines ethical principles, an AI governance model, a lifecycle guide for AI, and an impact assessment template. It offers voluntary guidance rather than compulsory regulations, encouraging organizations to integrate ethical principles, evaluate AI risks, and incorporate AI governance into their existing risk management and project governance protocols (the "2024 Guidelines").¹

In April 2025, the Digital Policy Office introduced the voluntary Generative Artificial Intelligence Technical and Application Guidelines, which aims to offer a best practice framework for the ethical and responsible development, deployment, and use of generative AI technologies (the "2025 Guidelines").² It targets technology developers, platform providers, and AI users. In February 2025, the government announced plans to establish the Hong Kong AI Research and Development Institute, committing HK$1 billion (approximately US$128 million) to drive research, development, and adoption of AI technologies.

Other laws affecting AI

As mentioned above, there are no specific laws that directly regulate AI. Nevertheless, certain detrimental AI practices, especially those violating personal data rights, intellectual property, or national security, are explicitly forbidden under current laws.

For instance, the Personal Data (Privacy) Ordinance (PDPO) is the primary legislation that regulates the use of personal data in Hong Kong. In the context of AI, the PCPD has developed further guidance for the use of various stakeholders:

• In August 2021, the PCPD released guidance on the ethical development and use of AI, recommending that organizations developing or using AI systems adopt the data stewardship values of respect, benefit, and fairness toward stakeholders. It should be noted that while compliance with the guidance is voluntary, adherence to the PDPO's requirements is mandatory.³
• In June 2024, the PCPD introduced the Model Personal Data Protection Framework for Artificial Intelligence as part of the Global AI Governance Initiative. The framework provides practical measures to establish robust AI governance strategies, conduct comprehensive risk assessments, manage AI models securely, and engage transparently with stakeholders, thereby fostering trust and safeguarding individual rights in the AI ecosystem.⁴
• In March 2025, the PCPD published a Checklist on Guidelines for the Use of Generative AI by Employees, urging organizations to ensure the ethical and lawful use of AI technologies by their staff.⁵ The checklist encourages organizations to implement internal policies and monitoring mechanisms to uphold principles such as defining the appropriate scope of AI use, protecting personal data privacy, preventing biases, and ensuring compliance with legal and ethical standards, thereby promoting responsible AI practices within the workplace.

Another area of focus is the relationship between the use of AI and the protection of intellectual property rights in Hong Kong:

• In July 2024, the Commerce and Economic Development Bureau and the Intellectual Property Department of the Hong Kong Government initiated a two-month public consultation to address the need to update copyright laws in response to advancements in AI technology.⁶
• Currently, AI-generated works are already covered by copyright under the existing Copyright Ordinance. The consultation document explores enhancing the Copyright Ordinance to ensure adequate protection for AI-generated works and examines issues such as liability for copyright infringement involving AI, the potential introduction of specific copyright exceptions, and the implications of AI on existing copyright frameworks.⁷
• The Legislative Council has indicated support for enhancing copyright protection for AI-generated works and the proposed introduction of a specific copyright exception for text and data mining, as well as computational data analysis for AI training.⁸

Additionally, several industry-specific policy statements, particularly in banking & finance, healthcare, and insurance, have been issued, reflecting Hong Kong's commitment to embedding ethical AI standards within major sectors.

1. Banking and Finance – multiple authorities, including FSTB, HKMA and SFC, have issued several AI-specific guidelines to promote responsible adoption of AI while mitigating risks:
   • FSTB's Policy Statement on Responsible Application of AI in the Financial Market (issued in October 2024) outlines Hong Kong's strategy for AI in the financial sector, emphasizing a dual-track approach that promotes innovation while addressing risks.⁹
   • SFC's Circular on the Use of Generative AI Language Models (issued in November 2024) provides mandatory guidance applicable on licensed corporations (LC) using generative AI language models (AI LM) (whether developed in-house, by group companies, external providers, or open-source platforms, including virtual asset trading) in regulated activities, such as investment advisory services.¹⁰
   • HKMA's two circulars on: (i) Consumer Protection in Respect of Use of Generative AI (issued in August 2024); and (ii) Big Data Analytics (issued in November 2019)focuses on customer-facing generative AI applications adopted by authorized institutions.^{11 12}
2. Healthcare – The Medical Device Division of the Department of Health regulates AI in healthcare through the Technical Reference TR-008: Artificial Intelligence Medical Devices (AI-MD), issued in January 2024.¹³ This document provides detailed technical requirements for AI-MD that are classified as software medical devices (SaMD) or software in medical devices (SiMD), and provides a robust framework to ensure all AI-MD meets stringent safety and international performance standards.
3. Insurance – In May 2023, the Insurance Authority (IA) issued Conduct in Focus Issue 7 Article 3: Chatting about Chatbots and AI.¹⁴ This article incorporates the existing IA guidelines to chatbots and AI used by insurers and intermediaries.

Definition of "AI"

As noted above, there are currently no specific laws or regulations in Hong Kong that directly regulate AI. Accordingly, no clear definition of AI is currently recognized in Hong Kong's legislation.

However, the 2024 Guidelines define Generative AI as "a form of artificial intelligence that generates new content, such as text, images, or other media, based on existing data."

The 2025 Guidelines supplement the 2024 definition and defines Generative AI as "the use of various machine learning algorithms to enable computer systems to automatically generate content information such as text, image, audio, video, code or other media, based on vast amounts of data, according to complex human intentions and instructions."

Territorial scope

As noted above, there are currently no specific laws or regulations in Hong Kong that directly regulate AI. Accordingly, there is no specific territorial scope at this stage.

Sectoral scope 

As noted above, there are currently no specific laws or regulations in Hong Kong that directly regulate AI. However, there are certain compliance requirements for the use of AI in certain sectors, such as banking and finance, healthcare, and insurance, as explained in the "Other laws affecting AI" section above.

Compliance roles

As noted above, there are currently no specific laws or regulations in Hong Kong that directly regulate AI. Accordingly, there are currently no specific or unique obligations imposed on developers, users, operators and/or deployers of AI systems.

Core issues that the AI Regulations seek to address

As noted above, there are currently no specific laws or regulations in Hong Kong that directly regulate AI. Nevertheless, the 2025 Guidelines propose five key principles of governance when generative AI is used:

1. Compliance with Laws and Regulations – Generative AI stakeholders in Hong Kong must ensure legal compliance, respect intellectual property and privacy, and avoid spreading false or harmful information throughout the technology's lifecycle.
2. Security and Transparency – Addressing both model and service-level issues in generative AI is crucial to enhance security and transparency, and requires algorithm optimization, data governance, risk disclosure, and the use of technologies like encryption and explainable AI.
3. Accuracy and Reliability – Effective management during both model development and service stages in generative AI is essential to minimize risks, enhance accuracy, and ensure reliable and compliant outputs through advanced technologies and user-friendly fact-checking tools.
4. Fairness and Objectivity – Generative AI services must ensure diversity and universality by implementing strict controls to avoid biases and information silos, thereby promoting fair, objective, and inclusive content to advance information equity and societal harmony.
5. Practicality and Efficiency – generative AI is transforming various sectors, and developers and service providers must enhance its accuracy, relevance, and applicability across diverse tasks and industries to solve real-world problems, boost efficiency, and drive societal and industrial advancement.

Risk categorization

As noted above, there are currently no specific laws or regulations in Hong Kong that directly regulate AI. The relevant frameworks and guidelines also do not set out an AI-related risk categorization.

Key compliance requirements

As noted above, there are currently no specific laws or regulations in Hong Kong that directly regulate AI. However, there are certain compliance requirements for the use of AI in certain sectors, such as banking and finance, healthcare, and insurance, as explained in the "Other laws affecting AI" section above.

Regulators

Hong Kong does not currently have a specific designated regulator for AI, as the use of AI is currently governed by existing sectoral laws.

Enforcement powers and penalties

As noted above, there are currently no specific laws or regulations in Hong Kong that directly regulate AI. As such, enforcement and penalties relating to the creation, dissemination and/or use of AI are governed by related violations in non-AI legislation.

^{1 See the Ethical Artificial Intelligence Framework here.
2 See the Generative Artificial Intelligence Technical and Application Guideline here.
3 See the 'Guidance on the Ethical Development and Use of Artificial Intelligence' here.
4 See the Model Personal Data Protection Framework for Artificial Intelligence here.
5 See the Checklist on Guidelines for the Use of Generative AI by Employers here.
6 See the 'Copyright and Artificial Intelligence: Public Consultation Paper' here.
7 See the 'Copyright and Artificial Intelligence: Public Consultation Paper' here.
8 See Legislative Council Paper No.CB(1)999/2024(05) here.
9 See FSTB's Policy Statement on Responsible Application of AI in the Financial Market here.
10 See SFC's Circular on the Use of Generative AI Language Models here.
11 See HKMA's circular on Big Data Analytics here.
12 See HKMA's circular on Consumer Protection in Respect of Use of Generative AI here.
13 See Technical Reference TR-008: Artificial Intelligence Medical Devices (AI-MD) here.
14 See the Conduct in Focus Issue 7 Article 3: Chatting about Chatbots and AI here.}

_{White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.}

_{This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.}

_{© 2025 White & Case LLP}