Our thinking

AI Watch: Global regulatory tracker

What's inside

Keeping track of AI regulatory developments around the world.

The global dash to regulate AI

Artificial intelligence (AI) has made enormous strides in recent years and has increasingly moved into the public consciousness.

Increases in computational power, coupled with advances in machine learning, have fueled the rapid rise of AI. This has brought enormous opportunities, as new AI applications have given rise to new ways of doing business. It has also brought potential risks, from unintended impacts on individuals (e.g., AI errors harming an individual's credit score or public reputation) to the risk of misuse of AI by malicious third parties (e.g., by manipulating AI systems to produce inaccurate or misleading output, or by using AI to create deepfakes).

Governments and regulatory bodies around the world have had to act quickly to try to ensure that their regulatory frameworks do not become obsolete. In addition, international organizations such as the G7, the UN, the Council of Europe and the OECD have responded to this technological shift by issuing their own AI frameworks. But they are all scrambling to stay abreast of technological developments, and already there are signs that emerging efforts to regulate AI will struggle to keep pace. In an effort to introduce some degree of international consensus, the UK government organized the first global AI Safety Summit in November 2023, with the aim of encouraging the safe and responsible development of AI around the world. 

Most jurisdictions have sought to strike a balance between encouraging AI innovation and investment, while at the same time attempting to create rules to protect against possible harms. However, jurisdictions around the world have taken substantially different approaches to achieving these goals, which has in turn increased the risk that businesses face from a fragmented and inconsistent AI regulatory environment. Nevertheless, certain trends are becoming clearer at this stage:

  1. "AI" means different things in different jurisdictions: One of the foundational challenges that any international business faces when designing an AI regulatory compliance strategy is figuring out what constitutes "AI." Unfortunately, the definition of AI varies from one jurisdiction to the next. For example, the EU AI Act adopts a definition of "AI systems" that is based on (but is not identical to) the OECD's definition, and which leaves room for substantial doubt due to its uncertain wording. Canada has proposed a similar, though more concise, definition. Various US states have proposed their own definitions, which differ from one another. And many jurisdictions (e.g., the UK, Israel, China, and Japan) do not currently provide a comprehensive definition of AI. Because several of the proposed AI regulations have extraterritorial effect (meaning more than one AI regulation may apply simultaneously), international businesses may be forced to adopt a "highest common denominator" approach to identifying AI based on the strictest applicable standard.
  2. Emerging AI regulations come in different forms: The various emerging AI regulations have no consistent legal form – some are statutes, some are executive orders, some are expansions of existing regulatory frameworks, and so on. The EU AI Act is a "Regulation" (which means that most of it will apply directly in all EU Member States, without the need for national implementation in most cases). The UK has taken a different approach, declining to legislate at this early stage in the development of AI, and instead choosing to task existing UK regulators with the responsibility of interpreting and applying five AI principles in their respective spheres. In the US, there is a mix of White House Executive Orders, federal and state initiatives, and actions by existing regulatory agencies, such as the Federal Trade Commission. As a result, the types of compliance obligations that international businesses face are likely to be materially different from one jurisdiction to the next. Many other jurisdictions have yet to decide whether they will issue sector-specific or generally applicable rules and have yet to decide between creating new regulators or expanding the roles of existing regulators, making it challenging for businesses to anticipate what form their AI regulatory relationships will take in the long term.
  3. Emerging AI regulations have different conceptual approaches: The next difficulty is the lack of a consistent conceptual approach among emerging AI regulations around the world – some are legally binding while others are not, some are sector-specific while others apply across all sectors, some will be enforced by regulators while others are merely guidelines or recommendations, and so on. As noted above, the UK approach is to use existing regulators to implement five AI principles, but with no new explicit legal obligations. This has the advantage of meaning that businesses will deal with AI regulators with whom they are already familiar but has the disadvantage that different UK regulators may interpret these principles differently in their respective spheres. The EU AI Act is cross-sectoral and creates new regulatory and enforcement powers for existing bodies, including the European Commission, and also creates entirely new bodies such as the AI Board and the AI Office, while leaving EU Member States to appoint their own AI regulators tasked with enforcing the EU AI Act. In the US, the Federal Trade Commission, Equal Employment Opportunity Commission, Consumer Financial Protection Bureau, and Department of Justice issued a joint statement clarifying that their existing authority covers AI, while various state regulators are also likely to have competence to regulate AI. International organizations including the OECD, the UN, and the G7 have issued AI principles, but these impose no legal obligations on businesses. In principle, these initiatives encourage consistency across members of each organization, but in practice this does not seem to have worked.
  4. Flexibility is a double-edged sword: In an effort to create AI regulations that can adapt to technological advances that have not yet been anticipated, many jurisdictions have sought to include substantial flexibility in those regulations, either by using deliberately high-level wording and policies, or by allowing for future interpretation and application by courts and regulators. This has the obvious advantage of prolonging the lifespan of such regulations by allowing them to be adapted to future technologies. However, it also creates the disadvantage of uncertainty because it leaves businesses uncertain of how their compliance obligations will be interpreted in the future. This is likely to mean that it is harder for businesses to know whether their planned implementations of AI will be lawful in the medium-to-long term and may make it harder to attract long-term AI investment in those jurisdictions.
  5. The overlap between AI regulation and other areas of law is complex: A substantial number of laws that are not directly focused on AI nevertheless apply to AI by association within their respective spheres, meaning that any use of AI will often trigger compliance issues and legal challenges even where there is not (yet) any enforceable AI-specific law. These areas of overlap include: IP (e.g., IP infringement issues with respect to AI model training data, and questions about copyright and patentability of AI-assisted inventions); antitrust; data protection (which adds restrictions to processing of personal data, and in some cases imposes special compliance obligations for processing carried out by automated means, including by AI); M&A (where AI innovation is driving dealmaking in many markets); financial regulation (where financial regulatory requirements may limit the ways in which AI can lawfully be deployed); litigation; digital infrastructure; securities; global trade; foreign direct investment; mining & metals; and so on. This overlap will mean that many businesses need to understand not just AI regulations in general, but also any rules that affect the use of AI in the context of the relevant sector or business activity.

Businesses in almost all sectors need to keep a close eye on these developments to ensure that they are aware of the AI regulations and forthcoming trends, in order to identify new opportunities and new potential business risks. But even at this early stage, the inconsistent approaches each jurisdiction has taken to the core questions of how to regulate AI is clear. As a result, it appears that international businesses may face substantially different AI regulatory compliance challenges in different parts of the world. To that end, this AI Tracker is designed to provide businesses with an understanding of the state of play of AI regulations in the core markets in which they operate. It provides analysis of the approach that each jurisdiction has taken to AI regulation and provides helpful commentary on the likely direction of travel.

Because global AI regulations remain in a constant state of flux, this AI Tracker will develop over time, adding updates and new jurisdictions when appropriate. Stay tuned, as we continue to provide insights to help businesses navigate these ever-evolving issues.

Articles

Australia

Voluntary AI Ethics Principles guide responsible AI development in Australia, with potential reforms under consideration.

Australia

Brazil

The enactment of Brazil's proposed AI Regulation remains uncertain with compliance requirements pending review.

Sao Paulo

Canada

AIDA expected to regulate AI at the federal level in Canada but provincial legislatures have yet to be introduced.

Canada

China

The Interim AI Measures is China's first specific, administrative regulation on the management of generative AI services.

China

Council of Europe

The Council of Europe is developing a new Convention on AI to safeguard human rights, democracy, and the rule of law in the digital space covering governance, accountability and risk assessment.

European Union

Czech Republic

The successful implementation of the EU AI Act into national law is the primary focus for the Czech Republic, with its National AI Strategy being the main policy document.

Czech Republic

European Union

The EU introduces the pioneering EU AI Act, aiming to become a global hub for human-centric, trustworthy AI.

 

European Union

France

France actively participates in international efforts and proposes sector-specific laws.

Paris

G7

The G7's AI regulations mandate Member States' compliance with international human rights law and relevant international frameworks.

G7 flags

Germany

Germany evaluates AI-specific legislation needs and actively engages in international initiatives.

Germany

India

National frameworks inform India’s approach to AI regulation, with sector-specific initiatives in finance and health sectors.

India

Israel

Israel promotes responsible AI innovation through policy and sector-specific guidelines to address core issues and ethical principles.

Israel

Italy

Italy engages in political discussions for future laws.

Milan

Japan

Japan adopts a soft law approach to AI governance but lawmakers advance proposal for a hard law approach for certain harms.

Tokyo

Kenya

Kenya's National AI Strategy and Code of Practice expected to set foundation of AI regulation once finalized.

Kenya
Kenya

Nigeria

Nigeria's draft National AI Policy underway and will pave the way for a comprehensive national AI strategy.

Nigeria
Nigeria

Norway

Position paper informs Norwegian approach to AI, with sector-specific legislative amendments to regulate developments in AI.

Norway

OECD

The OECD's AI recommendations encourage Member States to uphold principles of trustworthy AI.

country flags

Saudi Arabia

Saudi Arabia is yet to enact AI Regulations, relying on guidelines to establish practice standards and general principles.

Riyadh_Hero_1600x600 Saudi Arabia

Singapore

Singapore's AI frameworks guide AI ethical and governance principles, with existing sector-specific regulations addressing AI risks.

Singapore

South Africa

South Africa is yet to announce any AI regulation proposals but is in the process of obtaining inputs for a draft National AI plan.

Johannesburg

South Korea

South Korea's AI Act to act as a consolidated body of law governing AI once approved by the National Assembly.

Korea

Spain

Spain creates Europe's first AI supervisory agency and actively participates in EU AI Act negotiations.

Madrid

Switzerland

Switzerland's National AI Strategy sets out guidelines for the use of AI, and aims to finalize an AI regulatory proposal in 2025.

Switzerland

Taiwan

Draft laws and guidelines are under consideration in Taiwan, with sector-specific initiatives already in place.

Taiwan city

Turkey

Turkey has published multiple guidelines on the use of AI in various sectors, with a bill for AI regulation now in the legislative process.

Türkiye

United Arab Emirates

Mainland UAE has published an array of decrees and guidelines regarding regulation of AI, while the ADGM and DIFC free zones each rely on amendments to existing data protection laws to regulate AI.

UAE

United Kingdom

The UK prioritizes a flexible framework over comprehensive regulation and emphasizes sector-specific laws.

London hero image

United Nations

The UN's new draft resolution on AI encourages Member States to implement national regulatory and governance approaches for a global consensus on safe, secure and trustworthy AI systems.

United Nations

United States

The US relies on existing federal laws and guidelines to regulate AI but aims to introduce AI legislation and a federal regulation authority.

New York city photo

Contacts

Tim Hickman
Partner
London
Erin Hanson
Partner
New York
Dr. Sylvia Lorenz
Partner
Berlin
Israel

AI Watch: Global regulatory tracker - Israel

Israel promotes responsible AI innovation through policy and sector-specific guidelines to address core issues and ethical principles.

Insight
|
9 min read

Laws/Regulations directly regulating AI (the “AI Regulations”)

Currently, there are no specific codified laws, statutory rules or regulations in Israel that directly regulate AI.

AI Policy: Israel's Ministry of Innovation, Science and Technology ("MIST"), in collaboration with the Ministry of Justice ("MOJ"), published: (i) a White Paper on AI in 2022; and (ii) following public consultations, its first policy on "Artificial Intelligence Regulations and Ethics" in 2023 (the "AI Policy") (at the time of writing, a full English translation is yet to be published). 

The AI Policy encourages "responsible AI innovation in the private sector"1 through a principled-based, sector-specific regulatory approach using 'soft' tools, such as non-binding ethical principles and voluntary standards. While sector-specific regulation is intended to promote flexibility, the AI Policy also allows for the potential adoption of horizontal legislation if common challenges across sectors arise.

According to the AI Policy, the Israeli government's policy on public sector applications of AI is being developed separately.

Other AI-related Developments: The AI Policy forms part of a wider effort by the Israeli government to address the benefits and risks of AI, which include: 

  • Government Decision No. 212 of 1 August 2021 ("Decision 212") – a decision on the reinforcement of technological leadership in Israel which tasked MIST with: (i) advancing a national AI plan for Israel; and (ii) implementing the first phase of the "TELEM Outline," an initiative to (among other things) develop research, human capital, infrastructure and tools in the field of AI (see here, in Hebrew)
  • Publications by the MOJ, or an Office of the MOJ, on the use of AI in financial services2 and IP challenges in the context of large-scale AI models3
  • A proposed national-level forum for public participation on AI policy in Israel, comprised of regulators and experts in technology, policy and law, to promote coordination and coherence in sectoral AI regulation
  • A proposed AI Policy Coordination Centre within MIST and in collaboration with the MOJ to organize and coordinate on regulatory issues relating to artificial intelligence, including (among other responsibilities) to implement and update the AI Policy
  • MIST's active participation in various multinational forums to develop AI regulation and standards, including the OECD's Working Party on AI Governance and the Council of Europe's Committee on AI.

Status of the AI Regulations

As noted above, there are currently no specific laws or regulations in Israel that directly regulate AI.

Other laws affecting AI

There are various laws that do not directly seek to regulate AI, but may affect the development or use of AI in Israel. A non-exhaustive list of key examples includes:

  • The Copyright Act 20074 
  • The Protection of Privacy Law5 and related regulations

Although not legally binding, various opinions have also been published on the aforementioned areas:

  • The MOJ has published an opinion on IP challenges in the context of large scale AI models6
  • The Israeli privacy regulator has published an opinion clarifying that the collection and use of personal data using algorithm or AI-based decision-making must conform with notification obligations7

Definition of “AI”

As noted above, there are currently no specific laws in Israel that directly regulate AI. As such, there is no single legally recognized definition of "AI" in Israel. Nevertheless, the AI Policy describes "AI systems" as having "a wide range of applications such as autonomous vehicles, medical imaging analysis, credit scoring, securities trading, personalized learning and employment," notwithstanding that "the list of applications is constantly expanding."8

Territorial scope

As noted above, there are currently no specific laws or regulations in Israel that directly regulate AI. In addition, the AI Policy does not specify a territorial scope.

Sectoral scope

As noted above, there are currently no specific laws or regulations in Israel that directly regulate AI.

The AI Policy directs its guidelines and recommendations to sector-specific regulators for AI regulation in areas such as health, education, finance, and more, as it advocates for tailored sectoral regulations instead of broad horizontal legislation.9

While there are overarching recommendations in the AI Policy to foster cooperation between the public and private sectors, the Israeli government's policy on public sector applications of AI is stated as being developed separately.

Compliance roles

As noted above, there are currently no specific laws or regulations in Israel that directly regulate AI. Accordingly, there are currently no specific or unique obligations imposed on developers, users, operators and/or deployers of AI systems.

Nevertheless, the AI Policy urges sectoral regulators to determine suitable regulations for developers, users, operators and deployers of AI systems, including micro to medium enterprises. These actors should anticipate regulatory changes (whether legally binding or voluntary) based on the policy's recommendations.

Core issues that the AI Regulations seek to address

As noted above, there are currently no specific laws or regulations in Israel that directly regulate AI. Nevertheless, the AI Policy identifies seven core challenges:

  • Discrimination risks, which could arise from existing biases in training data and lead to discriminatory outcomes
  • An absence of human oversight in AI decision-making, which could undermine overall accountability and result in harmful decisions or errors10
  • The concept of 'explainability' (i.e., the inability to easily explain how a particular AI system operates or provide reasons for a specific AI-based decision or recommendation, due to the 'black box' effect of extracting the logic which underlies the AI models). This could result in arbitrary or erroneous decisions that are not always detectable or understandable while also creating potential IP issues for developers and deployers of AI systems
  • The appropriate scope of disclosure of AI interactions, as individuals may not be aware of whether and how AI systems are being used (particularly so with vulnerable groups) which could increase the risk of disinformation and consumer manipulation
  • Ensuring the technical safety and security of AI systems, which are susceptible to technical faults and manipulation11
  • Accountability and liability for harms caused by an AI system, particularly regarding moral, social and legal accountability and responsibility (both criminal and civil)12
  • Protecting privacy in the AI context, as some AI-related activities (such as processing large quantities of data) may conflict with data minimization requirements13

Risk categorization

As noted above, there are currently no specific laws or regulations in Israel that directly regulate AI. AI is also not generally classified according to risk in the relevant frameworks and principles. 

Nevertheless, in line with the approach taken by the OECD AI Recommendations, the AI Policy recommends adopting a risk-based approach through a risk assessment undertaken by the appropriate sector-specific regulator. Such an undertaking should take into account the type of technology, potential benefits and mitigation measures in the context of that specific use. It remains to be seen what categories of risk will be incorporated into this proposed risk assessment.

Key compliance requirements

As noted above, there are currently no specific laws or regulations in Israel that directly regulate AI.
Nevertheless, the AI Policy proposes the adoption of a common set of ethical AI principles to achieve responsible innovation, which are largely based upon the OECD AI Principles:

  • AI should promote growth, development and Israeli leadership in innovation: This is in line with the recent Israeli Regulation Act, which contains the same principles to guide any new regulation.
  • AI should be 'human-centric,' which means it respects the rule of law, fundamental rights and public interests, while maintaining privacy and human dignity.
  • AI should encourage equality and minimize discrimination arising from risks of algorithmic bias against individuals or groups.
  • AI should be transparent and explainable, meaning individuals are informed about their interactions with AI systems and provided with understandable explanations of AI-based recommendations or decisions involving them.
  • AI should be reliable and safe, which means suitable measures should be taken in accordance with accepted professional risk management standards, in order to mitigate potential safety and cyber-related risks throughout the AI system's lifecycle. 
  • Developers, operators and users of AI should be accountable for the AI system's proper functioning and for the implementation of other ethical principles. This requires a risk-based management approach which ultimately holds responsible persons to account for and to minimize risks to fundamental rights and public interests.

It is important to note that the AI Policy states that these principles are not legally binding on regulators or organizations and that they do not constitute a tool for legal interpretation.

Regulators

Currently, there is no AI-specific regulator in Israel. The MIST is the executive agency for national AI-related strategies and appears to work in close collaboration with the MOJ. The AI Policy encourages the applicable sector-specific regulator(s) to assess the need for any regulation for the development and use of AI.

Enforcement powers and penalties

As noted above, there are currently no specific laws or regulations in Israel that directly regulate AI. As such, enforcement and penalties relating to the creation, dissemination and/or use of AI are currently governed by related violations in non-AI legislation.

1 See the AI Policy (English Summary Version) at pg. 2.
2 See
a report published by the Office of Legal Counsel and Legislative Affairs at the MOJ in 2022 (in Hebrew).
3
An opinion published by the MOJ on 18 December 2022. This opinion is further discussed below. 
4
https://www.wipo.int/wipolex/en/legislation/details/11509
5
https://www.gov.il/BlobFolder/legalinfo/legislation/en/ProtectionofPrivacyLaw57411981unofficialtranslatio.pdf (unofficial English translation).
6
The opinion published by the MOJ on December 18, 2022 is available here. To summarize, the opinion concluded that apart from exceptional cases, the use of copyrighted materials for machine learning purposes as it applies to the learning process itself (rather than the output of machine-learning based systems) is generally permitted.
7 From third-party articles, we understand that the opinion by the Israeli privacy regulator,
published on July 31, 2022 (see article here), clarifies that the collection and use of personal data using algorithm or AI-based decision-making systems must fully conform with notification obligations and recommends that the notifications include a description of the systems, the way they operate and the source of data processed.
8 See
the AI Policy (English Summary Version) at pg. 2.
9 See
the AI Policy (English Summary Version) at pg. 2.
10 The AI Policy does, however, note that consideration must be given to responsibility in the respective roles between a human and an AI system which requires "legal and regulatory certainty" (see the
AI Policy (English Summary Version) at pg. 4, link here). 
11 The AI Policy notes that "additional regulatory intervention is justified" in relation to this challenge (see
the AI Policy (English Summary Version) at pg. 5).
12 The AI Policy notes that this challenge calls for, on a case-by-case basis, internal governance structures and risk assessments within organizations and AI companies across regulated sectors.
13 The AI Policy notes that existing privacy regulations require elaboration to address privacy concerns in the development and use of AI systems.

White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.

This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.

© 2024 White & Case LLP


Gornitzky contributors

Netta Shaked-Stadler

Netta Shaked-Stadler
Partner, Gornitzky
+972 54 490 3742
nettas@gornitzky.com

Ziv Rotenberg

Ziv Rotenberg
Partner, Gornitzky
+972 54 994 9850
zivr@gorntizky.com

Assaf Harel

Assaf Harel
Partner, Gornitzky
+972 54 254 2106
assafh@gornitzky.com

Top