Australia
Voluntary AI Ethics Principles guide responsible AI development in Australia, with potential reforms under consideration.
Artificial intelligence (AI) has made enormous strides in recent years and has increasingly moved into the public consciousness.
Increases in computational power, coupled with advances in machine learning, have fueled the rapid rise of AI. This has brought enormous opportunities, as new AI applications have given rise to new ways of doing business. It has also brought potential risks, from unintended impacts on individuals (e.g., AI errors harming an individual's credit score or public reputation) to the risk of misuse of AI by malicious third parties (e.g., by manipulating AI systems to produce inaccurate or misleading output, or by using AI to create deepfakes).
Governments and regulatory bodies around the world have had to act quickly to try to ensure that their regulatory frameworks do not become obsolete. In addition, international organizations such as the G7, the UN, the Council of Europe and the OECD have responded to this technological shift by issuing their own AI frameworks. But they are all scrambling to stay abreast of technological developments, and already there are signs that emerging efforts to regulate AI will struggle to keep pace. In an effort to introduce some degree of international consensus, the UK government organized the first global AI Safety Summit in November 2023, with the aim of encouraging the safe and responsible development of AI around the world.
Most jurisdictions have sought to strike a balance between encouraging AI innovation and investment, while at the same time attempting to create rules to protect against possible harms. However, jurisdictions around the world have taken substantially different approaches to achieving these goals, which has in turn increased the risk that businesses face from a fragmented and inconsistent AI regulatory environment. Nevertheless, certain trends are becoming clearer at this stage:
Businesses in almost all sectors need to keep a close eye on these developments to ensure that they are aware of the AI regulations and forthcoming trends, in order to identify new opportunities and new potential business risks. But even at this early stage, the inconsistent approaches each jurisdiction has taken to the core questions of how to regulate AI is clear. As a result, it appears that international businesses may face substantially different AI regulatory compliance challenges in different parts of the world. To that end, this AI Tracker is designed to provide businesses with an understanding of the state of play of AI regulations in the core markets in which they operate. It provides analysis of the approach that each jurisdiction has taken to AI regulation and provides helpful commentary on the likely direction of travel.
Because global AI regulations remain in a constant state of flux, this AI Tracker will develop over time, adding updates and new jurisdictions when appropriate. Stay tuned, as we continue to provide insights to help businesses navigate these ever-evolving issues.
Voluntary AI Ethics Principles guide responsible AI development in Australia, with potential reforms under consideration.
The enactment of Brazil's proposed AI Regulation remains uncertain with compliance requirements pending review.
AIDA expected to regulate AI at the federal level in Canada but provincial legislatures have yet to be introduced.
The Interim AI Measures is China's first specific, administrative regulation on the management of generative AI services.
The Council of Europe is developing a new Convention on AI to safeguard human rights, democracy, and the rule of law in the digital space covering governance, accountability and risk assessment.
The successful implementation of the EU AI Act into national law is the primary focus for the Czech Republic, with its National AI Strategy being the main policy document.
The EU introduces the pioneering EU AI Act, aiming to become a global hub for human-centric, trustworthy AI.
France actively participates in international efforts and proposes sector-specific laws.
The G7's AI regulations mandate Member States' compliance with international human rights law and relevant international frameworks.
Germany evaluates AI-specific legislation needs and actively engages in international initiatives.
National frameworks inform India’s approach to AI regulation, with sector-specific initiatives in finance and health sectors.
Israel promotes responsible AI innovation through policy and sector-specific guidelines to address core issues and ethical principles.
Japan adopts a soft law approach to AI governance but lawmakers advance proposal for a hard law approach for certain harms.
Kenya's National AI Strategy and Code of Practice expected to set foundation of AI regulation once finalized.
Nigeria's draft National AI Policy underway and will pave the way for a comprehensive national AI strategy.
Position paper informs Norwegian approach to AI, with sector-specific legislative amendments to regulate developments in AI.
The OECD's AI recommendations encourage Member States to uphold principles of trustworthy AI.
Saudi Arabia is yet to enact AI Regulations, relying on guidelines to establish practice standards and general principles.
Singapore's AI frameworks guide AI ethical and governance principles, with existing sector-specific regulations addressing AI risks.
South Africa is yet to announce any AI regulation proposals but is in the process of obtaining inputs for a draft National AI plan.
South Korea's AI Act to act as a consolidated body of law governing AI once approved by the National Assembly.
Spain creates Europe's first AI supervisory agency and actively participates in EU AI Act negotiations.
Switzerland's National AI Strategy sets out guidelines for the use of AI, and aims to finalize an AI regulatory proposal in 2025.
Draft laws and guidelines are under consideration in Taiwan, with sector-specific initiatives already in place.
Turkey has published multiple guidelines on the use of AI in various sectors, with a bill for AI regulation now in the legislative process.
Mainland UAE has published an array of decrees and guidelines regarding regulation of AI, while the ADGM and DIFC free zones each rely on amendments to existing data protection laws to regulate AI.
The UK prioritizes a flexible framework over comprehensive regulation and emphasizes sector-specific laws.
The UN's new draft resolution on AI encourages Member States to implement national regulatory and governance approaches for a global consensus on safe, secure and trustworthy AI systems.
The US relies on existing federal laws and guidelines to regulate AI but aims to introduce AI legislation and a federal regulation authority.
Position paper informs Norwegian approach to AI, with sector-specific legislative amendments to regulate developments in AI.
Currently, there are no specific laws, statutory rules, or regulations in Norway that directly regulate AI. Norway is not expected to enact its own comprehensive AI legislation, with the exception of the EU AI Act, which is expected to become Norwegian law in the same manner as for all European Economic Area (EEA) Member States.
In addition, the Norwegian government continues to consider whether any other existing legal framework should also be amended (as necessary) to meet any technological developments.1
Norwegian laws are largely technology-neutral and flexible, thereby indirectly encompassing AI within a significant portion of its legal framework
As noted above, there are currently no specific laws or regulations in Norway that directly regulate AI.
However, as Norway is an EEA country, the EU AI Act is expected to eventually be implemented as Norwegian law, even though no formal decision or approval has been made. With respect to the implementation of the EU AI Act in Norway, the current status can be followed on the Norwegian government website (only in Norwegian). During the period after the EU AI Act has entered into force in the EU, but before the EU AI Act is implemented into Norwegian law, the EU AI Act may still apply to Norwegian companies due to its extraterritorial provisions.2
In 2021, the Norwegian government published the Norwegian Position Paper on the European Commission’s Proposal for a Regulation of the European Parliament and of the Council Laying Down Harmonized Rules on AI (the “Position Paper”), which sets out the government’s approach on AI. The paper also establishes their support for the EU AI Act (including its definition of AI, risk-based approaches, classification of high-risk AI systems, etc.), their concerns regarding the relationship between the EU AI Act and other legal frameworks, consequences for SMEs, their establishment of the Regulatory Sandbox (the “Sandbox”) by the Norwegian Data Protection Authority (Datatilsynet) and foreseen governance structures.3
On September 5, 2024, the Council of Europe's Framework Convention4 on AI was signed by Andorra, Georgia, Iceland, Norway, the Republic of Moldova, San Marino, the United Kingdom, Israel, the United States, and the European Union. The treaty will enter into force on the first day of the month following three months after five signatories, including at least three Council of Europe Member States, have ratified it. Countries from all over the world will be eligible to join and commit to its provisions.
There are various laws that do not directly seek to regulate AI but may affect the development or use of AI in Norway. Norwegian regulations are largely technology-neutral, implying their applicability irrespective of the technology in use (also encompassing AI).
A non-exhaustive list of key examples includes:
As noted above, there are currently no specific laws or policies in Norway that directly regulate AI. Accordingly, no definition of AI is currently recognized through Norwegian national legislation.
However, in January 2020, the Norwegian government presented its National AI Strategy, which adopts the definition set out by the European Commission’s High Level Expert Group on AI, which is “AI systems act in the physical or digital dimension by perceiving their environment, processing and interpreting information, and deciding the best action(s) to take to achieve the given goal. Some AI systems can adapt their behavior by analyzing how the environment is affected by their previous action.”5
The Norwegian government also supports the definition of AI proposed by the EU Commission under the EU AI Act.6
As noted above, there are currently no specific laws or regulations in Norway that directly regulate AI. Accordingly, there is no specific territorial scope at this stage.
As noted above, there are currently no specific laws or regulations in Norway that directly regulate AI. Accordingly, there is no specific sectoral scope at this stage. However:
As noted above, there are currently no specific laws or regulations in Norway that directly regulate AI. Accordingly, there are currently no specific or unique obligations imposed on developers, users, operators and/or deployers of AI systems.
The 2020 National AI Strategy focuses on all actors along the AI value chain, as well as on society as a whole. The strategy papers emphasize the responsibilities of AI users and operators (which are not defined), but also address the interests of affected persons (and affected sectors).9
As noted above, there are currently no specific laws or regulations in Norway that directly regulate AI. Nevertheless, the National AI Strategy highlights a number of policy initiatives:10
In 2020, the Datatilsynet also established the Sandbox, to allow for testing, developing and monitoring AI concepts in a protected environment, and to promote the development of ethical and responsible AI solutions, especially with respect to privacy. As of January 2024, the Datatilsynet is in the fifth round of the Sandbox, with the most recent round selecting four new projects in Generative AI.11
As noted above, there are currently no specific laws or regulations in Norway that directly regulate AI. However, the Position Paper supports the risk-based approach of the EU AI Act.12
As noted above, there are currently no specific laws or regulations in Norway that directly regulate AI. However, there are certain compliance requirements for the use of automated systems (which may include AI) with regards to the health sector and the Labor and Welfare Administration act (as explained in sections "Other laws affecting AI" and "Sectoral scope" above).
The Norwegian government foresees designating a national supervisory authority, in accordance with the EU AI Act proposal. Norway, as an EEA Member State, should be represented in the European Artificial Intelligence Board (EAIB) to be established in accordance with Title VI, Chapter I of the proposal, equivalent to their participation in the European Data Protection Board.13
It has not yet been decided which regulatory body will remain the main regulator of AI, and several bodies have expressed interest. A potential candidate may be Datatilsynet, which: (i) is already running the Sandbox as explained in the "Core issues" section above;14 (ii) has published a strategy for its internal and external work with AI; and (iii) aims to contribute to having a coordinated and unified approach to AI both internally to its own operations and externally toward society as a whole.15
However, Datatilsynet’s competence is currently related to processing of personal data and not specifically focused on AI or technology in general.
As noted above, there are currently no specific laws or regulations in Norway that directly regulate AI. Accordingly, it is currently unclear what enforcement powers or penalties the Datatilsynet may impose upon breaches.
1 See Convention text here.
2 See the National AI Strategy here, page 21.
3 See the AI Act article 2 (b) and (c). For example, if a provider in Norway is "putting into service" AI systems, or AI models, in the EU, or if a provider or deployer in Norway, where the output from the AI system, is used in the EU, the regulation will apply.
4 See the Position Paper here.
5 See the National AI Strategy here, page 9.
6 See the Position Paper here.
7 See here.
8 See the National AI Strategy here, page 26.
9 See the National AI Strategy here.
10 See the National AI Strategy here
11 See here.
12 See the Position Paper here.
13 See the Position Paper here.
14 See here
15 See here.
White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.
This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.
© 2024 White & Case LLP
Jeffrey Shin (Trainee Solicitor, White & Case, London) contributed to this publication.
Rune Opdahl
Partner, Wiersholm
+47 210 210 79
rop@wiersholm.no
Fredrik Wiker
Associate, Wiersholm
+47 210 212 37
frwi@wiersholm.no
Ines Tafjord
Associate, Wiersholm
+47 21 02 12 65
inta@wiersholm.no