African Union
The African Union's Continental AI Strategy sets the stage for a unified approach to AI governance across the continent.
Artificial intelligence (AI) has made enormous strides in recent years and has increasingly moved into the public consciousness.
Increases in computational power, coupled with advances in machine learning, have fueled the rapid rise of AI. This has brought enormous opportunities, as new AI applications have given rise to new ways of doing business. It has also brought potential risks, from unintended impacts on individuals (e.g., AI errors harming an individual's credit score or public reputation) to the risk of misuse of AI by malicious third parties (e.g., by manipulating AI systems to produce inaccurate or misleading output, or by using AI to create deepfakes).
Governments and regulatory bodies around the world have had to act quickly to try to ensure that their regulatory frameworks do not become obsolete. In addition, international organizations such as the G7, the UN, the Council of Europe and the OECD have responded to this technological shift by issuing their own AI frameworks. But they are all scrambling to stay abreast of technological developments, and already there are signs that emerging efforts to regulate AI will struggle to keep pace. In an effort to introduce some degree of international consensus, the UK government organized the first global AI Safety Summit in November 2023, with the aim of encouraging the safe and responsible development of AI around the world.
Most jurisdictions have sought to strike a balance between encouraging AI innovation and investment, while at the same time attempting to create rules to protect against possible harms. However, jurisdictions around the world have taken substantially different approaches to achieving these goals, which has in turn increased the risk that businesses face from a fragmented and inconsistent AI regulatory environment. Nevertheless, certain trends are becoming clearer at this stage:
Businesses in almost all sectors need to keep a close eye on these developments to ensure that they are aware of the AI regulations and forthcoming trends, in order to identify new opportunities and new potential business risks. But even at this early stage, the inconsistent approaches each jurisdiction has taken to the core questions of how to regulate AI is clear. As a result, it appears that international businesses may face substantially different AI regulatory compliance challenges in different parts of the world. To that end, this AI Tracker is designed to provide businesses with an understanding of the state of play of AI regulations in the core markets in which they operate. It provides analysis of the approach that each jurisdiction has taken to AI regulation and provides helpful commentary on the likely direction of travel.
Because global AI regulations remain in a constant state of flux, this AI Tracker will develop over time, adding updates and new jurisdictions when appropriate. Stay tuned, as we continue to provide insights to help businesses navigate these ever-evolving issues.
The African Union's Continental AI Strategy sets the stage for a unified approach to AI governance across the continent.
Voluntary AI Ethics Principles guide responsible AI development in Australia, with potential reforms under consideration.
The enactment of Brazil's proposed AI Regulation remains uncertain with compliance requirements pending review.
AIDA expected to regulate AI at the federal level in Canada but provincial legislatures have yet to be introduced.
The Interim AI Measures is China's first specific, administrative regulation on the management of generative AI services.
The Council of Europe is developing a new Convention on AI to safeguard human rights, democracy, and the rule of law in the digital space covering governance, accountability and risk assessment.
The successful implementation of the EU AI Act into national law is the primary focus for the Czech Republic, with its National AI Strategy being the main policy document.
The EU introduces the pioneering EU AI Act, aiming to become a global hub for human-centric, trustworthy AI.
France actively participates in international efforts and proposes sector-specific laws.
The G7's AI regulations mandate Member States' compliance with international human rights law and relevant international frameworks.
Germany evaluates AI-specific legislation needs and actively engages in international initiatives.
National frameworks inform India’s approach to AI regulation, with sector-specific initiatives in finance and health sectors.
Israel promotes responsible AI innovation through policy and sector-specific guidelines to address core issues and ethical principles.
Japan adopts a soft law approach to AI governance but lawmakers advance proposal for a hard law approach for certain harms.
Kenya's National AI Strategy and Code of Practice expected to set foundation of AI regulation once finalized.
Nigeria's draft National AI Policy underway and will pave the way for a comprehensive national AI strategy.
Position paper informs Norwegian approach to AI, with sector-specific legislative amendments to regulate developments in AI.
The OECD's AI recommendations encourage Member States to uphold principles of trustworthy AI.
Saudi Arabia is yet to enact AI Regulations, relying on guidelines to establish practice standards and general principles.
Singapore's AI frameworks guide AI ethical and governance principles, with existing sector-specific regulations addressing AI risks.
South Africa is yet to announce any AI regulation proposals but is in the process of obtaining inputs for a draft National AI plan.
South Korea's AI Act to act as a consolidated body of law governing AI once approved by the National Assembly.
Spain creates Europe's first AI supervisory agency and actively participates in EU AI Act negotiations.
Switzerland's National AI Strategy sets out guidelines for the use of AI, and aims to finalize an AI regulatory proposal in 2025.
Draft laws and guidelines are under consideration in Taiwan, with sector-specific initiatives already in place.
Turkey has published multiple guidelines on the use of AI in various sectors, with a bill for AI regulation now in the legislative process.
Mainland UAE has published an array of decrees and guidelines regarding regulation of AI, while the ADGM and DIFC free zones each rely on amendments to existing data protection laws to regulate AI.
The UK prioritizes a flexible framework over comprehensive regulation and emphasizes sector-specific laws.
The UN's new draft resolution on AI encourages Member States to implement national regulatory and governance approaches for a global consensus on safe, secure and trustworthy AI systems.
The US relies on existing federal laws and guidelines to regulate AI but aims to introduce AI legislation and a federal regulation authority.
The OECD's AI recommendations encourage Member States to uphold principles of trustworthy AI.
The OECD's Recommendation of the Council on Artificial Intelligence1 (the "Recommendation") adopted by 46 governments2 as of July 2021 (the "Adherents"), contains:
The OECD's policy paper on "Assessing future AI risks, benefits, and policy imperatives"4, published on November 14, 2024, emphasizes the need for proactive AI governance.
The OECD's Expert Group on AI Futures explores potential AI impacts, guiding policymakers on crafting forward-looking policies. Key identified benefits include accelerating scientific progress, improving economic growth, reducing inequality, enhancing decision-making, and empowering citizens. However, significant risks such as cyber threats, disinformation, AI safety lapses, power concentration, and privacy violations are also highlighted. The report suggests ten policy priorities including establishing clear AI liability rules, restricting harmful AI uses, ensuring AI transparency, and promoting international cooperation to manage competitive race dynamics. Governments are urged to implement these strategies to maximize AI benefits and mitigate risks, with ongoing initiatives indicating progress, yet emphasizing the need for more concrete actions. Nevertheless, it remains unclear whether such urgings will be sufficient to stem the divergence of AI regulatory approaches that has arisen from one jurisdiction to the next.
The Adherents have agreed to promote, implement, and adhere to the Recommendation. The Principles contribute to other AI initiatives, such as the G7's Hiroshima AI Process Comprehensive Policy Framework (including the International Guiding Principles on AI for Organizations Developing Advanced AI Systems and the International Code of Conduct for Organizations Developing Advanced AI Systems).
While certain OECD instruments can be legally binding on members, most are not. However, OECD recommendations represent a political commitment to the principles they contain and entail an expectation that Adherents will endeavor to implement them.5 Notwithstanding, a non-exhaustive list of OECD guidance that does not directly seek to regulate AI, but may affect the development or use of AI includes:
The OECD's definition of "AI system" was revised on November 8, 2023 to ensure that it continues to accurately reflect technological developments, including with respect to generative AI.6 AI is defined in the Recommendation using the following terms:
The Adherents (who are expected to promote and implement the Recommendation – see above) include the following 46 OECD members and non-members.7
Specific obligations would be placed on AI actors by Adherents implementing the Recommendation. However, the term "AI actors" is not defined in the Recommendation by reference to territory.
The Recommendation is not sector-specific. As discussed above, Adherents are expected to promote and implement the Recommendation and, by doing so, specific obligations should be placed on AI actors. However, the term "AI actors" is not defined in the Recommendation by reference to sector.
Adherents are expected to comply with the Recommendation, although the Recommendation does not explicitly govern compliance or regulatory oversight. Certain Principles relating to human-centered values and fairness, transparency and accountability are applicable to AI actors. Whether and to what extent AI actors have to comply with the Principles depends on the relevant Adherent state's approach to implementation.
The OECD's AI Regulations intend to help shape a stable policy environment at the international level that promotes a human-centric approach to trustworthy AI, fosters research, and preserves economic incentives to innovate.8
AI is not categorized according to risk in the Recommendation.
In order to promote a stable policy environment with regard to AI risk frameworks, the OECD has stated that it intends to analyze the criteria that should be included in a risk assessment and how to best aggregate such criteria, taking into account that different criteria may be interdependent.9
The Adherents are expected to promote and implement the following Principles:10
The Adherents are also expected to promote and implement the Five Recommendations:11
The OECD does not regulate the implementation of the Recommendation, although it does monitor and analyse information relating to AI initiatives through its AI Policy Observatory. The AI Policy Observatory includes a live database of AI strategies, policies and initiatives that countries and other stakeholders can share and update, enabling the comparison of their key elements in an interactive manner. It is continuously updated with AI metrics, measurements, policies and good practices that lead to further updates in the practical guidance for implementation.12
The Recommendation does not stipulate how Adherents should regulate the implementation of the Principles in their own jurisdictions.
As the Recommendation is not legally binding, it does not confer enforcement powers or give rise to any penalties for non-compliance. The OECD relies on Adherents to implement the Recommendation and enforce the Principles in their own jurisdictions.
1 https://legalinstruments.oecd.org/en/instruments/oecd-legal-0449.
2 OECD Members: Australia, Austria, Belgium, Canada, Chile, Colombia, Costa Rica, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Israel, Italy, Japan, Korea, Latvia, Lithuania, Luxembourg, Mexico, Netherlands, New Zealand, Norway, Poland, Portugal, Slovak Republic, Slovenia, Spain, Sweden, Switzerland, Republic of Türkiye, United Kingdom, United States, and Non-Members: Argentina, Brazil, Egypt, Malta, Peru, Romania, Singapore, and Ukraine.
3 Background - OECD.AI
4 See OECD policy paper here.
5 "Decisions are adopted by the Council and are legally binding on all Members except those which abstain [whereas] Recommendations are adopted by the Council and are not legally binding [but do] represent a political commitment to the principles they contain and entail an expectation that Adherents will do their best to implement them." (https://www.oecd.org/legal/legal-instruments.htm.)
6 https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0449#backgroundInformation.
7 OECD Members: Australia, Austria, Belgium, Canada, Chile, Colombia, Costa Rica, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Israel, Italy, Japan, Korea, Latvia, Lithuania, Luxembourg, Mexico, Netherlands, New Zealand, Norway, Poland, Portugal, Slovak Republic, Slovenia, Spain, Sweden, Switzerland, Republic of Türkiye, United Kingdom, United States, and Non-Members: Argentina, Brazil, Egypt, Malta, Peru, Romania, Singapore, and Ukraine.
8 "RECOGNISING that given the rapid development and implementation of AI, there is a need for a stable policy environment that promotes a human-centric approach to trustworthy AI, that fosters research, preserves economic incentives to innovate, and that applies to all stakeholders according to their role and the context." (introduction to the Recommendation).
9 "The OECD Experts Working Group, with members from across sectors and professions, plans to conduct further analysis of the criteria to include in a risk assessment and how best to aggregate these criteria, taking into account that different criteria may be interdependent." (page 67 of the Framework for the Classification of AI Systems (here)).
10 See Section 1 (1.1 – 1.5) of the Recommendation.
11 See Section 2 (2.1 – 2.5) the Recommendation.
12 The OECD's Policy Observatory is available here.
White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.
This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.
© 2024 White & Case LLP