Pertama Partners
Back to AI Glossary
AI Governance & Ethics

What is AI Regulation?

AI Regulation refers to the laws, rules, standards, and government policies that govern the development, deployment, and use of artificial intelligence systems. It encompasses mandatory legal requirements, voluntary guidelines, industry standards, and regulatory frameworks designed to manage AI risks while enabling innovation and economic benefit.

What is AI Regulation?

AI Regulation encompasses the body of laws, government policies, standards, and guidelines that control how artificial intelligence can be developed and used. It ranges from binding legislation that carries penalties for non-compliance to voluntary frameworks and industry codes of practice.

For business leaders, AI regulation is not a distant concern. It is a present and rapidly evolving reality that affects how you build, buy, and deploy AI systems across your markets.

The Global Regulatory Landscape

AI regulation is developing at different speeds across jurisdictions:

European Union

The EU AI Act, which came into force in 2024, is the world's most comprehensive AI regulation. It classifies AI systems by risk level and imposes progressively stricter requirements for higher-risk applications. Prohibited practices include social scoring and certain forms of real-time biometric surveillance. High-risk applications in areas like hiring, credit, healthcare, and law enforcement face mandatory requirements for transparency, human oversight, accuracy, and data governance.

United States

The US has taken a more sector-specific approach, with executive orders and agency-level guidance rather than comprehensive legislation. The National Institute of Standards and Technology (NIST) AI Risk Management Framework provides a voluntary framework that has become an important reference point.

China

China has implemented targeted AI regulations, including rules on algorithmic recommendation systems, deep synthesis (deepfakes), and generative AI. These regulations emphasise content control and socialist values alongside technical safety.

AI Regulation in Southeast Asia

The ASEAN regulatory landscape is evolving from voluntary guidelines toward more structured regulatory frameworks:

Singapore

Singapore has the most mature AI regulatory environment in Southeast Asia. Key elements include:

  • Model AI Governance Framework: Published by IMDA, provides practical guidance for organisations deploying AI. While voluntary, it is widely adopted and influences procurement decisions.
  • AI Verify: An AI governance testing framework and toolkit that allows organisations to demonstrate compliance with governance principles.
  • PDPA: Singapore's Personal Data Protection Act regulates data handling that underpins AI systems.
  • MAS Guidelines: The Monetary Authority of Singapore provides sector-specific guidance on AI use in financial services, including requirements for explainability and fairness.

Thailand

  • AI Ethics Guidelines: Published by the Ministry of Digital Economy and Society, establishing principles for responsible AI use.
  • PDPA: Thailand's Personal Data Protection Act, fully enforced since 2022, affects AI data handling practices.
  • National AI Strategy: Outlines the government's approach to fostering AI development while managing risks.

Indonesia

  • PDPA (Law No. 27 of 2022): Indonesia's Personal Data Protection Act establishes rights around automated decision-making and data processing transparency.
  • National AI Strategy (Stranas KA): Sets direction for AI development and governance.
  • Sector-specific regulations: Bank Indonesia and the Financial Services Authority (OJK) are developing guidance on AI use in financial services.

Malaysia

  • National AI Roadmap (AI-Rmap): Establishes Malaysia's approach to AI development and governance.
  • PDPA: Malaysia's Personal Data Protection Act 2010 regulates data handling relevant to AI.
  • MDEC Guidelines: The Malaysia Digital Economy Corporation provides guidance on responsible AI adoption.

Philippines and Vietnam

Both countries are developing AI strategies and governance frameworks, with data protection regulations providing the primary regulatory touchpoints for AI currently.

Preparing for AI Regulation

For business leaders, the key is to prepare proactively rather than reactively:

  • Monitor the regulatory landscape: Track developments across all ASEAN markets where you operate. Subscribe to updates from IMDA, PDPC, and relevant regulatory bodies.
  • Build governance foundations: Implementing strong AI governance now creates a platform that can be adapted as specific regulatory requirements emerge.
  • Document everything: Regulatory compliance typically requires documentation of data sources, model development processes, testing results, and monitoring practices. Start documenting now.
  • Engage with regulators: Many ASEAN regulators actively seek industry input on AI regulation. Participating in consultations and industry associations keeps you informed and gives you a voice in shaping practical regulations.
  • Plan for the highest standard: If you operate across multiple markets, building your AI practices to meet the most stringent requirements provides compliance everywhere with a single approach.
Why It Matters for Business

AI Regulation is one of the most dynamic and consequential areas of policy development globally, and Southeast Asia is no exception. For business leaders, regulatory compliance is not optional, and the cost of non-compliance is increasing. Fines, enforcement actions, and mandated operational changes can be expensive and disruptive.

More importantly, the regulatory landscape is a leading indicator of market expectations. Regulations codify what governments and societies consider acceptable AI practice. Companies that align early with these expectations earn trust and market access. Companies that fall behind face not only regulatory risk but also competitive disadvantage as customers and partners gravitate toward demonstrably compliant organisations.

For CEOs and CTOs operating across ASEAN, the fragmented regulatory landscape creates both challenges and opportunities. The challenge is navigating different requirements in different markets. The opportunity is that building robust AI governance practices that meet the highest regional standard, typically Singapore's, provides a durable competitive advantage. This approach future-proofs your organisation against regulatory tightening in other markets and demonstrates maturity to customers, partners, and investors.

Key Considerations
  • Map the AI regulations and guidelines applicable in every ASEAN market where you operate, including sector-specific requirements in financial services, healthcare, and other regulated industries.
  • Build your AI governance practices to meet the most stringent regulatory standard in your operating markets, which simplifies compliance across all jurisdictions.
  • Establish systematic documentation practices for AI development, testing, and deployment that will be needed for regulatory compliance and audits.
  • Monitor regulatory developments actively, as the ASEAN AI regulatory landscape is evolving rapidly with new frameworks and guidelines expected in coming years.
  • Engage with industry associations and regulatory consultations to stay informed and contribute to practical regulation that balances innovation with protection.
  • Consider regulatory requirements early in AI project planning, as retrofitting compliance is significantly more expensive than building it in from the start.
  • Train leadership and relevant staff on applicable AI regulations so that compliance is understood as a business priority, not just a legal technicality.

Frequently Asked Questions

Is AI regulation in Southeast Asia mandatory or voluntary?

Currently, most AI-specific guidance in Southeast Asia is voluntary, including Singapore's Model AI Governance Framework and Thailand's AI Ethics Guidelines. However, data protection laws like Singapore's PDPA, Thailand's PDPA, and Indonesia's PDPA are mandatory and directly affect AI systems that process personal data. The trend is clearly moving toward more binding regulation, and voluntary frameworks are increasingly referenced in procurement decisions and industry standards, making them practically mandatory for competitive businesses.

How do I comply with AI regulations across multiple ASEAN markets?

The most practical approach is to build your AI governance framework to meet the highest standard in the region, currently Singapore's. This ensures compliance in all markets with a single set of practices. Supplement this baseline with country-specific requirements, particularly around data protection and sector-specific regulations. Working with local legal advisors in each market ensures you do not miss jurisdiction-specific requirements.

More Questions

While a single binding ASEAN-wide AI regulation is unlikely in the near term due to the bloc's consensus-based approach and varying levels of digital maturity, the ASEAN Guide on AI Governance and Ethics provides a harmonised framework that member states can adapt. This approach is more typical of ASEAN and allows each country to implement AI governance at its own pace while maintaining regional coherence. Businesses should plan for convergence in principles but variation in specific requirements across markets.

Need help implementing AI Regulation?

Pertama Partners helps businesses across Southeast Asia adopt AI strategically. Let's discuss how ai regulation fits into your AI roadmap.

Book a ConsultationBrowse AI Glossary