ASEAN Guide on AI Governance and Ethics: What Businesses Operating in Southeast Asia Need to Know

What Is the ASEAN Guide on AI Governance and Ethics?

The ASEAN Guide on AI Governance and Ethics is a voluntary framework adopted in February 2024 by all 10 ASEAN member states. It provides a common set of principles and practical guidance for responsible AI development and deployment across the region.

In January 2025, ASEAN published an expanded edition specifically addressing Generative AI, and on 5 March 2025 adopted the ASEAN Responsible AI Roadmap (2025-2030) to coordinate member states' implementation efforts.

While the guide is not legally binding, it is increasingly shaping national AI policies across the region. Singapore, Malaysia, Indonesia, Thailand, Vietnam, and the Philippines are all using it as a foundation for their own AI governance frameworks — some of which are becoming mandatory.

Why This Matters for Businesses

Southeast Asia is one of the fastest-growing digital economies in the world. The ASEAN digital economy is projected to reach $2 trillion by 2030. If your company develops or deploys AI in any ASEAN market, this guide represents the baseline expectation for responsible AI behavior.

More practically:

• National regulators reference it: Singapore's IMDA, Malaysia's NAIO, Indonesia's Ministry of Communication, and others cite the ASEAN Guide when developing local requirements
• Financial regulators align with it: MAS (Singapore), BNM (Malaysia), OJK (Indonesia), and BOT (Thailand) have all incorporated its principles into sector-specific rules
• DEFA will formalize it: The ASEAN Digital Economy Framework Agreement (expected by end of 2026) will create legally binding AI governance interoperability rules based on these principles

The Seven Guiding Principles

The ASEAN Guide establishes seven core principles for AI systems:

1. Transparency and Explainability

AI systems should be designed to be transparent. Users and affected individuals should understand how AI decisions are made, to the extent that is technically feasible and appropriate to the risk level.

2. Fairness and Equity

AI systems should not produce unfair bias or discrimination. Developers and deployers should assess and mitigate potential biases throughout the AI lifecycle, with particular attention to impacts on vulnerable groups.

3. Accountability and Responsibility

Clear lines of accountability must exist for AI systems. Organizations should designate individuals or teams responsible for AI governance, and there should be mechanisms for redress when AI causes harm.

4. Human-Centricity

AI should be developed and used for the benefit of people and society. Human oversight should be maintained for high-risk AI applications, and individuals should have the ability to opt out of AI-driven decisions that significantly affect them.

5. Reliability and Safety

AI systems should be robust, reliable, and safe. This includes adequate testing, monitoring for performance degradation, and mechanisms to handle failures gracefully without causing harm.

6. Privacy and Data Governance

AI systems must respect data privacy and comply with applicable data protection laws. Data used for AI training should be collected, stored, and processed in accordance with national data protection frameworks.

7. Responsible Stewardship

Organizations should act as responsible stewards of AI technology, considering long-term societal impacts and contributing to the broader AI governance ecosystem.

The Generative AI Expansion (January 2025)

The expanded guide for Generative AI addresses risks specific to large language models, image generators, and other GenAI systems. Key additions include:

Nine Focus Areas for GenAI Governance

1. Accountability: Clear ownership of GenAI outputs and decisions
2. Data governance: Responsible sourcing and handling of training data, including copyright considerations
3. Trusted development and deployment: Safety testing, red-teaming, and staged rollouts
4. Content provenance: Mechanisms to identify and label AI-generated content
5. Incident reporting: Processes for detecting, reporting, and responding to GenAI incidents
6. Testing and assurance: Regular evaluation of GenAI model capabilities and limitations
7. Cybersecurity: Protection against adversarial attacks, prompt injection, and data poisoning
8. Transparency: Disclosure of GenAI use, capabilities, and limitations to users
9. Human oversight: Maintaining meaningful human control over GenAI applications

The ASEAN Digital Economy Framework Agreement (DEFA)

DEFA is expected to be the most significant development for AI governance in the region. Key points:

• Status: Substantial conclusion reached in negotiations; expected signature by end of 2026
• Scope: Legally binding digital trade rules covering cross-border data flows, digital payments, cybersecurity, and AI governance
• AI provisions: Will create interoperability standards for AI governance across ASEAN members
• Impact: Will harmonize some aspects of AI regulation that currently vary by country

For businesses, DEFA means that operating across multiple ASEAN markets will eventually become simpler — but compliance standards may also become more uniform and potentially more stringent.

How Countries Are Implementing the Guide

How to Align Your Business

For Companies Operating in a Single ASEAN Market

Follow the national framework for that country (see our dedicated guides for each jurisdiction). The ASEAN Guide provides useful supplementary guidance, especially for areas not yet covered by national regulations.

For Companies Operating Across Multiple ASEAN Markets

Use the ASEAN Guide's seven principles as your baseline governance framework, then layer on country-specific requirements. This approach:

• Gives you a consistent internal AI governance standard
• Ensures you meet the minimum expectations across all markets
• Prepares you for DEFA harmonization when it takes effect

Practical Steps

1. Map your AI systems to the seven ASEAN principles
2. Conduct a gap analysis against each country's specific requirements
3. Implement a regional AI governance framework based on the ASEAN Guide
4. Train your teams on both regional principles and national requirements
5. Monitor regulatory developments — 2026 is a critical year with Vietnam's AI Law, Indonesia's Perpres, Malaysia's potential legislation, and Thailand's draft AI law all converging

Related Regulations

• Singapore Model AI Governance Framework: The most mature implementation of ASEAN principles
• Vietnam AI Law (No. 134/2025): First binding AI law in SEA
• EU AI Act: Global reference framework that influenced ASEAN's approach
• Colorado AI Act: Similar risk-based approach in the US context

Harmonizing AI Governance Across ASEAN Markets

Organizations operating across multiple ASEAN markets face the challenge of navigating varying AI governance frameworks while maintaining operational consistency. Singapore's mature governance framework based on the Model AI Governance Framework and AI Verify toolkit provides the most structured approach in the region. Malaysia's AI governance is guided by the National AI Roadmap and emerging regulatory guidance from MDEC. Thailand's developing AI governance framework through DEPA is establishing principles that will shape future regulatory requirements. Indonesia's focus on data protection through the UU PDP law creates AI governance obligations primarily through data privacy requirements.

Building a Regional AI Governance Strategy

Organizations should develop unified regional AI governance policies that satisfy the most stringent requirements across all markets where they operate, supplemented by country-specific addenda addressing local regulatory particularities. This approach simplifies governance management, ensures baseline compliance across all jurisdictions, and reduces the risk of compliance gaps that arise when organizations attempt to maintain completely separate governance programs for each market.

How ASEAN AI Governance Compares to the EU AI Act

The EU AI Act takes a prescriptive, risk-tiered regulatory approach with specific compliance obligations, prohibited practices, and substantial fines for violations. ASEAN's approach remains largely voluntary and principles-based, emphasizing industry self-governance supported by government guidance rather than binding legislation. Singapore represents the most structured ASEAN approach through AI Verify, but even this remains voluntary. Vietnam became the first ASEAN nation to enact binding AI legislation through Law 134/2025. This regulatory diversity means multinational companies cannot simply transplant EU compliance programs into ASEAN markets — they need governance frameworks flexible enough to accommodate both prescriptive European requirements and evolving voluntary Southeast Asian standards.

Country-by-Country AI Maturity Across ASEAN

ASEAN member states exhibit significant variation in AI governance maturity. Singapore leads with comprehensive frameworks, testing toolkits, and sectoral guidance. Vietnam enacted binding AI legislation through Law No. 134/2025 (effective 1 March 2026), leapfrogging voluntary approaches. Thailand and Philippines have issued detailed regulatory guidance bridging data privacy and AI governance. Malaysia is transitioning from voluntary principles to enforceable standards. Indonesia, Cambodia, Myanmar, Laos, and Brunei remain in earlier stages of AI governance development, though Indonesia's comprehensive data protection law creates a foundation for future AI-specific requirements.