Este artigo está disponível apenas em inglês no momento.
ASEAN AI Governance: The Regional Framework and Country-by-Country Landscape
ASEAN has a regional AI governance framework built on voluntary principles, but individual member states — Thailand, Vietnam, Indonesia, Malaysia, Philippines — are developing their own approaches at different speeds. Here is the complete picture for organisations operating across Southeast Asia.
Key Takeaways
ASEAN adopted its AI Governance Framework (2019, updated 2023) — voluntary principles covering transparency, fairness, security, and human oversight, closely aligned with Singapore's IMDA framework.
Thailand enacted a Personal Data Protection Act (PDPA) effective 2022 — automated decision-making provisions apply to AI in consequential decisions. The PDPC has AI governance guidance.
Indonesia's Personal Data Protection Law (PDP Law) passed 2022, effective 2024 — automated decision-making with significant effects on individuals requires human review mechanisms.
Vietnam's AI strategy (2021) and Cybersecurity Law create governance obligations for AI platforms — particularly content AI, recommendation systems, and AI in financial services.
Malaysia's AI Roadmap 2021-2025 and PDPA amendments create compliance obligations for AI in financial services, healthcare, and government — Bank Negara has AI governance guidance for financial institutions.
"Apenas para fins informativos. Este artigo não constitui aconselhamento jurídico, regulatório, financeiro ou profissional. Consulte um especialista qualificado para orientação específica."
ASEAN AI governance — the regional picture in 2026
ASEAN's approach to AI governance reflects the diversity of its ten member states — from Singapore's advanced voluntary frameworks to emerging regulatory activity in Thailand, Indonesia, Vietnam, and the Philippines. The ASEAN Guide on AI Governance and Ethics (adopted February 2024) provides regional principles, but implementation varies significantly across member states.
ASEAN Guide on AI Governance and Ethics
Adopted by ASEAN Digital Ministers in February 2024, the Guide provides a voluntary, principles-based framework covering: transparency and explainability; fairness and non-discrimination; security and safety; human oversight; accountability and governance; data privacy; inclusivity; and sustainability. The Guide is non-binding but serves as the baseline for member state alignment. It builds on the earlier ASEAN Framework on Digital Data Governance (2018).
Key member state positions
Singapore. The most advanced ASEAN member on AI governance. Model AI Governance Framework (three editions — Traditional AI 2020, Generative AI 2024, Agentic AI 2026). AI Verify testing framework. PDPA with March 2024 AI Advisory Guidelines. MAS AI Risk Management Guidelines (November 2025 consultation). Singapore often serves as the reference point for other ASEAN states.
Thailand. The PDPA (effective June 2022) applies to AI processing personal data. The Royal Thai Government issued the National AI Ethics Guideline (2021). Thailand's Digital Economy and Society Ministry has signalled interest in AI-specific regulation but no legislation has been enacted. The PDPA's automated decision-making provisions are less specific than GDPR Article 22.
Indonesia. The Personal Data Protection Law (UU PDP, effective October 2024) applies to AI. The National AI Strategy (Stranas KA, 2020) sets development priorities. Indonesia's Ministry of Communication and Informatics has issued voluntary AI ethics guidelines. The government has signalled that regulation will follow development, not lead it.
Vietnam. The Cybersecurity Law (2018) and Personal Data Protection Decree (Decree 13/2023, effective July 2023) apply to AI. Vietnam's AI Strategy (2025-2030) was approved in early 2025. The regulatory approach is development-first with governance following.
Philippines. The Data Privacy Act 2012 and National Privacy Commission apply to AI. The DTI (Department of Trade and Industry) has issued AI ethics guidelines. The National AI Roadmap was published in 2021.
Malaysia. Bank Negara Malaysia has issued AI governance expectations for financial institutions. The PDPA 2010 applies to AI. The Malaysia AI Roadmap (2025-2030) signals regulatory development.
Cross-border considerations
Companies operating across ASEAN face a patchwork of requirements. Singapore's frameworks are the most detailed but are voluntary. Thailand, Indonesia, and the Philippines have binding data protection laws that apply to AI but with less AI-specific guidance. Cross-border data transfer provisions vary by member state. The ASEAN Guide provides a common vocabulary but not common obligations.
Primary sources: ASEAN Guide on AI Governance and Ethics · PDPC Singapore