ASEAN AI governance, the regional picture in 2026
ASEAN's approach to AI governance reflects the diversity of its ten member states, from Singapore's advanced voluntary frameworks to emerging regulatory activity in Thailand, Indonesia, Vietnam, and the Philippines. The ASEAN Guide on AI Governance and Ethics (adopted February 2024) provides regional principles, but implementation varies significantly across member states.
ASEAN Guide on AI Governance and Ethics
Adopted by ASEAN Digital Ministers in February 2024, the Guide provides a voluntary, principles-based framework covering: transparency and explainability; fairness and non-discrimination; security and safety; human oversight; accountability and governance; data privacy; inclusivity; and sustainability. The Guide is non-binding but serves as the baseline for member state alignment. It builds on the earlier ASEAN Framework on Digital Data Governance (2018).
Key member state positions
Singapore. The most advanced ASEAN member on AI governance. Model AI Governance Framework (three editions, Traditional AI 2020, Generative AI 2024, Agentic AI 2026). AI Verify testing framework. PDPA with March 2024 AI Advisory Guidelines. MAS (Monetary Authority of Singapore) AI Risk Management Guidelines (November 2025 consultation). Singapore often serves as the reference point for other ASEAN states.
Thailand. The PDPA (effective June 2022) applies to AI processing personal data. The Royal Thai Government issued the National AI Ethics Guideline (2021). Thailand's Digital Economy and Society Ministry has signalled interest in AI-specific regulation but no legislation has been enacted. The PDPA's automated decision-making provisions are less specific than GDPR Article 22.
Indonesia. The Personal Data Protection Law (UU PDP, effective October 2024) applies to AI. The National AI Strategy (Stranas KA, 2020) sets development priorities. Indonesia's Ministry of Communication and Informatics has issued voluntary AI ethics guidelines. The government has signalled that regulation will follow development, not lead it.
Vietnam. The Cybersecurity Law (2018) and Personal Data Protection Decree (Decree 13/2023, effective July 2023) apply to AI. Vietnam's AI Strategy (2025-2030) was approved in early 2025. The regulatory approach is development-first with governance following.
Philippines. The Data Privacy Act 2012 and National Privacy Commission apply to AI. The DTI (Department of Trade and Industry) has issued AI ethics guidelines. The National AI Roadmap was published in 2021.
Malaysia. Bank Negara Malaysia has issued AI governance expectations for financial institutions. The PDPA 2010 applies to AI. The Malaysia AI Roadmap (2025-2030) signals regulatory development.
Cross-border considerations
Companies operating across ASEAN face a patchwork of requirements. Singapore's frameworks are the most detailed but are voluntary. Thailand, Indonesia, and the Philippines have binding data protection laws that apply to AI but with less AI-specific guidance. Cross-border data transfer provisions vary by member state. The ASEAN Guide provides a common vocabulary but not common obligations.
Primary sources: ASEAN Guide on AI Governance and Ethics · PDPC Singapore
Related reading
- AI Governance in Hong Kong: PCPD, SFC, HKMA, and the China AI Regulation Intersection
- Asia-Pacific AI Governance, What Companies Operating Across APAC Need to Know
- Singapore's AI Governance Framework: What Businesses in Asia-Pacific Need to Know
- Enterprise AI Compliance in India: DPDP Act, RBI, SEBI, IRDAI, and the Governance Framework