この記事は現在英語でのみご利用いただけます。
ASEAN AI Governance: The Regional Framework and Country-by-Country Landscape
ASEAN has a regional AI governance framework built on voluntary principles, but individual member states — Thailand, Vietnam, Indonesia, Malaysia, Philippines — are developing their own approaches at different speeds. Here is the complete picture for organisations operating across Southeast Asia.
Key Takeaways
ASEAN adopted its AI Governance Framework (2019, updated 2023) — voluntary principles covering transparency, fairness, security, and human oversight, closely aligned with Singapore's IMDA framework.
Thailand enacted a Personal Data Protection Act (PDPA) effective 2022 — automated decision-making provisions apply to AI in consequential decisions. The PDPC has AI governance guidance.
Indonesia's Personal Data Protection Law (PDP Law) passed 2022, effective 2024 — automated decision-making with significant effects on individuals requires human review mechanisms.
Vietnam's AI strategy (2021) and Cybersecurity Law create governance obligations for AI platforms — particularly content AI, recommendation systems, and AI in financial services.
Malaysia's AI Roadmap 2021-2025 and PDPA amendments create compliance obligations for AI in financial services, healthcare, and government — Bank Negara has AI governance guidance for financial institutions.
"情報提供のみを目的としています。この記事は法律、規制、財務または専門的なアドバイスを構成するものではありません。具体的なアドバイスについては、資格を持つ専門家にご相談ください。"
The ASEAN framework: voluntary but influential
ASEAN's AI Governance Framework, first published in 2019 and updated in 2023, establishes voluntary principles for responsible AI across the ten-member bloc. The framework covers transparency, fairness, security and robustness, human oversight, and accountability — closely mirroring Singapore's IMDA Model AI Governance Framework, which served as a key input. The ASEAN framework is not binding on member states, but it has shaped national AI governance approaches across the region and provides a common reference point for organisations operating multi-country ASEAN operations.
Thailand
Thailand's Personal Data Protection Act (PDPA), fully effective from June 2022, includes automated decision-making provisions that apply to AI systems making significant decisions about individuals. The Personal Data Protection Committee (PDPC) has issued guidance on AI and PDPA compliance. The National AI Strategy published in 2022 covers healthcare, agriculture, manufacturing, and smart city applications with governance principles. AI in financial services is subject to Bank of Thailand oversight, with guidance on model risk and algorithmic systems.
Indonesia
Indonesia's Personal Data Protection Law (PDP Law), enacted September 2022 and effective October 2024, creates obligations for automated decision-making with significant effects on data subjects — requiring human intervention mechanisms. The Ministry of Communication and Information Technology (Kominfo) has issued AI governance guidelines. Indonesia's strategic importance as the world's fourth most populous country makes it a significant market for AI-related compliance frameworks, and regulatory development is accelerating.
Vietnam
Vietnam's National Strategy on Research, Development and Application of AI through 2030 establishes governance principles. The Cybersecurity Law and Decree 13/2023 on Personal Data Protection create specific obligations for AI platforms, content moderation AI, and recommendation systems. Organisations operating AI services in Vietnam must comply with cybersecurity requirements including data localisation provisions for certain categories of data.
Malaysia
Malaysia's Responsible AI Roadmap 2021-2025 and National AI Strategy provide the governance framework. Bank Negara Malaysia (BNM) has issued AI governance expectations for financial institutions through its Risk Management in Technology policy document. The Personal Data Protection Act (PDPA) amendments create enhanced obligations for automated processing. Malaysia's approach is broadly aligned with Singapore's IMDA framework, making regional compliance programs generally transferable.