Tsaaro got CERT-IN Empanelled | MeitY has published the DPDP Rules, 2023.
Tsaaro got CERT-IN Empanelled | MeitY has published the DPDP Rules, 2023.
Tsaaro got CERT-IN Empanelled | MeitY has published the DPDP Rules, 2023.
Tsaaro got CERT-IN Empanelled | MeitY has published the DPDP Rules, 2023.
Research Team (Tsaaro)
Published
Introduction
Recent advancements in artificial intelligence have triggered a global push for its regulation. Governments worldwide are trying to help the economy grow through AI, while also protecting people from its risks.
Initially, the European Union led the way in this with its AI Act. Soon after, the United States and China started using executive orders and rules to manage AI. In Asia, South Korea has also been building its own legal foundations. Now, Taiwan has joined the group with its basic law for AI. This law reflects Taiwan’s aim to align with international AI risk management standards while preserving regulatory flexibility.
What is Taiwan's Artificial Intelligence Basic Act?
Taiwan’s AI Basic Act is a framework aimed at guiding and promoting the responsible development and use of AI. It was drafted in 2024 by the National Science and Technology Council, passed by the Legislative Yuan on 23 December 2025, and formally came into force on 14 January 2026.
The main objective of the Act is to build the foundation for a “smart nation” that focuses on human-centric AI development while also supporting sustainable industrial growth. It defines an AI system as one that operates with a degree of autonomy and uses machine learning or algorithms to produce outputs such as predictions, recommendations, content, or decisions that can affect both physical and digital environments.
To manage things effectively, Taiwan has created a three-level governance structure. At the top is the NSTC, which acts as the central authority responsible for implementing and overseeing the Act. Supporting this is the National AI Strategy Special Committee, which coordinates national AI policies and broader development plans. In addition, the Ministry of Digital Affairs also plays a key role by developing a risk classification system aligned with global standards.
The Act also sets out seven guiding principles for responsible AI use. However, it is important to note that the AI Basic Act currently functions as a “soft law” framework. This means it provides guidance and direction rather than imposing strict, legally binding obligations on private entities.
Key Provisions & Unique Features
Human-Centred Approach: The act prioritises social welfare and fundamental rights over mere technological advancement. Clause 4 mandates that AI research and application should adhere to seven guiding principles mentioned in the act.
Centralised governance structure: Clause 6 creates a Special Committee on National AI Strategy, led by the Premier, to coordinate and review national AI policy annually. The State Science and Technology Commission acts as the central authority (Clause 2), while local governments manage regional implementation. The Ministry of Digital Development provides technical oversight and evaluation tools (Clause 5).
Risk-Based Regulation: Clause 5 prohibits AI uses that harm life, liberty, or property, or cause discrimination, bias, or misinformation. High-risk AI systems must follow stricter safeguards and warning requirements. Clause 17 mandates clear liability rules and compensation or insurance mechanisms for harm caused by such systems.
Data Governance & Innovation: Clause 13 enables data sharing and reuse with safeguards for diversity and IP rights, while Clause 14 embeds privacy by design. Economic incentives like subsidies and tax benefits support AI development (Clause 10), alongside regulatory sandboxes for experimentation (Clause 11).
Labour & Social Impact: The Act directly addresses AI’s impact on jobs. Clause 15 requires protection of labour rights, skill development, and support for displaced workers. Clause 7 promotes AI and ethics education to improve digital literacy across society.
Implementation & Harmony: To ensure coherence, Clause 11 gives priority to the act’s core principles in case of conflict with other laws. Clause 18 mandates legal alignment within two years. Clause 19 requires government use of AI to undergo risk assessments and internal controls.
Comparison with the Existing Industry Standard: The EU AI Act
Aspect | Taiwan AI Basic Act | EU AI Act |
Overall Approach | Adopts a principle-based “charter” model focused on promotion, flexibility, and high-level guidance. | Establishes a binding “product safety” regime with strict obligations and phased enforcement. |
Risk Classification | An internationally aligned risk framework is under development, with no explicit bans or immediate private-sector obligations. | Uses a four-tier system with outright bans and heavy compliance for high-risk AI. |
Principles vs Rules | Relies on seven guiding principles such as transparency, fairness, and accountability. | Translates similar values into enforceable requirements like transparency, human oversight, and risk management. |
Governance | Operates through centralised coordination led by the NSTC, with no specific penalties or fines yet. | Enforced by national regulators and the EU AI Office, with fines up to €35M or 7% of global turnover. |
Innovation Focus | Promotes innovation through subsidies, data-sharing mechanisms, and regulatory sandboxes, while also incorporating labour protections. | Supports innovation through sandboxes but imposes higher compliance costs, especially on start-ups. |
Implications of the New Act:
Who Is Being Affected: The act has implications for a broad spectrum of entities, including domestic Taiwanese AI developers, multinational corporations with manufacturing or R&D operations on the island, and the wider international semiconductor and AI supply chain ecosystem.
How is the effect? By adopting a “soft law” framework, Taiwan offers a substantially lighter compliance path and lower initial regulatory costs compared to the EU's stringent regime. Beyond that, the legislation actively obligates the government to support industry through R&D subsidies, tax incentives, financial assistance programmes, and regulatory innovation sandboxes.
Potential Challenges: Companies must closely monitor MODA's development of the internationally aligned risk-classification framework, which will ultimately govern future restrictions for high-risk applications. Over the next 24 months, various government ministries are legally required to review and draft sector-specific subsidiary regulations that could significantly tighten operational requirements for industries such as finance, healthcare, and employment.
Actionable Recommendations: Businesses should not wait passively for strict rules to crystallise. Proactive steps must be made as a matter of priority. Companies should begin mapping their existing AI systems, conducting internal risk assessments, and embedding “privacy-by-design” and data-minimisation controls into product development pipelines.
Conclusion
The Act marks the start of Taiwan’s regulatory process. Over the next two years, government agencies will develop detailed rules to turn the Act’s broad principles into practical requirements, with the Ministry of Digital Affairs expected to release an AI risk-classification framework in early 2026. Taiwan’s approach is significant because it focuses on encouraging innovation while keeping compliance requirements flexible, creating a model that may influence other Asian countries. Overall, the Act strikes a balanced path between strict regulation and unchecked growth, offering a practical example of how a country can promote technological development while still building trust and governance around AI.
Talk to a Privacy Expert
Get a free 1:1 session on AI compliance, DPDPA readiness, or incident response planning.
Related articles
