Skip to main content
NOPE
In Effect Guidance AI Safety

HK AI Framework

Hong Kong PCPD Model AI Personal Data Protection Framework

Comprehensive AI guidance from Hong Kong Privacy Commissioner. Governance, risk assessment, human oversight, data stewardship. Three core values: respect, benefit, fairness.

Jurisdiction

Hong Kong

Enacted

Pending

Effective

Jun 11, 2024

Enforcement

Privacy Commissioner for Personal Data (PCPD)

PCPD

Why It Matters

Most detailed AI governance guidance in APAC. PCPD actively conducting compliance inquiries. Sets expectations that may become mandatory.

At a Glance

Requires

Transparency

Who Must Comply

  • Organizations deploying AI processing personal data in Hong Kong

Obligations fall on:

Safety Provisions

  • AI Governance: Cross-functional committees recommended
  • Risk Assessment: AI-specific methodology
  • Human Oversight: Review for high-impact decisions
  • Data Stewardship: Respect, benefit, fairness
  • Transparency: Disclosure of AI use and limitations
  • AI Incident Response Plans
  • Training data governance

View on map

Hong Kong

Focus Areas

Algorithmic accountability
Active safeguards required

Compliance Help

Requires AI governance structure; documented risk assessment; human oversight; incident response; transparency disclosures.

See how NOPE helps

Cite This

APA

Hong Kong. (2024). Hong Kong PCPD Model AI Personal Data Protection Framework.

Related Regulations

In Effect CN

China CSL Amendments

First major revision of China's foundational Cybersecurity Law since 2017. Introduces formal AI governance provisions, significantly increases penalties, and expands extraterritorial application to all cybersecurity violations.

In Effect NP

Nepal AI Policy

Nepal national AI policy establishing governance framework and development priorities. Creates AI Governance Council (chaired by Minister for Communications and IT), AI Regulation Council, National AI Centre, and AI Regulatory Authority. Six pillars including ethics, human resource development, and sectoral application.

In Effect PK

Pakistan AI Policy

Pakistan's national AI roadmap establishing six strategic pillars: AI Innovation Ecosystem, Awareness and Readiness, Research and Development, Infrastructure, Governance, and International Cooperation. Creates National AI Fund (NAIF), Centres of Excellence in 7 cities, and targets training 200,000 individuals annually.

In Effect BN

Brunei PDPO

Brunei's personal data protection order requiring DPIA and imposing penalties up to 10% Brunei turnover or $1M.

In Effect IN

India DPDP Act

STRICTEST children's provisions in APAC. Children = under 18; verifiable parental consent MANDATORY; PROHIBITION on tracking, behavioral monitoring, targeted advertising to children.

In Effect MM

Myanmar Cybersecurity Law

Myanmar's cybersecurity law requiring platforms with 100,000+ users to register and imposing data retention requirements. Enacted post-2021 coup with uncertain enforcement.

All regulations Check if this applies to you

Last updated February 17, 2026. Verify against primary sources before relying on this information.