Skip to main content
NOPE
In Effect Guidance AI Safety

HK AI Framework

Hong Kong PCPD Model AI Personal Data Protection Framework

Comprehensive AI guidance from Hong Kong Privacy Commissioner. Governance, risk assessment, human oversight, data stewardship. Three core values: respect, benefit, fairness.

Jurisdiction

Hong Kong

Enacted

Pending

Effective

Jun 11, 2024

Enforcement

Privacy Commissioner for Personal Data (PCPD)

PCPD

Why It Matters

Most detailed AI governance guidance in APAC. PCPD actively conducting compliance inquiries. Sets expectations that may become mandatory.

At a Glance

Requires

Transparency

Who Must Comply

  • Organizations deploying AI processing personal data in Hong Kong

Obligations fall on:

Safety Provisions

  • AI Governance: Cross-functional committees recommended
  • Risk Assessment: AI-specific methodology
  • Human Oversight: Review for high-impact decisions
  • Data Stewardship: Respect, benefit, fairness
  • Transparency: Disclosure of AI use and limitations
  • AI Incident Response Plans
  • Training data governance

View on map

Hong Kong

Focus Areas

Algorithmic accountability
Active safeguards required

Cite This

APA

Hong Kong. (2024). Hong Kong PCPD Model AI Personal Data Protection Framework.

Related Regulations

In Effect CN

China CSL Amendments

First major revision of China's foundational Cybersecurity Law since 2017. Introduces formal AI governance provisions, significantly increases penalties, and expands extraterritorial application to all cybersecurity violations.

In Effect AU

AU National AI Plan

National AI policy roadmap replacing previously proposed mandatory AI guardrails. Focuses on leveraging existing legal frameworks rather than new mandatory requirements. Establishes the Australian AI Safety Institute (AISI) to monitor, test, and share information on AI risks and harms.

In Effect IN

India AI Governance Guidelines

Voluntary AI governance framework built on seven core principles ('sutras'): Trust, People First, Innovation over Restraint, Fairness & Equity, Accountability, Understandable by Design, and Safety/Resilience/Sustainability. Establishes AI Governance Group, AI Safety Institute, and Technology & Policy Expert Committee.

In Effect BN

Brunei PDPO

Brunei's personal data protection order requiring DPIA and imposing penalties up to 10% Brunei turnover or $1M.

In Effect IN

India DPDP Act

STRICTEST children's provisions in APAC. Children = under 18; verifiable parental consent MANDATORY; PROHIBITION on tracking, behavioral monitoring, targeted advertising to children.

In Effect MM

Myanmar Cybersecurity Law

Myanmar's cybersecurity law requiring platforms with 100,000+ users to register and imposing data retention requirements. Enacted post-2021 coup with uncertain enforcement.

All regulations Check if this applies to you

Last updated February 17, 2026. Verify against primary sources before relying on this information.