Kazakhstan AI Law

Law of the Republic of Kazakhstan on Artificial Intelligence (Law No. 230-VIII)

First comprehensive AI law in Central Asia. Establishes risk-based classification (low/medium/high-risk), mandatory AI content labeling, and explicit prohibitions on manipulation, social scoring, and non-consensual emotion detection. Requires annual risk assessments for high-risk systems.

Jurisdiction

Kazakhstan

Enacted

Nov 17, 2025

Effective

Jan 18, 2026

Enforcement

Ministry of Artificial Intelligence and Digital Development

Signed November 17, 2025; effective January 18, 2026

Zakon.kz (Official)

Why It Matters

Prohibitions on manipulation and emotion detection without consent address key AI safety concerns. Mandatory content labeling creates transparency requirements.

Recent Developments

First Central Asian country to enact comprehensive AI legislation. Law closely mirrors EU AI Act prohibited practices.

At a Glance

Applies to

Foundation ModelGeneral ChatbotEmotion RecognitionAutomated Decision SystemDigital Replica

Harms addressed

Discrimination

Requires

Transparency Risk Assessment

Who Must Comply

AI system developers
AI system owners/operators
Users of AI systems in Kazakhstan

Obligations fall on:

Safety Provisions

Prohibited: AI using manipulative techniques affecting subconscious or distorting behavior
Prohibited: AI exploiting vulnerabilities (age, disability) to cause harm
Prohibited: Social scoring based on social behavior or personal characteristics
Prohibited: Emotion detection without subject consent (except legal cases)
Prohibited: Biometric classification for discrimination (race, political views, etc.)
Mandatory labeling: All synthetic content (image, video, audio, text) must carry machine-readable marker and user disclosure
Continuous lifecycle risk management required; systems must be suspended if threatening rights
User right to understand AI operation and data basis for decisions
Right to refuse AI interaction unless required by law

Compliance & Enforcement

Key Dates

Jan 18, 2026

All provisions take effect

Penalties

Administrative liability for violations including failure to inform users about synthetic content and failure to manage high-risk AI risks

Primary Source

Zakon.kz (Official)

https://online.zakon.kz/Document/?doc_id=34207749

View on map

Kazakhstan

Focus Areas

Mental health & crisis

Child safety

Algorithmic accountability

Active safeguards required

Compliance Help

Developers must conduct continuous lifecycle risk management with annual reviews. High-risk systems require enhanced information security controls. All synthetic content must be labeled with machine-readable markers.

See how NOPE helps

Cite This

APA

Kazakhstan. (2025). Law of the Republic of Kazakhstan on Artificial Intelligence (Law No. 230-VIII).

Related Regulations

Enacted UZ

Uzbekistan AI Law

Uzbekistan's AI governance framework via amendments to Law on Informatization. Mandates AI content labeling, prohibits AI decisions affecting rights without human oversight, and establishes protections against AI harms to life, health, and dignity. Responds to 3x increase in AI-related violations (1,129 in 2023 to 3,553 in 2024).

In Effect KR

Korea AI Act

First comprehensive AI legislation in Asia-Pacific and second in the world after EU. Regulates "High-Impact AI" in healthcare, energy, nuclear, transport, government, and education sectors. Requires transparency notifications, content labeling for generative AI, and fundamental rights impact assessments. Notable for lower penalties than EU AI Act and absence of prohibited AI practices.

In Effect TW

Taiwan AI Act

Comprehensive AI Basic Act (pending) establishes seven guiding principles and risk-based classification. Note: Taiwan already has ENACTED deepfake/election AI provisions via separate laws (Criminal Code 2023, Election Law 2023, Fraud Prevention Act 2024).

In Effect SG

SG MAS AI Governance

First mandatory AI governance requirements in Singapore, shifting from voluntary Model AI Governance Framework to binding obligations for financial sector. Establishes three mandatory focus areas: oversight and governance, risk management systems, and development/validation/deployment protocols.

Enacted NZ

NZ Biometric Code

Sets specific legal requirements under Privacy Act for collecting and using biometric data such as facial recognition and fingerprint scans. Prohibits particularly intrusive uses including emotion prediction and inferring protected characteristics like ethnicity or sex.

In Effect AU

AU Privacy Amendment 2024

Strengthens Privacy Act requirements for biometric data collection, raising the standard of conduct for collecting biometric information used for automated verification or identification. Cannot collect such information unless individual has consented and it is reasonably necessary.

All regulations Check if this applies to you

Last updated February 17, 2026. Verify against primary sources before relying on this information.