Skip to main content
NOPE
In Effect Law Data Protection

Mongolia PDPL

Personal Data Protection Law 2021

Mongolia's data protection law defining health, genetic, and biometric data as sensitive with cross-border restrictions and Human Rights Commission oversight.

Jurisdiction

Mongolia

Enacted

Dec 17, 2021

Effective

May 1, 2022

Enforcement

National Human Rights Commission of Mongolia

DataGuidance Mongolia Overview

Why It Matters

Mongolia's classification of health data as sensitive creates heightened protections for mental health chatbot conversations with Mongolian users.

At a Glance

Applies to

Mental Health AppGeneral Chatbot

Who Must Comply

  • Data controllers and processors in Mongolia
  • Entities processing sensitive data
  • Cross-border data transfers

Obligations fall on:

Safety Provisions

  • Health, genetic, biometric data defined as sensitive
  • Cross-border transfer restrictions
  • Consent requirements for sensitive data
  • Security measures proportionate to risk
  • Human Rights Commission oversight

Compliance & Enforcement

Penalties

Administrative fines and sanctions

View on map

Mongolia

Focus Areas

Mental health & crisis

Cite This

APA

Mongolia. (2021). Personal Data Protection Law 2021.

Related Regulations

In Effect BN

Brunei PDPO

Brunei's personal data protection order requiring DPIA and imposing penalties up to 10% Brunei turnover or $1M.

In Effect IN

India DPDP Act

STRICTEST children's provisions in APAC. Children = under 18; verifiable parental consent MANDATORY; PROHIBITION on tracking, behavioral monitoring, targeted advertising to children.

In Effect ID

Indonesia PP 17/2025

Indonesia's comprehensive child online protection regulation establishing age-appropriate design requirements for electronic systems accessible to children. Most granular age classification globally (5 groups). Requires risk assessments, privacy-by-default, parental consent, DPIAs, and prohibits data profiling of children. First of its kind in Asia and Global South.

In Effect CN

China CSL Amendments

First major revision of China's foundational Cybersecurity Law since 2017. Introduces formal AI governance provisions, significantly increases penalties, and expands extraterritorial application to all cybersecurity violations.

In Effect AU

AU National AI Plan

National AI policy roadmap replacing previously proposed mandatory AI guardrails. Focuses on leveraging existing legal frameworks rather than new mandatory requirements. Establishes the Australian AI Safety Institute (AISI) to monitor, test, and share information on AI risks and harms.

In Effect IN

India AI Governance Guidelines

Voluntary AI governance framework built on seven core principles ('sutras'): Trust, People First, Innovation over Restraint, Fairness & Equity, Accountability, Understandable by Design, and Safety/Resilience/Sustainability. Establishes AI Governance Group, AI Safety Institute, and Technology & Policy Expert Committee.

All regulations Check if this applies to you

Last updated January 22, 2026. Verify against primary sources before relying on this information.