Taiwan’s newly passed Artificial Intelligence Basic Act marks a pivotal moment, establishing a comprehensive legal framework that balances technological innovation with risk-based governance to ensure human-centric AI development. This landmark legislation, which came into force on January 14, 2026, positions Taiwan alongside global leaders in AI regulation by codifying seven fundamental principles and establishing a dual governance structure .

Taiwan Enacts Landmark AI Basic Law to Foster Innovation

Introduction

In a historic move that aligns with global trends in technology governance, Taiwan has officially enacted its Artificial Intelligence Basic Act (the “Act”), which was passed by the Legislative Yuan on December 23, 2025, and promulgated on January 14, 2026 . This comprehensive legislation represents Taiwan’s first overarching legal framework dedicated to governing the development and application of artificial intelligence technologies. The Act establishes a balanced approach that seeks to promote innovation while implementing necessary safeguards to protect fundamental rights and manage potential risks .

The timing of this legislation is particularly significant, as it comes in the wake of major international AI regulatory developments, including the European Union’s AI Act and various initiatives from the United States and other OECD countries . By enacting this law, Taiwan demonstrates its commitment to creating a trustworthy environment for AI development that can enhance its competitive advantage in the global technology landscape.

Legislative Journey and Background

Origins and Drafting Process

The journey toward Taiwan’s AI Basic Act began in 2024 when the National Science and Technology Council (NSTC) initiated the drafting process. The NSTC engaged in extensive consultations with industry representatives, academic experts, government agencies, and civil society organizations to develop a draft that would reflect diverse perspectives and address the multifaceted challenges posed by AI technologies .

On July 15, 2024, the NSTC released its preliminary draft for public comment. This initial version focused on establishing seven fundamental principles and four strategic priorities, providing cross-ministerial guidance for AI governance . The draft emphasized promoting innovation while balancing human rights and risk considerations.

Evolution Through the Legislative Process

Following the public comment period, the Ministry of Digital Affairs (MODA) took over the legislative process in 2025 and simultaneously began studying the establishment of an AI risk classification framework . The Executive Yuan (the cabinet) approved a revised version of the draft on August 28, 2025, which incorporated more detailed provisions regarding government responsibilities and specific regulatory mechanisms .

Throughout 2025, several legislators demonstrated keen interest in the Act, leading to multiple public hearings and review meetings starting in April 2025. MODA actively engaged with legislators to discuss their proposals and incorporate constructive feedback, resulting in a more refined and comprehensive final version . The Act ultimately received third reading approval in the Legislative Yuan on December 23, 2025, with strong cross-party support .

Key Definitions and Scope

Definition of Artificial Intelligence

The Act provides a clear and comprehensive definition of artificial intelligence in Article 3, describing it as “systems with autonomous operational capabilities” that, through input or sensing, utilize machine learning and algorithms to generate predictions, content, recommendations, or decisions that influence physical or virtual environments, whether for explicit or implicit objectives .

This definition is deliberately broad and aligns with international standards, including those established by the OECD and the European Union. It encompasses various AI technologies, from general-purpose AI to generative AI models, and applies to both providers and users of AI systems that are deployed in Taiwan’s market or whose use affects individuals within Taiwan’s jurisdiction .

Scope of Application

The Act’s scope extends across both public and private sectors, covering AI system providers, enterprises implementing AI technologies, and government agencies utilizing AI for service delivery or decision-making . This comprehensive approach ensures that all stakeholders involved in AI development and deployment are subject to consistent governance principles and requirements.

Governance Structure

Central Competent Authority

Article 2 of the Act designates the National Science and Technology Council as the central competent authority at the national level, with local governments serving as competent authorities at the municipal and county levels . This designation represents a significant evolution from earlier drafts that did not specify a lead agency, resolving important questions about regulatory coordination and accountability .

The NSTC is responsible for overall AI development planning and cross-ministerial coordination, ensuring consistent implementation of the Act’s provisions across different sectors and government levels .

National AI Strategy Special Committee

Article 6 establishes the National AI Strategy Special Committee, to be convened by the Premier of the Executive Yuan. This high-level committee comprises:

• Scholars and experts in AI-related fields

• Representatives from AI-related civil society organizations and industry

• Ministers without Portfolio

• Heads or representatives of relevant government agencies

• Leaders of municipal and county governments

The committee is mandated to meet at least annually to coordinate, promote, and supervise national AI affairs, as well as to establish the National AI Development Guidelines. The NSTC provides secretariat support for the committee’s operations .

Role of the Ministry of Digital Affairs

While not designated as the central competent authority, MODA plays a crucial role in implementing the Act’s technical aspects. Article 16 assigns MODA responsibility for developing an AI risk classification framework that aligns with international standards and assists sector-specific regulators in establishing risk-based management regulations . MODA is expected to complete this framework by the first quarter of 2026 .

Seven Fundamental Principles

Article 4 of the Act codifies seven fundamental principles that must guide all government efforts in promoting AI research, development, and application . These principles represent internationally recognized norms for trustworthy AI and form the foundation for subsequent regulatory implementation.

A. Sustainable Development and Well-being

AI development must consider social equity and environmental sustainability. The government is required to provide appropriate education and training to reduce potential digital divides and help citizens adapt to AI-driven transformations. This principle recognizes that AI’s benefits should be broadly shared across society while minimizing negative environmental impacts .

B. Human Autonomy

This principle emphasizes support for human autonomy, respect for fundamental rights including personality rights, and adherence to cultural values. It requires that AI systems remain subject to human oversight and that development respects rule of law and democratic values. The principle ensures that AI serves human interests rather than undermining human agency and decision-making authority .

C. Privacy Protection and Data Governance

The Act requires robust protection of personal data privacy, respect for trade secrets, and implementation of data minimization principles. It mandates avoiding data breach risks while simultaneously promoting the opening and reuse of non-sensitive data, provided such practices align with constitutional privacy protections. This balanced approach recognizes both the need for data access to fuel AI innovation and the fundamental importance of privacy rights .

D. Cybersecurity and Safety

Government agencies must establish cybersecurity protection measures throughout AI research, development, and application processes. These measures aim to prevent security threats and attacks while ensuring system robustness and safety. The principle acknowledges that secure AI systems are essential for maintaining public trust and preventing harmful outcomes .

E. Transparency and Explainability

AI outputs must include appropriate information disclosure or labeling to facilitate risk assessment and help individuals understand impacts on their rights and interests. This transparency enhances AI trustworthiness by enabling stakeholders to evaluate how AI systems reach decisions and identify potential issues .

F. Fairness and Non-discrimination

During AI research, development, and application, the Act requires efforts to minimize risks of algorithmic bias and discrimination against specific groups. This principle recognizes that AI systems can perpetuate or amplify existing societal inequalities and mandates proactive measures to prevent discriminatory outcomes .

G. Accountability

The Act ensures that different actors bear corresponding responsibilities, including both internal governance responsibilities and external social responsibilities. This principle establishes clear lines of accountability for AI outcomes and reinforces the expectation that those who develop and deploy AI systems must answer for their impacts .

Risk-Based Regulatory Approach

Risk Classification Framework

A cornerstone of the Act is its risk-based approach to AI governance. Article 16 mandates MODA to develop an AI risk classification framework that aligns with international standards and facilitates interoperability with global regulatory systems . This framework will categorize AI applications based on their potential risks to individuals and society.

The risk classification process involves three continuous phases: risk identification, risk assessment, and risk response. MODA is currently finalizing the framework and expects to submit it to the Executive Yuan for approval in the first quarter of 2026 .

High-Risk AI Applications

For AI applications classified as high-risk, the Act imposes enhanced requirements. Article 5 mandates that high-risk AI products or systems affecting minors must clearly display warnings or precautions. Additionally, Article 17 requires the government to:

• Clarify responsibility attribution and liability conditions for high-risk AI applications

• Establish mechanisms for remedies, compensation, or insurance

• Ensure that individuals affected by high-risk AI decisions have access to redress

The Act specifically requires impact assessments for minors, human rights, and gender dimensions when evaluating high-risk AI applications .

Prohibited and Restricted Applications

While the Act itself does not explicitly list prohibited AI applications, it authorizes sector-specific regulators to restrict or ban AI applications that could cause harm to life, body, property, social order, or ecological environment. This approach allows for flexible responses to emerging risks while maintaining legal certainty .

Government Obligations and Implementation Timeline

Specific Government Responsibilities

The Act imposes numerous affirmative obligations on government agencies to support AI development while ensuring responsible governance. These include:

1. Budget Allocation: Article 9 requires the government to allocate sufficient budgets within fiscal capacity to support AI policy implementation. Article 10 mandates establishing annual performance reporting systems to track progress and inform resource allocation .

2. Data Openness: Article 13 requires the government to establish mechanisms for data opening, sharing, and reuse to enhance the availability and quality of data for AI development. This provision aims to create a rich data ecosystem while maintaining appropriate privacy protections .

3. Innovation Support: Article 11 authorizes sector-specific regulators to establish or improve innovation experiment environments for AI products and services, promoting regulatory flexibility and exemptions for pilot projects .

4. Labor Rights Protection: Article 15 mandates the government to actively use AI to protect labor rights, address skills gaps caused by AI development, enhance labor participation, and provide employment assistance to workers displaced by AI adoption .

5. Education and Talent Development: Article 7 requires the government to continuously promote AI and ethics education across schools, industries, communities, and government agencies to enhance digital literacy .

Implementation Timeline

The Act establishes a clear timeline for implementation following its January 14, 2026 effective date :

Within three months: MODA, in conjunction with NSTC, the Ministry of Education, and the Ministry of Health and Welfare, must complete and publish reports on impact assessments concerning minors, human rights, and gender dimensions.

Within six months: All government levels must complete risk assessments for existing AI applications used in service delivery or task execution.

Within twelve months: Government agencies must establish usage specifications or internal control mechanisms based on the nature of their AI applications.

Within twenty-four months: The government must review, establish, or amend relevant laws, regulations, and administrative measures to ensure compliance with the Act’s provisions.

Private Sector Implications

No Immediate Operational Obligations

Unlike the European Union’s AI Act, Taiwan’s AI Basic Act does not impose immediate operational obligations on private sector entities. Instead, detailed requirements will be developed incrementally by sector-specific regulators based on the risk classification framework MODA develops .

This phased approach gives businesses time to prepare for compliance while ensuring that regulations are tailored to specific industry contexts and risk profiles.

Preparation Recommendations

For AI providers and deployers, the Act signals several areas requiring attention and preparation :

A. Risk Classification Preparation: Companies should begin mapping their AI systems and classifying potential risks based on emerging international standards. This preparation will facilitate compliance once MODA’s risk classification framework is finalized.

B. Documentation and Testing: Organizations should prepare model documentation, testing results, and appropriate notices or warnings for high-risk use cases. This documentation will be essential for demonstrating compliance with transparency and accountability requirements.

C. Privacy by Design: Article 14 requires promoting personal data protection through privacy-by-design and privacy-by-default measures. Companies should implement data minimization controls and plan for appropriate disclosures and labeling where applicable.

D. Supply Chain Management: Businesses should establish vendor management measures and clearly allocate responsibilities in contracts with AI suppliers. This preparation will help manage risks associated with third-party AI systems and anticipate potential audit or verification requirements.

E. Public Sector Engagement: Companies supplying AI systems to government agencies should prepare for enhanced requirements, as public sector buyers must conduct risk assessments before deploying AI solutions. Vendors should be ready to provide model documentation, testing results, and appropriate warnings for high-risk applications .

International Cooperation and Alignment

Global Standards Integration

The Act emphasizes international cooperation and alignment with global standards. Article 12 requires the government to promote international cooperation related to AI, including, technology, and facility exchanges, as well as participation in joint international development and research projects .

MODA’s mandate to develop a risk classification framework that aligns with international standards reflects Taiwan’s commitment to ensuring its AI governance system remains compatible with major trading partners and global regulatory trends .

Cross-Border Implications

The Act’s broad definition of AI and its application to systems affecting individuals in Taiwan suggests potential extraterritorial reach, similar to emerging international precedents. AI system providers placing products in Taiwan’s market or whose systems impact Taiwanese residents should anticipate compliance obligations regardless of their physical location .

Civil Society Perspectives

Human Rights Concerns

While welcoming the Act’s passage as an important first step, civil society organizations have raised concerns about potential gaps in rights protection. Amnesty International Taiwan issued a statement emphasizing that the Act currently lacks concrete obligations, enforceable rights, and effective governance mechanisms necessary to address AI’s actual risks to fundamental rights .

Key concerns include:

A. Lack of Binding Obligations: The Act primarily articulates abstract values and policy objectives without translating these principles into legally binding obligations for government agencies, developers, and deployers. Without clear responsible parties, duty content, and penalties, AI governance risks remaining aspirational rather than enforceable.

B. Absence of Prohibited Applications: The Act does not explicitly prohibit unacceptable risk applications such as, emotion recognition, social scoring, predictive policing, or immigration risk assessment systems. Civil society advocates argue that clear red lines are essential for preventing human rights violations.

C. Limited Individual Rights: The Act does not grant individuals enforceable rights, such as the right to refuse being subject to high-risk AI systems, rights to information, complaint mechanisms, or remedies. When AI systems are used in administrative decisions, social welfare, employment, education, finance, or public security, affected individuals may lack meaningful avenues for recourse.

D. Insufficient Discrimination Prevention: The Act lacks mechanisms to prevent structural discrimination, despite evidence that AI errors and biases disproportionately harm特定群体 and can amplify existing inequalities .

Recommendations for Further Development

Civil society organizations have urged the government to address these concerns through subsequent legislation and regulatory implementation by:

• Converting abstract principles into concrete legal obligations with corresponding responsibilities

• Establishing a rights-centered AI risk classification system that prohibits or restricts unacceptable harmful AI technologies, particularly remote biometric identification systems

• Granting individuals enforceable rights to information and accessible remedy mechanisms

• Requiring all entities deploying high-risk AI systems to disclose information and conduct fundamental rights impact assessments

Comparison with International Frameworks

European Union AI Act

Taiwan’s Act shares common principles with the EU AI Act, including risk-based classification, transparency requirements, and human oversight provisions. However, significant differences exist:

• Timing: The EU AI Act was adopted earlier and includes more detailed, prescriptive requirements, while Taiwan’s Act establishes a framework that will be fleshed out through subsequent regulations .

• Scope: The EU AI Act directly imposes obligations on private sector actors, while Taiwan’s Act initially focuses on government responsibilities and authorizes sector-specific regulators to develop private sector requirements over time .

• Prohibitions: The EU AI Act explicitly prohibits certain AI practices, while Taiwan’s Act takes a more flexible approach, authorizing restrictions based on risk assessments .

United States Approach

Compared to the United States’ sectoral approach to AI governance, which relies on existing agency authorities and non-binding guidance, Taiwan’s Act establishes a comprehensive national framework with designated central authorities and mandatory requirements. This places Taiwan closer to the European model of horizontal AI regulation .

Future Outlook

Upcoming Regulatory Developments

The Act’s passage initiates a dynamic period of regulatory development. Key developments to monitor include:

Q1 2026: MODA’s submission of the AI risk classification framework to the Executive Yuan for approval. This framework will provide crucial guidance for determining which AI applications face enhanced requirements .

2026-2027: Sector-specific regulators will develop and implement risk-based management regulations for industries including finance, healthcare, employment, consumer protection, and data protection. These regulations will translate the Act’s general principles into concrete compliance requirements .

Within two years: Comprehensive review and amendment of existing laws and regulations to ensure alignment with the Act’s provisions. This process will address interactions between AI governance and existing legal frameworks .

Industry Preparation

As the regulatory landscape evolves, AI providers and deployers should take proactive steps to prepare for compliance :

• Begin internal AI system inventories and preliminary risk assessments

• Implement privacy-by-design practices and data minimization controls

• Develop documentation practices aligned with emerging transparency expectations

• Engage with industry associations and regulatory agencies during rulemaking processes

• Monitor MODA and sector-specific regulator announcements for guidance and requirements

Conclusion

Taiwan’s Artificial Intelligence Basic Act represents a significant milestone in the global development of AI governance frameworks. By establishing fundamental principles, creating a robust governance structure, and mandating a risk-based approach to regulation, the Act lays the foundation for trustworthy AI development that can enhance Taiwan’s competitive position while protecting fundamental rights.

The Act’s success will depend on the quality of implementing regulations developed over the coming months and years, as well as the effectiveness of coordination among NSTC, MODA, and sector-specific regulators. Civil society concerns about rights protection and enforcement mechanisms highlight areas requiring particular attention as the regulatory framework evolves.

For businesses operating in or with Taiwan, the Act signals a new era of AI governance that requires proactive preparation and ongoing attention to regulatory developments. Companies that begin preparing now for risk classification, documentation, and compliance will be best positioned to thrive in Taiwan’s emerging AI regulatory environment.

As Taiwan joins the growing community of nations with comprehensive AI legislation, its experience will contribute valuable lessons about balancing innovation promotion with risk management in democratic societies. The Act’s emphasis on human-centric AI, international alignment, and adaptive governance positions Taiwan to navigate the challenges and opportunities of the AI era while maintaining its commitment to democratic values and fundamental rights.