Privacy and data protection have emerged as foundational concerns in Southeast Asia’s approach to AI governance. As organisations across the region increasingly adopt AI systems, questions about how personal data is collected, processed, and used in AI applications have become increasingly urgent. This is particularly important given that 40% of Southeast Asian organisations cite poor data quality as a barrier to AI success, followed by 38% citing privacy concerns or compliance complexities. These figures reflect the practical concerns of organisations in implementing privacy protections within AI systems.
In response, governments have been making strides in embedding privacy principles in crafting governance mechanisms into relevant AI policies. Vietnam’s AI Law, effective 2026, requires explicit user consent for personal data collection and processing in AI systems. The Philippines clarifies through National Privacy Commission guidance how the Data Privacy Act applies throughout the AI lifecycle. Thailand aligns its generative AI guidelines with its Personal Data Protection Act, while Malaysia’s AI Governance and Ethics Guidelines include privacy as a foundational principle. Singapore’s Model Governance Framework prioritises accountability and trusted data for training. Across the region, existing data protection laws are serving as the legal foundation for AI governance rather than being replaced by entirely new frameworks.
Beyond national-level privacy frameworks, Southeast Asian countries face the complexity of managing personal data across borders. ASEAN, for its part, has recognised the importance of facilitating cross-border data flows for regional digital integration and established the ASEAN Model Contractual Clauses to enable lawful data movement among member states. Balancing national privacy protections with regional data mobility has emerged as a defining challenge in Southeast Asian AI governance.
Against this backdrop, the Tech for Good Institute participated in a regional panel discussion with policymakers and researchers from Southeast Asia (SEA) and China to examine how the region is managing these privacy and cross-border governance challenges. The discussion highlighted both the progress countries have made in embedding privacy into AI frameworks and the implementation gaps that remain.
Moderator and Panellists
- Qiu Chenxi, Deputy Director, Center for Global Digital Governance (CGDG), China Academy of Information and Communications Technology (CAICT)
- Fu Hongyu, Director, AI Governance Center, Alibaba Research Institute (AliResearch)
- Zhao Yunwei, Senior Engineer, National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC)
- Nguyen Quang Dong, Director, Institute for Policy Studies and Media Development
- Keith Detros, Programme Manager, Tech for Good Institute
Key Takeaways
1. SEA region has a dynamic AI governance landscape characterised by diverse approaches and strengthening institutional capacities.
Rather than converging on a single regulatory model, ASEAN Member States are pursuing varied pathways shaped by national priorities, levels of digital maturity, and institutional capacity. Some countries are prioritising soft-law instruments, such as voluntary guidelines, ethical frameworks, and regulatory sandboxes. On the other hand, countries like Indonesia and Vietnam are thinking about binding, risk-based AI legislation.
For many ASEAN economies, an important priority is ensuring that institutions are equipped to understand, test, and supervise AI systems before imposing rigid legal obligations. This includes building technical expertise within regulators, strengthening coordination across ministries, and creating mechanisms for public–private engagement. Importantly, this approach allows governments to remain responsive to rapid technological change while avoiding premature regulation that could stifle innovation or disproportionately burden smaller firms and startups.
At the regional level, ASEAN’s role has been to provide shared reference points—through common principles, ethical guides, and roadmaps such as the ASEAN Guide on AI Governance Ethics and Expanded Guide on Generative AI. ASEAN’s strength lies in enabling experimentation, and common convergence over time, rather than enforcing uniformity in a rapidly evolving technological domain
2. In absence of a dedicated AI legislation, existing regulations such as data privacy laws govern AI use.
Data privacy is a crucial foundation upon which responsible AI systems are built. Across Southeast Asia, personal data protection laws currently serve as the most concrete and enforceable guardrails shaping AI development and deployment. These laws regulate how data is collected, processed, shared, and secured, and increasingly function as indirect but powerful mechanisms for governing AI systems that rely on personal and behavioural data. As a result, data protection mandates have served as de-facto safeguards, particularly in contexts where dedicated AI legislation is still emerging. This has elevated the importance of robust security practices across the AI lifecycle.
While data privacy frameworks provide a necessary baseline, more specific policies are needed to address all AI-specific risks. Without complementary AI governance tools. there is a risk that privacy laws alone may be stretched beyond their original intent. Data privacy must therefore be treated as the starting point, not the endpoint, of AI governance.
3. Cooperation, both within the region and beyond, is necessary for better interoperability and for promoting trust.
Effective AI governance requires both national and regional cooperation. AI systems, data flows, and digital services routinely cross borders making interoperability and trust essential conditions for both innovation and economic integration. Today’s global data governance environment is marked by divergent regulatory philosophies, creating friction for governments and businesses alike.
ASEAN countries, in particular, must navigate the influence of multiple global models, including those governance practices in China, the United States, and the European Union. In this context, cooperation is about building interoperable governance so that data and AI systems can move safely across borders.
Trust can also be built by effective collaboration through creating inter-government coordination systems, regulator dialogues, and creation of knowledge centers to support best practices.. Existing ASEAN–China cooperation platforms are important foundations for this work, particularly in advancing shared standards, mutual learning, and confidence-building among regulators. Ultimately, cooperation is essential to ensuring that AI supports economic growth while maintaining public trust, and social legitimacy.
The post Building Resiliency for the Future of Work in Southeast Asia appeared first on Tech For Good Institute.