Taiwan’s Artificial Intelligence Basic Act: A New Framework for Innovation

Artificial Intelligence
Written By Nathalie Pouderoux

Legislators globally are under increasing pressure to respond to AI. Taiwan has now taken a significant step in that direction by introducing a regulation. On 23rd December 2025, its legislature passed the Artificial Intelligence Basic Act, establishing a national framework designed to support innovation while safeguarding individuals and society.

The Act is not intended to impose immediate, detailed compliance obligations. Instead, it sets out a clear direction of travel, explaining how AI will be governed in Taiwan in the years ahead and providing businesses with an early opportunity to prepare.

A Principles-Based Approach

The Act adopts a principles-led model, aligning with internationally recognised standards. It is built around seven key principles, which are expected to guide the development and deployment of AI:

  • Sustainability and well-being

  • Human autonomy

  • Privacy and data governance

  • Safety and cybersecurity

  • Transparency and explainability

  • Fairness and non-discrimination

  • Accountability

One of the most notable aspects of the Act is its deliberately flexible structure. Unlike more prescriptive regimes, such as the EU’s approach, Taiwan’s legislation does not yet impose immediate operational requirements on private organisations. Instead, it establishes the institutional and regulatory architecture that will support more detailed rules over time.

Responsibility for implementing the framework will sit with central authorities, including the National Science and Technology Council and the Ministry of Digital Affairs, alongside sector regulators. These bodies will play a key role in translating the Act into practical obligations across industries such as finance, healthcare, employment, and consumer services.

Risk-Based Regulation

A central feature of the new regime will be the introduction of a risk classification framework. This framework, currently under development, will categorise AI systems based on their potential impact and risk profile. The intention is to ensure that regulatory obligations are proportionate, with stricter requirements applying to higher-risk applications.

Although the detailed classification system has not yet been finalised, the Act makes clear that high-risk AI will be subject to closer scrutiny. This is expected to include requirements around transparency, the provision of clear warnings or labelling, and mechanisms to ensure accountability where harm arises. There is also a clear emphasis on establishing processes for verification, traceability, and, where necessary, compensation.

Data Governance and Privacy 

The legislation places particular importance on how data is handled in the context of AI. It reinforces the principle that personal data should only be collected and used where necessary, and encourages organisations to adopt privacy-by-design and privacy-by-default approaches from the outset.

At the same time, the Act recognises the importance of data availability in driving AI innovation. It therefore promotes the development of data-sharing mechanisms and improved data quality, while also emphasising the need to protect intellectual property and preserve cultural diversity.

While much of the focus is on governance, the Act is equally concerned with encouraging innovation. It provides for government support through funding, tax incentives, and investment in AI infrastructure. It also encourages international collaboration and the cross-border exchange of talent and technology.

In parallel, there is a strong emphasis on education and workforce development, including measures to improve AI literacy and support individuals whose roles may be affected by automation.

Public Sector Obligations as a Starting Point

The Act imposes early obligations on government bodies. Public authorities will be required to conduct risk assessments before deploying AI, implement internal governance mechanisms, and review existing laws to ensure alignment with the new framework.

This phased approach allows the public sector to lead by example, while also providing a testing ground for the regulatory model before more detailed requirements are extended to private organisations.

What This Means for Businesses

Organisations using or developing AI would be well advised to begin assessing their systems, particularly in terms of risk, data usage, and transparency. Early alignment with the principles set out in the Act is likely to reduce future compliance burdens and place businesses in a stronger position as more detailed rules emerge.

Taiwan’s Artificial Intelligence Basic Act is best understood as a strategic framework rather than a finished regulatory regime. It reflects a growing global consensus around the need for risk-based, principle-driven AI governance, while maintaining flexibility to support innovation.

How Can Gerrish Legal Help?

Gerrish Legal is a dynamic digital law firm. We pride ourselves on giving high-quality and expert legal advice to our valued clients. We specialise in many aspects of digital law such as GDPR, data privacy, digital and technology law, commercial law, and intellectual property. 

We give companies the support they need to successfully and confidently run their businesses whilst complying with legal regulations without the burdens of keeping up with ever-changing digital requirements. 

We are here to help you, get in contact with us today for more information.


Nathalie Pouderoux
Next

New US AI Policy Framework Prioritises Online Safety