Artificial Intelligence · Hong Kong
AI regulation in Hong Kong (2026)
Hong Kong shaded by its artificial intelligence status
Hong Kong has no comprehensive, AI-specific law and deliberately adopts a 'light-touch' approach, relying on existing sectoral laws supplemented by voluntary government and regulator guidance. Key instruments are the Digital Policy Office's Ethical AI Framework (updated 2024) and Generative AI Technical and Application Guideline (April 2025), the Privacy Commissioner's June 2024 Model Personal Data Protection Framework, and the FSTB's October 2024 financial-market policy statement. These documents set principles and best practices but are not legally binding in themselves.
Key points
Hong Kong has not enacted a dedicated AI statute and confirms a 'light-touch' approach, governing AI through existing laws (e.g. the Personal Data (Privacy) Ordinance) plus voluntary guidance rather than an EU AI Act-style regime.
The Digital Policy Office issued the Hong Kong Generative AI Technical and Application Guideline on 15 April 2025, giving developers, providers and users practical guidance on risks such as data leakage, model bias and misinformation.
The Digital Policy Office maintains an Ethical AI Framework setting out governance principles and practices for the government and public bodies adopting AI and big-data systems.
On 11 June 2024 the PCPD published the 'Artificial Intelligence: Model Personal Data Protection Framework', the first such AI-focused data-protection framework in the Asia-Pacific; it is guidance, not legally binding, but non-compliance may be cited as evidence in PCPD proceedings.
On 28 October 2024 the Financial Services and the Treasury Bureau issued a Policy Statement on Responsible Application of AI in the Financial Market, adopting a 'dual-track' approach and urging risk-based, human-overseen AI governance across the AI lifecycle.
These frameworks are recommendations and best practices without statutory force; enforcement against AI-related harms still flows through existing laws (data protection, IP, cybersecurity, sectoral regulation) rather than an AI-specific enforcement regime.
Timeline - major decisions & events
The HKMA, SFC, Insurance Authority and MPFA jointly expanded the generative-AI sandbox to banking, securities, insurance, asset management and MPF, offering supervisory guidance and GPU compute for risk-controlled AI piloting. It signals a coordinated, cross-sector 'innovate-and-supervise' posture for finance.
HKMA ↗The HKMA admitted a second cohort focused on 'AI vs AI' defences and deepfake-related fraud, building supervisory experience before issuing firmer expectations. It shows AI governance in banking is being developed iteratively through experimentation.
HKSAR Government / HKMA ↗The DPO published a voluntary best-practice guideline for the ethical, safe and responsible development, deployment and use of generative AI, targeting developers, platform providers and users. It is the government's central cross-sector reference for GenAI and was later updated in December 2025.
HKSAR Government / Digital Policy Office ↗The Privacy Commissioner issued a checklist to help organisations craft internal policies governing employee use of GenAI in compliance with the Personal Data (Privacy) Ordinance. It extends Hong Kong's AI privacy guidance from organisational deployment down to day-to-day workplace use.
PCPD ↗Run with Cyberport, the first sandbox cohort let banks trial generative-AI use cases under HKMA observation, informing later supervisory guidance. It marked the start of Hong Kong's structured, hands-on approach to AI in banking.
HKMA ↗The Securities and Futures Commission required licensed corporations using GenAI language models to manage model risk, ensure senior-management oversight, address cyber/data risks and vet third parties, treating investment advice as a high-risk use case demanding human oversight. It set binding regulatory expectations for AI in securities markets.
A&O Shearman (reporting SFC circular) ↗The Financial Services and Treasury Bureau set out a 'dual-track' approach promoting AI adoption while mitigating cybersecurity, IP and data-privacy risks across the financial sector. It is the government's overarching policy frame for AI in finance.
HKSAR Government / FSTB ↗The HKMA gave authorized institutions specific GenAI expectations for customer-facing applications, including opt-out/human-intervention rights and continuous output monitoring, extending its 2019 BDAI principles. It tailored bank AI governance to generative models.
HKMA ↗The DPO published a framework with ethical principles, an AI governance model, a lifecycle guide and an impact-assessment template for AI projects (initially aimed at the public sector). It anchored the government's own ethical-AI baseline.
Digital Policy Office ↗The Privacy Commissioner published the Asia-Pacific region's first comprehensive AI-specific data-protection framework, guiding organisations on procuring, deploying and governing AI (including generative AI) in line with the PDPO. It is Hong Kong's flagship AI privacy-governance reference.
PCPD ↗The Privacy Commissioner set out three data-stewardship values and seven internationally recognised ethical AI principles to help organisations comply with the PDPO when developing or using AI. It established the foundational ethics-by-design approach Hong Kong still follows.
PCPD ↗The HKMA's circular set out twelve principles for banks adopting AI, making boards and senior management accountable for governance, explainability, data quality and risk management. It was Hong Kong's earliest sector-specific AI regulatory guidance and underpins later banking AI rules.
HKMA ↗Hong Kong - other topics
Last verified 5/23/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →