#45 Asia AI Policy Monitor

🇯🇵 AI Personality Rights · 🇯🇵 GenAI Disclosure Rules · 🇮🇳 AI Copyright Cases · 🇮🇳 AI Governance Body · 🇰🇷 Data & Pseudonymization · 🇰🇷 AI Ad Labeling · 🇸🇬 GenAI Testing Standards

Thanks for reading this month’s newsletter along with over 2,200 other AI policy professionals!

Do not hesitate to contact our editor if we missed any news on Asia’s AI policy

Intellectual Property

Japan’s Ministry of Justice to review compensation for unauthorized use of voice actors’ voices using genAI.

On the 17th, the Ministry of Justice announced the establishment of an expert committee to review how to handle civil damage claims in cases where voice actors' and actors' voices and images are used without permission using AI (artificial intelligence) generation. Given the current situation where regulations are not keeping pace with the rapid increase in damages, the ministry decided to take steps to support relief efforts. The committee will finalize criteria for what constitutes a tort under current law and methods for calculating damages, aiming to compile guidelines by this summer.

Japan’s IP Strategy Committee proposed rules on protecting IP from genai.

The Generation AI Businesses shall disclose an outline of each of the matters set out in (1) and (2) below (hereinafter collectively referred to as the "Outline Disclosure Subject Matter") on the corporate website (a website that transmits official information such as the outline of the Generation AI Businesses, business details, and product information, which is accessible to all) that it manages and operates, or on any other website with equivalent functionality, and make it accessible to all, including users and rights holders.

India’s Delhi High Court ordered the copyright office to issue rules on AI generated copyright issues.

The Delhi High Court has ordered the Copyright Office to decide on a copyright application for an AI-generated artwork within eight weeks.
The application was filed by American artificial intelligence (AI) researcher Stephen Thaler, who seeks copyright recognition for his work, A Recent Entrance to Paradise.
The artwork was created by Thaler's AI system, DABUS (Device for the Autonomous Bootstrapping of Unified Sentience).

China’s CAC published draft rules on digital humans, covering topics such as rights of personality/likeness:

No organization or individual providing or using digital virtual human services may infringe upon the personality rights of others through defamation, slander, or other means. Without the consent of a specific natural person, no digital virtual human service may be provided that is sufficient to identify a specific natural person. This includes, but is not limited to:

  (i) Using another person’s pen name, stage name, online name, translated name, trade name, or abbreviation of their name or title, which has a certain degree of social recognition;

  (ii) Using a portrait or voice that is highly similar to a specific natural person.

Privacy

Korea’s PIPC is investigating pseudonymised information utilisation in the artificial intelligence (AI) and robotics sector.

The Personal Information Protection Commission (Chairperson Song Kyung-hee, hereinafter referred to as the ‘PIP Commission’) held a ‘Visiting On-site Meeting’ for the artificial intelligence (AI) robot industry located in Daegu and Gyeongbuk at the Daegu Pseudonymized Information Utilization Support Center (Daegu Digital Innovation Agency) on April 24 (Fri).

China’s CAC published draft rules for digital humans touching on privacy:

Key governance issues include: 1. Collecting personal information beyond the necessary scope; 2. Collecting and using personal information without clearly specifying in the personal information processing rules that the collected personal information is used for functions such as advertising and user profiling, and without listing the types, purposes, methods, and recipients' names and contact information for providing personal information to third parties; 3. Failing to provide users with convenient channels to exercise their rights to correct, delete, or refuse processing of personal information, and related functions are incomplete or inadequate; 4. Using automated decision-making to push advertisements without providing easily understandable, accessible, and operable options to turn off personalized recommendations, failing to stop collecting personal information after individuals turn off personalized recommendations, and failing to provide functions such as deleting users' personal characteristic tags; 5. Inadequate internal security management, access control, and external provision systems for personal information, and insufficient technical security measures.

South Korea’s PIPC revised data anonymization guidelines for data and privacy.

What is the Pseudonymized Information System?

- (Purpose of Introduction) Introduction of ‘Special Provisions for Pseudonymized Information Processing’ under the Personal Information Protection Act to enable the safe utilization of data, the core driving force of the AI ​​era, without infringing upon personal information.

- (Pseudonymized Information System) A system that allows data to be utilized valuably for scientific research purposes, such as AI training, without the consent of the data subject, provided that the data is pseudonymized so that specific individuals cannot be identified.

- (Pseudonymization Stage) ① Preliminary Preparation → ② Risk Assessment → ③ Pseudonymization → ④ Appropriateness Review → ⑤ Safe Management

Leading privacy regulators across the globe, including from Asia: Queensland Australia, Hong Kong, New Zealand, Philippines, Singapore and Korea joined a statement on privacy and AI.

• Implement robust safeguards to prevent the misuse of personal information and generation of non-consensual intimate imagery and other harmful materials, particularly where children are depicted. • Ensure meaningful transparency about AI system capabilities, safeguards, acceptable uses and the consequences of misuse. • Provide effective and accessible mechanisms for individuals to request the removal of harmful content involving personal information and respond rapidly to such requests. • Address specific risks to children through implementing enhanced safeguards and providing clear, age-appropriate information to children, parents, guardians and educators.

Cybersecurity

New Zealand privacy commissioner addresses cybersecurity concerns.

In his March address to the National Cyber Security Summit 2026, New Zealand Privacy Commissioner Michael Webster set out a clear, if somewhat uncomfortable, message — New Zealand’s cyber risk environment is intensifying, but organizational responses are not yet keeping pace.

A central theme: cybersecurity has moved firmly into the spotlight. Political attention, media coverage and a steady flow of incidents have shifted it from a technical concern to a board-level issue. That much is explicit. What is perhaps more telling, though, is the commissioner’s suggestion that organizations may still be underestimating the scale of the challenge.

Australia issued guidance on frontier AI and cybersecurity.

As frontier artificial intelligence (AI) technology matures and becomes more accessible, the cyber threat landscape will evolve rapidly alongside new model releases. Anthropic’s blog post (7^th April 2026) provides an illustrative example of what frontier AI technology could mean for the cyber security community and how we can collectively respond.

These developments are not unexpected. Over the past two years, AI capabilities have advanced rapidly, with OpenAI warning as early as December 2025 that forthcoming frontier models will pose a high cyber security risk. It is important to remember that there are also opportunities for the cyber security industry to use these frontier models to mitigate cyber threats before they occur, a sentiment shared by the National Cyber Security Centre – United Kingdom (NCSC-UK) in their recent blog post.

Governance

Singapore proposes standards for red-teaming generative AI.

Singapore has put forward a new international standard, ISO/IEC 42119-8, to standardise the testing methodology for Generative AI systems, aimed at strengthening the foundation for trustworthy AI testing. This is the first international standard of its kind for the testing of Generative AI systems and will be discussed at the 17^th ISO/IEC JTC 1/SC 42 plenary meeting¹, held in Singapore from 20-24 April. Co-organised by the Infocomm Media Development Authority (IMDA) and Enterprise Singapore (EnterpriseSG) and hosted in the ASEAN region for the first time, the bi-annual plenary will gather more than 35 national bodies and over 250 AI experts from around the world, including the US, UK, China, Japan, Germany, France, and the Republic of Korea.

China’s TC260 opened consultation on Ethical Security Guidelines for Artificial Intelligence Applications until April 26.

The draft version 1.0 of the technical document "Ethical and Security Guidelines for Artificial Intelligence Applications," developed by the National Cybersecurity Standardization Technical Committee, has been completed for public comment. In accordance with the "Procedures for the Development of Technical Documents by the National Cybersecurity Standardization Technical Committee," this technical document is now open for public comment. Any comments or suggestions should be submitted to the Secretariat before 24:00 on April 26, 2026.

India establishes committee on economy and AI.

The Ministry of Electronics and Information Technology (MeitY), Government of India, has constituted the AI Governance and Economic Group (AIGEG), a high-level inter-ministerial body that will serve as India’s central institutional mechanism for AI governance policy development and coordination.

The constitution of the AIGEG gives formal effect to institutional recommendations made in India’s AI Governance Guidelines and the Economic Survey.

The China Academy of Information and Communications Technology (CAICT) and Tencent Cloud jointly released the “Security Guide for Cloud-based Shrimp Farming (OpenClaw)”:

As the application of OpenClaw becomes more widespread, its security risks and hidden dangers are gradually becoming more prominent, making security protection capabilities crucial to ensuring the smooth progress of "cloud-based shrimp farming." Against this backdrop, systematically reviewing the current state of OpenClaw development, improving the risk protection and security system, and forecasting future development trends are of great significance for standardizing OpenClaw usage procedures, enhancing security protection levels, and ensuring the safe and orderly implementation of "cloud-based shrimp farming."

China’s TC260 standards group established an AI safety council.

The scope of work of the Working Group on Artificial Intelligence Safety Standards ( WG9 ) includes: investigating the current status and development trends of artificial intelligence safety standards, researching and proposing an artificial intelligence safety standard system, and conducting research and development of artificial intelligence safety standards.

US House Committee examines AI and robotics threats from China.

A Subcommittee on Cybersecurity and Infrastructure Protection hearing entitled, “DeepSeek and Unitree Robotics: Examining the National Security Risks of PRC Artificial Intelligence, Robotics, and Autonomous Technologies and Building a Secure U.S. Technology Base.”

Advocacy

China’s CAC published draft rules regulating “digital humans”.

To promote the healthy development and standardized application of digital virtual human information services, in accordance with the Cybersecurity Law of the People's Republic of China, the Data Security Law of the People's Republic of China, the Personal Information Protection Law of the People's Republic of China, and the Administrative Measures for Internet Information Services, the State Internet Information Office has drafted the Administrative Measures for Digital Virtual Human Information Services (Draft for Public Comment), and is now soliciting public opinions. The public can submit feedback through the following channels and methods:

Korea’s Fair Trade Commission has a draft comment period on labeling requirements for AI simulations in advertising.

Advertisements Using AI-Created Virtual Characters Must Clearly Indicate That They Are Virtual -

The Fair Trade Commission (Chairman Joo Byung-ki, hereinafter the ‘FTC’) has prepared an amendment to the ‘Guidelines for Review of Labeling and Advertising Regarding Recommendations, Endorsements, etc.’ (hereinafter the ‘Review Guidelines’) that mandates the labeling of ‘virtual person’ when using virtual people created with new technologies such as generative AI and deepfake in advertisements, and prescribes the method of labeling therefrom, and will provide administrative notice for 20 days from April 8 to April 28.

China’s TC260 opened consultation on Ethical Security Guidelines for Artificial Intelligence Applications until April 26.

The draft version 1.0 of the technical document “Ethical and Security Guidelines for Artificial Intelligence Applications,” developed by the National Cybersecurity Standardization Technical Committee, has been completed for public comment. In accordance with the “Procedures for the Development of Technical Documents by the National Cybersecurity Standardization Technical Committee,” this technical document is now open for public comment. Any comments or suggestions should be submitted to the Secretariat before 24:00 on April 26, 2026.

The Asia AI Policy Monitor is the monthly newsletter for Digital Governance Asia, a non-profit organization staffed by volunteers dedicated to spreading information about Asia’s AI governance strategies. If you are interested in contributing news, analysis, or participating in advocacy to promote Asia’s rights-promoting innovation in AI, please reach out to our secretariat staff at APAC GATES or Seth Hays at seth@apacgates.com.