Global AI Governance Frameworks

What they mean for Hong Kong

Last updated: May 15, 2026

This is cross-posted from the AI Safety HK Substack blog.

Artificial intelligence governance is one of the defining policy challenges of the current decade. The frameworks, regulations, and institutional arrangements being established now will shape how AI systems are developed, deployed, and held accountable for years to come.

The approaches taken by the European Union, the United States, and China differ substantially in both philosophy and in legal form. Alongside these three major powers, the wider Asia-Pacific region is developing its own patchwork of frameworks, most of them voluntary and sector-specific and modelled on the larger, more established frameworks.

Hong Kong sits in a unique position. It has deep ties to international markets, built on US-built technology infrastructure, and part of mainland China’s development agenda. The rules being written elsewhere will shape the tools, markets, and compliance obligations that Hong Kong businesses and researchers encounter directly.

This piece maps the major governance approaches currently in force or in development, and what they mean for organisations operating in Hong Kong.

The EU AI Act: A Risk-Based Legal Framework

The European Union’s AI Act, which entered into force in August 2024, is the world’s first comprehensive legal framework specifically designed for artificial intelligence. Its central organising principle is risk classification: the greater the potential harm posed by an AI system, the more stringent the obligations placed on its developers and deployers.

At the top of the hierarchy, certain AI applications are prohibited outright. These include systems that manipulate human behaviour through subliminal techniques, tools that exploit vulnerable groups, and AI used for real-time mass biometric surveillance in public spaces. A second tier of “high-risk” applications which covers AI used in hiring, education, healthcare, credit scoring, law enforcement, and critical infrastructure, must satisfy requirements around transparency, human oversight, data governance, and documentation before market deployment. Lower-risk applications, such as spam filters or product recommendation engines, face minimal obligations.

The Act is being implemented in phases. Prohibitions on the most harmful practices took effect in February 2025. Rules governing general-purpose AI models - including large language models of the kind that power widely used generative AI tools - became applicable in August 2025. The majority of remaining provisions come into force in August 2026, with some high-risk category rules extending to 2027.

The United States: Deregulation as Strategy

The United States has taken a different direction. Under the Trump administration, the prevailing policy orientation has been to remove regulatory barriers to AI development in the interest of maintaining the country’s technological leadership. Safety takes a backseat in all of this. The Biden administration’s 2023 executive order on AI safety - which had directed federal agencies to assess and mitigate AI risks across a range of domains -m was rescinded in January 2025.

In December 2025, a further executive order directed the Department of Justice to challenge state-level AI regulations seen as inconsistent with federal policy, with the stated goal of establishing a single, minimally burdensome national framework.

The result is a federal AI policy environment that is deliberately light on AI Safety. Existing laws on consumer protection, data privacy, and civil rights continue to apply to AI applications, but there is no overarching AI-specific statute.

China: Enabling Through Regulation

China’s approach to AI governance is layered and often misunderstood. Rather than one comprehensive law, Beijing has introduced a series of targeted regulations covering specific applications: algorithm recommendations (2022), deepfakes and synthetic media (2023), and generative AI services (2023). In September 2025, mandatory content labelling rules came into effect requiring AI-generated text, audio, images, and video to be clearly marked. The overarching national strategy - the “AI Plus” plan, released in August 2025 - targets 70% AI adoption across key sectors by 2027, with a vision of a fully AI-powered economy by 2035.

The appearance of strict regulation is somewhat misleading. Research by Professor Angela Huyue Zhang (Columbia Journal of Transnational Law, 2024) argues that China’s AI laws function primarily as enabling tools rather than restrictive ones. Drawing on the concept of the “expressive powers of law,” Zhang suggests that legislation like the Interim Measures for Generative AI Services is less about constraining the industry and more about sending a clear pro-growth signal to investors, firms, and government agencies that AI is a national priority and that the regulatory environment will be supportive.

This holds up in practice. The final version of the Interim Measures significantly softened its earlier draft, removing fine-tuning deadlines, narrowing compliance obligations, and exempting enterprise and internal AI applications entirely. Major firms including Baidu and SenseTime were approved to launch public services just two weeks after the rules took effect in August 2023. By mid-2024, over 200 large language models had received regulatory clearance. Security assessment requirements have also been progressively relaxed.

China’s rules do impose real constraints in one area: information control. AI services that could influence public opinion must register their algorithms with the Cyberspace Administration of China, and AI outputs must not contradict official government positions. This reflects a conception of AI governance that prioritises social and political stability.

Zhang also identifies a longer-term risk in this permissive approach. With decentralised enforcement, limited ethics oversight, and intense competitive pressure to ship products quickly, safety gaps are quietly growing.

The Wider APAC Landscape

Hong Kong does not operate in isolation from the rest of the Asia-Pacific region, and it is worth surveying the broader regulatory landscape in which it sits.

The dominant APAC pattern is voluntary guidelines and sector-specific rules. China and South Korea and Vietnam are the outliers in moving toward harder regulatory requirements. Most jurisdictions in the region sit closer to the Singapore and Japan end of the spectrum: principles-based, guidance-led, and oriented toward enabling innovation.

Hong Kong: Early Days, But the Decisions Matter

Hong Kong currently has no dedicated AI legislation, relying instead on existing frameworks covering data protection, intellectual property, and cybersecurity to address AI-related issues as they arise. This is supplemented by voluntary guidelines such as the Digital Policy Office released a Generative AI Technical and Application Guideline in April 2025, alongside sector-specific governance expectations in finance, healthcare, and insurance.

The financial sector has seen some of the most concrete regulatory activity. The Securities and Futures Commission (SFC) issued a mandatory circular in November 2024 on the use of generative AI by licensed corporations, built around four core principles: senior management oversight, risk management, cybersecurity and data protection, and transparency to clients. The HKMA has gone further in the banking sector, requiring authorised institutions to submit feasibility study reports and AI implementation plans for anti-money laundering and transaction monitoring systems. These financial sector mechanisms represent Hong Kong’s most developed area of AI-specific governance to date, though they remain sector-contained rather than part of a unified framework.

Beyond finance, the broader governance picture has notable gaps. There is no dedicated AI oversight body and no central risk classification system for AI applications meaning organisations across other sectors face genuine uncertainty about what responsible AI governance requires in practice.

What makes Hong Kong’s position distinctive is the combination of regulatory pressures it faces simultaneously. EU compliance requirements reach Hong Kong businesses through their international client and investor relationships. US-built tools and platforms shape the AI infrastructure on which much of the city’s economy runs. And mainland China’s AI development agenda is increasingly influencing Hong Kong’s research priorities and institutional direction. Navigating all three at once, while preserving Hong Kong’s standing as an open, internationally credible financial and innovation hub, is a governance challenge with few direct precedents elsewhere.

The decisions made in the coming years, on whether to formalise a regulatory framework, how to define institutional responsibilities, and how to position Hong Kong within global AI governance, will shape the kind of AI ecosystem this city develops. Those conversations are already underway in government, industry, and the research community.

Is Hong Kong’s ‘wait and see’ sectoral approach a competitive advantage, or are we falling behind in setting the standards for AI safety? Let us know your thoughts in the comments on the Substack blog.

References and Further Reading

• EU AI Act - Full text and implementation timeline: artificialintelligenceact.eu

• Zhang, Angela Huyue - “The Promise and Perils of China’s Regulation of Artificial Intelligence,” Columbia Journal of Transnational Law, Vol. 63 (2024). Available at SSRN: ssrn.com/abstract=4708676

• Hong Kong Digital Policy Office - Ethical AI Framework and Generative AI Technical and Application Guideline (April 2025): digitalpolicy.gov.hk

• IAPP Global AI Governance Tracker - China chapter: iapp.org

• Herbert Smith Freehills Kramer - AI Tracker: Hong Kong: hsfkramer.com

• FinregE - AI Regulations in APAC: What Businesses Need to Know: finreg-e.com

• CX Network - How 9 APAC Countries Are Regulating the Use of AI (January 2026):cxnetwork.com