AI laws and regulation in Hong Kong

Low.

There is currently no dedicated AI law in force in Hong Kong.

Hong Kong does not yet have a standalone, comprehensive AI Ordinance. However, AI governance is shaped by various instruments.

• Data Protection:
  • Privacy (Data) Protection Ordinance is relevant for handling personal data in the process of procuring, implementing and using AI solutions.
• Financial Services:
  • Hong Kong Monetary Authority (HKMA) issued a circular on Consumer Protection in respect of Use of Generative Artificial Intelligence, which contains a set of guiding principles for authorized institutions in respect of use of GenAI in customer-facing applications from consumer protection perspective.
  • Securities and Futures Commission (SFC) issued a circular on Generative Artificial Intelligence Language Models to Licensed Corporations (LCs). LCs are expected to  critically review their existing policies, procedures and internal controls to ensure proper implementation of, and full compliance with, the requirements in the circular.
• Healthcare:
  • Department of Health issued a document, Artificial Intelligence Medical Devices (AI-MD) Technical Reference: TR-008, which provides references on the listing requirements for in the Medical Device Administrative Control System (MDACS) from a technical perspective.

There is no single designated authority, but multiple authorities oversee AI within their sectors, in particular:

• Digital Policy Office (DPO) leads AI strategy and integrate AI into government services.
• Office of the Privacy Commissioner for Personal Data (PCPD) leads on data privacy across AI applications.
• Hong Kong Monetary Authority (HKMA) and Securities and Futures Commission (SFC) actively enforce AI governance in financial services.

• Digital Policy Office’s (DPO) Ethical Artificial Intelligence Framework has been developed for internal adoption within the Government regarding the applications of AI and big data analytics. This framework, including guiding principles, practices and assessment template, is also applicable to other organisations in general and this customised version of framework is suitably revised (e.g. removal or adjustment of government specific terms) for general reference by organsiations when adopting AI and big data analytics in their IT projects.
• DPO’s Hong Kong Generative Artificial Intelligence Technical and Application Guideline aims to provide practical operational guidance for technology developers, service providers, and users in the application of generative AI technology. This guideline covers the scope and limitations of application, potential risks and governance principles of generative AI technology, including technical risks such as data leakage, model bias, and errors that need to be addressed.
• Office of the Privacy Commissioner for Personal Data’s (PCPD)  Artificial Intelligence: Model Personal Data Protection Framework provides a set of recommendations and best practices regarding governance of AI for the protection of personal data privacy for organisations which procure, implement and use any type of AI systems.
• PCPD’s Checklist on Guidelines for the Use of Generative AI by Employees helps organisations develop internal policies or guidelines on the use of Gen AI by employees at work while complying with the requirements of the Personal Data (Privacy) Ordinance (PDPO).

The Hong Kong Generative AI Technical & Application Guideline, released by the DPO, includes practical guidance on key principles of governance that are aligned with some of the key topics of the OECD AI Principles.

The PCPD’s Artificial Intelligence: Model Personal Data Protection Framework offers a structured, organisation-wide approach to safeguarding personal data in AI usage, based on the PDPO. It recommends organisation intending to invest in AI solutions to consider and refer to standards developed and published by professional associations such as the ISO and IEEE. For example, ISO/IEC 23894:2023 which covers risk management in AI. 

Not at present.

• HK Digital Policy Office:  https://www.digitalpolicy.gov.hk/en/