Navigating AI Regulation: United States, ASEAN, and Philippine Frameworks

By Atty. John Manuel Velasco, Associate Lawyer

Artificial Intelligence (AI) is rapidly transforming industries and societies, prompting concerns about ethics, privacy, security, and accountability. Yet regulatory approaches to these concerns vary widely across jurisdictions. In the United States, multiple federal agencies oversee AI under existing consumer protection, anti-discrimination, and sector-specific laws. The Association of Southeast Asian Nations (ASEAN) lacks a unified AI statute, with each member state developing its own rules, coordinated regionally through policy dialogues and soft-law frameworks. In the Philippines, the Data Privacy Act of 2012 and National Privacy Commission (NPC) guidance serve as the main legal foundations for AI, rather than a dedicated AI law.

For organizations operating across these jurisdictions—or planning to do so—understanding these distinct yet interconnected frameworks is essential to managing legal risk and building responsible AI practices.

The United States: A Sector-Specific, Agency-Led Approach

The United States regulates AI through a sector-specific, agency-led approach rather than a single comprehensive law. Federal agencies oversee AI based on industry and application context. The Federal Trade Commission (FTC) enforces consumer protection laws and addresses unfair or deceptive AI practices. The National Institute of Standards and Technology (NIST) issues standards for ethical and safe AI use, focusing on transparency, fairness, and accountability. The Food and Drug Administration (FDA) regulates AI in medical devices, while the Department of Transportation (DOT) oversees AI in autonomous vehicles.

Although the US Congress has proposed several AI-related bills, no comprehensive federal AI law exists. Current efforts emphasize adaptable guidelines that balance innovation with risk management. The focus remains on consumer protection, fairness, and safety—achieved through existing laws rather than by waiting for a single AI-specific statute. This layered yet fragmented architecture means that organizations subject to U.S. jurisdiction must engage with multiple regulatory bodies and a diverse body of guidance, enforcement actions, and technical standards.

ASEAN: Collaborative Frameworks and Regional Coordination

ASEAN regulates AI through collaborative frameworks that emphasize digital transformation, data governance, and ethical use. There is no single AI law for all member states; each country develops its own rules, while ASEAN bodies coordinate broader digital economy and data governance objectives. The ASEAN Digital Masterplan 2025 promotes trusted digital ecosystems and encourages inclusivity, transparency, and accountability. These initiatives are policy frameworks—not enforceable statutes. Regional coordination relies on guidelines, best practices, and dialogue, with national legislatures and regulators responsible for detailed AI regulation.

ASEAN lacks a centralized AI regulator and instead relies on cooperation among national authorities, supported by regional bodies such as the ASEAN Coordinating Committee on Electronic Commerce (ACCEC). ACCEC facilitates the exchange of best practices in digital economy regulation, including AI. ASEAN also encourages adherence to international data protection standards—including those inspired by the European Union’s General Data Protection Regulation (GDPR)—to promote trustworthy AI systems across the region.

Regulatory development within ASEAN varies significantly across member states. Singapore has introduced advanced governance frameworks, model compliance checklists, and sector-specific guidance — particularly for the financial services sector — through agencies such as the Infocomm Media Development Authority (IMDA). By contrast, others are adapting existing statutes to address AI-specific concerns. ASEAN’s strategy emphasizes regional coordination, capacity-building, and balanced regulation to foster innovation.

The Philippines: Privacy Law as the Governing Framework

The Philippines is developing its AI regulatory environment as part of broader digital transformation policies. The Department of Information and Communications Technology (DICT) leads AI oversight, promoting research, innovation, and ethical use aligned with national development goals. The government considers AI vital for economic growth and public service improvement while prioritizing human rights and data privacy.

The Philippines has not enacted a standalone AI law. Instead, AI is governed by the Data Privacy Act of 2012 and the National Privacy Commission Advisory on artificial intelligence systems. While not AI-specific, the Data Privacy Act of 2012 governs the collection, use, and storage of personal data essential for AI systems. AI is treated as a data-processing activity subject to core privacy principles, including transparency, legitimate purpose, proportionality, and security. AI systems impacting individuals require human oversight, explainability, and mechanisms for contesting adverse decisions. Controllers remain accountable for AI-driven outcomes, even when using third-party models or platforms.

The Philippines actively engages in ASEAN dialogues on digital policy harmonization, benefiting from regional cooperation on AI governance. These efforts align national policies with international best practices and address local challenges such as digital infrastructure gaps and cybersecurity threats.

Exploiting Regulatory Absence: How Gaps Allow Risky AI Use in the Philippines

The absence of a comprehensive AI regulatory framework in the Philippines creates structural openings that organizations—intentionally or not—can leverage to deploy AI systems with limited oversight. These vulnerabilities arise not from a lack of law altogether, but from the mismatch between existing rules and the technical and societal realities of modern AI.

First, companies can introduce AI tools without being required to show how they work or whether they might cause harm. Without rules that require testing or reporting, organizations can roll out AI systems quickly, even if they have not been checked for errors or bias.

Second, there are no strong requirements for giving people clear explanations when an AI system affects them. This allows companies to keep their decision processes vague or confusing, making it difficult for individuals to question or challenge results.

Third, organizations can shift responsibility to third‑party providers or to the complexity of the technology itself. Because accountability rules are unclear, it becomes easy to avoid answering for harmful outcomes.

Finally, regulators have limited capacity to examine how AI systems are built or used. This increases the chance that questionable practices will go unnoticed, encouraging some organizations to take advantage of the weak oversight environment.

These gaps highlight why stronger guidance and clearer rules on AI are needed to protect people and ensure responsible use.

Comparative Analysis: Shared Goals, Divergent Structures

AI regulation in the United States, ASEAN, and the Philippines reflects diverse yet complementary approaches shaped by political structures, economic priorities, and societal values. The United States relies on specialized agencies and emerging legislation. ASEAN adopts a collaborative model focused on digital trust, ethical principles, and regional alignment. The Philippines combines national laws—most notably the Data Privacy Act—with ongoing policy development to address both ASEAN commitments and pressing domestic needs.

Across all three jurisdictions, the overarching goals are consistent: to prevent AI-driven harm while supporting innovation and economic growth. Their main differences lie in institutional structures and legal foundations. The United States has the most advanced and complex regulatory environment, characterized by multiple overlapping agencies, statutes, and technical standards. The Philippines and many ASEAN countries are expected to adopt more explicit AI-specific regulations in the coming years, building incrementally on existing privacy and sector-specific frameworks.

Strategic Guidance for Organizations

Organizations that establish responsible AI governance now – through strong documentation, risk management, and human accountability – will be significantly better prepared for legal developments that lie ahead. While regulatory approaches differ across these jurisdictions, the shared goal is to protect individuals and maintain trust in technology.

A practical and defensible strategy is to treat AI systems as high-risk data-processing activities from the outset, even where explicit AI statutes do not yet exist. This approach involves conducting privacy and risk assessments before deploying any AI tools, mapping personal data flows, and maintaining clear, auditable documentation covering the design, testing, validation, and ongoing monitoring of AI systems.

The Philippines stands at a critical juncture. The window to shape AI governance proactively — before harms become widespread and entrenched — is narrowing as AI adoption accelerates. Strengthening the regulatory framework now, even incrementally, is not only a legal imperative but also a social one: ensuring that AI in the Philippines serves the many, not merely the few. As AI technology evolves, legal frameworks must adapt to address new risks and support innovation. Effective AI regulation requires robust laws and active engagement from regulators, stakeholders, and the public to ensure AI serves the common good transparently and fairly.

Sources:

1. AI Law & Policy Hub, “ASEAN Publishes Multipurpose AI Governance Guide,” aihub.squirepattonboggs.com
2. Federal Trade Commission, “Using Artificial Intelligence and Algorithms,” ftc.gov.
3. National Institute of Standards and Technology, “Artificial Intelligence Risk Management Framework,” nist.gov.
4. U.S. Food and Drug Administration, “Artificial Intelligence and Machine Learning in Software as a Medical Device,” fda.gov.
5. U.S. Department of Transportation, “Automated Vehicles for Safety,” transportation.gov.
6. ASEAN Secretariat, “ASEAN Digital Masterplan 2025,” asean.org.
7. ASEAN Coordinating Committee on Electronic Commerce, asean.org.
8. ASEAN Secretariat, “ASEAN Guide on AI Governance and Ethics,” asean.org
9. Infocomm Media Development Authority, Singapore, “AI Governance and Ethics,” imda.gov.
10. Department of Information and Communications Technology, Philippines, “Digital Transformation,” dict.gov.
11. Republic Act No. 10173.
12. National Privacy Commission Advisory No. 2024 – 04, 19 December 2024.
13. Contini, F., Ontanu, E. A. & Velicogna, M. (2024). AI Accountability in Judicial Proceedings: An Actor–Network Approach. Laws 13(6). doi.org
14. Crowden, M. & Masaya, M. (February 26, 2024). ASEAN Releases Regional Guide on AI Governance and Ethics. US-ASEAN Business Council. usasean.org
15.  Regulations.ai. “Philippines AI Regulation Overview,” regulations.ai

About the Author:

This article is authored by Attorney John Manuel Velasco, Associate Lawyer at Zosa Borromeo Ong Vaño & Mirhan Law, whose practice focuses on Civil Law, Commercial Law, Regulatory Compliance, Fintech & Gaming.