The OECD.AI Policy Navigator

The Data (Use and Access) Act 2025, enacted on 19 June 2025 by the UK Parliament, establishes a broad legislative framework governing data access, privacy, and digital services. It covers customer and business data access, personal data processing, electronic communications, health and social care information standards, biometric data retention, trust services, and provisions relating to copyright and the development of artificial intelligence systems.

AI Guidelines for Business (Ver1.2), issued on 31 March 2026, provide unified guiding principles for AI governance in Japan. They aim to promote the safe and secure use of AI by helping business actors recognise risks and take voluntary countermeasures across the lifecycle, supporting both innovation and risk reduction through cooperation and a risk-based approach.

The NIST Artificial Intelligence Risk Management Framework (AI RMF) is a voluntary framework released by the U.S. National Institute of Standards and Technology to help organisations manage risks associated with the design, development, deployment and evaluation of AI systems, with a focus on promoting trustworthy and responsible AI.

Published on 8 June 2020 by the UK Office for Artificial Intelligence, the Guidelines for AI Procurement provide central government departments with guiding principles for procuring AI technologies. Developed with the World Economic Forum, Government Digital Service, and Crown Commercial Service, they cover the end-to-end procurement process, including data governance, impact assessment, market engagement, ethical deployment, and lifecycle management.

Published on 20 March 2025, the AI and Cyber Risk Model Clauses initiative by BuyICT.gov.au makes available a collection of contractual clauses for inclusion in digital and ICT procurement contracts in Australia. The AI model clauses support responsible, ethical, and secure procurement of AI systems, including custom solutions, embedded AI products, and internal AI tools, promoting transparency and accountability.

The MCC-AI-Light (Model Contractual Clauses for Non-High-Risk AI) is a working document published in February 2025 by the European Commission to support public administrations in procuring non-high-risk AI solutions.

Opinion 28/2024 on certain data protection aspects related to AI models, adopted on 17 December 2024, provides guidance on the processing of personal data in the development and deployment of AI models. It clarifies when models can be considered anonymous, how legitimate interest may be used as a legal basis, and the consequences of unlawful data processing, supporting consistent GDPR application.

The Conseil de l'intelligence artificielle et du numérique (Council for Artificial Intelligence and Digital Technology) is an independent advisory body placed under the authority of the French minister responsible for artificial intelligence and digital affairs. Established by decree on 8 December 2017 and restructured by a further decree of 4 September 2025, it operates on a mandate running 2025–2027.

The Protection of Personal Information Act (POPIA), South Africa's data protection law, was assented to by Parliament on 19 November 2013, with most provisions commencing on 1 July 2020 and a one-year grace period for compliance ending on 30 June 2021. Its purpose is to protect individuals from harm by safeguarding their personal information, preventing financial and identity theft and upholding privacy as a fundamental human right.

The Digital Decade Policy Programme 2030 establishes a governance framework and common targets for the Union’s digital transformation, including priorities directly relevant to artificial intelligence such as advanced digital skills, high‑performance computing, cloud and edge infrastructure, and the uptake of AI by businesses and public services.

The IndiaAI Mission, approved by the Indian Cabinet in March 2024 with a budget of Rs. 10,371.92 crore, aims to establish a comprehensive national AI ecosystem implemented by the IndiaAI Independent Business Division under the Digital India Corporation. It comprises seven pillars: AI compute infrastructure of 10,000 or more GPUs, an innovation centre for indigenous foundational models, a unified datasets platform, an AI application development initiative, a skills programme, startup financing,

Japan’s Roadmap for Smart City Initiatives, issued in 2024 by the Cabinet Office, sets out a phased national framework for advancing smart cities as part of Society 5.0, explicitly incorporating the use of data, AI and large‑scale digital infrastructure—such as platforms supporting data analysis, AI applications and cloud‑based computing—to improve urban management and public services.

Finland’s National Roadmap for Data Centres is a government‑commissioned report prepared in 2025 that proposes national objectives and measures for the development of high‑value data centres, explicitly linking data‑centre location to electricity grid capacity, fossil‑free energy availability and the management of growing AI‑related computing demand.

Developing Strategies to Increase Capacity in AI Education (September 2025) presents findings from the NSF LEVEL UP AI project, based on 32 virtual roundtables with 202 experts. Conducted in 2024, it aims to improve AI education in US undergraduate institutions by analysing challenges such as infrastructure, skills gaps and curricula, and proposing strategies including faculty development, interdisciplinary approaches and expanded access.

Singapore’s PDPA Section 26, supported by the Personal Data Protection Regulations 2021, provides a binding legal framework that governs cross‑border transfers of personal data by private organisations. The framework permits the use of domestic or international cloud providers, including for AI‑related workloads, subject to compliance with defined data protection safeguards.

Cedefop’s AI skills survey (2024) is an initiative examining the impact of artificial intelligence on jobs, skills and workplaces across EU Member States. Conducted between February and May 2024, it collects data from adult workers to map AI use, assess skill gaps and analyse labour market effects. The aim is to support policies promoting upskilling, reskilling and AI literacy in response to technological transformation.

South Africa’s National Data and Cloud Policy is a policy framework adopted in 2024 to guide the use of data and cloud computing in the country, with the aim of improving public service delivery, supporting a data‑driven digital economy and strengthening national digital infrastructure.

The European Health Data Space (EHDS) Regulation, establishes a common EU framework for the use and exchange of electronic health data. Overseen by the European Commission, it covers both primary use, empowering patients to access and share their data across borders, and secondary use for research, innovation, and policy. Key priorities include interoperability, data protection, and a single market for electronic health record systems.

ProChile has established export promotion lines for knowledge‑based services, explicitly including AI, data analytics, and advanced software. Services include international fairs, buyer missions, and export matchmaking tailored to digital and AI firms.

OMB Memorandum M-25-22, "Driving Efficient Acquisition of Artificial Intelligence in Government," issued on 3 April 2025 by the Office of Management and Budget, provides guidance to United States federal agencies on procuring AI systems and services responsibly and cost-effectively.