Reviews on Taiwan Constitutional Court's Judgment no. 13 of 2022

The activities of accessing to Taiwan's biological resources can be governed within certain extent described as follows. 1 、 Certain Biological Resources Controlled by Regulations Taiwan's existing regulation empowers the government to control the access to biological resources within certain areas or specific species. The National Park Law, the Forestry Act, and the Cultural Heritage Preservation Act indicate that the management authority can control the access of animals and plants inside the National Park, the National Park Control Area, the recreational area, the historical monuments, special scenic area, or ecological protection area; forbid the logging of plants and resources within the necessary control area for logging and preserved forestry, or control the biological resources inside the natural preserved area. In terms of the scope of controlled resources, according to the guidance of the Wildlife Conservation Act and the Cultural Heritage Preservation Act, governmental management authority is entitled to forbid the public to access the general and protected wild animals and the plant and biological resources that are classified as natural monuments. To analyse the regulation from another viewpoint, any access to resources in areas and of species other than the listed, such as wild plants or microorganism, is not regulated. Therefore, in terms of scope, Taiwan's management of the access to biological resources has not covered the whole scope. 2 、 Access Permit and Entrance Permit Taiwan's current management of biological resources adopts two kinds of schemes: access permit scheme and entrance permit in specific areas. The permit allows management authority to have the power to grant and reject the collection, hunting, or other activities to access resources by people. This scheme is similar to the international standard. The current management system for the access to biological resources promoted by many countries and international organizations does not usually cover the guidance of entrance in specific areas. This is resulting from that the scope of the regulation about access applies for the whole nation. However, since Taiwan has not developed regulations specifically for the access of bio-research resources, the import/export regulations in the existing Wildlife Conservation Act, National Park Law, Forestry Act, and Cultural Heritage Preservation Act may provide certain help if these regulations be properly connected with the principle of access and benefit sharing model, so that they will help to urge people to share the research interests. 3 、 Special Treatments for Academic Research Purpose and Aborigines Comparing to the access for the purpose of business operation, Taiwan's regulations favour the research and development that contains collection and hunting for the purpose of academic researches. The regulation gives permits to the access to biological resources for the activities with nature of academic researches. For instance, the Wildlife Conservation Act, National Park Law, and theCultural Heritage Preservation Act allow the access of regulated biological resources, if the academic research unit obtains the permit, or simply inform the management authority. In addition, the access by the aborigines is also protected by the Forestry Act, Cultural Heritage Preservation Act, and the Aboriginal Basic Act. The aborigines have the right to freely access to biological resources such as plants, animals and fungi. 4 、 The Application of Prior Informed Consent (PIC) In topics of the access to and benefit sharing of biological resources, the PIC between parties of interests has been the focus of international regulation. Similarly, when Taiwan was establishing theAboriginal Basic Act, this regulation was included to protect the aborigines' rights to be consulted, to agree, to participate and to share the interests. This conforms to the objective of access and benefit sharing system. 5 、 To Research and Propose the Draft of Genetic Resources Act The existing Wildlife Conservation Act, National Park Law, Forestry Act,Cultural Heritage Preservation Act, Aboriginal Basic Act provide the regulation guidance to the management of the access to biological resources within certain scope. Comparing to the international system of access and benefit sharing, Taiwan's regulation covers only part of the international guidance. For instance, Taiwan has no regulation for the management of wild plants and micro-organism, so there is no regulation to confine the access to wild plants and microorganism. To enlarge the scope of management in terms of the access to Taiwan's biological resources, the government authority has authorize the related scholars to prepare the draft of Genetic Resources Act. The aim of the Genetic Resources Act is to establish the guidance of the access of genetic resources and the sharing of interests in order to preserve the genetic resources. The draft regulates that the bio-prospecting activity should be classified into business and academic, with the premise of not interfering the traditional usages. After classification, application of the permit should be conducted via either general or express process. During the permit application, the prospector, the management authority, and the owner of the prospected land should conclude an agreement jointly. In the event that the prospector wishes to apply for intellectual property rights, the prospector should disclose the origin of the genetic resources and provide the legally effective documents of obtaining these resources. In addition, a Biodiversity Fund should be established to manage the profits derived from genetic resources. The import/export of genetic resources should also be regulated. Violators should be fined.

I.Summary In 1995, the Computer-Processed Personal Data Protection Law was implemented in the Republic of China. With the constant development of information technology and the limitations in the application of the legislation, the design of the original legal system is no longer consistent with practical requirements. Considering the increasing number of incidents of personal data leaks, discussions were carried out over a long period of time and the new version of the Personal Information Protection Act was passed after three readings in April, 2010. The title of the law was changed to Personal Information Protection Act. The new system has been officially implemented since 1 October, 2012. The new Act not only revised the provisions of the law in a comprehensive way, but also significantly increased the obligations and responsibilities of enterprises. In terms of civil liability, the maximum amount of compensation for a single incident is 200 Million NTD. For domestic industries, how to effectively respond to the requirements under the Personal Information Protection Act and adopt proper corresponding measures to lower the risk has become a key task for enterprise operation. II. Main Points 1. Implementation of the Enforcement Rules of the Personal Information Protection Act Personal information protection can be said the most concerned issue in Taiwan recently. As a matter of fact, the Computer-Processed Personal Data Protection Law was established in Taiwan as early as August 1995. After more than 10 years of development, computer and information technology has evolved significantly, and many emerging business models such as E-commerce are extensively collecting personal data. It has become increasingly important to properly protect personal privacy. However, the previous Computer-Processed Personal Data Protection Law was only applicable to certain industries, i.e. the following 8 specific industries: the credit investigation business, hospital, school, telecommunication business, financial business, securities business, insurance business, and mass media. And other business was designated by the Ministry of Justice and the central government authorities in charge of concerned enterprises. In addition, the law only protected personal information that was processed by “computer or automatic equipment”. Personal information that was not computer processed was not included. There were clearly no sufficient regulations for the protection of personal data privacy and interest. There were numerous incidents of personal data leaks. Among the top 10 consumer news issued by the Consumer Protection Committee of the Executive Yuan in 2007, “incidents of personal data leaks through E-commerce and TV shopping” was on the top of the list. This provoked the Ministry of Justice and the Ministry of Economic Affairs to “jointly designate” the retail industry without physical boutique (including 3 transaction models: online shopping, catalogue shopping and TV shopping) to be governed by the Computer-Processed Personal Data Protection Law since 1 July 2010. To allow the provisions of the personal information protection legal system to meet the environment of rapid change, the Executive Yuan proposed a Draft Amendment to the Computer-Processed Personal Data Protection Law very early and changed the title to the Personal Information Protection Act. The draft was discussed many times in the Legislative Yuan. Personal Information Protection Act was finally passed after three readings in April 2010, which was officially published by the Office of the President on 26 May. Although the new law was passed in April 2010, to allow sufficient time for enterprises and the public to understand and comply the new law, the new version of the personal information protection law was not implemented on the date of publication. In accordance with Article 56 of the Act, the date of implementation was to be further established by the Executive Yuan. After discussions over a long period of time, the Executive Yuan decided for the Personal Information Protection Act to be officially implemented on 1 October 2012. However, the implementation of two articles is withheld: Article 6 of the Act about the principal prohibition against the collection, processing and use of special personal information and Article 54 about the obligation to notice the Party within one year for personal information indirectly acquired before the implementation of the new law. In terms of the personal data protection legal system, other than the most important Personal Data Protection Act, the enforcement rules established in accordance with the main law also play a key role. The previous Enforcement Rules of the Computer-Processed Personal Data Protection Law were published and implemented on 1 May, 1996. Considering that the Computer-Processed Personal Data Protection Law was amended in 2010 and that its title has been changed to the Personal Data Protection Act, the Ministry of Justice also followed the amended provisions under the new law and actively studied the Draft Amendment to the Enforcement Rules of the Computer-Processed Personal Data Protection Act. After it was confirmed that the new version of the Personal Data Protection Act would be officially launched on 1 October 2012, the Ministry of Justice announced officially the amended enforcement rules on 26 September, 2012. The title of the enforcement rules was also amended to the Enforcement Rules of the Personal Data Protection Act. The new version of personal data protection law and enforcement rules was thus officially launched, creating a brand new era for the promotion of personal data protection in Taiwan. II. Personal Data Administration System and Information Privacy Protection Charter Before the amendment to the Personal Data Protection Act was passed, the Legislative Yuan made a proposal to the government in June 2008 to promote a privacy administration and protection certification system in Taiwan, in reference to foreign practices. In August of the following year, the Strategic Review Board of the Executive Yuan passed a resolution to promote the E-Commerce Personal Data Administration and Information Security Action Plan. In December of the same year, approval was granted for the plan to be included in the key government promotion plans from 2010 to 2013. Based on this action plan, since October 2010, the Ministry of Economic Affairs has asked the Institution for Information Industry to execute an E-Commerce Personal Data Administration System Setup Plan. Since 2012, the E-Commerce Personal Data Administration System Promotion Plan and the Taiwan Personal Information Protection and Administration System (TPIPAS) have been established and promoted, with the objective of procuring enterprises to, while complying with the personal data protection legal system, properly protect consumers’ personal information through the establishment of an internal administration mechanism and ensuring that the introducing enterprises meet the requirements of the system. The issuance of the Data Privacy Protection Mark (dp.mark) was also used as an objective benchmark for consumers to judge the enterprise’s ability to maintain privacy. Regarding the introduction of the personal data administration system, enterprises should establish a content administration mechanism step by step in accordance with the Regulations for Taiwan Personal Information Protection and Administration System. Such system also serves as the review benchmark to decide whether domestic enterprises can acquire the Data Privacy Protection Mark (dp.mark). Since domestic enterprises did not have experience in establishing internal personal data administration system in the past, starting 2011, under the Taiwan Personal Information Protection and Administration System, enterprises received assistance in the training of system professionals such as Personal Data Administrators and Personal Data Internal Appraisers. Quality personal data administrators can help enterprises establish complete internal systems. Internal appraisers play the role of confirming whether the systems established by the enterprises are consistent with the system requirements. As of 2012, there are almost 100 enterprises in Taiwan that participate in the training of system staff and a total of 426 administrators and 131 internal appraisers. In terms of the introduction of TPIPAS, in additional to the establishment and introduction of administration systems by qualified administrators, enterprises can also seek assistance from external professional consulting institutions. Under the Taiwan Personal Information Protection and Administration System, applications for registration of consulting institutions became available in 2012. Qualified system consulting institutions are published on the system website. Today 9 qualified consulting institutions have completed their registrations, providing enterprises with personal data consulting services. After an enterprise completes the establishment of its internal administration system, it may file an application for certification under the Taiwan Personal Information Protection and Administration System. The certification process includes two steps: “written review” and “site review”. After the enterprise passing certification, it is qualified to use the Data Privacy Protection Mark (dp.mark). Today 7 domestic companies have passed TPIPAS certification and acquired the dp.mark: 7net, FamiPort, books.com.tw, LOTTE, GOHAPPY, PAYEASY and Sinya Digital, reinforcing the maintenance of consumer privacy information through the introduction of personal data administration system. III. Event Analysis The Taiwan Personal Information Protection and Administration System (TPIPAS) is a professional personal data administration system established based on the provisions of the latest version of the domestic Personal Data Protection Act, in reference to the latest requirements of personal data protection by international organizations and the experience of main countries in promoting personal data administration system. In accordance with the practical requirements to protect personal data by industries, TPIPAS converted professional legal conditions into an internal personal data administration procedure to effectively assist industries to establish a complete and proper personal data administration system and to comply with the requirements of personal data legislations. With the launch of the new version of the Personal Data Protection Act, introducing TPIPAS and acquiring dp.mark are the best strategies for enterprises to lower the risk from the personal data protection law and to upgrade internal personal data administration capability.

Legal Analysis of the U.S. BIOSECURE Act: Implications for Taiwanese Biotechnology Companies 2024/11/15 I.Introduction The U.S. BIOSECURE Act (H.R.8333)[1](hereunder, "BIOSECURE Act" or "Act") is a strategic legislative measure designed to protect U.S. biotechnology technologies and data from potential exploitation by foreign entities deemed to be threats to national security. Passed by the House of Representatives on September 9, 2024, with a vote of 306-81[2], the Act demonstrates robust bipartisan support to limit foreign influence in critical U.S. sectors. Passed during the legislative session known as "China Week[3]," the Act imposes restrictions on government contracts, funding, and technological cooperation with entities classified as "Biotechnology Companies of Concern" (hereunder, "BCCs") that are affiliated with adversarial governments. Given Taiwan's prominent role in biotechnology and its strong trade ties with the U.S., Taiwanese companies must examine the implications of the BIOSECURE Act, specifically in regard to technology acquisition from restricted foreign companies and compliance obligations for joint projects with U.S. partners. This analysis will delve into three core aspects of the BIOSECURE Act: (1) the designation and evaluation of BCCs, (2) prohibitions on transactions involving BCCs, and (3) enforcement mechanisms. Each section will evaluate potential impacts on Taiwanese companies, focusing on how the Act might influence technology transfers, compliance obligations, and partnership opportunities within the U.S. biotechnology supply chain. II.Designation and Evaluation of Biotechnology Companies of Concern A central element of the BIOSECURE Act is the process of identifying and evaluating foreign biotechnology companies considered potential threats to U.S. national security.[4] Under Section 2(f)(2) of the Act, a "Biotechnology Company of Concern" is defined as any entity associated with adversarial governments—specifically, China, Russia, North Korea, and Iran[5]—that engages in activities or partnerships posing risks to U.S. security[6]. These risks may include collaboration with foreign military or intelligence agencies, involvement in dual-use research, or access to sensitive personal or genetic information of U.S. citizens. Companies already designated as BCCs include BGI, MGI, Complete Genomics, WuXi AppTec, and WuXi Biologics, all of which have substantial ties to China and the Chinese government or military[7]. Under Section 2(f)(4) of the Act, the Office of Management and Budget (OMB) is required to continuously evaluate and update the BCC list in consultation with agencies such as the Department of Defense, Department of Commerce, and the National Intelligence Community to reflect evolving security concerns[8]. The designation process presents significant challenges for Taiwanese companies, particularly those that have connections with BCCs or rely on BCC technologies for their products, diagnostics, or research initiatives. For instance, if a Taiwanese company uses gene sequencing technology or multiomics tools sourced from one of the designated BCCs, it may face restrictions when pursuing contracts with U.S. entities or seeking federal funding. To proactively address these challenges, Taiwanese companies should establish compliance protocols that verify the origin of their technology and data sources. Moreover, developing new supply chain relationships with U.S. or European suppliers may not only reduce reliance on BCC-affiliated technology but also enhance Taiwanese companies' reputation as secure and reliable partners in the biotechnology industry. By adapting proactively to the BCC designation process, Taiwanese companies can anticipate and respond to future regulatory shifts more effectively. Diversifying their technology base away from BCCs positions these companies to better align with U.S. biosecurity standards, thereby becoming more attractive collaborators for U.S.-based biotechnology and life sciences companies. Given the rapid pace of regulatory and security developments, staying informed about changes in BCC designations will enable Taiwanese companies to operate with greater agility, adjusting suppliers and adopting new compliance measures as needed. Such proactive alignment can strengthen their resilience and reinforce their status as stable and secure participants in the global biotechnology landscape. III.Prohibition on Government Contracts and Funding A core component of the BIOSECURE Act is its stringent restrictions on contracting and funding involving entities linked to BCCs, as detailed in Section 2(a) of the act[9]. These restrictions extend beyond direct federal interactions to include any recipients of federal funds, prohibiting them from using such funds to procure biotechnology products or services from BCCs[10]. By curtailing federal support and preventing indirect financial benefits to these companies, the U.S. aims to mitigate national security risks posed by adversarial governments. The wide-reaching scope of these prohibitions makes the BIOSECURE Act one of the most comprehensive legislative efforts to secure the biotechnology sector and address concerns over foreign technologies potentially compromising U.S. security interests. For Taiwanese biotechnology companies, these prohibitions introduce substantial compliance demands, particularly for companies that utilize BCC technology within their supply chains. For example, a Taiwanese company engaged in a joint research project with a U.S. government contractor may be required to demonstrate that none of its technology or data sources originate from BCCs. Compliance could necessitate rigorous supply chain audits and operational adjustments, potentially increasing short-term costs. However, aligning with U.S. regulatory standards preemptively can position Taiwanese companies as more desirable partners for U.S. entities that are increasingly prioritizing security and regulatory adherence. The BIOSECURE Act also incentivizes Taiwanese companies to explore alternative technology providers that meet U.S. biosecurity criteria, including secure data management practices, compliance with federal regulations, and the absence of connections to adversarial governments. By sourcing technology from approved U.S. or European biotechnology companies, Taiwanese companies can enhance their market access and collaborative prospects in the U.S. biotechnology and life sciences sectors. This strategy may also foster long-term stability in partnerships and mitigate risks associated with supply chain disruptions, particularly if more companies are designated as BCCs in the future[11]. Establishing partnerships with U.S.-aligned suppliers can also provide Taiwanese companies with a competitive edge in securing government contracts and research funding, as U.S.-based entities increasingly prefer suppliers that comply with national biosecurity requirements. IV.Enforcement Mechanisms, Transition Periods, and Taiwanese Considerations The BIOSECURE Act outlines key enforcement mechanisms and transitional provisions designed to facilitate the adjustment process for companies affected by its restrictions. Specifically, Section 2(c) of the Act provides an eight-year grandfathering period for contracts established prior to the Act’s effective date involving existing BCCs, allowing these agreements to continue until January 1, 2032[12]. This provision is intended to provide companies that are dependent on BCC-supplied biotechnology ample time to transition to compliant suppliers. In addition, the Act includes a "safe harbor" provision[13], which clarifies that equipment previously produced by a BCC but now sourced from a non-BCC entity will not be restricted. This allows companies to re-source components without the risk of penalties for past procurement decisions. For Taiwanese companies, this transition period presents a critical opportunity to adapt to the new regulatory environment without facing immediate disruptions to business operations. Companies dependent on BCC technology for essential biotechnological functions can leverage the eight-year window to gradually phase out such suppliers, thereby minimizing the impact on operations while ensuring future compliance. For example, a Taiwanese company that relies on a BCC’s sequencing technology for genomic research can use this period to forge partnerships with compliant technology suppliers, thereby avoiding sudden disruptions in research or production. Additionally, the Act includes a waiver provision[14] that allows case-by-case exemptions under specific conditions, particularly when compliance is infeasible, such as in instances where critical healthcare services abroad are at risk[15]. By making strategic use of the phased enforcement and waiver provisions, Taiwanese companies can restructure their supply chains to align fully with U.S. requirements. Those that plan these transitions carefully not only ensure regulatory compliance but also enhance their appeal as resilient and trustworthy partners in the U.S. market. Exploring new collaborations with U.S.-approved biotechnology suppliers can further bolster supply chain resilience against future geopolitical or regulatory uncertainties. The transition period[16] and waiver options[17] reflect the BIOSECURE Act's balanced approach between immediate security needs and pragmatic implementation, which Taiwanese companies can capitalize on to build robust, compliant biotechnological operations. V.Conclusion The U.S. BIOSECURE Act[18] presents both significant challenges and strategic opportunities for Taiwanese biotechnology companies. The Act’s restrictions on contracts with designated BCCs and funding constraints necessitate a reassessment of technology acquisition strategies and a reinforcement of compliance practices. Taiwanese companies seeking deeper integration into U.S. and global biotechnology markets will benefit from aligning their procurement approaches with non-BCC suppliers, particularly those in the U.S. or allied countries. This proactive alignment will not only mitigate potential compliance risks but also enhance Taiwanese companies’ reputations as reliable global partners in biotechnology. The phased enforcement and waiver provisions of the BIOSECURE Act[19] provide Taiwanese companies with a clear pathway to navigate the evolving regulatory landscape, allowing them to establish stronger, more resilient supply chains that meet U.S. standards. Such alignment positions these companies as competitive players in the biotechnology sector, contributing to secure and innovative progress in an increasingly interconnected world. By actively engaging with the BIOSECURE Act’s compliance demands, Taiwanese biotechnology companies can leverage the Act's phased implementation to ensure sustained, secure access to the U.S. market and foster strategic biotechnology partnerships. Reference: [1] U.S. CONGRESS, H.R. 8333 – U.S. BIOSECURE Act (2024), https://www.congress.gov/bill/118th-congress/house-bill/8333 (last visited Nov. 1, 2024). [2] OFFICE OF THE CLERK, U.S. HOUSE OF REPRESENTATIVES, Roll Call Vote No. 402 on H.R. 8333 (Sept. 9, 2024), https://clerk.house.gov/Votes?RollCallNum=402&BillNum=H.R.8333 (last visited Nov. 1, 2024). [3] JANINE LITTLE, U.S. House Of Representatives Passes The BIOSECURE Act During “China Week”, Global Supply Chain Law Blog (Sept. 13, 2024), https://www.globalsupplychainlawblog.com/supply-chain/u-s-house-of-representatives-passes-the-biosecure-act-during-china-week/ (last visited Nov. 1, 2024). [4] SABINE NAUGÈS & SARAH L. ENGLE, BIOSECURE Act: US Target on Chinese Biotechnology Companies, NAT'L L. REV. (Sept. 13, 2024), https://natlawreview.com/article/biosecure-act-us-target-chinese-biotechnology-companies (last visited Nov. 1, 2024). [5] 10 U.S.C. § 4872(d) (2024), https://www.law.cornell.edu/uscode/text/10/4872 (last visited Nov. 1, 2024). [6] U.S. CONGRESS, H.R. 8333 – U.S. BIOSECURE Act (2024), https://www.congress.gov/bill/118th-congress/house-bill/8333 (last visited Nov. 1, 2024). [7] id. [8] id. [9] id. [10] id. [11] JANINE LITTLE, U.S. House Of Representatives Passes The BIOSECURE Act During “China Week”, Global Supply Chain Law Blog (Sept. 13, 2024), https://www.globalsupplychainlawblog.com/supply-chain/u-s-house-of-representatives-passes-the-biosecure-act-during-china-week/ (last visited Nov. 1, 2024). [12] U.S. CONGRESS, H.R. 8333 – U.S. BIOSECURE Act (2024), https://www.congress.gov/bill/118th-congress/house-bill/8333 (last visited Nov. 1, 2024). [13] id. [14] id. [15] id. [16] id. [17] id. [18] id. [19] id.

Shifting AI Governance in East Asia: AI Legislative Progress in Japan, South Korea and Taiwan 2025/09/09 Keywords: artificial intelligence, artificial intelligence regulation I.Introduction The landscape of AI governance in East Asia is changing, with two new AI laws enacted and one on the way. In South Korea, an act titled “the Basic Act on the Development of Artificial Intelligence and the Establishment of Foundation for Trustworthiness“ (“인공지능 발전과 신뢰 기반 조성 등에 관한 기본법”, henceforth referred to as “South Korea’s AI Act” or “SKAIA”)[1]was approved on December 26[2], 2024 and promulgated on January 21, 2025. The AI Basic Act is designed to establish a national AI governance framework and systematically foster the AI industry while preventing potential AI risks.[3]A few months later, Japan’s first law regulating AI was passed by the National Diet on May 28, 2025. The new law is titled "the Act on Promotion of Research and Development, and Utilization of AI-related Technology" (“人工知能関連技術の研究開発及び活用の推進に関する法律”, henceforth referred to as "Japan's AI Act" or "JAIA")[4], which reflects the strong will of the government to catch up in the global AI race.[5] Elsewhere in the region, Taiwan’s Executive Yuan finally passed its draft AI Basic Act (“人工智慧基本法草案”) on August 28[6] [7], which must now be submitted to the Legislative Yuan for deliberation. The government hopes the new law will lay the foundation for establishing Taiwan as an AI island and a key driving force in global AI development.[8] This article will give a quick overview of the key features of the three new AI regulations to illustrate the new landscape these countries are shaping in AI governance. II.Key features of Japan’s AI Act (JAIA) 1.Purpose and principles of JAIA Given Japan's lagging AI development and rising public concerns, JAIA reflects the government's worry about falling behind global peers in AI investment and adoption.[9] It is believed that new laws are needed in addition to existing laws and regulations to promote innovation and address risks.[10] Hence JAIA aims to advance the R&D and application of AI through the formulation of basic principles and plans, and the establishment of an "AI Strategic Headquarters".[11] JAIA establishes basic principles for the promotion of the R&D and application of AI-related technologies[12], including enhancing industry R&D capabilities and competitiveness, systematically promoting AI collaboration from research to application with transparency, and enabling Japan to shape global norms through international cooperation.[13] 2.Industry Development and Promotion JAIA requires the government to develop a National AI Basic Plan, in accordance with the basic principles, to promote the R&D and application of AI. The AI Basic Plan should set out fundamental policy guidelines and measures to comprehensively and systemically advance the R&D and application of AI-related technologies, along with other necessary provisions.[14] JAIA also specifies basic measures to be included in the plan, which cover issues of promotion of R&D, expansion and sharing of facilities and data, human resources and education, international engagement in AI norm setting, and domestic guidelines making. In addition, the government should monitor AI technology trends and analyze cases of rights violations from improper AI use to develop countermeasures and provide guidance accordingly.[15] 3.Governance JAIA stipulates that an AI Strategy Headquarters should be established under the Cabinet, composed of all cabinet members and headed by the Prime Minister.[16] The AI Strategic Headquarters is tasked with comprehensively and systematically advancing AI-related technology R&D and application policies, including the formulation, promotion, and implementation of AI Basic Plans and other related initiatives.[17] The Act also empowers the AI Strategy Headquarters to invite stakeholders to provide information, opinions or explanations, and other necessary assistance.[18] 4.Risk managements and rights protection JAIA does not impose direct compliance obligations, but AI companies and research institutions are required to cooperate with government investigations and follow government guidance in cases involving violations of human rights and interests.[19] 5.Implementation of JAIA and Follow-up Work JAIA came into force in May 2025. The Japanese government is required to develop guidelines that align with international standards and launch the Strategic Headquarters for the preparation and implementation of the National AI Basic Plan. III.Key features of the South Korea’s AI Act (SKAIA) 1.Purpose and principles of SKAIA SKAIA is designed to establish a foundation for AI development and trustworthiness, increasing citizens’ rights and interests protection, quality of life, and the country’s competitiveness.[20] It focuses on advancing national AI collaboration to foster a flourishing AI sector and developing legal frameworks to mitigate risks.[21] Accordingly, the Act establishes basic AI development principles: prioritizing safety and reliability to improve quality of life, and ensuring those affected by AI output receive clear, meaningful explanations within reasonable parameters.[22] 2.Industry development and promotion Supporting AI technology and industry development is a key feature of SKAIA. It establishes comprehensive measures covering technology development, industry revitalization, SME support, industrial foundations, talent cultivation, regulatory adaptation, and international cooperation.[23] 3.Governance SKAIA also strengthens the institutional framework for AI governance. The Ministry of Science and ICT (henceforth referred to as “MSIT”) is mandated to execute an AI Master Plan every three years and empowered to investigate violations, require corrective action, and impose fines on non-compliant entities.[24] The National AI Committee is authorized to review and decide on the AI Master Plan and AI-related matters, making it the highest decision-making body for South Korea's AI policies. It is composed of the heads of central administrative agencies and civilian AI experts appointed by the president.[25] SKAIA also establishes the AI Policy Center to support MSIT on AI policy formulation, and the AI Safety Institute for AI safety matters.[26] 4.Risk management and rights protection SKAIA imposes specific obligations on operators of high-impact AI and generative AI systems. All operators must ensure system transparency and safety, while high-impact AI operators face additional responsibilities including conducting fundamental rights impact assessments.[27] High-impact AI systems are defined as AI systems that have a significant impact on or may pose a risk to human life, safety, and fundamental rights and are mainly utilized in critical infrastructure sectors and human rights-sensitive areas, or other areas specified by presidential decree.[28] The procedure for determining whether an AI system qualifies as high-impact AI will be established through subordinate legislation.[29] 5.Implementation of SKAIA and Follow-up Work SKAIA will come into effect on January 1, 2026 and the formulation of subordinate statutes that detail enforcement mechanisms and guidelines should be expedited. However, domestic critics argue that corporate obligation provisions may hinder AI development and advocate for postponing their implementation.[30] Actually, an amendment to the Act was proposed in April 2025, seeking such a postponement along with a three-year grace period.[31] IV. Key features of Taiwan’s draft AI Basic Act 1.Purpose and Principles of the draft AI Basic Act[32] Taiwan adopts a relatively conservative approach to AI policy and measures to boost industrial development have long occupied the agenda of AI governance. Given that AI is a crucial technology for national development, the draft AI Basic Act (henceforth referred to as "the draft Act") seeks to ensure that AI technology develops vigorously in a human-centered approach, encourage innovation while considering human rights, and safeguard Taiwan’s national sovereignty and cultural values.[33] Hence, the draft Act establishes seven guiding principles in line with international norms, which are sustainability, human autonomy, privacy protection and data governance, security, transparency and explainability, fairness and accountability.[34] 2.Industry Development and Promotion It is the government’s responsibility to promote the R&D and application of AI and construct the infrastructure needed.[35] In order to facilitate AI innovations, competent authorities may provide a controlled environment for testing and validating AI innovation products and services before they are released to the market or put into use.[36] Considering the wide scope of AI application and development, the government is encouraged to collaborate with the private sector, including through public-private partnerships, and should promote international cooperation on AI matters.[37] The government should also continue to comprehensively promote AI education at all levels to enhance the public's AI literacy.[38] Data is crucial for AI development, so the draft Act mandates the government to establish mechanisms to enhance data availability, and measures to facilitate AI outputs that maintain the country's multicultural values, and protect intellectual property rights.[39] 3.Risk Management and Rights Protection (1) Risk Management The draft Act includes several provisions addressing AI risks. The government should take steps to prevent AI from being used for illegal purposes. For example, Ministry of Digital Affairs (MODA) and other relevant agencies may provide or recommend tools or methods for AI evaluation and verification to avoid misuse of AI.[40] Secondly, MODA is mandated to foster an AI risk classification framework, based on which sectoral competent authorities should establish risk-based tiered management standards.[41] Thirdly, the government may, through binding regulations or non-binding administrative guidance, promote safety standards, verification, transparent and explainable traceability, or accountability mechanisms to enhance the trustworthiness of AI development and application.[42] Lastly, the government should clarify the ownership and conditions of liability for high-risk AI applications and establish relevant mechanisms for relief, compensation or insurance to protect affected parties.[43] However, AI application responsibility norms would not apply to pre-release activities in order to support technological innovation.[44] [45] (2) Rights Protection The draft Act concerns not only the privacy rights of individuals but also labor rights. The government should ensure the protection of personal data used throughout the AI lifecycle on the one hand[46] , and also protect workers' rights and provide necessary assistance to help them adapt to technological changes, especially those who have lost their jobs due to AI use.[47] 4.Governance and Implementation Despite the heated debate regarding the designation of a dedicated AI regulatory authority in the country, the Executive Yuan decided against establishing such an authority, given AI's cross-ministerial nature. Relevant competent authorities will be responsible for formulating implementing regulations and guidelines and the Executive Yuan will continue to guide relevant agencies and departments at all levels through the existing Digital Legal Coordination Meeting to facilitate the development of AI.[48] V.Analysis and conclusion Japan, South Korea and Taiwan all seek to maintain the countries' momentum in promoting AI development through AI legislation. The three parties all emphasize trustworthy AI, though they actually place greater emphasis on AI development. They share considerable common ground in the policies to foster AI industry development, such as promoting AI R&D and application and supporting infrastructure-building, and diverge in their approaches to addressing potential AI-related risks and governance structure. Japan adopts a ‘light touch’ regulatory approach to AI regulation, maintaining coherent policy coordination that responds to domestic imperatives and global trends without imposing regulatory burdens on industries.[49] The country favors a soft approach with governmental guidance. In contrast, South Korea incorporates regulatory provisions specifically targeting high-impact AI systems in its AI Basic Act, seeking to balance between enhancing national competitiveness through AI and mitigating potential risks stemming from AI misuse, though this approach actually faces some domestic opposition currently. Taiwan adopts an approach similar to Japan's. The draft AI Basic Act avoids imposing regulatory obligations, and the government will prioritize AI verification and evaluation mechanisms to ensure trustworthy AI development. Regarding governance approaches, both Japan and South Korea seek to strengthen governmental AI governance functions through legislation, with Japan establishing an AI Strategic Headquarters and South Korea creating an AI Committee, both operating under their respective Cabinets. In contrast, Taiwan's draft AI Basic Act does not address governance structural matters. Given the profound societal transformations that AI technology may bring, all three East Asian countries recognize the importance of sustained AI advancement while acknowledging the critical need to ensure AI safety and trustworthiness to protect human rights. In an era of intense global AI competition, it seems to be the best policy for governments to carefully design AI policies that strike a balance between fostering innovation and safeguarding human rights. This cautious approach is essential as significant challenges remain and AI risks demand comprehensive solutions. Reference: [1] 인공지능 발전과 신뢰 기반 조성 등에 관한 기본법（법률 제20676호, 2025. 1. 21, 제정），법제처 국가법령정보센터，https://www.law.go.kr/%EB%B2%95%EB%A0%B9/%EC%9D%B8%EA%B3%B5%EC%A7%80%EB%8A%A5%20%EB%B0% 9C%EC%A0%84%EA%B3%BC%20%EC%8B%A0%EB%A2%B0%20%EA%B8%B0%EB%B0%98%20%EC%A1%B0%EC% 84%B1%20%EB%93%B1%EC%97%90%20%EA%B4%80%ED%95%9C%20%EA%B8%B0%EB%B3%B8%EB%B2%95/(206 76,20250121) （最後瀏覽日：2025/09/11）。 [2] A New Chapter in the Age of AI: Basic Act on AI Passed at the National Assembly‘s Plenary Session, Ministry of Science and ICT, https://www.msit.go.kr/eng/bbs/view.do?sCode=eng&mId=4&mPid=2&pageIndex=&bbsSeqNo=42&nttSeqNo=1071&searchOpt=ALL&searchTxt= (last visited Sept. 11, 2025). [3] A New Chapter in the Age of AI: Basic Act on AI Passed at the National Assembly‘s Plenary Session, Ministry of Science and ICT, https://www.msit.go.kr/eng/bbs/view.do?sCode=eng&mId=4&mPid=2&pageIndex=&bbsSeqNo=42&nttSeqNo=1071&searchOpt=ALL&searchTxt= (last visited Sept. 11, 2025). [4] 人工知能関連技術の研究開発及び活用の推進に関する法律（令和7年法律第53号），e-Gov法令検索，https://laws.e-gov.go.jp/law/507AC0000000053（最後瀏覽日：2025/09/11）。 [5] CABINET OFFICE, GOVERNMENT OF JAPAN, Outline of the Act on Promotion of Research and Development, and Utilization of AI-related Technology (AI Act), https://www8.cao.go.jp/cstp/ai/ai_hou_gaiyou_en.pdf (last visited Sept. 11, 2025). [6] 〈政院通過「人工智慧基本法」草案 建構AI發展與應用良善環境 打造臺灣成為AI人工智慧島〉，行政院，https://www.ey.gov.tw/Page/9277F759E41CCD91/5d673d1e-f418-47dc-ab35-a06600f77f07（最後瀏覽日：2025/09/09）。 [7] There are other AI bills brought up by legislators in the Legislative Yuan. The purpose of this article is to analyze the AI governance priorities of the governments of Japan, South Korea, and Taiwan; therefore, other AI bills proposed by legislators are not included in the discussion. [8] 蘇文彬，〈行政院通過AI基本法草案，將不設立AI專責機關〉，iThome，2025/08/28，https://www.ithome.com.tw/news/170874 (最後瀏覽日：2025/09/09)。 [9] Japan’s AI Bill Advances Toward Enactment, Connect on Tech (May 27, 2025), https://connectontech.bakermckenzie.com/japans-ai-bill-advances-toward-enactment/ (last visited Sept. 9, 2025). [10] 松尾剛行，〈【2025年施行】AI新法とは？AIの研究開発・利活用を推進する法律を分かりやすく解説！〉，Keiyaku-Watch，https://keiyaku-watch.jp/media/hourei/2025-ai-law/（最後瀏覽日：2025/09/11）。 [11] 人工知能関連技術の研究開発及び活用の推進に関する法律（令和7年法律第53号）第1条。 [12] 人工知能関連技術の研究開発及び活用の推進に関する法律（令和7年法律第53号）第3条。 [13] Japan Enacts AI Promotion Act: Overview and Implications for Businesses, Zelo Law Square (May, 2025), https://zelojapan.com/en/lawsquare/56899 (last visited Sept. 9, 2025). [14] 人工知能関連技術の研究開発及び活用の推進に関する法律（令和7年法律第53号）第18条。 [15] 人工知能関連技術の研究開発及び活用の推進に関する法律（令和7年法律第53号）第11-17条。 [16] 人工知能関連技術の研究開発及び活用の推進に関する法律（令和7年法律第53号）第19、21-24条。 [17] 人工知能関連技術の研究開発及び活用の推進に関する法律（令和7年法律第53号）第20条。 [18] 人工知能関連技術の研究開発及び活用の推進に関する法律（令和7年法律第53号）第25条。 [19] 人工知能関連技術の研究開発及び活用の推進に関する法律（令和7年法律第53号）第16条。 [20] 인공지능 발전과 신뢰 기반 조성 등에 관한 기본법，제1조。 [21] The Korean AI Basic Act: Asia’s First Comprehensive Framework on AI, Lexology (Mar. 17, 2025), https://www.lexology.com/library/detail.aspx?g=f91ff0fb-94ed-4aa9-b667-65d6206a7227 (last visited Sept. 9, 2025). [22] 인공지능 발전과 신뢰 기반 조성 등에 관한 기본법，제3조。 [23] 인공지능 발전과 신뢰 기반 조성 등에 관한 기본법，제13-26조。 [24] 인공지능 발전과 신뢰 기반 조성 등에 관한 기본법，제40조。 [25] 인공지능 발전과 신뢰 기반 조성 등에 관한 기본법，제7조。 [26] 인공지능 발전과 신뢰 기반 조성 등에 관한 기본법，제6-12조。 [27] 인공지능 발전과 신뢰 기반 조성 등에 관한 기본법，제31-32조。 [28] 인공지능 발전과 신뢰 기반 조성 등에 관한 기본법，제4조。 [29] 인공지능 발전과 신뢰 기반 조성 등에 관한 기본법，제33조。 [30] Seungmin (Helen) Lee, South Korea’s Evolving AI Regulations, Stimson (June 12, 2025), https://www.stimson.org/2025/south-koreas-evolving-ai-regulations/ (last visited Sept. 9, 2025). [31] 〈인공지능 발전과 신뢰 기반 조성 등에 관한 기본법 일부개정법률안〉，대한민국국회，https://likms.assembly.go.kr/bill/bi/billDetailPage.do?billId=PRC_N2M5K0S3R2R0Q1O3X5X1W1U1T7P3Q6&currMenuNo=2600044（最後瀏覽日：2025/09/09）。 [32] 〈政院通過「人工智慧基本法」草案 建構AI發展與應用良善環境 打造臺灣成為AI人工智慧島〉，行政院，https://www.ey.gov.tw/Page/9277F759E41CCD91/5d673d1e-f418-47dc-ab35-a06600f77f07（最後瀏覽日：2025/09/09）。 [33] 人工智慧基本法草案第1條。 [34] 人工智慧基本法草案第3條。 [35] 人工智慧基本法草案第4條。 [36] 人工智慧基本法草案第5條。 [37] 人工智慧基本法草案第6條。 [38] 人工智慧基本法草案第7條。 [39] 人工智慧基本法草案第14條。 [40] 人工智慧基本法草案第8條。 [41] 人工智慧基本法草案第9條。 [42] 人工智慧基本法草案第10條。 [43] 人工智慧基本法草案第11條。 [44] 人工智慧基本法草案第11條。 [45] See also: Taiwan Rolls Out Draft Artificial Intelligence Law, OCACNEWS, July 18, 2024, https://ocacnews.net/article/374412 (last visited Sept. 3, 2025). [46] 人工智慧基本法草案第14條。 [47] 人工智慧基本法草案第12條。 [48] 蘇文彬，〈行政院通過AI基本法草案，將不設立AI專責機關〉，iThome，2025/08/28，https://www.ithome.com.tw/news/170874 (最後瀏覽日：2025/09/09)。 [49] Sun Ryung Park, Less Regulation, More Innovation in Japan’s AI Governance, East Asia Forum (May 21, 2025), https://eastasiaforum.org/2025/05/21/less-regulation-more-innovation-in-japans-ai-governance/ (last visited July 4, 2025).