1. ASEAN Responsible AI Roadmap (2025-2030)
The Association of Southeast Asian Nations released the ASEAN Responsible AI Roadmap (2025-2030) .
The Roadmap is developed to provide actionable steps for ASEAN policymakers and stakeholders to create the ideal conditions for responsible AI to flourish in the region, as well as for AMS to leverage and enable responsible AI in a meaningful, impactful, and sustainable manner by 2030.
The Roadmap provides customized and step-by-step guidance for ASEAN governments to prioritize and operationalize responsible AI in an integrated and interoperable manner.
https://asean.org/book/asean-responsible-ai-roadmap-2025-2030
2. Singapore: PDPC issued three Undertakings
The new Undertakings reveals breaches stemming from various attacks mainly due to cyber-attacks such as ransomeware and phishing, affecting the personal data of over 49,367 individuals.
In response, the affected organisations are to implement remediation plans to rectify the immediate breach and address any systemic shortcomings to ensure compliance with the PDPA on a continual basis, such as:
- Encrypt all sensitive data and login credentials
- Perform periodic vulnerability assessments and penetration testing for all systems, network and target vectors
- Conduct periodic training for employees on cybersecurity and data protection to raise their awareness on best practices and PDPA obligations.
https://www.pdpc.gov.sg/news-and-events/announcements/2025/02/new-undertakings-on-27-february-2025
3. China mandates labels for all AI-generated content in fresh push against fraud, fake news
China has released a set of guidelines on labeling internet content that is generated or composed by artificial intelligence (AI) technology, which are set to take effect on Sept. 1.
The guidelines, issued by authorities including the Cyberspace Administration of China (CAC), are aimed at promoting the healthy development of the AI sector and helping internet users spot false information.
https://english.news.cn/20250315/e1015e35a7f149b4b620ec8626d974b2/c.html
4. China Tightened Facial Recognition Regulations
In response to growing public concerns about privacy violations and data security, the Cyberspace Administration of China (CAC) and the Ministry of Public Security (MPS) have jointly introduced the Security Management Measures for the Application of Facial Recognition Technology, aimed at regulating the use of facial recognition technology.
These measures, set to take effect on June 1, 2025, are designed to safeguard personal information rights while ensuring that the technology is applied responsibly and lawfully.
https://www.china-briefing.com/news/china-facial-recognition-regulations-2025
5. KOREA: DeepSeek Temporarily Suspends Its Application Service in Korea
DeepSeek has temporarily suspended its service in Korea as of February 15, 2025, to enhance compliance with the Personal Information Protection Act (PIPA). The company plans to resume service once necessary improvements are made.
Although new downloads of the DeepSeek app have been suspended, existing users can continue to access the service. The PIPC urges users to exercise caution and avoid entering personal information into the chatbot until the PIPC’s ex-ante examination is complete. Users who have already downloaded the app or access it via the web are advised to refer to the PIPC’s card news on “How to Use Generative AI While Securing Your Personal Information.”
https://www.pipc.go.kr/eng/user/ltn/new/noticeDetail.do
6. KOREA: The PIPC Wins Lawsuits against Google and Meta
The Seoul Administrative Court upheld the Personal Information Protection Commission (PIPC)’s sanction against Google LLC (Google) and Meta Platforms, Inc. (Meta) in separate rulings on January 22, 2025.
The PIPC started launching investigations into Google and Meta’s processing of personal data associated with targeted advertising and imposed KRW 69.2 billion (USD 48 million) on Google and KRW 30.8 billion (USD 21 million) on Meta for collecting the users’ online behavioral data for targeted advertising purposes without obtaining proper consent, along with correction orders, in September 2022.
https://www.pipc.go.kr/eng/user/ltn/new/noticeDetail.do
7. Malaysia: Guidelines Issued on Data Breach Notification and Data Protection Officer Appointment
The Personal Data Protection Commissioner of Malaysia (“Commissioner”) recently released guidelines that flesh out requirements, titled the Guideline on Data Breach Notification (“DBN Guideline”) and the Guideline on Appointment of Data Protection Officer (“DPO Guideline”). With the data breach notification and DPO appointment requirements set to come into force on 1 June 2025, organisations subject to the PDPA, whether data controllers or processors, are recommended to understand and adapt to these guidelines to ensure compliance.
8. Hong Kong’s PCPD publishes guidelines regarding employees’ use of Gen AI
With the growing adoption of generative AI (Gen AI) in Hong Kong, the Office of the Privacy Commissioner for Personal Data (PCPD) has published the Checklist on Guidelines for the Use of Generative AI by Employees.
The Guidelines aim to assist organisations in developing internal policies or guidelines on the use of Gen AI by employees at work, while complying with the requirements of the Personal Data (Privacy) Ordinance (PDPO).
