What is AI regulation in Argentina?
AI regulation: countries and regions
As of 6 June 2026, Argentina does not have a single national AI Act. AI is regulated through a mix of existing data protection law, constitutional privacy rights, public sector governance measures, regulator guidance and pending legislative proposals. The binding core is still Law 25.326 on personal data protection and its regulations. Around that core, Argentina has issued trustworthy AI recommendations, AAIP guidance on transparency and data protection in AI, tools for international data transfers, and several AI and data reform bills that remain unpassed.
What this means
In Argentina, "AI regulation" currently means managing how AI systems collect data, affect people, support decisions and are deployed in public or private settings. It is not the same thing as a single AI code. The country is still relying mainly on older privacy law, constitutional guarantees, transparency duties and sector-specific supervision, then adding newer AI guidance around them.
That makes Argentina different from jurisdictions that already have a comprehensive AI statute. It sits in an incremental Latin American camp: a relatively mature data protection jurisdiction, with soft law and public policy moving faster than Parliament. For most organisations, the practical question is not whether AI is totally unregulated. It is which existing legal duties already apply now, and which new duties may arrive next.
This matters because Argentina's official direction of travel is now visible. The State has issued trustworthy AI recommendations, created an interministerial coordination table, published a detailed AAIP guide for public and private entities, refreshed parts of the sanctions machinery for data protection, and kept broader AI and data reform on the legislative agenda.
Why it matters
If you build, buy or deploy AI in Argentina, the absence of a national AI Act does not mean the absence of legal risk. Personal data law, transparency expectations, human rights principles and international transfer rules can already affect model training, fine tuning, profiling, automated support tools, generative AI use, vendor contracting and public sector procurement.
That is especially important for systems used in hiring, scoring, customer analytics, fraud prevention, health, education, public administration and any workflow that relies on profiling or affects a person's opportunities, treatment or access to services. In Argentina, the main compliance trigger is usually not the label "AI" itself. It is what the system does with personal data, whether people can understand and challenge it, and whether the organisation can show accountability, traceability and human control where they matter most.
How it works
The current model is a patchwork, not an AI Act
Argentina has no comprehensive national AI law in force. The clearest current model is a layered one. Existing privacy law remains binding. Newer AI material sits around it as guidance, coordination and policy. That includes the June 2023 "Recomendaciones para una Inteligencia Artificial Fiable" for the national public administration, the August 2023 creation of an AAIP programme on transparency and personal data protection in AI, the 2023 interministerial AI table, and strategic innovation policy adopted in 2025 that treats AI as a priority enabling technology. The 2025 strategic guidelines are notable because they openly favour "evolutive" and non restrictive frameworks, which signals that the executive currently sees AI governance as something to be built gradually, not through one sweeping prohibition-first statute.
In practical terms, that means organisations should think in layers. First, identify the existing law already triggered by the use case. Then add the AI-specific governance expectations that official guidance now makes visible. Finally, track legislative change because Parliament is clearly active even though it has not yet enacted a national AI framework.
Data protection is the main binding layer
The legal centre of gravity is still Law 25.326 on personal data protection, plus its regulatory decree and AAIP enforcement powers. That regime was drafted long before generative AI, but it still matters for AI because it governs the collection, storage, use, transfer and security of personal data in automated processing. It also gives people rights to know what data is held about them, why it is held and, where appropriate, to seek rectification, updating, suppression or confidentiality.
For AI teams, the practical binding duties come from familiar privacy basics: lawful collection, clear information notices, purpose discipline, data quality, security, contracts with processors, responses to access or correction requests, and a defensible approach to data transfers and retention. If an AI project uses or infers personal data, these duties are already engaged. That remains true even where the organisation thinks of the system as "analytics" or "automation" rather than AI.
Argentina also still has an active enforcement architecture. The AAIP is the control authority for Law 25.326, and the decree allows investigations, inspections and sanctions. In May 2024 the AAIP refreshed the infringement classification and sanction-grading regime, which matters because it updates the enforcement playbook even though the statute itself still reflects an older monetary structure.
Automated decisions are a live risk area
Argentina's black letter law is stronger on personal data rights than on a modern, explicit AI-specific regime for automated decisions. That is an important distinction. The current domestic framework does not yet look like the EU AI Act, and it does not yet provide one clean national chapter dedicated only to algorithmic decisions. But the pressure points are visible.
Official Argentine AI guidance repeatedly stresses explainability, transparency, traceability, impact assessment, bias control, complaint channels and human oversight. The 2023 trustworthy AI recommendations say final responsibility cannot be delegated to the system, and that people should be able to request explanations where AI supports or shapes decisions. The AAIP guide takes the same direction for public and private entities, linking AI deployment to privacy by design, risk management and auditability.
Internationally, Argentina is already party to Convention 108, and it ratified the modernised Convention 108+ in 2023. But as of June 2026 that modernised protocol had still not entered into force internationally, because it remained below the 38-ratification threshold. So its stronger language on automated processing and human review is best treated, for now, as a clear signal of direction rather than as a fully operative new domestic AI rights layer.
Soft law now fills much of the AI gap
Two soft law instruments matter most.
The first is the June 2023 trustworthy AI recommendations issued by the Subsecretariat of Information Technologies. They were framed for public sector use, but they are useful far beyond government because they set out the State's own baseline vocabulary: fairness and non discrimination, privacy and data protection, security, human supervision, transparency, explainability, accountability, education and risk review across the project lifecycle.
The second is the AAIP's guide for public and private entities on transparency and protection of personal data for responsible AI. This is the most operational official document currently available. It walks through the lifecycle of an AI system, from design to validation, implementation and maintenance. It recommends privacy by design, risk matrices, impact assessment where risks are higher, data and metadata quality checks, traceability, auditability, explainability, complaint channels and publication of basic system information for transparency.
Neither document is a statute. But both are regulatory signals. In a jurisdiction without a national AI Act, they show what good governance looks like to the public bodies most likely to scrutinise AI use. That makes them operationally important for procurement, internal control, vendor management and incident response.
International data use is regulated already
Many AI projects in Argentina involve cloud hosting, offshore model providers, external labelling, cross-border analytics teams or regional data architectures. Argentina's transfer rules therefore matter immediately. Law 25.326 restricts transfers to destinations that do not provide an adequate level of protection, subject to legal exceptions. In October 2023 the AAIP approved model contractual clauses for international transfers, giving organisations a standardised tool to document safeguards.
For practical governance, that means cross-border AI use should not be left to procurement boilerplate. Teams need to map where personal data goes, which party is controller or processor, what purpose the transfer serves, what security and deletion commitments apply, and whether the chosen transfer mechanism fits the destination and the role of the vendor.
The direction of travel is clearer than the rulebook
Argentina's policy direction is now easier to read than its final legal endpoint. The executive has created coordination structures for AI, prioritised AI in national science and innovation planning, and promoted AI deployment through innovation policy and funding calls. At the same time, the AAIP has tried to modernise both data protection and AI governance through guidance, participation in Convention 108 institutions and transfer tools.
Congress is active too. The AAIP-led personal data reform project was publicly prepared in 2022 and sent to Congress in 2023. It would have modernised the privacy framework with accountability logic, stronger controller duties, impact assessments, delegated responsibility and clearer treatment of automated processing. Separate AI bills multiplied in 2025, including broad framework proposals, public sector measures and institution-building ideas. But none of those bills had become a national AI law by 6 June 2026.
So the near term picture is this: Argentina is moving towards denser AI governance, but it is doing so through privacy law, soft law, public policy and legislative experimentation rather than through a single enacted AI statute.
Examples
A real public sector workflow already exists in the June 2023 trustworthy AI recommendations. They organise AI governance around the stages of a project, not just the final tool. In practice, that means defining purpose early, assigning human responsibility, identifying data and bias risks, preserving human supervision, documenting key decisions and making room for explanations and accountability before a system is rolled into operations.
A second real workflow appears in the AAIP programme and guide. The AAIP's approach is to treat responsible AI as a lifecycle issue. The guide moves from design to validation, implementation and maintenance, and expects privacy by design, impact assessment for riskier processing, data quality controls, traceability, auditability, retention decisions and channels for information or complaint. For organisations, that is a usable governance sequence even though it is guidance rather than statute.
A third real workflow is already available for international data transfers. Since October 2023, organisations that need to send personal data abroad for AI related processing can use AAIP approved model contractual clauses. That turns a vague transfer question into a documented legal task: identify the transfer, choose the transfer route, define party roles, allocate security and confidentiality duties, and keep the terms consistent with Argentine data protection law.
Common misunderstandings
Argentina already has a national AI Act. It does not. The current framework is still a mix of privacy law, soft law, public policy and pending bills.
If there is no AI Act, there are no AI compliance duties. Wrong. Personal data protection, transparency, transfer rules and sector-specific obligations can already apply.
Convention 108+ already rewrote Argentine AI law. Not yet. Argentina ratified it in 2023, but the modernised protocol had still not entered into force internationally by June 2026.
The AAIP guide is legally binding in the same way as a statute. It is not. It is guidance, but it is influential guidance from the authority most relevant to privacy-heavy AI uses.
Only model developers need to worry. In practice, deployers, buyers, public bodies and any organisation acting as a controller or processor may carry the more immediate compliance burden.
Risks and boundaries
The main limitation of Argentina's current framework is fragmentation. Law 25.326 still does a great deal of the heavy lifting, but it is a 2000 statute being asked to govern modern AI practices. That creates room for interpretation. Some expectations that matter greatly for AI, such as detailed accountability duties, structured impact assessment and clearer rights around automated decisions, are much more visible in guidance and proposed reforms than in current black letter law.
There is also a status issue to keep in mind. The 2023 AAIP led project to modernise data protection is not in force. The 2025 wave of AI bills is also not in force. And while Argentina has ratified Convention 108+, the modernised instrument had still not entered into force internationally by June 2026. Each of those items is important for direction, but none should be mistaken for an enacted national AI statute.
Finally, national and subnational developments should not be confused. Provinces can issue their own internal public sector AI rules, but those do not create a single national AI regime. For organisations operating across Argentina, the safe reading is that current duties are use case specific, privacy led and evidence hungry. A one page "AI compliant" checklist is unlikely to be enough.
What to do next
Start with an inventory. List every AI use case touching Argentina, then separate the ones that process personal data, support or influence decisions about people, or rely on international transfers. Those are the uses most likely to trigger the current framework.
Then build evidence, not slogans. For each higher risk use, document purpose, data sources, vendor roles, transfer paths, security controls, retention, human review points, explainability needs and complaint routes. If the use is public facing or public sector adjacent, add a transparency record that can be disclosed clearly.
Use the AAIP guide and the 2023 trustworthy AI recommendations as your working governance baseline, even where they are not formally binding. They are the clearest statement of what Argentine authorities currently expect good practice to look like.
Finally, keep watching two moving fronts: privacy reform and AI bills in Congress. Argentina's current model is manageable if you treat it as a living framework. It becomes harder only when teams assume the law has stood still because Parliament has not yet passed an AI Act.
FAQs
Does Argentina currently have a national AI law in force?
No. As of 6 June 2026, Argentina does not have a single national AI Act. The operative framework is mainly Law 25.326 on personal data protection, its regulations, official AI guidance and pending but unpassed bills.
Which authority matters most for AI regulation in Argentina?
There is no single AI regulator. The AAIP matters most where personal data, transparency and data transfers are involved. Other sectoral authorities can matter depending on the use case, while the executive has also created an interministerial AI coordination table.
Does Argentina's personal data law apply to AI training and deployment?
Yes, if the project involves personal data. That includes collection, storage, reuse, profiling, transfer and other automated processing involving identifiable people or data that can realistically be linked back to them.
Are solely automated decisions specifically banned?
Argentina does not yet have a national AI statute with a broad standalone ban. But official guidance strongly points towards explainability, human oversight and the ability for affected people to seek information or challenge harmful treatment.
Can an Argentine company send personal data abroad for AI processing?
Yes, but not casually. Article 12 of Law 25.326 regulates transfers, and since 2023 the AAIP has provided model contractual clauses to help document safeguards for international transfers.
Is the AAIP guide legally binding?
No, it is guidance rather than a statute or regulation. But it is still highly important because it shows how the main data protection authority expects organisations to manage responsible AI.
Has Convention 108+ already taken effect for Argentina?
Argentina ratified the modernised Convention 108+ in 2023, but as of June 2026 the protocol had still not entered into force internationally, so it is best read as a strong signal of direction rather than a fully operative new domestic AI regime.
Is Argentina moving towards a stricter AI framework?
Probably yes, but gradually. The clearest near term path is stronger governance through privacy reform, transfer controls, public sector guidance and selected legislation, rather than one immediate all-in-one AI code.