What is AI regulation in Armenia?
AI regulation: countries and regions
As of June 2026, Armenia has no dedicated, binding artificial intelligence law, bill or AI regulator. AI is governed indirectly through the Law on Protection of Personal Data (HO-49-N, 2015), enforced by the Personal Data Protection Agency within the Ministry of Justice, plus sectoral rules and international commitments. Armenia signed the Council of Europe Framework Convention on AI on 27 January 2026, but that treaty is not yet domestic law. A national AI-specific strategy has not been formally adopted.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
Armenia does not yet have a stand-alone AI statute comparable to the EU AI Act. Instead, anyone deploying AI in Armenia must work within existing laws: the data protection law, the constitution's privacy guarantees, sectoral financial and labour rules, and Armenia's treaty obligations. Officials, including the Minister of High-Tech Industry, have openly said Armenia needs to develop AI regulation while not stifling technology. Deputy Minister of Justice Karen Karapetyan has stated that, while AI is rapidly advancing globally, Armenia currently lacks adequate legal regulations to manage its use.
The most relevant binding instrument is the Law on Protection of Personal Data (HO-49-N), adopted on 18 May 2015 and fully enforced from 1 July 2016. It regulates how personal data is processed, requires a lawful basis (usually consent), and is overseen by the Personal Data Protection Agency (PDPA), a subdivision of the Ministry of Justice. The law was not written with AI in mind and contains no AI-specific provisions, so it offers only indirect protection when AI processes personal data.
Armenia's policy energy has gone into promotion rather than regulation: a Digitalisation Strategy for 2021 to 2025, a Ministry of High-Tech Industry, large AI infrastructure projects, and international partnerships. Binding AI-specific rules remain a future project.
Why it matters
For organisations deploying AI in Armenia, the practical reality is a light-touch, gap-filled environment. There is no AI risk classification, no mandatory AI impact assessment, no AI registration regime, and no AI regulator. But that does not mean there are no rules: data protection obligations, constitutional privacy rights, consumer and sectoral rules, and Convention 108+ commitments all apply. Foreign companies serving EU clients face the EU AI Act regardless of Armenia's lighter regime. Firms operating in Armenia should expect the framework to tighten as Armenia implements its Council of Europe treaty commitments and deepens EU ties.
How it works
No dedicated AI law yet
Armenia has not enacted any binding statute specifically regulating AI, nor is there an AI-specific bill before parliament. There is no AI regulator and no risk-based AI classification. This is confirmed by independent monitors and by Armenian officials themselves. The OECD/SIGMA review of public administration in Armenia found that initial steps toward AI governance have been taken but no public sector strategy or regulation is yet in place, and that there are no legal acts regulating the use of algorithms in decision-making.
The personal data protection law
The core binding instrument touching AI is the Law on Protection of Personal Data (HO-49-N), adopted 18 May 2015, signed by the President on 13 June 2015, and fully enforced from 1 July 2016. It requires a lawful basis for processing (consent is the primary basis), purpose limitation, data minimisation, data security, and grants data subjects rights to access, rectify, block and delete their data. Biometric and special category data receive extra protection. The law contains no AI-specific provisions and was not designed for automated decision-making.
The supervisory authority
The Personal Data Protection Agency (PDPA) is the authorised body, operating as a separate subdivision of the Ministry of Justice. It can investigate, order corrective measures, ban processing, and impose administrative fines under the Code on Administrative Offences. Fines are low, ranging from 50,000 to 500,000 Armenian drams. The PDPA is small and under-resourced. According to the Chambers and Partners Data Protection and Privacy 2025 guide, its 2023 annual report marked a turning point, as the PDPA initiated its first administrative proceedings that resulted in the imposition of administrative fines, although in most challenged cases the courts eventually annulled those acts.
Institutional landscape
The Ministry of High-Tech Industry leads digital and AI policy. It signed a memorandum with Mistral AI in Paris on 10 February 2025, concluded by First Deputy Minister Gevorg Mantashyan and Mistral AI CEO Arthur Mensch, who said the Armenian AI ecosystem is flourishing and that Mistral was proud to help its administration, startups and talents. The Ministry has also partnered with Amazon Web Services and launched an AI Virtual Institute (ai.gov.am). The Information Systems Agency of Armenia (ISAA) handles operational digital government work. The PDPA handles data protection. There is no dedicated AI agency.
International alignment
Armenia has been a party to Council of Europe Convention 108 since 2012 and was the first state to ratify the modernised Convention 108+ in January 2022. Its Foreign Minister Ararat Mirzoyan signed the Council of Europe Framework Convention on Artificial Intelligence (STCE No. 225) in Strasbourg on 27 January 2026, alongside Secretary General Alain Berset, making Armenia the 19th signatory, but Armenia has not ratified it. Armenia's EU Comprehensive and Enhanced Partnership Agreement (CEPA), in force since 1 March 2021, includes a commitment to a high level of personal data protection aligned with EU and Council of Europe standards.
Examples
1. A fintech firm in Yerevan using an AI credit-scoring model has no AI-specific law to follow, but must comply with the data protection law: lawful basis, purpose limitation, data security, and sectoral rules on credit information. It must be ready for PDPA scrutiny.
2. The government is supporting large AI compute infrastructure, including Firebird's 18MW data centre in Hrazdan, a 500 million USD first phase deploying 6,144 NVIDIA Blackwell GPUs and expanding in a 4 billion USD second phase, alongside an NVIDIA supercomputer destined for Yerevan State University. These raise data governance and sovereignty questions but are not governed by any AI statute.
3. In August 2025, amendments to the Law on Police enabled real-time biometric facial recognition surveillance, effective 9 August 2025. Human Rights Watch's Giorgi Gogia warned that mass surveillance in public spaces would have a chilling effect on fundamental civil and political rights, and the Armenian Center for Political Rights noted Armenia has no legal framework to govern AI use, including facial recognition. This illustrates how AI use is advancing faster than regulation.
Common misunderstandings
1. "Armenia has an AI law." It does not. There is no binding AI statute or AI regulator as of June 2026.
2. "Signing the Council of Europe AI Convention means AI is now regulated." Signature signals intent; the treaty is not yet ratified or transposed into Armenian domestic law.
3. "The data protection law covers AI." It applies to AI that processes personal data, but it has no AI-specific provisions and predates modern AI.
4. "Armenia has adopted a national AI strategy." It has not formally adopted a dedicated AI strategy; it has a broader Digitalisation Strategy for 2021 to 2025 and a high-tech sector programme still pending approval.
5. "Armenia's data protection regime is equivalent to the GDPR." It is broadly consistent with international standards but has lower fines, lacks the full controller and processor distinction, and has weaker enforcement.
Risks and boundaries
This article describes a developing, largely promotional governance landscape, not a mature regulatory regime. Key limits: there is no dedicated AI law, no AI risk framework, and no AI impact assessment requirement. The data protection law offers only indirect protection for AI. The PDPA is under-resourced and its functional independence is questioned because it sits inside the Ministry of Justice. Legal status is uncertain and changing: the Council of Europe AI Convention is signed but not ratified, and a high-tech strategic programme that the Prime Minister's office said in January 2026 was planned for approval in the first half of 2026 remained pending at the time of writing. Readers should verify the current status before relying on any single point.
What to do next
Treat AI in Armenia as governed by data protection law and general law, not a bespoke AI regime. Build a lawful basis for any personal data your AI processes, document it, and apply data minimisation and security. Watch the Council of Europe AI Convention ratification and the pending high-tech strategic programme. If you serve EU clients, align with the EU AI Act, which will be the binding standard regardless of Armenia's lighter regime. Engage with the Ministry of High-Tech Industry and PDPA early on sensitive deployments.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does Armenia have a dedicated AI law?
No. As of June 2026 there is no binding AI statute, no AI-specific bill before parliament, and no AI regulator.
What law applies to AI in Armenia?
Mainly the Law on Protection of Personal Data (HO-49-N, 2015), plus constitutional privacy rights, sectoral rules, and international treaties.
Who enforces data protection in Armenia?
The Personal Data Protection Agency (PDPA), a subdivision of the Ministry of Justice, with powers to investigate, order corrections, ban processing and impose fines.
Has Armenia signed the Council of Europe AI Convention?
Yes, on 27 January 2026, but it has not been ratified and is not yet domestic law.
Does Armenia have a national AI strategy?
No formally adopted dedicated AI strategy. It has a Digitalisation Strategy for 2021 to 2025 and a pending high-tech sector programme.
How does Armenia compare with Georgia and Azerbaijan?
Georgia adopted a GDPR-aligned data protection law in 2023; Azerbaijan relies on a 2010 personal data law. None of the three has a dedicated binding AI law.
Is Armenia's data law equivalent to the GDPR?
Broadly consistent with international standards but with lower fines and weaker enforcement; it is not equivalent.