What is AI regulation in Bolivia?
AI regulation: countries and regions
Bolivia has no dedicated, in-force artificial intelligence law. A bill, Proyecto de Ley 178/2024-2025 on the promotion, management and use of AI, passed the Senate on 22 October 2025 and is pending in the Chamber of Deputies, but it has not been promulgated. Bolivia also lacks a comprehensive personal data protection law. Privacy rests on constitutional rights and a narrow telecommunications regime, with AGETIC and the telecoms regulator ATT as the relevant agencies.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
There is, as of mid-2026, no specific statute governing artificial intelligence in Bolivia. What exists is a draft bill that the Senate approved in October 2025 and sent to the Chamber of Deputies, where it remains under review. Until the Chamber of Deputies passes it and the executive promulgates it, the bill creates no binding duties. Its prospects are uncertain because a new government and legislature took office after the 2025 general elections.
Bolivia is also unusual in Latin America for having no comprehensive personal data protection law. Most countries in the region (Argentina, Brazil, Chile, Colombia, Mexico, Peru, Uruguay and others) have one; Bolivia does not. Instead, privacy protection rests on the 2009 Constitution, which guarantees rights to privacy and to information self-determination and provides a constitutional remedy, the Action for Protection of Privacy (Bolivia's version of habeas data), plus a narrow data rule inside the telecommunications regime.
For organisations, the practical position is that AI use in Bolivia is governed today by general law: the Constitution, the telecoms Law 164 and its decrees, consumer and financial-sector rules, and the Criminal Code. There is no AI regulator, no statutory algorithmic-transparency duty and no national data protection authority.
Why it matters
The absence of a dedicated framework does not mean AI is risk-free to deploy in Bolivia. It means the rules are scattered and the gaps are large. There is no data protection authority to register with, no statutory data-breach notification duty and no formal data protection impact assessment requirement. That lowers the compliance burden but raises legal uncertainty: individuals can still bring constitutional privacy actions, civil damages claims and criminal complaints over the misuse of personal data or automated decisions.
For founders, operators and governance leads, this creates a planning problem. If the AI bill is enacted in something like its current form, AGETIC would gain supervisory and sanctioning powers, the bill sets seven prohibited uses, and a dedicated personal data protection law would be mandated within 180 days. Organisations that build AI systems now without documentation, human oversight and privacy controls could face a sudden compliance step-up. Treating international standards as a baseline is the pragmatic course while the law settles.
How it works
No dedicated AI statute is in force
As of mid-2026 Bolivia has no enacted AI law. The Senate (Camara de Senadores) approved Proyecto de Ley 178/2024-2025, titled "Promocion, Gestion y Uso de la Inteligencia Artificial", on 22 October 2025 and referred it to the Chamber of Deputies (Camara de Diputados) for constitutional review. The bill, introduced by Senator Claudia Eguez Algaranaz (Creemos alliance, Beni), was passed in the outgoing legislature's final sessions before its close. It has not been promulgated and carries no Ley number. A bill at this stage imposes no legal duties.
What the pending bill would do
The bill has 31 articles and two transitional provisions. Its article 23 designates AGETIC, the existing electronic-government and ICT agency, as the entity charged with supervising and regulating AI use, with power to issue regulations and impose administrative sanctions for infractions, which it classes as contraventions rather than crimes. Press and analysts also describe the bill as creating a "Regulatory Authority for Artificial Intelligence" (often abbreviated ARIA), but the operative regulator named in the text is AGETIC. Transitional provisions give the executive 90 days to issue implementing regulations and give AGETIC 180 days to produce technical guidelines and a National AI Strategy. The bill sets seven prohibited uses, contained in articles 12 to 18, including subliminal manipulation, exploiting vulnerabilities of age or disability, social scoring, and mass facial recognition without judicial authorisation, and it mandates a dedicated personal data protection law within 180 days.
No comprehensive data protection law
Bolivia has no general data protection statute and no data protection authority. Privacy protection rests on the 2009 Constitution: article 21 guarantees rights to privacy, intimacy, honour and one's own image, and articles 130 and 131 establish the Action for Protection of Privacy, a habeas-data-style remedy allowing a person to access, object to, correct or delete data held in public or private databases. The only sector-specific data rule sits in telecommunications: Law 164 of 2011 and Supreme Decree 1793 of 2013 impose confidentiality and personal-data duties on telecoms and ICT operators. These can be invoked by analogy but are not a general regime. AGETIC has prepared a draft personal data protection law (anteproyecto) and socialised it with the legislature and civil society, but it has not been enacted.
Which agencies are relevant
Two public bodies matter. The ATT (Autoridad de Regulacion y Fiscalizacion de Telecomunicaciones y Transportes) regulates and supervises telecommunications, ICT, postal and transport services under Law 164; it is not an AI or data protection regulator. AGETIC (Agencia de Gobierno Electronico y Tecnologias de Informacion y Comunicacion), created in 2015 and attached to the Ministry of the Presidency, leads digital government and would be the designated AI supervisor if the bill is enacted. AGETIC also leads Bolivia's Agenda Digital 2030, a digital-transformation policy whose pillars include digital government, the digital economy, and the legal framework and governance of digital transformation.
Regional and international context
Bolivia is a UNESCO member state and so is within the scope of UNESCO's 2021 Recommendation on the Ethics of Artificial Intelligence, a non-binding standard. Regional benchmarking places Bolivia near the bottom: in the ECLAC and CENIA Latin American Artificial Intelligence Index (ILIA) 2024, Bolivia ranked 16th of 19 countries with 26.00 out of 100, in the "explorer" category, scoring just 10.06 on governance with no national AI strategy; in ILIA 2025 it fell to 18th of 19. The pending bill, if enacted, would move Bolivia from having no framework toward a comprehensive one in a single step, which observers including the analysis published via eju.tv and the law firm Dentons describe as making it one of the first countries in the region to attempt an integral AI framework.
Examples
Deploying an AI hiring or credit-scoring tool. There is currently no statutory ban on automated decision-making or profiling in Bolivia and no data protection authority to notify. But an affected person could bring an Action for Protection of Privacy under the Constitution to access or correct the data used, or sue for damages. The pending bill would prohibit social scoring and profiling based solely on personal characteristics, so a tool built now may need redesign later.
Using facial recognition. Bolivia has no specific facial-recognition law today. The pending bill would prohibit mass facial recognition without prior judicial authorisation. An operator planning a deployment should treat judicial authorisation and a documented privacy assessment as the likely future baseline.
Handling customer data for an AI product. With no general data protection law, there is no formal breach-notification duty or impact-assessment requirement. Civil-society guidance produced in Bolivia (for example by Fundacion InternetBolivia.org) urges organisations to adopt international standards such as the EU GDPR voluntarily, because a national law is expected and reputational and contractual expectations already point that way.
Common misunderstandings
"Bolivia has passed an AI law." It has not. The Senate approved a bill in October 2025, but it is pending in the Chamber of Deputies and has not been promulgated. Be careful: some online sources confuse Bolivia with Peru's Law 31814, which is a different country's statute.
"Bolivia has a GDPR-style data protection law." It does not. Bolivia is one of the few countries in the region without a comprehensive personal data protection law or a data protection authority.
"There is an AI regulator in Bolivia." There is none today. If the bill is enacted, AGETIC would be the supervisor; ARIA is a label used in press coverage, not an operating institution.
"The Constitution does nothing about data." It does provide a real remedy. The Action for Protection of Privacy (articles 130 to 131) lets individuals access, correct or delete their data and protects privacy and image, but it is a case-by-case constitutional action, not a regulatory regime.
"No law means no legal risk." General law still applies: constitutional privacy actions, civil liability and Criminal Code provisions on misuse of computer data can all be triggered.
Risks and boundaries
This article describes the legal position as of mid-2026 and is not legal advice. The central boundary is that Bolivia has no dedicated, in-force AI law and no comprehensive data protection law. The most important uncertainty is the AI bill: it passed only the Senate, remains pending in the Chamber of Deputies, and has not been promulgated. Its future is genuinely unsettled because a new government and legislature took office after the 2025 elections, and the bill was passed in the outgoing legislature's final sessions.
Details of the bill, including the exact list of seven prohibitions, the article numbers and the precise name and powers of the regulator, come substantially from press and analyst reporting rather than a verified official full text, and could change during the legislative process. Treat specific figures (31 articles, articles 12 to 18 for the prohibitions, 90-day and 180-day deadlines) as the position of the Senate-approved draft, not settled law. The data protection anteproyecto prepared by AGETIC is likewise a draft, not an enacted statute.
What to do next
Do not assume "no law" means "no obligations". Map your AI and data processing against general Bolivian law: constitutional privacy rights, the telecoms data rules where relevant, consumer and financial-sector rules, and the Criminal Code.
Adopt a recognised baseline now. Use a risk-based approach and an AI impact assessment, and align personal data handling to a credible standard such as the EU GDPR, because Bolivia's pending bill and draft data law both point that way.
Track the bill. Watch the Chamber of Deputies and the Gaceta Oficial for promulgation. If enacted, expect AGETIC supervision, a 90-day window for implementing regulations, a National AI Strategy within 180 days, and a mandated data protection law.
Build for the prohibitions. Avoid designs that rely on social scoring, manipulation, exploitation of vulnerable groups, or mass facial recognition without judicial authorisation, since these are the uses the draft would ban.
Document human oversight and explainability. These are durable expectations across the UNESCO recommendation and the draft bill, and they reduce exposure to constitutional privacy actions and civil claims.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does Bolivia have an artificial intelligence law?
No. There is no dedicated AI law in force. A bill (Proyecto de Ley 178/2024-2025) passed the Senate on 22 October 2025 and is pending in the Chamber of Deputies; it has not been promulgated.
Who regulates AI in Bolivia?
No agency regulates AI specifically today. If the pending bill is enacted, AGETIC, the electronic-government and ICT agency, would be the designated supervisor with power to issue regulations and impose administrative sanctions.
Does Bolivia have a data protection law?
No comprehensive one. Bolivia is among the few countries in Latin America without a general personal data protection law or a data protection authority. Protection rests on constitutional rights and a narrow telecoms rule.
How are privacy rights protected then?
The 2009 Constitution guarantees privacy and information self-determination and provides the Action for Protection of Privacy (articles 130 to 131), a habeas-data-style remedy to access, correct or delete personal data.
What is the role of the ATT?
The ATT (Autoridad de Regulacion y Fiscalizacion de Telecomunicaciones y Transportes) regulates telecommunications, ICT, postal and transport services under Law 164. It is not an AI or data protection regulator.
What would the pending AI bill ban?
It sets seven prohibited uses in articles 12 to 18, including subliminal manipulation, exploiting vulnerabilities of age or disability, social scoring, and mass facial recognition without judicial authorisation.
Is Bolivia bound by international AI rules?
As a UNESCO member state, Bolivia is within the scope of the 2021 UNESCO Recommendation on the Ethics of Artificial Intelligence, which is a non-binding standard rather than enforceable law.
What should organisations do while the law is unsettled?
Adopt a risk-based approach, run AI impact assessments, align data handling to a credible standard such as the EU GDPR, and track the Chamber of Deputies and official gazette for promulgation.