What is AI regulation in Chile?
Global AI regulation
As of 4 June 2026, Chile does not yet have a standalone AI Act in force. Its current AI framework is a mix of the 2021 National AI Policy, public sector guidance on responsible AI use, transparency recommendations for automated public decision systems, and a comprehensive bill still moving through Congress. That bill would regulate AI mainly through risk-based categories, technical and governance duties, a national advisory structure, and enforcement led by the future data protection authority.
What this means
Chile's AI position is easiest to understand as three layers. First, there is a national policy that sets the country's strategic direction on AI. Second, there are public sector governance measures, especially for transparency, privacy and responsible use in state bodies. Third, there is a proposed law that would create Chile's first cross-sector AI statute.
That matters because people often treat these layers as if they were the same thing. They are not. The National AI Policy is not itself a statute. The bill is not yet enacted. At the same time, AI use in Chile is not unregulated, because data protection, transparency, consumer and cyber rules already apply, and public authorities are already being pushed to document and explain automated systems.
Chile's draft law is also notable for where it puts the focus. The Chamber stage shifted the framing from regulating AI "as a technology" to regulating the uses of AI systems. In practice, this means the same tool may face different obligations depending on what it is used for, who deploys it and what kind of risk it creates.
Why it matters
For organisations building, buying or deploying AI in Chile, the practical signal is already clear even before the law passes. Chile is moving toward a risk-based model with stronger expectations around human oversight, transparency, data governance, cyber resilience, documentation, incident handling and sector coordination. If you operate across Latin America, Chile is one of the markets where a more structured national framework is clearly taking shape.
The immediate stakes differ by role. Founders and product teams need to know whether a use could be treated as unacceptable, high risk or limited risk. Buyers and governance leads need better contract language on operator roles, logging, post-deployment monitoring and synthetic content labelling. Public bodies and suppliers to government need to watch transparency and explainability closely, because Chile already has public sector guidance and transparency recommendations in play.
It also matters because the draft bill connects AI oversight to institutions outside classic tech policy. The proposed model links AI to data protection, digital government, transparency and cybersecurity. That means compliance will not sit in one narrow legal box. It will sit across legal, procurement, security, product and public affairs teams.
How it works
The current position in Chile
As of 4 June 2026, Chile does not have an enacted, standalone AI act. The current position is a layered one. The 2021 National AI Policy remains in force. Public bodies are already subject to official guidance on responsible AI use and to transparency recommendations for automated and semi-automated systems. General law, especially personal data, public transparency, consumer protection and cyber rules, still applies when AI is used.
This distinction is important. AI regulation in Chile is not yet a single operative code for the private and public sectors. It is a build-up of policy, administrative guidance, transparency practice and a pending bill that would turn much of that direction into a more formal statutory framework.
The National AI Policy
Chile's National AI Policy was published in 2021 and is still presented by the Ministry of Science as the current national strategy. It is organised around three core axes: enabling factors, development and adoption, and governance and ethics. In other words, the policy is not only about controlling AI risks. It is also about creating infrastructure, skills, research capacity and adoption pathways.
For legal and governance readers, the key point is the third axis. Chile treated governance and ethics as a core state function from the outset, not as an afterthought. The ministry later opened an update process for that governance and ethics axis after the rapid rise of generative AI. That shows two things. First, the policy is still active. Second, Chile is trying to keep the policy aligned with changes in the technology rather than leaving a 2021 document frozen in place.
The policy is strategic rather than coercive. It does not itself create fines or operator duties. What it does do is shape later instruments, justify institutional coordination and frame AI as a matter of public administration, infrastructure, rights and economic development all at once.
Public sector governance before the AI bill
Even without a Chilean AI act in force, the public sector is not waiting for a final statute. In December 2023, the government published official lineamientos for the use of AI tools in the public sector, drafted by the Ministry of Science and the Digital Government Division. Those lineamientos took effect from 1 January 2024 and group expectations into four broad areas: human-centred AI, transparency and explainability, privacy and data use, and other governance measures.
The same announcement also showed why those lineamientos matter in practice. The government described existing public uses of algorithmic tools, including predictive targeting in social payments, anomaly detection in tax administration, environmental monitoring and conversational assistance for public service access. That confirms Chile is treating AI governance as an operational public administration issue, not only as future legislation.
Chile's Council for Transparency added another layer in 2024 by issuing recommendations on algorithmic transparency for bodies subject to the transparency law. Those recommendations are framed as good practices rather than a full AI statute, but they still matter. They push public institutions to publish what automated or semi-automated systems they use, which procedures they affect, what general logic they follow and what categories of data they rely on. For public bodies, or vendors selling into government, that already creates a documentation and disclosure expectation.
The proposed AI bill
Chile's comprehensive AI bill was introduced by the Executive on 7 May 2024 and was processed together with an earlier parliamentary motion. By October 2025 it had reached the Senate for second constitutional stage. Senate materials from April 2026 still describe the bill as being under Senate consideration, so the bill was not enacted by early June 2026.
The bill has broad territorial and operator reach. It would apply to providers placing AI systems on the Chilean market, implementers in Chile, foreign providers or implementers where the system's output is used in Chile, and importers, distributors and authorised representatives established in the country. That is wider than a purely domestic developer rule and is meant to catch cross-border supply chains.
The Chamber-stage text also carves out some exclusions. Defence uses are excluded under a reserved defence listing process. Pre-market research, testing and development can sit outside the law, but not real-world testing. Open source components are also carved out, unless they are commercialised or put into service as part of a high-risk system. This tells organisations that the bill is not aimed at banning experimentation as such, but it does try to prevent experimentation from becoming a loophole once systems move closer to real deployment.
A notable drafting move in the Chamber stage was the shift from regulating AI systems in the abstract to regulating the uses of AI systems. That is more than semantics. It means the same underlying model might be treated differently depending on its function, deployment context and the rights impact that follows from that use.
The risk model and operator duties
The bill uses a four-part risk structure. It separates unacceptable-risk uses, high-risk uses, limited-risk uses and uses with no evident risk. That puts Chile firmly in the family of risk-based AI regulation, while still leaving some important details to later regulation.
Unacceptable-risk uses are the clearest red lines. The Chamber-stage text lists uses such as subliminal manipulation, exploitative manipulation of personal vulnerabilities, discriminatory categorisation based on sensitive personal data, generic social scoring, real-time remote biometric identification in public spaces, indiscriminate extraction of facial images to build recognition databases, and emotion inference in law enforcement, border administration, workplaces and educational settings. In plain English, the model is not trying to stop all AI. It is trying to stop uses considered fundamentally incompatible with rights protection.
High-risk uses are allowed, but only if operators meet a heavier rule set. In the Chamber text, these rules include lifecycle risk management, data governance, intelligible technical documentation, event and security logging, human oversight, and minimum levels of accuracy, resilience, security and cybersecurity. Operators would also need post-deployment monitoring so that performance and compliance are reviewed across the system's useful life. This is the core operational burden of the bill.
Limited-risk uses carry a lighter set of duties centred on transparency and proportional security. The point is to ensure that a person can understand that they are interacting with AI and is not misled about the nature of that interaction. On top of that, the Chamber text added a separate transparency rule for operators whose systems generate synthetic audio, image, video or text. Their outputs should be identifiable as artificially generated or manipulated. For generative AI teams, that is one of the clearest practical takeaways from the current draft.
The bill also creates an incident pathway. Where an incident is identified, the operator must notify the data protection authority and affected persons, and must do so quickly once there is a causal link or a reasonable possibility of one. The Chamber text uses a seventy-two hour limit once the operator has knowledge. Operators must also take immediate measures to deactivate, suspend or withdraw the relevant system where needed. If the incident has a cybersecurity dimension affecting essential services or critical operators, the data authority would have to coordinate with the national cybersecurity agency.
One major practical point is that the statute does not hard-code every high-risk or limited-risk use. The Ministry of Science would later issue a regulation listing the relevant categories and detailing how operators must comply. That gives the framework flexibility, but it also means there would still be uncertainty after enactment until the regulation arrives.
Governance architecture, enforcement and remedies
The draft bill builds a national governance architecture around the Ministry of Science, the future data protection authority and the national cybersecurity agency. At the centre of the architecture is a permanent AI Technical Advisory Council. In the Chamber-stage text, that body is chaired by the Ministry of Science and includes representatives from public security, foreign affairs, defence, digital government, economy, telecommunications, data protection and cybersecurity, as well as academics, industry representatives and civil society.
Its functions are substantial. It would propose the list of high-risk and limited-risk systems for the regulation, advise on compliance duties, recommend standards for test environments, propose measures that support innovation, produce ethical recommendations for both public and private sectors, help ministries interpret operator obligations, support public literacy on AI, and evaluate implementation of the law on a recurring basis. In effect, this is the bill's national coordination and updating mechanism.
Administrative enforcement would sit mainly with the Agency for the Protection of Personal Data. The Chamber text gives that body powers to require information, investigate operators, determine infringements, impose sanctions and resolve complaints from affected persons. It also requires coordination with the National Cybersecurity Agency where network or essential service risks arise. That is a notable design choice. Chile is not proposing a completely separate AI regulator. It is anchoring AI oversight in a broader rights and data institution, supported by cyber coordination and ministry-led governance.
Sanctions in the Senate briefing and the Chamber text are significant. The bill classifies infringements as light, serious and very serious, with top administrative fines reaching 5,000, 10,000 and 20,000 monthly tax units respectively. The draft also preserves civil remedies for people harmed by AI use, including claims to stop the harmful conduct, seek damages and require measures to prevent continuing harm.
The bill also tries to avoid turning regulation into a pure barrier. It allows public authorities with regulatory or supervisory powers to create controlled test spaces for AI. It also directs the state to support smaller businesses through priority access to those spaces and through capability-building measures. So the model is not only restrictive. It pairs duties with experimentation and support mechanisms.
What remains uncertain
Chile's direction of travel is clear, but the final legal position is not fixed yet. The bill is still in the Senate, so the text can still change. Some of the most practical elements, especially the list of high-risk and limited-risk uses, would not be settled in the law alone anyway. They would depend on later regulation.
There is also a timing issue around institutions. The new personal data law, Law 21.719, creates the Agency for the Protection of Personal Data but has a transition period and is scheduled to take effect in December 2026. Because the draft AI bill relies heavily on that agency, the sequencing between the two regimes matters in practice.
For now, the reliable summary is this: Chile has an active AI policy, active public-sector governance measures, and a serious cross-sector bill, but not yet a final AI act.
Examples
A public benefits outreach case already shows how Chile is thinking about operational AI governance. The government highlighted a system used by the Instituto de Prevision Social to identify beneficiaries who are likely not to collect monthly payments. Staff can then contact those people before a benefit lapses. This is a practical example of why Chile's public sector guidance stresses human-centred use, careful handling of personal data and explainability, rather than treating AI as a fully autonomous decision maker.
Tax administration is another example. The government has described a Servicio de Impuestos Internos system that analyses invoice data to identify anomalous or irregular transactions. This is the kind of use that makes data governance, logging, human review and accountability central, because the system influences enforcement attention even if it does not replace legal decision making by itself.
Environmental supervision also appears in the official material. The Superintendencia del Medio Ambiente uses a radar-imagery based algorithm to monitor whether salmon farming centres remain within their authorised concession locations. This illustrates why Chile's draft bill links AI to technical robustness, records, incident handling and coordination with cybersecurity and sector authorities when systems affect critical public or economic functions.
Common misunderstandings
A common misconception is that Chile already has an AI act in force. It does not. Chile has an active national policy and a live bill, but the bill was still in the Senate in April 2026 and had not become law by early June 2026.
Another misconception is that the National AI Policy is itself binding law. It is not. It is a strategic government instrument that shapes state action, coordination and future regulation, but it does not by itself create the fine structure of operator duties and sanctions.
It is also easy to assume that Chile is regulating only generative AI. That is not the case. The bill is broader. It covers many uses of AI, including biometrics, emotional inference, social scoring, public service automation and other system uses, while also adding a specific transparency rule for synthetic content.
Some readers assume that a Chilean AI law would create one dedicated AI super-regulator. The current draft does not take that route. It relies heavily on the future data protection authority, coordinates with the national cybersecurity agency and gives a central steering role to the Ministry of Science and an advisory council.
A final misunderstanding is that existing law can be ignored until the AI bill passes. That would be a mistake. Data protection, transparency, consumer and cyber obligations already matter, and public bodies are already being pushed toward more explicit documentation and disclosure of automated systems.
Risks and boundaries
The biggest boundary is legal status. Chile's proposed AI framework is still proposed. It is not safe to treat the current bill text as final, because Senate review can still amend definitions, duties, sanctions, institutional roles and transition periods.
A second boundary is that much of the practical compliance picture would still depend on later regulation. The law would set the architecture, but the Ministry of Science's regulation would determine the list of high-risk and limited-risk systems and spell out important compliance details. That means organisations should plan around the direction of travel, not assume every operational detail is already fixed.
A third boundary is institutional timing. The draft bill gives a major role to the Agency for the Protection of Personal Data, but that agency sits inside Chile's wider personal data reform and transition timetable. As a result, implementation sequencing matters, especially if the AI bill and the data protection regime do not become fully operational at the same pace.
There is also a scope boundary between public governance and general market regulation. The circular for public services and the Council for Transparency's recommendations are important, but they are not the same as a binding private-sector AI code. They matter most for the state, for public procurement and for anyone supplying AI-enabled services into government.
Finally, Chile's AI framework does not replace sector law. If a system operates in an area already governed by public law, consumer law, IP law, labour rules, health law or cyber law, those frameworks continue to matter alongside any future AI act.
What to do next
Start with an AI inventory that identifies where your organisation is acting as a provider, implementer, importer, distributor or authorised representative. In Chile's draft model, those roles matter because obligations and liability pathways are not framed only around the developer.
Then classify uses, not just models. Ask which deployments could plausibly move into unacceptable, high or limited risk if Chile's bill passes in something like its current form. Pay particular attention to biometrics, workplace AI, education AI, high-impact public-facing tools, synthetic media and systems that affect rights, safety, consumer interests or copyrighted material.
Build the operating evidence now. For higher-risk uses, that means risk assessments, data governance rules, technical documentation, records, human oversight steps, cyber controls, escalation paths and post-deployment monitoring. If the law changes in detail, those artefacts will still be useful because they are exactly the kind of evidence Chile's draft model is trying to create.
Review your incident handling. The current bill points toward prompt reporting, notification to affected persons and immediate technical or operational containment. Organisations should not wait for enactment before making sure they can identify incidents, preserve logs and decide when a system should be paused or withdrawn.
If you work with generative tools, prepare for content provenance and labelling. The Chamber-stage text makes synthetic content identification a specific transparency matter, which is a tangible requirement rather than a vague ethical aspiration.
If you supply the public sector, align with Chile's existing state guidance now. That means stronger transparency, clearer explanations of how systems are used, and contractual readiness for public bodies that may need to publish information about the automated tools they rely on.
Finally, keep watching three moving parts together, not separately: the Senate stage of the AI bill, the implementation of the new personal data regime, and secondary regulation from the Ministry of Science. In Chile, those three tracks are converging.
FAQs
Does Chile already have an AI Act in force?
No. As of 4 June 2026, Chile does not yet have a standalone AI Act in force. It has a national policy, public-sector guidance and a bill still moving through Congress.
What is the legal status of Chile's AI bill?
The bill was introduced in May 2024, reached the Senate in 2025 and was still being discussed in the Senate during 2026. That means it remains proposed rather than enacted.
Is Chile's National AI Policy legally binding on private companies?
Not in the same way as a statute. The policy is a strategic government framework. It influences later regulation and public administration, but it does not by itself create the full set of operator duties and fines found in the draft bill.
How does the draft bill classify AI?
It uses a risk-based structure. The Chamber-stage text classifies uses as unacceptable risk, high risk, limited risk or no evident risk, with different consequences for each category.
Who would enforce the bill if it passes?
The main administrative enforcer in the current draft is the Agency for the Protection of Personal Data, with coordination from the National Cybersecurity Agency where relevant.
Would the bill apply only to Chilean developers?
No. The draft has cross-border reach. It would also apply to certain foreign providers or implementers when the system's output is used in Chile, and to importers, distributors and authorised representatives based in Chile.
Does the bill say anything specific about generative AI?
Yes. The Chamber-stage text includes a transparency rule requiring synthetic audio, image, video and text outputs to be identifiable as artificially generated or manipulated.
What should organisations do before the bill becomes law?
Do not wait for final enactment. Build an inventory, classify uses, improve documentation, strengthen human oversight and incident handling, review data and cyber controls, and prepare for stronger transparency duties.