What is AI regulation in Guatemala?
AI regulation: countries and regions
Guatemala has no dedicated artificial intelligence law, no AI bill that has been enacted, and no AI regulator. As of June 2026 it relies on general rules, scattered constitutional and sector provisions, and a National AI Strategy being co-created with United Nations support, due to be presented in June 2026. Notably, Guatemala also lacks a comprehensive personal data protection law, which shapes how AI is governed in practice.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
There is no single statute in Guatemala that defines artificial intelligence, classifies it by risk, or assigns a watchdog to supervise it. Official and intergovernmental assessments confirm this plainly: the country is at an early, opportunistic stage of AI maturity, with regulation and ethics rated at a basic level.
Instead of a dedicated framework, organisations using AI in Guatemala fall back on a patchwork: constitutional rights to access and correct personal records held by the state, a public-information law that touches personal data inside public bodies, copyright rules, criminal law, and the supervision of financial regulators. Crucially, Guatemala has no general personal data protection law covering private actors, so one of the main legal levers used elsewhere to govern AI is largely absent.
The forward motion is at policy level, not statute level. The Presidential Commission for Open and Electronic Government (Comision Presidencial de Gobierno Abierto y Electronico, or GAE) is leading work on a National Artificial Intelligence Strategy with the United Nations Development Programme. That work is a strategy and roadmap, not a binding law, and it does not create enforceable duties on its own.
Why it matters
For founders, operators and governance leads, the absence of a dedicated AI law does not mean an absence of legal risk. It means the risk sits in older, more general instruments and in contract. If you deploy AI that processes personal data in Guatemala, you cannot rely on a statutory data protection regime to tell you what good looks like, because there is no comprehensive one for private parties. That increases reliance on internal policy, contractual safeguards, and constitutional and criminal exposure rather than a clear compliance checklist.
It also matters commercially. Weak data protection standards limit Guatemala's ability to join cross-border data transfer arrangements, and create uncertainty for cloud, analytics and AI vendors. For buyers, due diligence cannot assume a local AI assurance baseline exists. For policymakers and advisers, the live question is not interpreting an AI Act but tracking a strategy and several pending bills that could change the picture quickly.
How it works
No dedicated AI statute or regulator
Guatemala has not enacted AI-specific legislation and has no agency charged with regulating AI. The instruments that apply to AI are general ones: intellectual property law, criminal law, consumer and sector rules, and financial supervision. Under Guatemalan copyright law an author is a natural person, so works generated solely by AI are not recognised as having legal authorship.
The data protection gap
Guatemala does not have a comprehensive personal data protection law applying to private actors. The Constitution provides partial protection: Article 31 gives every person the right to know what is held about them in state archives and records, and to have it corrected, rectified and updated, a limited habeas data right confined to public registries. Articles 24 and 30 protect correspondence and data given to the state under guarantee of confidentiality. The Law on Access to Public Information (Ley de Acceso a la Informacion Publica, Decree 57-2008) defines personal and sensitive data and criminalises unauthorised commercialisation of personal data, but it governs information held by public bodies, not the open field of private-sector processing. The Constitutional Court has filled some of the vacuum through amparo jurisprudence, recognising informational self-determination and setting parameters for handling personal data.
Pending data protection bills
Several data protection bills have been introduced and stalled. Initiative 6105 (Ley de Proteccion de Datos), sponsored by deputy Jose Alejandro De Leon Maldonado, received a favourable committee opinion from the Comision de Transparencia y Probidad on 12 April 2023 but has not passed. Initiative 6103 (Ley Integral de Proteccion de Datos Personales en Poder de Terceros), sponsored by deputy Oscar Stuardo Chinchilla Guzman, advanced to a second debate on 1 February 2023 and then stalled. None has been enacted, so the data protection gap persists.
Pending AI and cyber bills
At least one AI-specific bill exists. Initiative 6657, the Ley de Proteccion Digital contra Contenidos Falsificados por Inteligencia Artificial (PRODIGI), was presented by Julio Portillo, a deputy of the CABAL bloc, on 14 October 2025. For malicious creation or diffusion of deepfakes it sets penalties of three to six years imprisonment and fines of Q200,000 to Q500,000. It had not been assigned to a working committee at the time of writing, so it is an early proposal, not law. A separate Cybersecurity bill (Initiative 6347) advanced to a second debate on 23 September 2025 and remains pending.
The National AI Strategy and the GAE
The institutional centre of gravity is the GAE, working with the United Nations Development Programme. In October 2025 they launched an AI Landscape Assessment (AILA) to map the country's readiness. Initial results placed Guatemala in phase two of five, the opportunistic phase, with an overall score of 2.0 out of 5.0. As the Joint SDG Fund (UN/UNDP) reports, "In the areas of regulation and ethics, the country is assessed at a basic level due to the absence of clear regulatory and governance frameworks. The AI ecosystem is at an opportunistic stage." The co-creation of a National Artificial Intelligence Strategy is timed for October 2025 to March 2026, with validation and presentation set for June 2026. This work runs alongside the Digital Government Plan 2021 to 2026 and a broader Strategic Plan for Digital Transformation led by the executive.
Regional and international anchors
Because domestic hard law is thin, soft-law and regional commitments carry more weight. Guatemala was one of 20 Latin American and Caribbean nations to sign the Santiago Declaration to promote ethical AI on 23 to 24 October 2023, alongside Argentina, Brazil, Chile, Colombia, Costa Rica, Cuba, the Dominican Republic, Ecuador, El Salvador, Honduras, Jamaica, Mexico, Peru, Paraguay, Saint Lucia, Saint Vincent and the Grenadines, Suriname, Uruguay and Venezuela. As a UNESCO member it is covered by the 2021 Recommendation on the Ethics of Artificial Intelligence. The Inter-American Development Bank's fAIr LAC initiative provides regional tools for responsible AI. Guatemala is not among the Latin American adherents to the OECD AI Principles.
Examples
Public-sector pilot under a strategy, not a law. The GAE has been piloting AI tools in government and steering the AILA assessment with the UNDP. This shows the live model in Guatemala: governance is happening through strategy, pilots and capacity-building, not through a binding statute with enforceable duties.
Deepfake harm reaching the legislature. The PRODIGI bill (Initiative 6657) was prompted in part by real cases of AI-altered images, including manipulated photographs of schoolgirls circulating online. It illustrates how concrete harms, rather than a comprehensive risk framework, are driving Guatemala's first AI-specific legislative attempts.
A company processing personal data with no general statute. An organisation deploying an AI hiring or credit tool that processes Guatemalan personal data cannot point to a general data protection act for private parties. In practice it must build its own privacy policy, consent and retention rules, and rely on constitutional principles, criminal prohibitions on misuse, and contractual terms, an approach repeatedly recommended by Guatemalan practitioners given the legal vacuum.
Common misunderstandings
"Guatemala has an AI law." It does not. No AI-specific statute has been enacted, and no regulator supervises AI.
"There is a national data protection authority and law to lean on." There is no comprehensive personal data protection law for private actors and no data protection authority. The Law on Access to Public Information covers personal data inside public bodies only.
"The National AI Strategy is binding regulation." It is a policy and roadmap being co-created for presentation in June 2026, not enforceable law.
"Signing the Santiago Declaration or being a UNESCO member means AI is regulated." These are soft-law commitments and principles. They guide policy and interpretation but do not impose enforceable AI duties domestically.
"No AI law means anything goes." General rules still apply: copyright, criminal law, consumer and sector rules, financial supervision, and constitutional rights over personal data in state records.
Risks and boundaries
This article describes the legal architecture, not legal advice. The central boundary is honesty about status: Guatemala has no dedicated AI framework and no comprehensive private-sector data protection law as of June 2026. What exists is general law, partial constitutional protection, sector supervision, a developing National AI Strategy, and several pending bills.
Status is uncertain and could change. The National AI Strategy is due to be presented in June 2026, but a strategy is not a statute, and timelines can slip. Data protection bills (6105, 6103) and AI and cyber bills (6657, 6347) are pending and may be amended, stalled or dropped; none should be treated as current law. Where a regulator, statute or effective date is not confirmed by an official source, treat it as not yet in force.
What to do next
Do not wait for a law to govern AI. Adopt internal AI governance now: an inventory of AI systems, clear accountability, human oversight of consequential decisions, and documented risk assessment. A risk-based approach and an AI impact assessment are sensible even without a statute requiring them.
Treat data protection as a contractual and policy discipline. Because there is no general data protection law for private parties, build privacy policies covering lawful basis, consent, retention, transfer and security, and align with recognised international standards so you are ready if a law passes.
Track the strategy and the bills. Monitor the National AI Strategy due in June 2026, and the status of Initiatives 6105 and 6103 (data protection), 6657 (AI deepfakes) and 6347 (cybersecurity). Treat enactment and an effective date as the trigger that changes your obligations.
Use regional and international anchors as your baseline. In the absence of binding local AI rules, the UNESCO Recommendation, the Santiago Declaration principles and fAIr LAC tools are the most durable reference points.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does Guatemala have an AI law?
No. As of June 2026 there is no enacted AI-specific statute and no AI regulator. General rules and pending bills apply instead.
Is there a national AI strategy?
Yes, in development. The GAE, with the UNDP, is co-creating a National Artificial Intelligence Strategy, with presentation timed for June 2026. It is policy, not binding law.
Does Guatemala have a data protection law?
Not a comprehensive one for private actors. The Constitution and the Law on Access to Public Information (Decree 57-2008) provide partial protection focused on state-held data, and the Constitutional Court has recognised informational self-determination through case law.
Are there any AI bills before Congress?
Yes. Initiative 6657 (PRODIGI) targets AI deepfakes and was presented on 14 October 2025, but it had not been assigned to a committee and is not law.
Which body would oversee AI?
No body currently regulates AI. The GAE leads AI strategy work, but it is not a statutory AI regulator with enforcement powers.
How does Guatemala compare with Chile?
Chile is further ahead. Its Executive introduced a risk-based AI bill (Boletin 16821-19) on 7 May 2024, which the Chamber of Deputies approved on 13 October 2025 and sent to the Senate; Chile also has a modern data protection law (Law 21.719, published December 2024) creating a Personal Data Protection Agency. Guatemala has neither in force.
What international commitments has Guatemala made on AI?
It signed the 2023 Santiago Declaration on ethical AI and, as a UNESCO member, is covered by the 2021 Recommendation on the Ethics of AI. These are soft-law commitments.
What should companies deploying AI in Guatemala do now?
Build internal AI governance and privacy policies, apply a risk-based approach and impact assessments, and track the National AI Strategy and pending bills for changes.