What is AI regulation in Myanmar?
AI regulation: countries and regions
Myanmar currently has no dedicated AI law or fully developed framework. The government is drafting a national AI strategy and policy to guide the use of AI. Until that is finalised, AI use falls under general technology and data laws. For example, personal data in AI projects is subject to Myanmar's Electronic Transactions Law (amended 2021), and large digital platforms must comply with the Cybersecurity Law (2025) covering online services. These existing laws govern data handling, content and security rather than AI specifically.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
Myanmar does not yet have an AI-specific regulatory regime. In 2025 officials announced they are drafting a National AI Strategy and Policy, recognising AI's economic and social impacts. Until any new law is adopted, AI is regulated indirectly by existing laws in the digital and data space. For example, the Electronic Transactions Law (2004, amended in 2021) imposes data protection rules and punishes fake news and data mismanagement. The new Cybersecurity Law (2025) governs digital platforms and cybersecurity services, affecting any online AI tools used by Myanmar's public.
Key responsibilities lie with Myanmar's science and technology authorities. The Ministry of Science and Technology (and its ministers) is leading policy development. Other regulators oversee their sectors: telecom and internet platforms are covered by the Posts and Telecommunications Department under the Cybersecurity Law, while financial or health data fall under sectoral rules. Myanmar also looks to ASEAN and global norms for AI ethics and governance (for example, ASEAN's AI Ethics Guide), though those provide guidance rather than binding requirements.
Why it matters
Without clear AI laws, businesses and public agencies in Myanmar face uncertainty. Any AI project must obey general rules on data, privacy and online content. For instance, mishandling personal data in an AI system risks penalties under Myanmar's data laws. Unlicensed large platforms or services could violate the Cybersecurity Law's licensing requirement. Leaders need to manage these risks: ignoring ethical issues could harm a company's reputation or run afoul of stringent measures (like Myanmar's fake-news ban). At the same time, the coming AI strategy could reshape regulations, so organisations should be ready to adapt their practices when new rules arrive.
How it works
Current legal framework
Myanmar has no standalone AI statute. In early 2025, the Science and Technology Minister confirmed that Myanmar is drafting a National AI Strategy and Policy. Until a formal policy or law is adopted, AI is governed by existing technology and data laws. Key laws include the Electronic Transactions Law (2004, as amended in 2021) and the new Cybersecurity Law (2025). The Electronic Transactions Law now includes basic personal data protection provisions, making consent and data security mandatory. It also criminalises spreading "fake news" online (e.g. willfully broadcasting false information to alarm the public). However, the law grants broad powers to authorities: recent amendments allowed the government to access communications and personal data for "national security" and "stability". In practice, that means any AI system handling Myanmar citizens' data must operate under these rules, or risk penalties (up to 3 years in jail or fines) for non-compliance.
The 2025 Cybersecurity Law (No.1/2025) significantly expanded regulation of online services. It requires foreign and domestic providers of "digital platforms" (online services reaching more than 100,000 users) to register and obtain operating licenses. Many AI-based apps or cloud services could meet that threshold. The law also applies extraterritorially, meaning Myanmar citizens or companies can be subject to it even when abroad. Cybersecurity Law penalties cover illicit online communications (spam, hacking, data tampering etc.) up to 7 years' imprisonment. While this law is focused on security and platform oversight, it indirectly affects AI by governing how AI services deploy online in Myanmar.
Institutional responsibilities
The Ministry of Science and Technology (MOST) is spearheading AI policy. Senior officials (including Union Minister Myo Thein Kyaw and Deputy Minister Aung Zeya) have led AI strategy workshops and international exchanges. They emphasize building AI expertise, setting ethical guidelines, and collaborating with foreign partners. For now, enforcement of AI-relevant rules falls to various bodies: the Electronic Transactions Control Board oversees online compliance under the ETL, and the Posts and Telecommunications Department enforces licensing for online services. Sector regulators (e.g. in finance, telecom or health) apply their own rules to AI projects in their fields. No dedicated AI regulator exists yet, so coordination comes through existing ministries and commissions.
Regional and international frameworks
Myanmar is a member of ASEAN and participates in regional digital initiatives. The ASEAN Guide on AI Governance and Ethics (2024) sets out principles like fairness and transparency for AI, and Myanmar is expected to align its upcoming strategy with these ASEAN guidelines. This guide is non-binding but influences policy direction. On the global stage, Myanmar also falls under the scope of international norms (such as UNESCO's AI Ethics Recommendation), though it has not formally adopted any specific AI convention. In practice, Myanmar's AI regulation will likely be shaped by ASEAN's collaborative model (emphasizing ethics and human-centric AI) and by adapting best practices from other countries, rather than by strict international law commitments.
Examples
- A healthcare startup using AI to analyze patient data must follow Myanmar's personal data rules. For example, if their software collects identifiable patient information, they need user consent and secure storage under the Electronic Transactions Law. Failing to handle data properly could lead to prosecution (the law specifies up to 3 years' imprisonment for mishandling personal data). The company should also avoid any AI output that could be seen as "fake news," since that is criminalised under the same law.
- An international AI company offering a social media platform in Myanmar would fall under the Cybersecurity Law. If the platform has more than 100,000 Myanmar users, it must register and obtain a Myanmar operating licence. This means the company must incorporate locally and comply with security requirements. Even though its servers may be outside Myanmar, the law applies to its Myanmar users (extraterritorially). Ignoring this could result in heavy fines.
- A government agency plans to deploy an AI-driven surveillance system. Even without an AI-specific law, officials must consider existing rules. Under Myanmar's privacy law framework, agencies technically have broad powers to access data for "national security". In practice, this means the agency can legally use citizen data (as long as they cite security reasons), but they should still align with any ethical guidelines being drafted. They would also coordinate with the Ministry of Science and Technology's policy planning and possibly follow any future AI policy once announced.
Common misunderstandings
- **Myanmar already has an AI law or policy.** In reality, Myanmar has no enacted AI-specific law. Only draft policies and strategy plans are under development. - **Myanmar has strong privacy protections for AI.** Unlike some countries, Myanmar lacks a comprehensive data protection law. Its existing laws offer limited privacy, and authorities retain broad data access powers. - **ASEAN guidelines are enforceable rules in Myanmar.** The ASEAN Guide on AI is non-binding. It influences thinking, but Myanmar is not legally required to follow it; it is simply guiding Myanmar's own policy development. - **Myanmar's Cybersecurity Law only targets hackers, not AI.** While focused on cybercrime, that law also governs digital services and data. It requires platform licences and applies to foreign operators of online services used by Myanmar citizens, so AI-driven apps can be affected. - **All AI in Myanmar is unregulated.** Not entirely. Even without an AI-specific law, AI applications still must comply with general laws on data, communications and content. For example, creating a viral deepfake could invoke Myanmar's cyber offence and "fake news" provisions.
Risks and boundaries
Because Myanmar's AI regulation is still emerging, organisations face both gaps and constraints. **Limits of AI regulation:** There is no risk-tier classification or automated-decision oversight system in place. Current rules emphasize security and social stability over innovation. As a result, AI systems that affect public opinion or national security may be heavily scrutinised. The new Cybersecurity Law's extraterritorial scope means even foreign-based AI providers must heed Myanmar's rules if they serve Myanmar users.
**What AI regulation is not:** Myanmar's approach is not a detailed rights-based framework (as, say, in Europe) - it does not define categories of AI or impose specific transparency obligations. It is not yet risk-based nor does it mandate impact assessments. Instead, AI activities are folded into older laws on data and telecoms.
**Uncertainties:** The draft AI strategy could change as it is finalised; until then, compliance relies on existing laws. Enforcement is unpredictable under the current government, so norms may be applied unevenly. Organisations should also note that some generic digital measures (censorship, content controls) can impact AI systems even if there is no AI regulation per se. In short, Myanmar's AI governance is nascent, and its contours may shift as new policies become law.
What to do next
Senior leaders in Myanmar or working with Myanmar should closely monitor developments. **Stay informed:** Track announcements from Myanmar's Ministry of Science and Technology or cabinet on the National AI Strategy/Policy. Engage with government or industry consultations if available. **Review compliance:** Ensure AI initiatives already comply with existing laws - get any required licences for digital services, and handle personal data with strict consent and security measures.
**Adopt best practices:** In the absence of strict local rules, proactively apply international AI ethics and data governance standards (for example from ASEAN or UNESCO) to build trust. Consider internal AI risk assessments even if not required by law. **Prepare for change:** Design AI processes to be adaptable. If an AI law or regulations are passed, you may need to implement features like risk classification, transparency reporting or audits. Working with local experts or forming alliances (e.g. tech associations or research groups) can help anticipate regulatory shifts. Overall, leading organisations should balance innovation with responsibility, treating the draft national policy and regional guidelines as a roadmap for good governance.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does Myanmar have an AI law or regulation?
Not yet. Myanmar has no AI-specific law in force. The government is drafting a National AI Strategy and National AI Policy, but as of early 2026 these are not final. Currently, AI is governed by general laws on data and cybersecurity.
How are AI systems regulated today in Myanmar?
AI tools fall under existing legal frameworks. Personal data used by AI is covered by the Electronic Transactions Law (amended 2021), which requires consent and punishes data misuse. Online platforms (including AI services) are regulated by the 2025 Cybersecurity Law, which mandates licensing for platforms with over 100,000 users.
If my company offers AI services in Myanmar, what must we do?
Check if you need a licence under the Cybersecurity Law. Any company (local or foreign) running a large digital platform accessible to Myanmar users must register and obtain a licence. Also follow Myanmar's data laws - obtain user consent and protect data in line with the Electronic Transactions Law.
Is personal data protected in Myanmar like in other countries?
Myanmar has no comprehensive data protection law. The Electronic Transactions Law provides some data privacy rules, but it has wide exemptions and weak enforcement. The privacy protections in older laws have largely been suspended, giving security agencies broad access to data.
Will ASEAN or UN AI rules apply here?
ASEAN's AI principles (from the Guide on AI Governance and Ethics) and UNESCO's AI Ethics Recommendation are voluntary guidelines. They influence policymakers, but they are not legally binding in Myanmar. Organisations should still consider these frameworks as best practices, even though local law does not require them.
Can regulators in Myanmar penalise AI misuse?
Yes, under general laws. For example, spreading disinformation via an AI tool could trigger Myanmar's "fake news" rules under the Electronic Transactions Law. Unauthorised data collection or hacking AI services may fall under cybersecurity or telecom laws. However, there is currently no AI-specific licensing or penalty scheme beyond these existing statutes.
Who oversees AI compliance in Myanmar?
No single agency is dedicated to AI. Policy development is led by the Ministry of Science and Technology. Enforcement uses existing bodies: the Electronic Transactions Control Board monitors online compliance, telecom/ICT authorities enforce the Cybersecurity Law, and sectoral regulators (health, finance, etc.) apply their rules as needed.
What if we ignore AI guidelines from ASEAN or UNESCO?
It won't directly trigger legal penalties, since those are non-binding. However, following them can improve your reputation and ensure you're ready for future regulation. As Myanmar builds its own AI framework, aligning with respected international standards will likely be expected by regulators and the public.
When will Myanmar's AI policy take effect?
No final date is set. Myanmar reported in 2025 that drafting is underway. It could take months or years to complete. Until then, the country relies on its existing laws for any AI-related issues.