What is AI regulation in North Korea?
AI regulation: countries and regions
North Korea has no public AI-specific law or guidelines. AI is treated as part of broader information technology under strict state control. The main legal framework is a revised Information Technology Law (2022) that requires all IT projects to follow government plans and security checks. In practice, AI development is driven by national policy (especially for defense) with no private-sector data protection or oversight mechanisms.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
North Korea has not adopted any laws or regulations specifically about artificial intelligence. Instead, AI projects fall under its general information technology and cybersecurity rules. In 2022 the government strengthened an Information Technology Law that controls all IT development, requiring institutions to submit project plans for approval, build systems to state standards, and undergo security reviews. There is no public mention of risk assessments, transparency requirements, or rights protections as seen in some other countries' AI policies.
In practical terms, North Korea's approach is about centralized planning and security. The leadership encourages AI for purposes like military unmanned vehicles, but it emphasizes "indigenous" technology and strict oversight. Personal data and privacy are not protected in the way they are elsewhere; instead, the state actively uses surveillance technologies (including AI-based facial recognition) with no independent privacy safeguards.
Why it matters
For anyone involved with AI, North Korea's stance is significant mainly for compliance and geopolitical reasons. Companies and institutions must note that international sanctions (UN Security Council Resolution 2321) forbid most technology cooperation with North Korea. That means supplying AI tools or know-how could violate export controls. On the ground inside North Korea, there is no public accountability, so AI systems are likely used in ways that outsiders may consider high-risk (for example, pervasive surveillance of citizens). Understanding the DPRK's AI environment helps global operators avoid legal pitfalls and appreciate how an authoritarian regime prioritizes AI in service of state goals rather than protecting individual rights.
How it works
National laws and policies
North Korea has not published any AI strategy or focused AI law. Instead, AI falls under broad technology statutes. The key law is the Information Technology Law (first adopted 2017, heavily amended in 2022), which covers all information and communication technology (ICT) projects. Under this law, state and enterprise projects must be planned and approved by government agencies, use approved technical standards, and undergo mandatory security inspections. Article 27 of the law even requires all IT equipment and software to be produced according to state plans (emphasizing "our style of information technology" and self-reliance). There are also older software-specific laws (e.g. a Software Protection Law and a Software Industry Law from the 2000s) that generally promote domestic IT development, but none target AI specifically.
Institutions and oversight
AI research and deployment are driven by state institutions. A "Science and Education Department" (part of the ruling party) leads S&T policy, issuing research directives and budgets through bodies like the State Academy of Sciences and State Science and Technology Commission. The Information Technology Law establishes an "information technology guidance agency" that all entities must register projects with. Security and planning organs (often under the Cabinet or party control) have the final say. Enforcement is harsh: violations of the IT law (for example, bypassing security reviews or operating unauthorized systems) can lead to forced labor, demotion, dismissal, or even criminal charges. In effect, there is no independent regulator; oversight is exercised by national planning and security authorities, reflecting broader priority on control.
Standards and international commitments
North Korea aligns partly with international standards but in its own framework. It has developed legally-binding national standards (KPS) for technical terms, including those for AI, which are reportedly aligned to ISO/IEC definitions. On ethical guidance, as a member of UNESCO, North Korea is counted among the countries that adopted UNESCO's Recommendation on the Ethics of Artificial Intelligence (a non-binding global framework) in 2021. However, there is no public evidence of any domestic regulations or guidelines translating UNESCO principles into local law or practice.
Meanwhile, external obligations limit North Korea's AI links. United Nations sanctions (e.g. UNSC Resolution 2321) prohibit member states from engaging in scientific and technical cooperation with North Korea. In practical terms, this extraterritorial rule means that foreign entities should not help develop or transfer AI technologies to the DPRK. In short, North Korea nominally endorses global ethical principles on AI, but its internal policies focus on state-controlled implementation, and international commitments (sanctions) severely restrict technology partnerships.
Examples
- A state enterprise in North Korea plans to develop an AI-powered system (for example, an automated manufacturing scheduler). Under the Information Technology Law, the project team must first submit a detailed IT plan to state planning agencies and register it with the IT guidance agency. The system must be built using domestic hardware/software following approved design documents. Before deployment, the system undergoes mandatory security reviews by government experts. No external partner or private review board is involved - approval is entirely within state institutions.
- North Korean officials publicly tested AI-enabled drones under direct orders of leader Kim Jong Un. In this example, military R&D labs integrate AI for navigation or targeting. The development was overseen by national defense agencies (via the State Academy of Sciences and related institutes) and prioritized as "top priority" for weapons modernization. After testing, the AI-equipped drone data would likely be handled through secure state networks, with performance metrics reported back to central command.
- AI-based surveillance is already used in North Korea. For instance, facial-recognition software (developed in-house) is active at airports and other checkpoints. A public security bureau employee might feed live camera feeds into an AI system to identify individuals on a wanted list. The collected biometric data (photos, fingerprints from smart ID cards) goes into a government database. Because there are no privacy protections, citizens have no way to opt out, and any oversight is internal to security agencies.
Common misunderstandings
- **Misconception:** North Korea has strong privacy protections for its citizens. **Reality:** Although the constitution mentions privacy, in practice there are no effective data-protection laws. The state actively collects personal data (fingerprints, photos, communications) and uses AI for surveillance without individual consent. - **Misconception:** North Korea follows international AI ethics guidelines at home. **Reality:** North Korea did join UNESCO in adopting a global AI ethics recommendation, but it has not implemented those principles domestically. Instead, the government's focus is on security and self-reliance, not on transparency or human rights in AI. - **Misconception:** There is an independent regulator or risk-based AI framework in North Korea. **Reality:** There is no independent AI regulator, nor any public risk-based classification. All regulation is centralised - government agencies mandate how AI systems must be built and used, and enforcement is through state inspections and penalties. - **Misconception:** International companies are free to collaborate on AI projects with North Korea. **Reality:** No. UN sanctions explicitly forbid most scientific and technical cooperation with North Korea. Any such collaboration could trigger legal penalties.
Risks and boundaries
North Korea's approach is fundamentally different from open-regulatory models. AI policy there is not about enabling innovation or protecting individual rights, but about extending state control. One risk is assuming the regime values principles like transparency or fairness; it does not publish any algorithmic-impact assessments or similar checks. Another limit is jurisdiction: North Korean laws apply only within the DPRK, but global sanctions mean those laws cannot be used to lawfully export or import AI technologies. Any reference to "AI regulation" in North Korea should thus be understood in context: it refers to top-down planning and security enforcement, not to civilian governance models. There is also uncertainty: the country's opaque nature means new rules (if any) can appear suddenly, but none have been announced publicly.
What to do next
For policymakers and AI leaders, the key steps are caution and compliance. Verify that any intended AI collaboration with North Korea is permissible under sanctions (in practice it likely is not). Ensure that data and AI deployments inside North Korea (if part of humanitarian or monitoring projects) respect the reality of no local privacy protection. Keep informed about North Korea's official science and tech announcements for any shifts in policy. In multilateral discussions (UN, UNESCO), continue to apply and promote ethical AI standards, recognizing North Korea's formal endorsement of international AI ethics principles but recognizing that domestically those are not enforced. In summary: avoid legal risks of direct cooperation, and approach North Korean AI projects with an understanding that governance is focused on state control rather than on principles familiar from other countries.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does North Korea have a dedicated AI law?
No. North Korea has not enacted any law specific to artificial intelligence. AI projects are handled under general technology and security laws.
Who sets AI rules in North Korea?
The government does. AI development is overseen by state planning and security agencies. Key agencies include the Science and Education Department (S&T planning) and ministries related to communications and defense. There is no independent AI regulator.
Are personal data and privacy protected when AI is used in North Korea?
In practice, no. Although the constitution nominally mentions privacy, North Korea has no effective data protection laws. The state collects and uses personal data (e.g. biometrics) for surveillance with no independent oversight.
Is North Korea party to any international AI guidelines?
Yes, North Korea is a member of UNESCO and was one of the countries adopting UNESCO's Recommendation on AI Ethics (2021). However, it has not implemented these guidelines domestically. Its internal policies do not reflect the Recommendation's principles.
Can foreign companies legally sell AI technology to North Korea?
No. United Nations sanctions (UNSCR 2321 and others) forbid scientific and technical cooperation with North Korea. This effectively bans exporting advanced technologies, including AI systems, to North Korea.
If I'm using AI tools inside North Korea, what rules apply?
You would be subject to North Korea's general ICT laws. For example, projects must be approved by government planning agencies and meet state security standards. However, because the laws focus on control, there is no guarantee of the kind of safety or ethics oversight seen in many other countries.
Does North Korea have AI ethics committees or independent oversight?
There are no known independent ethics bodies for AI. Oversight is internal to government agencies. Decisions about AI use and deployment are made within the state apparatus (often with military or security priorities).