What is the OECD AI Principles framework?
Global AI regulation
The OECD AI Principles framework is a non-binding intergovernmental OECD Council Recommendation that sets five values-based principles and five policy recommendations for trustworthy AI. First adopted in 2019 and revised in 2024, it gives governments and AI actors a shared approach to AI governance, including common definitions for an AI system, its lifecycle and the actors involved. It is not law by itself, but it strongly influences national strategies, regulator guidance and legislation.
What this means
The framework sits inside an OECD Council Recommendation on AI. That makes it soft law: a formal intergovernmental instrument with political weight, but not a treaty, certification scheme or directly enforceable code for companies.
It combines two layers. The first gives five values-based principles for all AI actors. The second gives five policy recommendations for governments on research, ecosystems, governance, skills and international co-operation. It also provides shared definitions of AI system, AI system lifecycle and AI actors.
That mix is why it travels well. It is broad enough to work across different legal systems, but specific enough to shape national strategies, regulator guidance and later statutory drafting. In practice, it often comes before harder law.
Why it matters
If you build, buy, deploy or govern AI across more than one market, the OECD framework is often the closest thing to a common policy baseline. It helps boards, operators, buyers and policymakers ask the same core questions before the harder local law questions begin: what system is in scope, which actors carry which responsibilities, what information should be disclosed, how risks should be managed across the lifecycle, and when a system should be overridden or retired.
That matters because many national approaches borrow from the framework even when they do not copy it word for word. A governance model aligned to the OECD principles can therefore travel better across borders, support procurement and assurance discussions, and make it easier to map local legal duties once a jurisdiction turns soft law into binding rules. Since the 2024 update, it is also more clearly relevant to generative AI, general-purpose AI and information integrity.
How it works
What the framework actually is
The framework sits inside the OECD Recommendation of the Council on Artificial Intelligence. The OECD Council adopted it at ministerial level on 22 May 2019, updated the definition of an AI system on 8 November 2023, and revised the Recommendation again on 3 May 2024. Legally, it is soft law: an OECD Recommendation, not a treaty or regulation. For adherents, meaning governments that have formally adhered to it, that means a political commitment and an expectation to implement it, not direct court-enforceable duties or OECD fines.
It also complements, rather than replaces, other OECD instruments on privacy and data protection, digital security risk management and responsible business conduct. As a current example, the OECD.AI overview page listed 47 adherents, including the European Union, on 4 June 2026. Its reach extends beyond formal adherence because the G20 AI Principles were drawn from the OECD Recommendation in June 2019.
Who the framework covers
The framework does not speak only to model developers. It distinguishes stakeholders, meaning organisations and people involved in or affected by AI, from AI actors, meaning those who play an active role in the AI system lifecycle, including organisations and individuals that deploy or operate AI.
That lifecycle is broad. It runs from planning and design, through data collection and model building, to testing, evaluation, validation, deployment, operation, monitoring and retirement. The practical implication is important: buyers, integrators, deployers, operators and public bodies cannot assume the framework belongs only to the vendor that trained the model.
The five values-based principles
The first half of the framework sets five values-based principles for trustworthy AI.
Inclusive growth, sustainable development and well-being means AI should be steered toward public benefit, not treated as an end in itself. Human rights and democratic values, including fairness and privacy, means AI should be designed, deployed and used in ways that respect rights, dignity, equality, autonomy, privacy, data protection, labour rights and democratic safeguards, with human agency and oversight where the context requires it.
Transparency and explainability means meaningful information should be provided about capabilities, limits and, where feasible and useful, the data sources, factors, processes or logic behind a prediction, content item, recommendation or decision. It also includes making people aware when they are dealing with AI, and giving those adversely affected a basis to challenge the result. Robustness, security and safety means systems should work appropriately across their lifecycle, including under foreseeable misuse, and should be capable of being overridden, repaired or decommissioned safely if needed. Accountability means AI actors should carry responsibility according to their role and context, keep traceability over datasets, processes and decisions, and apply ongoing risk management and responsible business conduct across the lifecycle. Many of these expectations are deliberately tied to role, context and technical state, which is why the framework can travel across sectors but still needs local interpretation.
The five recommendations to governments
The second half of the framework tells governments what sort of policy environment should sit around trustworthy AI. It recommends investment in AI research and development, including interdisciplinary work and open science. It also supports open-source tools and representative datasets that respect privacy and help reduce harmful bias and improve interoperability.
It then moves to ecosystem and governance questions. Governments are encouraged to build an inclusive digital ecosystem for AI, shape an interoperable governance and policy environment, prepare people and labour markets for AI-driven change, and co-operate internationally on trustworthy AI. That last part explicitly reaches standards and measurement: the Recommendation asks governments to promote consensus-driven global technical standards and comparable indicators. The text also says these steps should be pursued with special attention to small and medium-sized enterprises.
How it reaches domestic law and policy
The framework usually reaches organisations indirectly, through national strategies, regulator principles, procurement rules, public sector guidance, assurance practice and, in some jurisdictions, binding legislation. The OECD's 2024 report found that many adherents use the principles as foundational pillars in national AI strategies and governance frameworks.
A clear current example is the UK. Government papers on its cross-sector approach say the proposed UK principles build on the OECD Principles, and the OECD later reported that the UK white paper aligns directly with them. A second current example is the European Union. The OECD says the EU AI Act adopted the updated OECD definition of an AI system, then converted that shared vocabulary into a binding, risk-based legal regime. OECD also says its definitions of AI system and lifecycle are used more widely, including in Japan, the United States and United Nations work. This is the core mechanism of influence: the OECD framework provides a common policy vocabulary, domestic law then adds the hard obligations.
How implementation is supported
This is not a dead text sitting in a legal archive. The OECD gave the Digital Policy Committee, now working through the Working Party on AI Governance, continuing responsibility to support implementation, exchange practice and report back to Council. The Recommendation also requires another formal report to Council no later than five years after the 2024 revision, and at least every ten years after that.
To help with implementation, the OECD launched the OECD.AI Policy Observatory and the OECD.AI Network of Experts in 2020. Those structures matter because they turn a high-level recommendation into a working policy ecosystem. OECD.AI provides a live database of AI strategies, policies and initiatives, plus metrics, tools and analytical material. The Working Party develops practical implementation guidance. In 2026, for example, the OECD published the Due Diligence Guidance for Responsible AI to help enterprises apply the OECD AI Principles and responsible business conduct standards across the AI value chain.
What changed in the 2024 update
The framework is evergreen by design, but it is not frozen. The 2023 revision updated the AI system definition so it clearly covers systems that infer from inputs to generate predictions, content, recommendations or decisions, for explicit or implicit objectives, and recognised that systems vary in autonomy and may adapt after deployment.
The 2024 revision then sharpened the substantive governance logic. It gave more emphasis to misinformation and disinformation, information integrity, uses outside intended purpose, intentional or unintentional misuse, clearer transparency and disclosure, safe override and retirement mechanisms, responsible business conduct across the lifecycle, environmental sustainability and interoperable governance across jurisdictions. It also made accountability more explicit by elaborating traceability and lifecycle risk management under that principle. In other words, the OECD kept the same basic architecture while updating it for generative and general-purpose AI.
Examples
When the UK designed its cross-sector AI framework, it stated that its proposed principles build on the OECD Principles and would be interpreted by existing regulators within their sectors. That is a practical example of how the OECD framework works as a template rather than a copied text: the shared values stay recognisable, while the domestic regulator decides how safety, transparency, fairness and accountability should operate in context.
The EU AI Act offers a second example. The OECD reports that the Act adopted the updated OECD definition of an AI system. The EU then layered binding obligations, governance bodies, market surveillance and penalties on top of that shared base. For operators, this shows a common pattern: OECD language often appears early in the policy stack, but legal duties appear later in jurisdiction-specific law.
The OECD's 2024 implementation review found that adherents such as Korea, Italy, Lithuania, Japan, Denmark, Ireland, Mexico and the UK had used the principles in strategies, public sector guidance or related governance frameworks. The OECD.AI Policy Observatory then tracks and compares these initiatives. For a policymaker, buyer or adviser, that means the framework is also a benchmarking tool: it gives a common lens for comparing whether a national approach covers lifecycle responsibilities, transparency, safety, skills and international co-operation.
Common misunderstandings
The OECD AI Principles are global AI law. They are not. The framework is an OECD Recommendation, which is politically significant but not directly binding law.
They are only about ethics. Not quite. The instrument also contains concrete policy recommendations on research, ecosystems, governance, labour and international co-operation, plus shared definitions and lifecycle concepts.
They only matter for developers. No. Deployers, operators, integrators, buyers and public bodies can all be AI actors under the framework.
If your organisation lines up with the principles, you are compliant everywhere. No. Domestic law, sector rules and procurement terms still have to be mapped separately.
The 2019 text is the final word. No. The OECD updated the AI system definition in 2023 and revised the Recommendation in 2024.
Risks and boundaries
The framework is often misapplied as if it were a ready-made control catalogue. It is not. The text is intentionally high-level and flexible, which is why it travels well across jurisdictions, but also why it cannot by itself tell an organisation exactly what testing, documentation, human review or contracting controls are sufficient in a given sector or country.
It is also not an enforcement regime. The OECD does not fine firms for breaching the principles, and the Recommendation does not itself create private rights, audit certificates or conformity marks. The hard edge appears only when a country or sector turns the same ideas into binding rules.
There are also live limits that the OECD itself has acknowledged. In its 2024 review, some adherents said complementary national or regional legislation was still needed, and that more specific guidance would help in fast-moving areas such as generative AI, advanced models and disinformation. So the framework is best understood as a shared baseline, not a complete answer. It is stable, but not frozen: the OECD has already revised it twice since 2019, and the list of adherents can change over time.
What to do next
Treat the OECD AI Principles as your baseline map, not your full compliance file. First, identify where you are an AI actor in the lifecycle, builder, integrator, buyer, deployer or operator, and where your suppliers and customers sit. Then test each material use case against the five principles: rights and fairness, transparency, robustness and safety, accountability, and broader public benefit including sustainability.
Next, convert that map into evidence. For higher-impact uses, keep clear records of purpose, data provenance, testing and validation, role allocation, human oversight, incident handling, traceability, user information and retirement criteria. If you buy rather than build, ask suppliers for enough documentation to test transparency, robustness, traceability and oversight claims.
Finally, layer on the binding rules that apply in the markets and sectors you operate in. If you work across borders, use the OECD frame to keep core governance consistent, then add local legal controls market by market. That is where the framework is strongest: it gives leaders a common governance language before they move into jurisdiction-specific compliance work.
FAQs
Is the OECD AI Principles framework legally binding?
No. It is an OECD Recommendation, which carries political commitment for adherents but does not itself impose direct legal duties on firms.
Who can adhere to it?
OECD members can adhere, and non-members can adhere as well. As of 4 June 2026, OECD.AI listed 47 adherents including the European Union.
Does it apply to generative AI?
Yes. The OECD updated the AI system definition in 2023 and revised the Recommendation in 2024 to address generative AI, information integrity, misuse and related implementation issues.
Does it cover only developers?
No. It addresses AI actors across the lifecycle, including organisations and individuals that deploy or operate AI.
Is it the same as the EU AI Act?
No. The OECD framework is soft law and a policy reference point. The EU AI Act is binding legislation with specific duties, governance structures and penalties.
What is the relationship to the OECD Due Diligence Guidance for Responsible AI?
The principles are the high-level framework. The 2026 due diligence guidance is more operational enterprise guidance linked to responsible business conduct across the AI value chain.
Why do buyers and procurement teams care about it?
Because it gives a neutral cross-border baseline for asking suppliers about rights impacts, transparency, traceability, safety, accountability and lifecycle governance before local law questions are added.
Can you certify against the OECD AI Principles?
Not on their own. The framework is a policy instrument, not a certification scheme. An organisation can map it to internal controls or standards, but the Recommendation itself does not create a conformity mark.