The proposed artificial intelligence regulation bill in Mexico applies to AI system developers, providers, and users who operate within the Mexican jurisdiction.

Specifically, it encompasses any entities involved in the development, marketing, and use of AI systems that either function in Mexico or generate data within the country. This includes both domestic and international organizations that have operations or impact in Mexico through their AI technologies

1. Risk Classification Compliance: AI systems must be classified according to their risk level (unacceptable, high, low) and comply with specific obligations for each category.
   • Unacceptable Risk: These systems are prohibited.
   • High Risk: Systems require thorough assessment, human oversight, and pre-launch authorization from the Federal Telecommunications Institute (IFT).
   • Low Risk: These require basic compliance with monitoring and transparency standards.
2. Monitoring and Reporting: All AI system providers must implement adequate ongoing monitoring mechanisms and inform users about their interaction with AI.
3. Intellectual Property: AI-generated content must be clearly labeled when registering for intellectual property protection, and consent must be obtained from IP rights holders before their data is used to train AI systems.
4. Transparency and Ethical Use: Developers and providers must ensure ethical use of AI, promoting transparency and preventing potential negative impacts on society.
5. Authorization and Oversight: Developers of high-risk AI systems must seek formal approval from the IFT before deployment. The IFT, supported by the National Commission for Artificial Intelligence, will oversee compliance.

The proposed AI regulation bill in Mexico stipulates that non-compliance with the set guidelines and requirements can lead to a range of penalties, which are scaled according to the revenue of the offending parties. These penalties include:

1. Warnings: Initial minor non-compliance may result in warnings issued to the AI system providers or developers.
2. Significant Fines: More significant violations could incur financial penalties. The exact scale of the fines isn’t specified, but they are expected to be proportionate to the severity of the infringement and the company’s annual revenue. Some reports have suggested up to 10% of annual revenue.
3. Suspension of AI Systems: In cases of severe violations, particularly those posing unacceptable risks or repeated non-compliance, the authorities may suspend the operation of the AI systems involved.

The Federal Telecommunications Institute (IFT), proposed as the primary regulatory and enforcement authority under the bill, will enforce these penalties.

As of the last update, the artificial intelligence regulation bill introduced by Senator Ricardo Monreal in February 2024 was still under consideration by the Senate of the Republic in Mexico.

We’re so glad you asked!

To effectively implement the requirements of Mexico’s proposed AI regulation bill, companies should focus on strategic actions to ensure compliance and optimize their AI governance.

What does this look like practically? We recommend the following eight steps to ensure compliance:

1. Understand the Legal Framework: Companies need to thoroughly understand the specifics of the bill, including risk classifications, developer obligations, and penalties for non-compliance. Consulting with AI governance experts in AI and technology law can provide clarity and guidance.

2. Risk Assessments and Classification: Evaluate all AI systems to classify them according to the defined risk levels (unacceptable, high, and low risk). This will dictate the specific obligations each system must meet, such as the level of monitoring and the need for pre-launch approvals.

3. Implement Robust AI Governance: Adopt governance frameworks that align with international standards like ISO/IEC 42001, “Artificial Intelligence Management System.” These standards will help establish structured processes for AI quality and risk management.

4. Enhance Transparency and Accountability: Develop clear policies that outline how AI systems interact with users and other stakeholders. Ensure that these interactions comply with the bill’s requirements for transparency, such as informing users about AI interactions and securing consent where necessary.

5. Compliance Audits and Monitoring: Regularly audit AI systems to ensure ongoing compliance with the bill’s requirements. Implement continuous monitoring mechanisms to detect and correct any deviations from required standards.

6. Human Oversight: Ensure that systems designated as high-risk have adequate human oversight mechanisms in place, as specified by the bill. This involves having qualified personnel to supervise AI operations and intervene when necessary.

7. Documentation and Reporting: Maintain comprehensive documentation of AI systems, including their development, deployment, and operational procedures. Prepare to disclose these documents to regulatory authorities if required.

8. Prepare for Additional Adjustments: Be prepared to adjust operations as the bill evolves through the legislative process and as final regulations are enacted. Keeping a flexible approach will allow for smoother transitions and better compliance.