COLOMBIA Trends and Developments Contributed by: Jaime Trujillo, Juan David Velasco, Natalia Ponce de León and Angelica Navarro, Baker McKenzie S.A.S.
National Artificial Intelligence Policy Colombia adopted a National Artificial Intelli - gence Policy effective 14 February 2025. This policy marks a significant milestone in Colom - bia’s digital transformation strategy, aiming to build national capacity for the ethical and sus - tainable research, development and adoption of AI systems. While aligned with global frame - works such as those of the OECD and UNESCO, the policy is tailored to Colombia’s unique socio- economic and environmental challenges. It is structured around six strategic pillars: • strengthening AI governance and ethics; • improving technological infrastructure and data management; • promoting AI research and innovation; • developing AI-related skills and digital talent; • identifying and mitigating AI-related risks; and • accelerating AI adoption across public institu - tions, businesses and regions. Notably, the policy also addresses the growing impact of generative AI on IP rights, highlighting the need for updated legal frameworks and mon - itoring tools to manage risks such as unauthor - ised content reproduction and deepfakes. With an implementation horizon from 2025 to 2030 and an estimated investment of COP479 billion, the policy seeks to ensure that AI becomes a transformative and inclusive tool. Guidelines on cybersecurity, privacy and propor - tionate use, regulating the development and use of AI in Colombia On 20 May 2025, Congress introduced Bill No 422 to regulate AI. The bill draws on international models such as the EU Artificial Intelligence Act and a Brazilian bill. It outlines incentives, risk classifications and accountability mechanisms
and proportionate in duration and scope to the financial service provided. • Data minimisation: only data strictly neces - sary to fulfil the stated purpose may be col - lected. • Prior, express and informed consent: when processing data for purposes beyond what is essential to provide the service, clear and separate consent – specific in purpose – must be obtained from the data subject before or at the time of processing. • Forms of consent: consent may be given in writing, via data messages, orally or through unequivocal conduct that clearly indicates the data subject’s intent and that can be verified later. • Transparency in automated decisions: data subjects should be informed of whether their data will be used in automated decisions, and should have the possibility to challenge these through the channels provided for the sub - mission of petitions or complaints. • Protection of sensitive data: it is prohibited to condition access to financial services on the provision of sensitive data (such as biomet - ric data), unless there is a differentiated and express consent and strict security measures are implemented. • Mechanisms for the exercise of rights: com - panies should establish visible and effective channels for data subjects to exercise their rights of access, rectification, updating and removal, among other rights granted by the regulation. • Transmissions and transfers: specific param - eters are established for the transmission or transfer of data. • Privacy impact assessments: organisations are encouraged to conduct privacy impact assessments to identify and mitigate risks associated with data processing activities.
196 CHAMBERS.COM
Powered by FlippingBook