On March 3, 2025, the Mazhilis of the Parliament of the Republic of Kazakhstan hosted a presentation of the draft law “On Artificial Intelligence” (hereinafter referred to as AI). The primary goal of this draft law is to create a transparent and effective legal framework for integrating this technology into the country’s economy and social sphere.
Today, AI is rapidly transforming economic processes, public administration, and social relations, opening new opportunities for innovation, growth, and improving citizens’ quality of life. At the same time, its active development brings significant risks related to ethical concerns, security, data protection, and responsibility for decisions made by AI algorithms.
For Kazakhstan, establishing a clear and comprehensive regulatory framework in the field of AI is a strategically important step. This framework can foster a favorable environment for innovative economic development while ensuring the safe and ethical application of AI technologies. Previously, on December 11, 2024, the Head of State emphasized the necessity of legally enshrining principles for the responsible use of AI, paying special attention to ethical aspects, as well as ensuring transparency and openness in AI development and deployment processes. These key priorities formed the foundation of the presented draft law.
International experience demonstrates that AI regulation requires a balanced and comprehensive approach. In particular, the European Union (EU), the United States (US), China, and the United Kingdom (UK) exhibit different regulatory models shaped by national priorities and legal traditions.
The EU leads in comprehensive digital regulation, adopting a risk-based approach, as reflected in the Digital Services Act (DSA), the Digital Markets Act (DMA), and the AI Act. The EU AI Act prohibits the use of AI deemed to pose an unacceptable risk (such as social scoring and biometric surveillance), strictly regulates high-risk AI systems (e.g., in healthcare, education, finance, and law enforcement), and ensures transparency for lower-risk applications. A key aspect of EU policy is personal data protection under the General Data Protection Regulation (GDPR).
The US, in contrast, follows a more flexible, sectoral approach that promotes innovation and self-regulation. Various regulatory bodies and state-level initiatives complement federal documents such as the “Blueprint for an AI Bill of Rights” and the NIST AI Risk Management Framework. A significant step was President Biden’s 2023 executive order on AI, which set standards for safety, privacy, and non-discrimination.
China has established a strict, state-controlled regulatory system based on laws on personal information protection (PIPL) and data security (2021). Key requirements include data minimization, algorithm registration and oversight of generative AI, mandatory compliance with national security policies, and content moderation.
The UK has adopted a flexible and phased approach, initially avoiding strict regulation. The country relies on voluntary principles of safety, transparency, fairness, accountability, and contestability, established in 2023, as well as the Online Safety Act, which is overseen by the regulator Ofcom.
A crucial aspect for Kazakhstan is ensuring the systematic alignment between the draft law “On AI” and the proposed Digital Code of the Republic of Kazakhstan (DC RK), which has been under public discussion since October 2024. According to Article 10 of the Law “On Legal Acts” of Kazakhstan, the DC RK holds higher legal authority and should outline the fundamental principles and key regulatory mechanisms of the digital environment, of which AI is an integral part. This necessitates a clear distinction and harmonization of provisions in both documents to ensure consistency and coherence in legal regulation.
Thus, Kazakhstan has the opportunity to effectively integrate the best international practices, including the EU’s risk-based approach, principles of data protection, platform regulation, and flexible regulatory mechanisms such as “regulatory sandboxes” and periodic review of norms. By carefully considering foreign experience, national identity, and socio-economic context, Kazakhstan has the potential to become the second jurisdiction in the world to establish an independent and comprehensive AI law.
Saimova Sh.A., Ph.D.
Head, Center for Public Legislation
and Public Administration
