Global AI Regulations Roundup: Top Stories of January 2025

Securiti has initiated an AI Regulation digest, providing a comprehensive overview of the most recent significant global developments, announcements, and changes in the field of AI regulation. Our website will regularly update this information, presenting a monthly roundup of key activities. Each regulatory update will include links to related resources at the bottom for your reference.

North and South America Jurisdiction

1. FTC’s Latest Blog Highlights Real World Potential AI-Related Harms & Mitigation Strategies

Date: January 3, 2025
Summary: The Federal Trade Commission (FTC) has published a blog titled “AI and the Risk of Consumer Harm”. This blog has highlighted real-world potential AI-related harms such as surveillance, fraud, and illegal discrimination.

To that end, the FTC has recommended that the following factors be taken into consideration when developing, maintaining, using, and deploying AI-based products:

• Necessary steps to prevent harm before and after deploying a product;
• Preventative measures to detect, deter, and halt AI-related impersonation, fraud, child sexual abuse material, and non-consensual intimate imagery;
• Avoiding non-deceptive claims about AI tools that result in people monetary loss or put users at risk of harm;
• Ensuring privacy and security by default.

The FTC has advised that companies not quietly change their terms of service.

Additionally, the FTC has noted cases where enforcement actions were taken against organizations that had neglected these considerations, such as Evolv Technologies, for their deceptive claims about AI-enabled security product screening functionality. Read More.

2. California Attorney General Issues Advisories On Application Of State Laws To AI Usage

Date: January 13, 2025
Summary: The California Attorney General's Office has issued two new advisories that address the application of state laws to AI, including healthcare.

These advisories elaborate that AI usage must comply with laws such as the Unfair Competition Act, False Advertising Law, and the CCPA. Additionally, all AI use will be subject to accountability in cases of harm cases. As for healthcare, AI must not override any healthcare provider decisions, discriminate, or breach patient privacy and should comply with the relevant obligations under the Knox-Keene Act, HIPAA, and CMIA, among others. Read More.

EMEA Jurisdiction

3. Italy’s Garante Issues Order Blocking DeepSeek’s Processing Of Italians’ Personal Data

Date: January 30, 2025
Summary: The Italian Data Protection Authority (Garante) issued a formal order blocking the processing of personal data of Italian users by DeepSeek on January 30, 2025. Two days prior, the Garante had sent inquiries to DeepSeek seeking information on how the company ensures compliance with the GDPR provisions on Italians’ personal data. It also sought information from DeepSeek on what personal data it collects, where it collects it from, for what purposes, the legal basis for the processing, and whether any of the processed information is stored on its Chinese servers. The Garante required the elicited information from DeepSeek within 20 days.

DeepSeek issued a succinct response to Garante’s inquiry, replying, “We don’t operate in Italy, and the GDPR does not apply to us.” Garante determined this to be contrary to its own determinations and facts. DeepSeek’s primary competitor, OpenAI, has previously been fined by Garante over its failure to ensure appropriate compliance with the GDPR when processing Italians’ personal data. Read More.

Asia Jurisdiction

4. New South Korean Law On Development Of AI Comes Into Effect

Date: January 21, 2025
Summary: The Basic Law on the Development of Artificial Intelligence and Creation of Trust Base has been officially signed into law and will take effect in the country from January 22, 2026. The law defines various aspects of AI, including “high-impact AI,” as systems that affect users’ human rights and safety in critical sectors such as healthcare and hiring. The key points of the law include the following:

• Promotion of AI safety, transparency, and societal stability principles;
• Obligations for organizations related to user notifications, risk assessments, and oversight for high-impact AI;
• Fines of up to KRW 30 million (~$20,872) and imprisonment for breaches.

The Ministry of Science and ICT will enforce the law, which includes a triennial Basic AI Plan and future guidelines for training data and SME support. Read More