January 2026 marked a turning point in the governance of technology, as nations moved from proposing rules to enforcing them. From the first full-fledged AI law in Asia to sweeping reforms in European digital policy, regulators made it clear that the era of self-regulation for the tech industry is over.

Asia-Pacific Leads with Enforcement

While the EU’s AI Act made global headlines, its staggered implementation allowed South Korea to seize the title of the first nation with a fully operational, comprehensive AI law. On January 22, the South Korean AI Basic Law came into effect, mandating that high-risk AI applications in sectors like energy, healthcare, and lending adhere to strict transparency and safety standards . Companies are now legally required to notify users when interacting with generative AI and must clearly label deepfake content, with fines reaching up to 3,000万 won (approximately $23,000) for non-compliance.

This was just one of several major regulatory shifts in the region. Taiwan activated its own AI Basic Law on January 14, enshrining principles of human-centric development, privacy, and fairness . Meanwhile, Vietnam and Malaysia saw major data and online safety legislation take effect on January 1. Vietnam’s Personal Data Protection Law (PDPL) imposes severe penalties for data leaks and strictly regulates cross-border data transfers, while Malaysia’s Online Safety Act 2025 requires service providers to implement robust content moderation and child protection tools or face significant fines.

In a notable test of these new powers, the Malaysian Communications and Multimedia Commission lifted its ban on X’s Grok AI chatbot on January 23, after the platform agreed to implement preventive safety measures to comply with local laws, demonstrating how regulators can enforce compliance from global players.