Licentium

AI Regulation Hub

Brazil

Brazil has no fully enacted horizontal AI law. PL 2338/2023 has advanced through the Senate but still needs Chamber approval. Current AI compliance is based on existing laws — notably the LGPD for personal data.

Key provisions

PL 2338/2023 (proposed AI framework)

Draft

Designed around responsible AI governance, fundamental rights, legal certainty, risk management and innovation. Includes rights of affected persons, governance duties, risk classification and oversight. Senate-approved; Chamber approval still required.

Brazilian General Data Protection Law (LGPD)

In force

AI systems that process personal data fall under the LGPD: lawful basis, transparency, security, individual rights, automated decision safeguards.

Existing sectoral overlays

In force

AI used in consumer services, employment, credit, healthcare, public administration, advertising, IP or regulated sectors may trigger additional requirements under existing law.

Detailed overview

Brazil does not currently have a fully enacted horizontal AI law equivalent to the EU AI Act. The main national AI bill is PL 2338/2023, which is intended to establish general rules for the responsible development and use of artificial intelligence. The bill has advanced through the Senate, but official Chamber of Deputies materials state that it still requires Chamber approval before becoming law.

Proposed framework

The proposed Brazilian AI framework is designed around responsible AI governance, protection of fundamental rights, legal certainty, risk management and innovation. Draft materials refer to rights of affected persons, governance duties for AI agents, risk classification and oversight mechanisms. However, these duties should be described as proposed obligations until the bill is enacted.

Current compliance

Current AI compliance in Brazil is based mainly on existing law. AI systems that process personal data may fall under the Brazilian General Data Protection Law. AI used in consumer services, employment, credit, healthcare, public administration, advertising, intellectual property or regulated sectors may trigger additional legal requirements.

Penalties

Brazil does not currently have one operative AI-specific penalty table under PL 2338/2023 because the bill is not yet enacted. Penalties currently arise under the underlying applicable laws, including data protection, consumer protection, civil liability, employment, intellectual property, financial regulation and sector-specific rules.

Practical requirements & details

Sourced from PL 2338/2023 (proposed AI framework, Senate-approved Dec 2024), the LGPD (Law 13.709/2018), ANPD's preliminary AI guide (2024), and sectoral rules from BACEN, ANS, CADE.

PL 2338/2023 — proposed framework (not yet enacted)

  • Risk-based: excessive risk (prohibited), high risk, general AI — with corresponding duties.
  • Rights of affected persons: information about decisions, contestation, human review, explanation, non-discrimination, privacy.
  • Governance duties: risk assessment, transparency reports, human oversight, security.
  • Sanctions framework (under negotiation): warnings, daily fines, fines up to BRL 50 million per violation or 2% of group turnover.
  • Status: Senate-approved; awaits Chamber of Deputies and presidential sanction. Should not be relied on as binding law yet.

LGPD applies to AI today

  • All AI processing personal data: lawful basis, purpose limitation, transparency, security, data-subject rights.
  • LGPD Art. 20: right to review of automated decisions — controller must provide clear information about criteria and procedures used.
  • ANPD fines up to 2% of group revenue per breach, capped at BRL 50 million per violation.

Sector overlays

  • BACEN Resolução 4.658/2018 + 4.893/2021 — cybersecurity + cloud requirements for banks, applies to AI services.
  • ANS — health-insurance AI subject to underwriting and non-discrimination rules.
  • CADE — antitrust scrutiny of AI-driven pricing, recommendation and market-power conduct.
  • Code of Consumer Defence — misleading AI advertising, dark patterns and unsafe AI products.

Ready to launch without the regulatory guesswork?

Book a 30-minute consultation. We'll map your AI or licensing path and tell you exactly what's required, in plain language.

Get Started