Licentium

AI Regulation Hub

Mexico

Mexico has no enacted comprehensive AI Act. The Senate has been working on initiatives to regulate and promote AI; existing personal-data, consumer, sectoral and criminal law govern current compliance.

Key provisions

Senate AI initiatives

Draft

The Mexican Senate has been working on initiatives to regulate and promote AI. Not enacted national AI law unless formally approved and published.

Mexican personal-data law overlay

In force

AI systems involving personal data must comply with Mexican personal-data protection rules.

INAI AI personal-data recommendations

In force

Privacy, transparency, lawful processing, proportionality, accountability and protection of individuals where AI systems process personal data.

Sectoral overlays

In force

AI in consumer, finance, healthcare, employment, education, advertising, IP, public administration or criminal contexts may trigger sector-specific obligations.

Detailed overview

Mexico does not currently have a single enacted comprehensive AI Act. AI governance is developing through legislative proposals, personal-data guidance, public-sector discussion and existing laws.

Legislative process

The Mexican Senate has been working on legislative initiatives to regulate and promote artificial intelligence. Official Senate communications refer to work on a general AI law, but these initiatives should not be treated as enacted national AI law unless formally approved and published.

Existing-law overlays

Mexico's current AI compliance framework is therefore based mainly on existing law. AI systems involving personal data must comply with Mexican personal-data protection rules. AI used in consumer services, finance, healthcare, employment, education, advertising, intellectual property, public administration or criminal conduct may trigger sector-specific obligations.

INAI AI personal-data recommendations

Mexico's data-protection authority has issued general recommendations for personal-data processing in AI. These recommendations focus on privacy, transparency, lawful processing, proportionality, accountability and protection of individuals where AI systems process personal data.

Penalties

Mexico does not currently have one AI-specific penalty table. Penalties depend on the breached legal regime, including personal-data protection, consumer protection, financial regulation, healthcare regulation, employment law, telecommunications, intellectual-property law or criminal law.

Practical requirements & details

Sourced from LFPDPPP (Federal Law on Personal Data Protection Held by Private Parties), INAI recommendations on AI and personal data, ongoing Senate legislative initiatives, and sectoral guidance.

INAI AI personal-data recommendations

  • Privacy by design and by default.
  • Lawful basis (consent default for non-public personal data).
  • Transparency: clear privacy notices for AI uses.
  • Proportionality.
  • Accountability documentation.
  • Individual rights: ARCO (access, rectification, cancellation, opposition) and rights related to automated decisions.

LFPDPPP overlay

  • Privacy notice obligations for AI processing.
  • Security: administrative, physical and technical measures.
  • Breach notification to affected data subjects.
  • INAI fines: up to ~MXN 30M per violation; doubled for sensitive-data offences.

Senate AI initiatives (in progress)

  • Various proposals before the Mexican Senate; should not be treated as enacted law unless formally approved.

Sector overlays

  • CNBV + Banxico on AI in financial services.
  • COFEPRIS on AI medical devices.
  • Federal Consumer Protection Law for AI-driven misleading practices.
  • Federal Telecommunications Institute (IFT) for AI in telecoms.

Ready to launch without the regulatory guesswork?

Book a 30-minute consultation. We'll map your AI or licensing path and tell you exactly what's required, in plain language.

Get Started