Detailed overview
Ukraine does not currently have a full horizontal AI law equivalent to the EU AI Act. Ukraine's official AI regulation approach is based on staged preparation for future legislation, alignment with the EU AI Act and development of responsible AI practices before a binding AI law is adopted.
White Paper roadmap
The Ministry of Digital Transformation published a White Paper in 2024 describing Ukraine's approach to AI regulation. The approach is "bottom-up": first, Ukraine provides businesses with tools to prepare for future legal requirements and European market access; then, Ukraine plans to adopt a Ukrainian law analogous to the EU AI Act.
The first stage is based on self-regulation, voluntary commitments, codes of conduct, risk assessment, regulatory sandbox work, AI labelling initiatives, sector-specific recommendations and adaptation of human-rights impact assessment methodologies. The official roadmap refers to preparation of a regulatory sandbox and the development of Ukrainian law analogous to the AI Act during the 2023β2026 period.
Financial-sector AI
The National Bank of Ukraine has also published an official page on AI use by participants in the financial services market. The NBU states that Ukraine currently has no adequate legal framework or designated law to regulate AI, but that strategic documents provide for phased introduction of regulation and future sectoral guidelines. The NBU is developing sectoral guidance for ethical and responsible AI use in financial markets, with attention to consumer protection, transparency, human oversight, risk management, operational resilience, data and model requirements and information security.
Current compliance
Current AI compliance in Ukraine is therefore based on existing laws rather than a dedicated AI Act. Depending on the use case, AI may trigger requirements under data protection, consumer protection, financial regulation, cybersecurity, intellectual property, advertising, employment, criminal law or sector-specific regulation.
Penalties
There is no single Ukrainian AI-specific penalty table at this stage. Penalties depend on the underlying law breached. For example, an AI system that unlawfully processes personal data, misleads consumers, infringes intellectual property or violates financial-services rules would be assessed under those existing legal regimes.
Practical requirements & details
Sourced from Ministry of Digital Transformation White Paper on AI Regulation (2024), the AI Roadmap 2023β2026, NBU AI in financial services position, and existing Ukrainian legislation (Law on Personal Data Protection, Civil Code, Criminal Code).
Bottom-up stage (current)
- Voluntary self-regulation, codes of conduct, risk assessments.
- Regulatory sandbox preparation and AI labelling initiatives.
- Sectoral recommendations; human-rights impact assessments adapted from CoE methodologies.
Stage 2 β Ukrainian AI Act (planned)
- Analogue to the EU AI Act expected within the 2023β2026 horizon β risk-based, transparency and accountability duties, governance authority.
- Aligned with EU AI Act to support European market access.
NBU financial-sector AI guidance
- Developing guidance for ethical and responsible AI in financial markets.
- Focus on consumer protection, transparency, human oversight, risk management, operational resilience, data and model requirements, information security.
Existing-law overlays
- Personal Data Protection Law (2010, plus alignment with EU GDPR underway).
- Consumer protection, IP, advertising, employment, criminal law, sector-specific regulation.
- Cybersecurity Law and CERT-UA reporting for AI-related incidents.