1. AI Regulation and Governance
The Asia-Pacific region has entered a critical phase of active enforcement and implementation in early 2026, transitioning from years of legislative drafting to real-world compliance obligations. Driven by the rapid rollout of AI frameworks, intensified data privacy enforcement, geopolitical supply-chain pressures, and corporate governance reforms, legal priorities are now centred on immediate risk management, operational audits, and strategic adaptation for businesses operating across the region.
AI laws in effect are prompting urgent compliance across sectors such as tech, fintech, healthcare, and manufacturing.
- Vietnam — The Law on Artificial Intelligence, passed 10 December 2025, took effect 1 March 2026, making Vietnam the first Southeast Asian nation with a comprehensive standalone AI regime. Adopting a risk-based model, it mandates human oversight for generative AI, content labelling, bans on certain high-risk applications, and extraterritorial application. Grace periods apply: up to 18 months for legacy high-risk systems in health, education, and finance (until March/September 2027). This is driving widespread compliance efforts among multinationals and local firms.
- South Korea — The Framework Act on Artificial Intelligence Development and Establishment of Trust (AI Basic Act) entered into force 22 January 2026. It covers governance, transparency, risk management for high-impact systems, generative AI labelling, and extraterritorial reach, balancing innovation with safety. Enforcement decrees and sector-specific guidelines continue to be issued.
Region-wide implications: China’s generative AI labelling and security rules tighten; India’s AI guidelines face growing scrutiny; Singapore’s frameworks guide best practices; Japan’s approach remains innovation-focused. Expect audits, contract revisions, and risk assessments to dominate legal agendas.
2. Data Privacy and Cross-Border Data Enforcement Surge
This is closely linked to AI data requirements.
- India’s Digital Personal Data Protection Act (DPDPA) — Phased enforcement is advancing with administrative rules effective from late 2025 and full operational obligations (including consent managers and penalties) ramping up toward 2026–2027 (full compliance deadline 13 May 2027). Strict consent, transfer restrictions, and high fines drive major compliance overhauls in tech and e-commerce.
- South Korea and Japan are intensifying enforcement relating to biometric data and breach reporting amid rising incidents.
- Regional multi-agency investigations are increasing, with a particular focus on AI-driven data risks.
3. Corporate and Regulatory Enforcement Wave
Reforms introduced in prior years are now taking effect:
- China — Amended Arbitration Law (the first major update since 1995) takes effect on 1 March 2026, introducing ad hoc arbitration, online options, shorter set-aside timelines, and access for foreign institutions.
- Indonesia — Corporate criminal liability strengthened under new codes.
- Japan — Governance reforms boost FDI; stricter tech/defence screening.
- Hong Kong — Construction payment ordinance fully operational.
- Singapore — Enhancements to AML frameworks, transparency requirements, and stablecoin regulation.
4. M&A, PE/VC, IPO Rebound Amid Geopolitics
Activity surges despite US tariffs:
- PE/VC activity is thriving in Japan and India (tech/healthcare focus).
- IPO momentum from 2025 continues in Hong Kong, China, and India.
- Private credit expands; infrastructure/energy transition deals rise.
- Geopolitical due diligence is intensifying, particularly in relation to supply chains and sanctions exposure.
