Mexico Ai Regulation

Mexico is progressing toward a comprehensive AI governance framework through the Federal Law for the Ethical, Sovereign, and Inclusive Development of Artificial Intelligence. The initiative aims to establish a legal foundation for the development, implementation, supervision, and promotion of AI systems, emphasizing ethics, human rights, and technological sovereignty.

Status: Draft law under review by the Mexican Congress


Check the: Federal Law for the Ethical, Sovereign, and Inclusive Development of Artificial Intelligence

Main Objectives

  • Establish a general legal framework for AI development, implementation, supervision, and promotion across Mexico.

  • Ensure that AI innovation respects and promotes human rights.

  • Define technical concepts to improve regulatory clarity.

  • Establish the National Platform for Algorithmic Auditing (PNAA) as an autonomous body responsible for auditing datasets, algorithms, and AI systems.

  • Create the National Council of Artificial Intelligence (CNIA) as a decentralized public body with technical autonomy and legal personality.

  • Implement a risk-based traffic light system to classify AI systems by potential impact and required supervision.


The initiative seeks to regulate Artificial Intelligence by establishing a comprehensive legal framework for its development, implementation, and oversight. It focuses on ethical AI, protection of human rights, and promotion of Mexico’s technological sovereignty.


Legislative Summary

The initiative contemplates a risk-based classification framework for AI systems, very similar to the model established by the European Union’s AI Act.

This structure allows proportional regulation — meaning that the higher the potential impact on people’s rights, the greater the level of oversight and accountability required.

Classification according to the “Risk Traffic Light System” proposed in the law:

(See: Federal Law for the Ethical, Sovereign, and Inclusive Development of Artificial Intelligence – Draft Text (Cámara de Diputados, 2025)

Compliance Roadmap

Every AI system (regardless of its type) carries specific obligations depending on its assigned risk category.

These obligations range from basic transparency requirements to complex algorithmic audits and human oversight protocols.

To explore the specific compliance requirements for each AI category, visit:

Minimal-Risk Systems Obligations:

º Regardless of their risk level, every AI system must:Respect ethical principles: 

º  Transparency, fairness, and accountability. 

º Ensure data privacy and security: Comply with ARCO rights and implement robust cybersecurity measures.

º Prevent bias and discrimination: Continuously monitor outputs and correct unfair or discriminatory results.

º Disclose automated interaction: Clearly label when users are engaging with an AI system.

º Avoid harmful behaviors: Prohibit outputs that promote violence, manipulation, or self-destructive actions.

º Guarantee verifiability and methodological transparency: Document algorithms, data sources, and decision-making processes.

º Provide training and resources: Offer guides, tutorials, or user support to promote responsible and informed use.

Limited-Risk Systems Obligations
High-Risk Systems Obligations

Compliance Roadmap:

Before you begin, it’s essential to determine your system’s risk level.

If your AI is classified as Limited Risk or High Risk, you will need to comply with additional obligations such as transparency reports, user consent mechanisms, algorithmic audits, and registration with CNIA or PNAA.

Note: Every AI system has legal and technical obligations depending on its category.

To evaluate how compliant your project already is, access the official AI Compliance Checklist – BlackboxMX and verify your level of readiness for regulatory approval.

Step-by-Step Compliance Roadmap


A. Risk Assessment

Classify your AI systems according to the law: prohibited, high, limited, or minimal risk.

This first step determines which obligations apply and whether your system requires registration or audits.

PNAA Risk Classification Guide


B. Algorithmic Impact Assessment (AIA)

Conduct an Algorithmic Impact Assessment for high-risk systems or sensitive sectors, identifying risks and mitigation measures.

For limited-risk systems, preparation for an AIA is recommended but not mandatory.

See AIA Template and Requirements


C. Mandatory Registration (RENSIA)

If applicable, obtain a risk determination and register your system in the National AI Registry.

Ensure full traceability and maintain auditable logs for verification.

National AI Registry (CNIA draft model)


D. Internal Review

Align your contracts, privacy policies, protocols, and legal notices with the new regulatory framework.

This ensures that governance and accountability mechanisms are properly embedded.

Legal Alignment Resources


E. Training and Oversight

Build internal capacity by training your team, documenting methodologies, designating responsible officers, and implementing internal audit mechanisms.

Strong internal oversight is key to demonstrating proactive compliance.

Training and Oversight Guidelines


Other Resources:


AI CLASSIFICATION BOOKLET