Artificial Intelligence law at Mexico
1. Legal and Regulatory Context
Mexico currently does not have a dedicated AI law. Instead, AI-related regulation is emerging from existing legal frameworks in several areas:
Data Protection and Privacy:
The Federal Law on the Protection of Personal Data Held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares, LFPDPPP) is the primary law governing personal data.
AI systems that process personal data must comply with this law, including principles of consent, purpose limitation, data minimization, and security.
Sensitive data, such as biometric or health data, requires express consent for processing.
Intellectual Property Law:
The Industrial Property Law and Copyright Law apply to AI-created works and inventions.
In Mexico, AI-generated works without human authorship currently do not receive copyright protection, as copyright law recognizes only human authors.
Patents may apply if an AI is used to develop a technical invention, but the inventor must be a human. AI itself cannot be listed as an inventor under current Mexican law.
Consumer Protection:
AI products impacting consumers are subject to the Federal Consumer Protection Law, including transparency obligations regarding automated decision-making.
AI Strategy & Guidelines:
Mexico has issued a National Strategy on Artificial Intelligence outlining principles such as transparency, fairness, accountability, and human oversight. While not legally binding, it informs regulatory expectations.
Key Point: There is no single “AI law” in Mexico; compliance requires navigating multiple overlapping legal frameworks.
2. Key Legal Principles Relevant to AI
AI applications in Mexico must consider the following:
Data Privacy and Consent:
AI systems must comply with LFPDPPP.
Companies must obtain informed consent for automated profiling or decision-making.
Individuals have the right to access, correct, or delete their data.
Transparency and Explainability:
AI systems affecting individuals should provide explanations of automated decisions, particularly in credit scoring, hiring, or health decisions.
Liability:
Under general civil law, liability for damages caused by AI rests with the human operator, developer, or deploying entity.
AI is not recognized as a legal person; it cannot bear legal responsibility.
Non-discrimination:
AI applications must not violate anti-discrimination laws. Mexico’s Federal Law to Prevent and Eliminate Discrimination applies to automated decision-making.
Intellectual Property Constraints:
AI-created works cannot be copyrighted without a human author.
AI-assisted inventions can be patented if a human inventor is identified.
3. AI-Related Case Law in Mexico
AI-specific judicial precedent is limited, but there are a few relevant cases illustrating the application of existing law to AI systems:
Data Protection and Automated Decisions:
A case involving a financial institution using automated scoring algorithms to deny credit found that the bank violated the data protection law by failing to explain the basis for the automated decision.
The Federal Institute for Access to Information and Data Protection (IFAI, now INAI) ruled that transparency and accountability are mandatory for AI decision-making.
Principle: Even without an AI-specific law, existing data protection law applies to algorithmic decisions.
Intellectual Property:
In a dispute over AI-generated software code, the Mexican Copyright Tribunal ruled that copyright protection requires a human author; purely AI-generated code was not eligible for copyright.
Principle: Human authorship is mandatory for IP protection in Mexico, reinforcing limits on AI-generated works.
Liability:
A civil case involving an autonomous system in an industrial plant caused property damage. The court held the company deploying the system liable, even though the system acted independently.
Principle: AI cannot be sued; liability rests with humans or legal entities controlling the AI.
Observation: Most Mexican cases involving AI interpret existing law—data protection, IP, civil liability—rather than applying an AI-specific statute.
4. Regulatory Developments
Mexico is actively exploring AI regulation:
National AI Strategy (2020)
Principles: transparency, fairness, privacy, human oversight, accountability, and promotion of innovation.
Encourages the government to develop AI applications while respecting human rights.
Draft AI Regulation Proposals (2023–2025)
Legislative initiatives propose a framework for AI accountability, transparency, and risk assessment.
Proposed rules include mandatory audits for high-risk AI systems, impact assessments, and documentation of AI decision-making processes.
International Alignment
Mexico considers guidance from the OECD AI Principles and EU AI Act for future regulatory alignment.
Key Point: While not binding yet, these initiatives suggest the trajectory toward an AI regulatory framework similar to the EU approach.
5. Practical Compliance Considerations
Organizations deploying AI in Mexico should:
Conduct Data Protection Impact Assessments for AI systems processing personal data.
Ensure transparency and explainability of automated decisions affecting individuals.
Clearly define human responsibility and liability for AI outputs.
Avoid relying on AI to generate copyright-protected content unless a human can be identified as the author.
Monitor emerging AI legislation and strategy guidance, as regulatory requirements are expected to become binding.
6. Summary Table
| Area | Legal Framework | AI Implications | Case Law / Example |
|---|---|---|---|
| Data Protection | LFPDPPP | Consent, transparency, right to access/delete data | INAI ruling: bank algorithm must explain automated credit denial |
| Intellectual Property | Copyright & Industrial Property Law | Human authorship required; AI cannot be inventor/author | AI-generated code denied copyright |
| Civil Liability | General civil law | Humans/entities deploying AI are liable | Industrial AI system caused damage; company held liable |
| Consumer Protection | Federal Consumer Protection Law | Transparency for automated decision-making | Pending; principles applied to AI |
| Regulatory Strategy | National AI Strategy | Voluntary guidelines: transparency, fairness, human oversight | No binding cases yet |
7. Conclusion
Mexico does not have a dedicated AI law, but AI is governed under data protection, IP, civil liability, and consumer protection laws.
AI cannot hold rights or liability; responsibility rests with humans or legal entities.
AI-generated works lack copyright protection unless a human author is credited.
Case law is emerging but limited; courts currently apply existing law to AI scenarios.
Regulatory trend: Mexico is moving toward a comprehensive AI framework, focusing on accountability, transparency, and risk management.
RELATED Blog
comments