Chile has been moving toward a comprehensive, risk-tiered AI statute since 2024, but as of mid-2026 that statute remained a bill under consideration in the National Congress rather than binding law. In the meantime, a newly enacted data protection framework, an active data protection authority, and Chile's long-standing engagement with the OECD AI Principles already shape what operators deploying AI systems in the country must do. This guide sets out what the proposed bill would require, what already binds operators today, and how Chile's position compares to the EU AI Act and to the wider Latin American regulatory wave.

Key takeaways

  • Chile does not yet have a dedicated AI statute in force. A bill proposing a risk-tiered framework for AI systems, modeled on the EU AI Act, has been under consideration in the Chilean Congress since 2024 and remained unenacted as of mid-2026.
  • As proposed, the bill would classify AI systems into unacceptable-risk, high-risk, limited-risk, and minimal-risk tiers, with obligations that scale by tier and apply differently to providers and to deployers.
  • Chile already has binding data protection law in force. Ley 21.719, enacted in 2024, created the country's first dedicated data protection authority, the Agencia de Protección de Datos Personales, and its obligations are phasing in ahead of any AI-specific statute.
  • As an OECD member since 2010, Chile has engaged with the OECD AI Principles, updated in 2024, as a reference framework, and that framework has visibly shaped the risk-based structure of the pending AI bill.
  • Chile's pending framework sits within a broader Latin American regulatory wave that includes Brazil's PL 2338 and Peru's AI promotion law, positioning the region toward risk-based AI governance concepts drawn substantially from the EU AI Act, though none of these frameworks has yet reached the EU's stage of binding, fully enacted law.

What Chile's proposed AI bill would establish

Chile's Executive branch submitted a bill regulating artificial intelligence systems to the National Congress, commonly referenced in the Chilean legislative record under its assigned boletín number, proposing a risk classification model that closely tracks the structure of the EU AI Act. The bill sorts AI systems into four tiers: practices considered to pose unacceptable risk, which would be prohibited outright; high-risk systems, which would face the most detailed compliance obligations; limited-risk systems, which would be subject mainly to transparency duties toward the people affected by them; and minimal-risk systems, which would face few or no binding requirements under the proposed framework.

As drafted, the unacceptable-risk category would prohibit AI practices judged incompatible with fundamental rights, echoing the EU AI Act's prohibitions on manipulative or exploitative AI systems and certain forms of biometric categorisation and social scoring. The high-risk category is expected to capture AI systems used in consequential domains such as employment decisions, access to essential services, credit assessment, and law enforcement support, again mirroring the sectoral logic of the EU AI Act's high-risk annex. For systems in this tier, the bill would require documented risk assessment, record-keeping, and mechanisms for human oversight before and during deployment.

It is important to be precise about the bill's current status. As of mid-2026, the legislation remained under committee review in the Chilean Congress. It has not been enacted, and no effective date has been set. Operators should treat every requirement described in this section as proposed rather than binding, and should monitor the bill's progress through Congress rather than assume any fixed timeline for enactment.

Who the bill would bind: providers, deployers, and operators

Consistent with the EU AI Act and with Brazil's PL 2338, discussed further below, Chile's proposed framework draws a distinction between providers, meaning organisations that develop AI systems or place them on the market, and deployers or operators, meaning organisations that put AI systems into operational use. Under the proposed structure, providers of high-risk systems would carry the heavier documentation and pre-deployment obligations, including technical records describing how a system was designed, trained, and tested. Deployers would carry obligations that focus on the context of use: ensuring the system is used within its intended purpose, maintaining human oversight over consequential outputs, and providing notice to affected individuals where the bill's transparency provisions apply.

This bifurcated structure matters for any organisation building or licensing AI systems for use in Chile, because the compliance posture differs sharply depending on which role an organisation occupies. A foreign company licensing a general AI model to a Chilean bank would likely be treated as a provider under the proposed framework, while the bank deploying that model in a credit decision process would be treated as a deployer with its own distinct obligations. Organisations that both develop and operationally use AI systems, which is common among more vertically integrated technology companies, would need to satisfy both sets of obligations simultaneously.

What already applies today: data protection law and the new Agency

While the AI-specific bill remains pending, Chile is not a regulatory vacuum. In 2024, Chile enacted Ley 21.719, its first comprehensive data protection statute and a substantial modernisation of the country's previous, more limited privacy law. The statute created the Agencia de Protección de Datos Personales, Chile's first dedicated data protection authority, with investigatory and enforcement powers over the processing of personal data. Its obligations are being phased in, and by the time they are fully in force they will apply to any AI system that processes personal information, which in practice covers the large majority of consequential AI deployments, including recommendation engines, credit and underwriting tools, recruitment screening systems, and customer-facing conversational agents.

For AI operators, Ley 21.719 is the practical compliance baseline in 2026. It establishes rights of access, rectification, and deletion for individuals whose personal data is processed, requires a lawful basis for processing, and imposes security and accountability obligations on data controllers. None of these provisions is AI-specific, but all of them apply directly to AI systems that use personal data to make or inform decisions. Operators that have not yet mapped their Chilean AI deployments against Ley 21.719's requirements should treat that mapping exercise as the immediate priority, independent of how the AI-specific bill eventually resolves.

Chile's existing consumer protection law and general civil liability principles also apply to AI-generated outputs that affect consumers or cause harm, in the same manner that horizontal law has applied to automated systems in Chile prior to any AI-specific statute. Operators should not wait for the AI bill to address these existing, binding obligations.

Enforcement and penalties: a regime still taking shape

Because the AI-specific bill remains under legislative review, its enforcement architecture and penalty structure are not yet settled. Earlier drafts have referenced an administrative enforcement model, with a designated authority responsible for supervision, in keeping with the general international pattern of assigning AI oversight either to a new body or to an existing data protection or consumer protection regulator. Chile's committee process has not yet finalised which body would hold that mandate, whether it would be the newly created Agencia de Protección de Datos Personales, a new AI-specific authority, or a shared arrangement between multiple regulators.

Equally, the specific penalty amounts that would attach to violations under the bill have not been finalised through the legislative process, and operators should be cautious of any source that states a fixed fine figure for Chile's AI framework as though it were settled law. What can be said with confidence is the general shape of the debate: legislators have discussed a tiered penalty structure that would scale with the severity of the violation and the risk classification of the system involved, consistent with the proportionality principle found in the EU AI Act's own penalty regime. Until the bill is enacted, the operative enforcement mechanisms in Chile remain those attached to Ley 21.719 and to consumer protection law, both of which carry established, functioning enforcement processes today.

Chile compared to the EU AI Act

The structural resemblance between Chile's proposed bill and the EU AI Act is deliberate and well documented in the Chilean legislative debate. Both frameworks use a four-tier risk classification. Both frameworks scale obligations to that classification, with the heaviest burden falling on high-risk systems. Both frameworks distinguish between providers and deployers, assigning different obligations to each role. For operators that have already built a compliance programme for the EU AI Act, this structural alignment is a practical advantage: the underlying risk assessment methodology, technical documentation practices, and human oversight mechanisms developed for EU compliance are likely to transfer substantially to whatever Chile eventually enacts.

The material difference between the two frameworks in 2026 is not structure but status. The EU AI Act is in force, with prohibited practices already binding and high-risk obligations phasing in on a defined, if still evolving, timeline. Chile's framework remains a bill, without an enactment date, without a finalised enforcement authority, and without a settled penalty regime. Operators should read the structural similarity as a useful signal for future planning, not as a basis for treating Chile's obligations as already in force. For a detailed treatment of the EU framework itself, see the EU AI Act operator obligations guide on agentliability.eu.

Chile's long OECD membership, since 2010, is a further point of continuity with the EU approach. As a member state, Chile has engaged with the OECD Principles on AI, updated in their 2024 revision, which emphasise human-centred values, transparency, robustness, and accountability. Chilean policymakers have referenced the OECD Principles explicitly as an influence on the pending bill's risk-based structure, reinforcing the sense that Chile's eventual framework will sit within the same broad international consensus that shaped the EU AI Act. For background on how the OECD Principles interact with binding regulatory frameworks more generally, see the OECD AI Principles operators guide.

Chile in the Latin American regulatory wave: what operators should do now

Chile's pending bill is not an isolated development. It sits within a broader pattern across Latin America in which several legislatures are actively considering risk-based AI governance concepts drawn substantially from the EU AI Act. Brazil's PL 2338, discussed in detail in the Brazil AI bill operators guide, follows a similar risk-based logic and remains under active congressional debate. Peru enacted a lighter, development-oriented law in 2023 that promotes AI adoption rather than imposing a risk-tiered compliance structure, illustrating that the region has not converged on a single model even as several countries move in a broadly similar direction.

For operators active or planning to operate in Chile, the practical priorities in 2026 are straightforward. First, complete a Ley 21.719 compliance mapping for every AI system that processes personal data in Chile, since this is binding law today regardless of how the AI bill resolves. Second, monitor the bill's progress through Congress directly rather than relying on secondary summaries, since its risk categories, enforcement authority, and penalty structure remain subject to committee amendment. Third, where an EU AI Act compliance programme already exists, use it as the starting documentation for Chilean readiness, given the structural alignment between the two frameworks, while recognising that Chile's eventual final text may differ from current drafts in material respects. Fourth, treat the regional pattern as a whole: an organisation operating across Chile, Brazil, and other Latin American markets should build a single risk-based governance framework capable of accommodating each jurisdiction's specific requirements as they are enacted, rather than building separate, jurisdiction-specific programmes from scratch. For the insurance and liability dimension of operating AI systems across jurisdictions with evolving regulatory status, see agentinsured.eu.

Does Chile have an AI law?

Not yet, as a dedicated AI-specific statute. Chile's National Congress has been reviewing a bill that would establish a risk-tiered framework for AI systems, modeled on the EU AI Act, since 2024. As of mid-2026 the bill remained under legislative consideration and had not been enacted. Until it passes, AI deployment in Chile is governed by existing horizontal law, principally the new data protection statute Ley 21.719, along with consumer protection and general civil liability rules.

What is Chile's AI bill and what would it require?

The bill under consideration proposes to classify AI systems into four risk tiers: unacceptable-risk practices that would be prohibited outright, high-risk systems subject to the most demanding obligations, limited-risk systems subject to transparency duties, and minimal-risk systems facing few or no binding requirements. As proposed, obligations would scale by tier and would bind both providers that develop or place AI systems on the market and deployers that use them operationally, echoing the provider and deployer distinction found in the EU AI Act.

What data protection law applies to AI in Chile today?

Chile enacted Ley 21.719 in 2024, its first comprehensive data protection statute, which created the country's first dedicated data protection authority, the Agencia de Protección de Datos Personales. The law's obligations are phasing in and apply to the processing of personal data generally, including processing carried out by AI systems. Operators using AI to make decisions involving personal data in Chile should treat Ley 21.719 as their binding compliance baseline while the AI-specific bill remains pending.

How does Chile's approach compare to the EU AI Act?

Chile's proposed bill borrows the EU AI Act's structural logic closely: a four-tier risk classification, obligations that scale with risk, and a provider and deployer distinction. The EU AI Act is already in force with staged compliance deadlines and a defined penalty regime. Chile's framework, by contrast, remains a proposal moving through Congress, with its enforcement architecture and penalty structure still being negotiated. Operators already compliant with the EU AI Act are likely well positioned for whatever Chile eventually enacts, since the underlying risk logic is closely aligned.

Is Chile part of a broader Latin American AI regulatory trend?

Yes. Chile's pending bill sits alongside Brazil's PL 2338, which proposes a similarly risk-based framework and remains under congressional debate, and Peru's 2023 law promoting AI adoption, which takes a lighter, development-oriented approach rather than a risk-tiered compliance model. Together these instruments suggest a regional pattern in which several Latin American legislatures are converging on risk-based AI governance concepts drawn substantially from the EU AI Act, even though none of the region's frameworks had reached the EU's stage of binding, fully enacted law as of mid-2026.

References

  1. Chile. Bill regulating artificial intelligence systems, commonly referenced in the Chilean Congress legislative record as Boletin No. 15869-19, introduced by presidential message in 2023, under committee review as of mid-2026.
  2. Chile. Ley 21.719, which modernises the legal framework for the protection of personal data and creates the Agencia de Protección de Datos Personales, enacted 2024.
  3. OECD. Recommendation of the Council on Artificial Intelligence, OECD/LEGAL/0449, adopted May 2019, updated May 2024. Chile, an OECD member since 2010, is an adherent.
  4. Brazil. PL 2338/2023, Bill of Law establishing the legal framework for artificial intelligence, under congressional consideration 2024 to 2026.
  5. Peru. Ley N° 31.814, law promoting the use of artificial intelligence for the country's economic and social development, enacted 2023.
  6. European Parliament and Council. Regulation (EU) 2024/1689 on Artificial Intelligence (EU AI Act). Official Journal of the European Union, 12 July 2024.