Artificial Intelligence 2025 Comparisons

It is important to note that, at present, there is no specific law on AI in Mexico. However, there is a general framework in the country through which this technology could be regulated. For example, by virtue of reforms to the Organic Law of the Federal Public Administration (Ley Orgánica de la Administración Pública Federal) published on 28 November 2024, one of the new bodies of the Mexican Government is the Agency for Digital Transformation and Telecommunications (Agencia de Transformación Digital y Telecomunicaciones, or the “Agency”), which, although not having the express authority to craft, modify or enforce regulations on AI specifically, is in charge of issuing and carrying out the policies of the Mexican federal government pertaining to technology.

It is important to note that the Agency evolved from being a division of the Office of the President of Mexico to a full-fledged department within the federal government.

According to Endeavor, key industry applications of AI in Mexico include business intelligence and analytics, machine learning (ML), robotic process automation (RPA) and robotics. Alcor indicates that other key spheres for AI adoption in the country include IT processes, monitoring and security.

This makes sense considering the importance of Mexico as a global industrial powerhouse. For example, according to the Harvard Atlas of Economic Complexity, Mexico’s exports in certain industries areas (ie, electronics, machinery, vehicles and chemicals) reached almost USD320 billion during 2022.

The benefits to businesses of the adoption of the aforementioned AI technologies include the automation and optimisation of key industry processes, leading to a decrease in costs and an increase in the efficiency and effectiveness thereof.

An important cross-industry, co-operative initiative in Mexico is Coalición IA2030Mx, a private sector-led group created in 2018 that has devised different products to enable the adoption of AI technologies in the country. Mexican universities have also played a relevant role in furthering the use of AI, for example by creating a committee within the National Association of Higher Education Institutions (Asociación Nacional de Universidades e Instituciones de Educación Superior) for the ethical use of AI and fostering the creation of education programmes specialised in AI, among other initiatives. This is particularly relevant considering that, according to the Economic Commission for Latin America and the Caribbean, Mexico has a demographic dividend that will last until the decade of 2030.

Finally, the United Nations Educational, Scientific and Cultural Organization (UNESCO) has recently stated that, according to the Latin American Index of Artificial Intelligence (Índice Latinoamericano de Inteligencia Artificial), the use of AI by the private sector in Mexico is still low when compared to other jurisdictions in the region. As such, this represents a significant business opportunity for AI developers and deployers.

Mexican authorities – particularly at the federal level – have expressed their interest in facilitating the adoption and advancement of AI, both for industry use and for governmental purposes.

For example, the amendments to the Organic Law of the Federal Public Administration dated 28 November 2024 created the Department of Science, Humanities, Technology, and Innovation (Secretaría de Ciencia, Humanidades, Tecnología e Innovación, or the “Department of Science”), which is different from the Department of Public Education (Secretaría de Educación Pública) and is intended to (i) guarantee the right of every person to enjoy the benefits of scientific and technology advances, (ii) foster innovation and development in strategic and priority areas, (iii) enact national policy in science and technology, and (iv) encourage the collaboration of higher education institutions with the productive sector, among other purposes.

Also, the federal executive branch recently submitted a bill for a new federal public procurement act (the Public Sector Acquisitions, Leases, and Services Act, or Ley de Adquisiciones, Arrendamientos y Servicios del Sector Público), in which a new public procurement process is considered in order to simplify the assigning and awarding of framework contracts, a mechanism that has been implemented to acquire all sorts of technology services aiding the Mexican public sector at the municipal, state and federal levels.

Finally, it is also worth mentioning that the Secretary of the Agency indicated in Bloomberg CityLab 2024 that they are aiming to create the Data Intelligence Center as an in-house governmental data consultancy service to feed AI and neural networks systems.

There is still a lack of clarity in the general approach to regulating AI in Mexico. However, in Bloomberg CityLab 2024, the Secretary of the Agency outlined two views that seem to define the general approach of Mexican authorities – particularly at the federal level – to technology in general and AI in particular:

• treating technology as a tool to solve specific, predefined problems; and
• guaranteeing access to technology for all persons in the country, regardless of their socioeconomic status.

Currently, various legislative processes are underway. For example, according to research by the Computer Science Department of the National University of Mexico, between 2020 and July 2024, there were 58 bills in the Mexican Congress dealing either generally or specifically with AI (eg, potentially modifying the Federal Criminal Code to criminalise certain conduct that could constitute abuse of such technology, such as the creation of deepfakes related to explicit content or the use of AI in cyber-attacks).

Such bills continue to be in the analysis phase within the Mexican federal legislative branch. In the authors’ view, this may be due to a recent reorganisation of the federal government, which created both the Department of Science and the Agency through the amendments to the Organic Law of the Federal Public Administration.

Another possible reason why legislative action has not yet been taken is the lack of a defined national AI strategy (contrary to what has occurred in different jurisdictions around the world). This is the case despite the Coordination for the National Digital Strategy (Coordinación de la Estrategia Digital Nacional) – the precursor of the Agency, which depended on the Office of the President of Mexico – endorsing a report titled “Towards an AI strategy in Mexico: Leveraging the AI revolution” (Hacia una estrategia de inteligencia artificial en México: Aprovechando la revolución de la IA), which was commissioned by the British Embassy of Mexico and included a list of recommendations regarding public policy.

It is notable that the aforementioned bills include three proposals to amend the Constitution in order to make it clear that the regulation of AI would be accomplished by Mexico’s Federal Congress.

As mentioned in 3.1 General Approach to AI-Specific Legislation, no AI-specific legislation has yet been enacted in Mexico.

In 2024, the Mexican Data Privacy Authority (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales,or INAI) issued a set of recommendations for the processing of personal data derived from the use of AI (the “INAI Recommendations”). The objectives of the recommendations are to:

• spread knowledge of the relationship between AI and the fundamental right to the protection of personal data (recognised by the Mexican Constitution in Article 16, second paragraph);
• promote adequate and ethical use of personal data in technologies that use AI; and
• orient data controllers to better comply with their obligations as per Mexican law.

Under the new Data Privacy Law (the “New Privacy Law”) enacted on 20 March 2025, the powers of the INAI were vested to the restructured Department for Anti-Corruption and Good Governance (Secretaría Anticorrupción y Buen Gobierno, or the “Anti-Corruption Department”), and the INAI will be dissolved shortly.

There is no applicable information in this jurisdiction.

In Mexico, certain public bodies have issued non-binding recommendations to foster the adoption of AI technology.

For example, the INAI Recommendations (see 3.3 Jurisdictional Directives) were issued with a focus on fostering the adoption of AI, recognising that this technology has multiple benefits such as strengthening the industrial and economy sectors by improving their processes, acquiring information in real time and analysing large amounts of data, as well as modelling and understanding human learning to facilitate the execution of complicated activities (page 8, first paragraph, of the INAI Recommendations).

In this regard, the INAI Recommendations propose certain measures that facilitate the use of AI, while at the same time respecting the rights of the data subject such as by adopting a “privacy-by-design” approach when designing and implementing AI technologies (page 22, last paragraph).

Concerning intellectual property (IP) matters, in July 2024 a representative from the governing coalition submitted a bill to the Mexican Congress in order to amend the Federal Copyright Law (Ley Federal del Derecho de Autor) to expressly allow authors, as well as artists and interpreters, to authorise – or forbid – the processing, creation or derivation of audiovisual material generated through AI. This initiative is still being processed within the Mexican federal legislative branch.

Key AI-specific legislation still in the analysis stage is as follows.

Bill to Enact the Law on the Ethical Regulation of Artificial Intelligence and Robotics

The main purpose of this bill to foster the ethical use of AI and robotics technology. It also mandates the creation of technical standards in accordance with the Mexican Quality Infrastructure Act (Ley de Infraestructura de la Calidad). The bill proposes the creation of a public-private committee on AI ethics. Such committee would be able to obtain information on the uses of AI by governmental and non-governmental entities.

Bill to Enact the Law That Regulates the Use of Artificial Intelligence

This bill forbids the use of AI in certain cases of unacceptable risk and makes the Mexican Institute of Copyright (Instituto Nacional del Derecho de Autor) the authority regulating AI technology.

Bill to Enact the Federal Law to Regulate Artificial Intelligence

This bill, introduced by a prominent member of the ruling party MORENA, incorporates a risk-based approach to AI inspired by that of the European Union. As in the European Union, the idea is to foster ethical use of this technology. The bill also includes certain rules on transparency in order to halt abuses such as the creation of deepfakes. A relevant aspect is that the regulator for the telecommunications sector would also be in charge of enforcing the bill, thus effectively being both the telecoms regulator and the authority for new technologies that use the internet but are not part of the telecoms sector per se. It is important to note that, as of November 2024, the Agency is the Mexican telecoms regulator.

Interestingly, this bill regulates the development of AI, as well as its sale and use. Furthermore, the bill also proposes the extraterritorial application of the law to AI “providers” (a concept similar to that of “deployers”) located outside of Mexican territory whenever any outputted information or results are to be used in Mexico, or when AI systems are fed information and data protected by the Mexican laws on IP.

It further requires AI providers to distribute AI technologies that have been approved by Mexican authorities, and any such AI models shall also be overseen by the competent authorities.

Bill to Enact the National Law That Regulates the Use of Artificial Intelligence

This bill creates a system of authorities that must co-ordinate to regulate the use of AI, as well as a National Center of AI, and advocates for full publication of all the information that the authorities gather in connection with the application of AI. It also provides rules on cybersecurity, as well as the source of the information fed into AI models.

The following describes a key judicial decision that was issued pertaining to generative AI and IP rights:

• court – the Federal Administrative Court (Tribunal Federal de Justicia Administrativa);
• docket – 788/24-EPI-01-2;
• issues – (i) can artwork created by generative AI be protected under the Federal Copyright Law?; and (ii) can authorial moral rights be recognised in favour of generative AI?; and
• holdings – (i) no, artwork created by generative AI cannot be protected under the Federal Copyright Law, as such protection corresponds only to individuals; and (ii) no, authorial moral rights cannot be recognised in favour of generative AI, as they correspond to authors who must be individuals as per Mexican law.

Furthermore, it is important to note that, as per the New Privacy Law, new federal courts specialised in privacy will be created in Mexico, so the authors foresee more activity related to the intersection between AI and data privacy.

The regulatory agencies playing a leading role in AI include:

• the Agency, which is in charge of – among other matters – (i) crafting and carrying out the policies of the federal government pertaining to technology matters, (ii) issuing policies on data and information analysis by the different entities of the Mexican federal government, and (iii) co-ordinating the acquisition of technology services by the federal government;
• the Department of Science, which is responsible for (i) guaranteeing the rights of all persons to enjoy the benefits of scientific developments and technology innovations, (ii) issuing and overseeing national policy on science, technology and innovation, (iii) co-ordinating the leadership of the Mexican Government on Science, Technology, and Innovation, and (iv) collaborating with higher-education institutions, as well as with the private sector, to foster the adoption of technology and innovation;
• the Anti-Corruption Department, which is in charge of (i) data privacy policymaking and enforcement and (ii) the co-ordination and enforcement of regulation related to public procurement;
• a new competition entity, the National Agency for Competition and Economic Welfare (Agencia Nacional para la Competencia y el Bienestar Económico), which is in the process of being created;
• the Mexican Institute of Copyright, which is the authority in charge of the protection of artistic works, as well as of computer software and code;
• the Office of the Attorney General of the Republic (Fiscalía General de la República), which is the autonomous body responsible for the prosecution of federal crimes and for representing the legal interests of the Federation;
• the Mexican Banking and Securities Commission (Comisión Nacional Bancaria y de Valores), which is in charge of authorising the contracting of technology services by certain financial institutions like banks, broker dealers, e-money issuers, crowdfunding platforms, etc;
• the Mexican Insurance and Bonds Commission (Comisión Nacional de Seguros y Fianzas), which is in charge of overseeing the insurance sector with respect to prudential and regulatory matters;
• the Ministry of Health, which is in charge of co-ordinating national policies on public health, as well as planning and co-ordinating the National Health System; and
• the Federal Commission for the Protection against Sanitary Risks (Comisión Federal para la Protección contra Riesgos Sanitarios), which is in charge of authorising and registering medical drugs to be used in Mexico.

As described in the foregoing, the most AI-specific directives to date are the INAI Recommendations.

The authors have not identified any notable enforcement or other regulatory actions.

Aside from standards such as International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 42001: Artificial Intelligence Management System, no standard or norm has been issued on AI under the Mexican Quality Infrastructure Act (Ley de Infraestructura de la Calidad); this is the applicable law in Mexico regulating standardisation activities in the country, which are conducted by the Mexican Ministry of Economy and other sectorial authorities depending on the matter to be regulated.

ISO standards (such as ISO/IEC 42001) are generally complied with by both the private and public sector. At this time, it is still too early to predict whether conflicts with jurisdictional law will arise because it is necessary for Mexican authorities (both at the federal and state levels) to enact legislation like the country’s AI strategy, as well as further regulations and technical standards/norms via the Mexican Quality Infrastructure Act.

Some examples of governmental uses of AI in Mexico include the detection of illicit operations by the Mexican Revenue Service (Servicio de Administración Tributaria, or SAT), including by detecting simulated operations, as well as grouping taxpayers by risk levels with respect to tax evasion – as overseen by the SAT – and enforcement of anti-money laundering provisions and obligations for designated non-financial businesses and professions, among others.

The lack of transparency regarding how AI models are trained to identify “high-risk” taxpayers could be an issue. This is relevant because, according to Article 41, Section II, of the Mexican Data Privacy Law in relation to Governmental Entities (Ley General de Protección de Datos Personales en Posesión de Sujetos Obligados), data subjects can oppose the automated processing of personal data whenever it involves an assessment, without human intervention, of aspects like professional performance, economic status, health status, sexual preferences, reliability or behaviour.

However, should taxpayers/data subjects legitimately oppose the processing of their personal data by the AI models of the SAT in cases involving an assessment, without human intervention, of the taxpayers’ economic status, reliability or behaviour, Mexican federal tax authorities could deem this as suspicious and make such data subjects targets of strengthened enforcement measures (eg, more frequent reviews and audits).

A further example of governmental use of AI is to look for [un]registered trade marks on the internet system of the Mexican Trademarks and Patents Institute (Instituto Mexicano de la Propiedad Industrial).

Beyond dealing with the government’s use of AI, the following details a notable decision on the government’s conceptualisation of AI:

• court – the Mexican Supreme Court of Justice (Suprema Corte de Justicia de la Nación);
• docket – 66/2024 (unconstitutional action; acción de inconstitucionalidad);
• issue – does the concept of AI need to be technically defined such that the use of deepfakes can be considered criminal conduct?; and
• holding – no, because, among other considerations, there is no single definition of AI.

This decision is also relevant because it gives room for state authorities to regulate (at least some) aspects of AI, and there are several bills in the Federal Congress aimed at amending the Constitution and clarifying that the legislation on AI matters is a power reserved for federal lawmakers.

Although the use of AI in national security matters in Mexico is not totally clear, and has not been disclosed to the public given its sensitive nature, national security considerations play an important role in government legislation, regulation and policies; thus, the cessation of use of AI by governmental authorities is an option whenever necessary to safeguard the security of the country.

Issues raised in relation to generative AI in Mexico are common to the rest of the world, including:

• the existence of bias – to date, this has been tackled in Mexico via the existing legal framework on anti-discrimination derived from the Constitution (and reflected in secondary laws);
• data privacy – tackled by the very recently enacted legal framework on data protection, which includes provisions related to AI (passim);
• IP matters – also dealt with through the current legal regime (passim); and
• ethical concerns – these have been dealt with through continuous dialogue between the authorities, on the one hand, and the private sector, on the other, where, for example, the Mexican Consumer Protection Authority and the Mexican Academy on Cybersecurity and Digital Law have been working on the development of best practices for ethics committees dealing with AI.

Nonetheless, it will be important for authorities to devise clear and specific regulatory frameworks for generative AI.

The New Privacy Law provides that the processing of personal data can be automated (Article 2, Section XIX). However, the New Privacy Law specifically states that data subjects can oppose automated personal data processing whenever it involves an assessment, without human intervention, of certain aspects like professional performance, economic status, health status, sexual preferences, reliability or behaviour (Article 26, Section II).

Data subjects, under Mexican law, have the right to:

• access personal data processed by the applicable data controller;
• rectify inaccuracies in their personal data;
• “cancel” their personal data, which would entail the elimination of such information from the records, files and systems of the controller; and
• oppose certain forms of personal data processing.

It is important to note that, under the New Privacy Law, both individuals and legal entities can be data subjects, and not just individuals – as is the case in certain jurisdictions and as was the case under the previous personal data legal regime in Mexico.

The use of AI in legal services is not widespread in Mexico, particularly because the laws regulating professional services are designed for individuals (please refer to 14.6 Professional Services).

The theory of liability for personal injury or commercial harm derives, fundamentally, from Article 1910 of the Federal Civil Code, as well as the equivalent articles in the codes of all the states of Mexico, providing that any person who acts unlawfully – or against good social practices – and causes damage shall repair it.

Furthermore, Article 1913 of the Mexican Federal Civil Code provides that anyone who causes damage via devices, instruments or substances that are dangerous per se, by virtue of speed, flammability, electricity, etc, shall pay for the damage they cause even if they did not act unlawfully.

Insurance can facilitate payment for damages, where applicable, under the two forms of liability described hereinabove.

At present, there is no specific allocation of liability among supply chain participants in the provision of AI services, although the deployers (according to the definitions of, for example, the European regulation) are in the best position to fulfil regulatory requirements because they have direct contract with customers – whereas developers may be located in other jurisdictions in which enforcement could be highly challenging.

The current law in Mexico does not allow determination of whether liability arising from acts or omissions related to AI technology acting autonomously is attributable to the business selling or providing AI products or services, although it seems this may be the case; for example, Article 2, Section II of the Mexican Consumer Protection Law (the “Consumer Law”) states that any individual or legal entity who, regularly or periodically, offers, distributes, sells, leases or grants the use or enjoyment of goods and services is a provider thereof. Nonetheless, the Consumer Law is only applicable to:

• end users (either individuals or legal entities); and
• persons who integrate certain goods and services into their value chains (in the case of legal entities, this pertains only to certain small enterprises, in accordance with several tests under Mexican law).

The bills detailed in 3.7 Proposed AI-Specific Legislation and Regulations do not address the imposition and allocation of liability.

According to the Organisation for Economic Cooperation and Development, algorithmic bias in AI can be characterised as “systematically better or lower AI algorithmic performance leading to some harm against one person or sub-population group”.

Most of the initiatives aiming to regulate AI that have been introduced in the Mexican Congress seek to reduce such bias. Furthermore, it is important to note that the Mexican Constitution has different provisions against discrimination (eg, the final paragraph of Article 1).

Consumer areas in which bias can create significant risk are those that could be associated with an individual’s access to opportunities, well-being or physical integrity.

Potential liability for companies due to unmanaged algorithmic bias that causes discrimination can be categorised as follows.

Civil Liability

Civil liability pertains to damages caused due to discriminatory acts, which are illegal, in connection with the theory of liability provided in Article 1910 of the Mexican Federal Civil Code and the equivalent articles of the civil codes of each state.

Furthermore, Article 1913 of the Mexican Federal Civil Code provides that anyone who causes damage via devices, instruments or substances that are dangerous per se by virtue of speed, flammability, electricity, etc, shall pay for the damage even if they did not act unlawfully.

Administrative Liability

Administrative liability arises by virtue of the Federal Law to Prevent and Eliminate Discrimination and can involve monetary compensation, as well as the public naming of a company as a place where discrimination has taken place – which may significantly affect the reputation of said legal entity.

Criminal Liability

Criminal liability is in accordance with the Federal Criminal Code, as well as the criminal codes of each state. In case of the Federal Criminal Code, sanctions range from one to three years in prison, 150 to 300 days of community service or a fine of up to 200 days of income of the defendant. It is important to note that legal entities – as well as individuals – can be criminally liable according to Article 421 of the National Code of Criminal Procedure.

Biometric information constitutes sensitive personal data requiring the express and written consent of the data subject for processing. Such data includes information on present and future health, genetics and the “most intimate sphere” of the data subject, which could lead to grave risks should it be disclosed (Article 2, Section VI and Article 8 of the Privacy Law).

According to Article 58, Section XIII and Article 59, Section III of the Privacy Law, a person who gathers or transfers personal data without the express consent of the data subject when such consent is required (as is the case with sensitive personal data) can be fined up to USD1.8 million.

An example of industry-specific risks to companies arising from the use of facial recognition/biometrics concerns banks. These financial entities are allowed to use biometrics for authentication purposes, in line with Article 1, Section LXVI (d) of the General Rules Applicable to Banking. However, such use calls for strong cybersecurity measures (also included in said regulations).

Currently, there are no specific regulations on the technology used in automated decision-making, and the bills described in 3.7 Proposed AI-Specific Legislation and Regulations do not cover this matter. The risk to companies posed by undisclosed automated decision-making technology relates to the possible discriminatory implications thereof, described passim in this document.

Furthermore, it is important to note that the processing of sensitive personal information requires the express consent, in writing, of the applicable data subject, such that automated decision-making technologies must comply with this rule or be in breach of the Mexican law on privacy.

There are no specific regulatory schemes in Mexico related to the use of chatbots to substitute for services rendered by natural persons.

The authors consider the limitation of liability – both for practical and regulatory purposes – of the parties executing the agreements to be important to the procurement of AI technology. As seen in other legal frameworks (such as that of the European Union), there are several relevant stakeholders that could be considered as “AI suppliers” (eg, developers and deployers). However, they conduct different activities, and both developers and deployers try to “get off the hook” with respect to regulation and particular contracting obligations. This poses further challenges, where developers are usually entities in specific jurisdictions (eg, the United States, China) such that enforcing provisions arising from contracts executed under the laws of other countries could be very challenging.

This situation calls for very clear agreements by and between developers and deployers, on the one hand, and developers/deployers and customers on the other hand. For such agreements, the contractual obligations of all parties have to be well specified, including in terms of insurance, corporate solvency, law and venue, dispute resolution, service level agreements (SLAs), regulatory compliance/obligations, etc.

Customers can also benefit from due diligence processes when selecting developers/deployers, even though this is not a necessary market practice in the technology sector in preparation for commercial contracting.

Regarding the technology used in the automated phases of employee hiring and termination of employment, it is important to bear in mind the possibility of discrimination. For further information in this regard, please refer to 11.1 Algorithmic Bias.

Mexican employment law must be complied with, regardless of the technology used to guide certain decisions such as the hiring and firing of employees, etc. Under Article 439 the Mexican Federal Labor Law (Ley Federal del Trabajo), employers have certain obligations when reducing their staff as a result of the introduction of machines or new labour procedures, including:

• signing termination agreements by and between employers and employees;
• not obliging employees to resign; and
• providing any impacted employee with (i) an indemnification of four months of the employee’s salary; (ii) payment for 20 days per year that the employee has worked or the amount provided in the employment agreements, whichever is larger; and (iii) a seniority bonus (prima de antigüedad) of 12 days’ salary for each year worked, but only if the employee has worked for 15 years or more.

It is important to be mindful of possible discriminatory practices (please refer to 11.1 Algorithmic Bias) and to act in general compliance with the Mexican Federal Labor Law. Automated employee performance evaluation, as well as monitoring employees’ work, could impact the indemnification of terminated employees under Article 439 of the Mexican Federal Labor Law. Please refer to 13.1 Hiring and Termination Practices.

.

Generally speaking, there are no clear regulations on the use of AI in digital platform companies such as car services and food delivery. For example, in Mexico City, the Regulations of the Mobility Act (Reglamento de la Ley de Movilidad de la Ciudad de México), which cover the digital platforms of car services, do not make reference to AI or similar concepts like automation, machine learning, etc.

Financial entities (banks, broker-dealers, e-money issuers, crowdfunding entities, etc) are required to give notice to their supervisory authority (the Mexican Banking and Securities Commission in the case of the aforementioned entities) to contract technology services with third parties (eg, Chapter XI, Section 3 of the General Rules applicable to Banks, or Disposiciones de Carácter General aplicables a las Instituciones de Crédito). Although insurance companies are not required to give such notice to their supervisory authority, they must fulfil the requirements established in applicable law (ie, Article 268 of the Insurance and Bond Institutions Law).

Furthermore, third parties contracting technology services with financial institutions in Mexico are generally obliged to specify, in the applicable agreements, that they will submit the relevant information required by the applicable financial entity, or by the respective supervisory authority, for the purposes of oversight.

Aside from the cybersecurity risks associated with the use of AI, the use of this technology for the provision of financial services can result in practices that could ultimately be considered discriminatory (eg, the risk borne by clients in relation to the provision of certain products like credit and insurance).

There are no specific regulations governing the use of AI in healthcare in Mexico. In the case of robotic surgery, however, according to Article 262 of the Mexican General Health Law (Ley General de Salud), the category of “medical devices” (dispositivos medicos) encompasses devices with medical and surgical applications, which could include robotic surgery devices. Such devices must be registered with the Federal Commission for the Protection against Sanitary Risks.

Furthermore, it is important to note that the data used to train AI models in connection with health applications is, most likely, sensitive personal data, for which the express written consent of the data subject is required for processing. Such data includes information on current and future health, as well as genetics (Article 2, Section VI and Article 8 of the Privacy Law).

Concerning the key roles AI plays in digital healthcare, there is increased interest in the use of chatbots in telemedicine.

It is important to mention that the applications of AI in healthcare attract particular attention in Mexico. For example, one of the first bills introduced to the Federal Congress in 2020 proposed the establishment of an AI system to diagnose diseases. This bill is still being analysed in the federal legislative branch. Furthermore, the Mexican Department of Health has been following the development of AI closely.

There are no specific regulations in Mexico governing the use of AI in autonomous vehicles.

Issues related to data privacy and security may arise in connection with an individual receiving specialised medical treatment for a given disease, or going to a religious temple to engage in spiritual practice, which could lead to discrimination.

An attempt in Mexico to achieve international harmonisation and thus promote global collaboration and consistency in regulations and standards is evidenced by the joint report issued by the Mexican Ministry of Foreign Affairs and the University of California, which indicates the importance of autonomous vehicles in private investments (see page 37).

Although there are specific product safety and liability regulations in Mexico (eg, the Federal Law on Consumer Protection), there are no particular rules addressing AI systems integrated into manufacturing processes that affect the quality, safety and performance of products, as well as the workforce. For specific considerations on data privacy, please refer to the foregoing sections of this chapter.

There are no specific regulations governing the use of AI in professional services. However, it is important to note that Regulatory Law of Article 5 of the Constitution, relating to the exercise of professions in Mexico City (Ley Reglamentaria del Artículo 5o Constitucional, relativo al ejercicio de las profesiones en la Ciudad de México), uses the term “professional” to refer to individuals (eg, Article 1 indicates that a professional diploma is granted to any “person” who has completed the relevant studies). Furthermore, the first paragraph of Article 40 states that although professionals can be grouped into organisations, their liability will always be individual.

Assets in the AI process can be protected as “trade secrets”, regulated in Article 163, Section I, of the Mexican Law for the Protection of Industrial Property (Ley Federal de Protección a la Propiedad Industrial, or the “Trademark and Patent Law”). Under this law, a trade secret is information that is confidential in character and can be applied to obtain or maintain a competitive or economic advantage, and for which measures restricting access have been put in place.

The AI tool provider’s terms and conditions can influence asset protection by specifically indicating that AI models, training data and input and output constitute trade secrets, establishing confidentiality clauses to this effect. Unduly obtaining a trade secret (Article 386, Section XIV of the Trademark and Patent Law), as well as selling or offering trade secrets or knowing or having reason to know that a trade secret has been used without the consent of its holder, may constitute disloyal competition.

Please refer to 4.1 Judicial Decisions.

The authors are not aware of judicial or agency decisions relating to whether AI technology can be an inventor or co-inventor for patent purposes. However, Article 39 (first paragraph) of the Trademark and Patent Law states that an inventor is presumed to be one or more individuals, so Mexican courts are expected to follow the precedent detailed in 4.1 Judicial Decisions.

Please refer to 15.1 IP and Generative AI.

Please refer to 4.1 Judicial Decisions.

An important IP issue related to creating works and products using OpenAI is that some authors/creators have disclosed the use of copyrighted works as training data without proper authorisation from the authors/creators. The Mexican Senate recently organised a colloquium on the matter in order to generate ideas to protect copyrighted content from being unduly used in/by OpenAI.

Currently, there are discussions on the enactment of a new competition law regime in Mexico. The authors understand that a bill introduced by Representative Alfonso Ramírez Cuéllar from the ruling party MORENA includes the following:

• increased sanctions in connection with antitrust matters;
• the unification of antitrust powers (where the powers related to telecommunications and all other sectors of the economy used to be separate);
• shorter periods of time to conduct the proceedings of the novel antitrust authority; and
• lower thresholds for merger control notices.

The development of antitrust law and practice worldwide, and particularly in Mexico, will be of utmost importance considering the possibility of, for example, algorithmic collusion among large language models, which could breach competition regulations.

On 20 September 2023, a bill was introduced in the Federal Congress to amend Article 73 of the Mexican Constitution, stating that the Federal Congress can enact laws on both AI and cybersecurity. However, this bill justifies the proposed amendments to the aforementioned Article in relation to AI, on the one hand, and cybersecurity, on the other hand, in a dissociable fashion, and without making reference to AI or large language models that lower the barriers to entry and increase the scope and speed of malicious actions.

According to recent amendments to the General Regulations applicable to Capital Markets Issuers (Disposiciones de Carácter General aplicables a las Emisoras de Valores y a otros participantes del Mercado de Valores), published in the Mexican Federal Official Gazette on 28 January 2025, issuers are obliged to produce a sustainability report in accordance with the Sustainability Disclosure Standards of the International Financial Reporting Standards. However, the Standards do not contemplate the fulfilment of sustainability obligations through AI. Furthermore, the IFRS Climate-related Disclosures do not make reference to the specific impact of AI on ESG, although this has been recognised, for example, by the UN Environment Programme.

Key issues that should be addressed for implementing specific AI governance and best practices include:

• training the members of companies that interact with AI technologies in order to help them identify possible biases and inaccurate outputs – such training would be more efficient if provided at different levels of companies using AI;
• homogenisation of the conformation and functioning of ethics committees, as has occurred with other similar corporate structures in the past;
• identification of key obligations that developers and/or deployers must meet with regard to AI interfaces already in use or to be used in the future; and
• determination of decisions that cannot be made by AI without human intervention (eg, pertaining to employment issues).