What ASEAN Gets Wrong About AI Governance
Across Southeast Asia, governments are publishing AI frameworks at a pace that suggests urgency. Most of them share the same blind spot.
Southeast Asian governments are publishing AI governance frameworks faster than most people realize. Singapore has its Model AI Governance Framework. Vietnam has a national AI strategy. Thailand has published AI ethics guidelines. The Philippines has an AI roadmap. On paper, the region looks ready.
The reality is more complicated.
Most of these frameworks are written for the wrong reader. They speak the language of regulators and technologists in a region where the vast majority of people affected by AI decisions have never heard the term "explainability" and do not work in offices where these policies get discussed. A framework that cannot be explained to a farmer in Mindanao or a gig worker in Jakarta is a framework that exists only for the people who already have power.
There is a second problem. ASEAN frameworks tend to be non-binding. They publish principles. They encourage voluntary compliance. They hold consultations with industry. What they rarely do is mandate anything, and what they almost never do is give ordinary people a way to challenge an AI decision that affected them. Accountability mechanisms are the weakest part of every framework I have read.
This matters more than the frameworks' authors seem to realize. AI is already being used in the region for credit scoring and hiring decisions, and it increasingly shapes what people see online. The people most affected by these systems are the people least able to navigate a formal complaints process, even if one existed.
The frameworks also tend to copy each other. Many of them are modeled on the EU AI Act or the OECD AI Principles, which were written with European and North American policy contexts in mind. The ASEAN context is different. Data infrastructure is uneven. Digital literacy varies enormously across income levels. The kinds of AI harms that matter most here are not always the same ones that drove European legislation.
What would a genuinely regional approach look like? It would start from the ground up, from the communities that have the least and stand to lose the most. Accountability would be built into the framework rather than left as an afterthought, and civil society organizations that already work in these communities would sit at the table alongside the tech companies and government ministries that tend to dominate consultation processes.
None of this is impossible. It is just harder than publishing a document.
The ASEAN-IPR Cybersecurity Youth Essay Competition, where I presented research on youth and digital defense, brought this into focus for me. The young people in that room were sharp and motivated. But when the conversation turned to policy, the discussion defaulted to frameworks written by and for institutions. The voices that most needed to be in the room were not there.
That gap is not an accident. It is the result of governance structures that treat participation as a procedural requirement rather than a genuine input. Fixing it requires more than better writing. It requires a different idea of who governance is for.