Kazakhstan introduces formal approval process for high-risk AI systems under new regulation

More on this

1. https://qazinform.com/news/kazakhstan-introduces-mandatory-audits-for-high-risk-ai-22ab13 - Please view link - unable to able to access data
2. https://qazinform.com/news/kazakhstan-introduces-mandatory-audits-for-high-risk-ai-22ab13 - Kazakhstan has approved rules for compiling lists of trusted high-risk artificial intelligence systems. Sectoral government agencies will compile these lists to enhance trust and promote best practices in the use of artificial intelligence within their respective fields, with the lists to be published on an ongoing basis on official government websites. The lists will be compiled based on applications submitted by owners of high-risk AI systems. To be included, applicants must provide a formal request, documents confirming intellectual property rights (such as a registration certificate or author’s agreement), along with a positive audit conclusion. The relevant government authority will review the submitted documents within 10 working days, assessing the completeness of information about the system — including its purpose, functionality, and conditions of use — as well as the availability of the required legal documents and audit report. If the system meets all requirements, it will be added to the list, with its details published on the official website of the relevant government body within five working days, available for viewing and download. If any inconsistencies are identified, the applicant will be notified. Once these are addressed, the documents may be resubmitted, with the review period for resubmission set at up to five working days. Updated versions of the lists will be published on government websites as they are revised. Earlier, Qazinform reported that top Kazakhstani executives will undergo AI training with professors from Stanford and OpenAI Academy.
3. https://www.loc.gov/item/global-legal-monitor/2026-01-12/kazakhstan-new-law-introduces-rules-for-ai-systems-operating-in-the-country/ - On November 17, 2025, President Kassym-Jomart Tokayev of Kazakhstan signed a law establishing a legal framework for the development, implementation, and use of artificial intelligence systems in the country. The law states that its goal is to ensure transparency, safety, accountability, and data privacy. It enters into force on January 18, 2026. The new legislation regulates the use of AI in a wide range of activities, such as consumer protection, personal data protection, and media labeling. It establishes rules for the functioning of both traditional AI, which analyzes information and makes decisions based on existing data but does not create new content, and generative AI systems, which create new content, including text, images, video, voices, and music. The newly adopted law further establishes a risk-based classification of AI systems and corresponding risk-management requirements, and it defines the rights and obligations of system operators and others.
4. https://www.ismet.kz/en/news/ismet/v-kazahstane-vvodjat-objazatelnuju-markirovku-kontenta-sozdannogo-s-pomoshhju-ii - Starting in January 2026, Kazakhstan will enforce the law 'On Artificial Intelligence', signed by the President last year. One of the key provisions of the document is the mandatory labeling of content created or modified using artificial intelligence systems. The law defines the rights and obligations of owners and operators of AI systems and introduces requirements for informing users about so-called synthetic outputs. Synthetic outputs include images, videos, audio, texts, or their combinations that are created or modified using artificial intelligence and imitate the appearance, voice, behavior of people, or events that did not actually occur in reality. The publication and distribution of such content is permitted only if it is clearly and visibly labeled. The absence of labeling will be treated as a violation. The main requirement is that it must be clear and understandable to users. Labeling may take the form of: a visual mark such as 'Created with AI' on an image or video; a text notice placed at the beginning of or before the material; an audio message played when media content is reproduced; any other format that clearly indicates the content was created using AI. Special attention will be paid to deepfakes and materials involving images or voices of real people. Administrative liability is introduced for the absence of AI labeling: for individuals — 15 MCI; for small businesses and non-profit organizations — 20 MCI; for medium-sized businesses — 30 MCI; for large businesses — 100 MCI. In the case of a repeated violation within one year, fines increase, and in certain cases the operation of an AI system may be suspended or fully prohibited. The law will come into force 60 calendar days after its official publication, on January 16, 2026. The requirement for AI content labeling is introduced as part of Kazakhstan’s broader policy on digitalization and regulation of artificial intelligence.
5. https://regulations.ai/regulations/RAI-KZ-NA-RKAIXXX-2025 - The Law of the Republic of Kazakhstan 'On Artificial Intelligence' (№ 230-VIII) establishes a comprehensive legal and institutional framework for the development, deployment and oversight of AI systems in Kazakhstan. It sets principles (lawfulness, fairness, transparency, responsibility, human well‑being), mandates risk classification and management, requires marking of synthetic outputs, creates rules for data libraries and a national AI platform, and prohibits certain manipulative and unlawful AI functionalities. The law was adopted on 17 November 2025 and enters into force 60 days after first official publication.
6. https://www.ey.com/en_kz/technical/tax-alerts/2025/12/law-on-artificial-intelligence-kazakhstan - On 17 November 2025, the President signed Law No. 230-VIII of the Republic of Kazakhstan 'On Artificial Intelligence' (the 'Law'). The Law creates a legal framework for the development, use and regulation of artificial intelligence (AI) systems in Kazakhstan, establishing principles of security, transparency and accountability. The Law will come into force on 18 January 2026. The law introduces a classification of AI systems based on their degree of impact on the safety and rights of citizens. The classification of a system into a specific category is carried out by the owner or proprietor. 1. Minimum risk degree 2. Medium risk degree 3. High risk degree The disruption has minimal impact on users Failures may result in material damage or moral harm, reduced efficiency of operations Disruption of operations may lead to emergencies, threats to defense, security or the lives of citizens Nota bene (important): For high-risk systems applying for inclusion in the list of 'trusted' systems, a requirement is introduced to conduct an audit by special private auditors in accordance with the rules for auditing information systems approved by Order of the Minister of Information and Communications of the Republic of Kazakhstan No. 263 dated 13 June 2018.
7. https://www.pwc.com/kz/en/pwc-news/ta-reports/tax-legal-alert-fy19/278-december-2025.html - On 17 November 2025, the President of Kazakhstan signed the Law 'On Artificial Intelligence' (the 'Law'), which enters into force on 18 January 2026. The Law establishes the legal framework for the development, deployment, and use of artificial intelligence ('AI') systems in the country, defining key concepts, principles, requirements for safety, transparency, and accountability, as well as mechanisms for state support and international cooperation. The Law sets out, among other things, the following requirements: Use of AI systems is permitted subject to compliance with data protection and confidentiality requirements, excluding unlawful collection, storage, and dissemination of personal data. To prevent potential threats, owners and holders of AI systems must implement AI system risk management, taking measures to eliminate such threats. Owners and holders of AI systems are obligated to maintain documentation for the AI system depending on the degree of its impact on the safety, rights, freedoms, and legitimate interests of individuals, and on public order, in accordance with the list of documentation for AI systems. It is prohibited to create and operate AI systems that may result in: (1) the use of subliminal, manipulative, or other methods; (2) the exploitation of an individual’s moral and/or physical vulnerability; (3) the evaluation and classification of individuals or groups over a certain period based on their social behavior or other personal characteristics; (4) the collection and processing of personal data in violation of the laws of the Republic of Kazakhstan; (5) the determination of an individual’s emotions without their consent; (6) the creation and dissemination of outputs of AI systems that are prohibited by the laws of the Republic of Kazakhstan. Users must be informed that goods, works, and services are produced or provided using AI systems. Works created using AI are protected by copyright only if there is a human creative contribution to their creation.