	AI Legislative Guide
	Brazil
	(Latin America) Firm Demarest Advogados Contributors Tatiana Campello Updated 19 May 2026
Has specific legislation, final regulations or other formal regulatory guidance addressing the use of AI in your jurisdiction been implemented (vs reliance on existing legislation around IP, cyber, data privacy, etc.)?	Yes. Although Brazil does not yet have a comprehensive AI law in force, certain AI-related matters are already addressed under existing legislation. At the legislative level, Bill No. 2338/2023, currently under discussion before Congress, proposes a comprehensive risk-based regulatory framework for AI systems in Brazil, but it has not yet been enacted.
Please provide a short summary of the legislation/regulations/guidance and explain how legislators aim to strike the balance between innovation and regulation.	Brazil currently adopts a hybrid regulatory approach to artificial intelligence, combining sector-specific regulation, existing legal frameworks, strategic policy instruments, and a proposed horizontal AI statute. At the strategic level, the Brazilian Artificial Intelligence Strategy (“EBIA”), established by MCTI Ordinance No. 4.617/2021 and amended by MCTI Ordinance No. 4.979/2021, promotes the ethical and responsible development of AI technologies while encouraging innovation and economic competitiveness. In particular, Article 20 of the Brazilian General Data Protection Law (“LGPD”) establishes rights related to decisions taken solely on the basis of automated processing of personal data, including the right to request review of automated decisions affecting an individual’s interests. More recently, the ECA Digital framework and Decree No. 12.880/2026 introduced binding obligations for platforms and digital services accessible to minors. The framework imposes enhanced governance obligations over algorithmic systems and automated decision-making mechanisms that may affect children and adolescents, including obligations relating to content recommendation systems, behavioral profiling, age verification, transparency and proactive risk mitigation measures. In parallel, Brazil continues to rely on other pre-existing legal frameworks (particularly consumer protection laws, intellectual property rules and sectoral regulation) to address specific AI-related risks, ensuring a broad and flexible regulatory perimeter.
Which agency regulates the use of AI in your jurisdiction?	Currently, Brazil does not have a single dedicated AI regulator. In the context of the digital protection of children and adolescents, the Brazilian Data Protection Agency (“ANPD”) plays a central role, particularly in relation to the regulatory and supervisory aspects of the Digital Child and Adolescent Statute ("ECA Digital"), with support from bodies participating in an intersectoral committee. Additionally, Bill No. 2338/2023 proposes that the Executive Branch designate a competent authority responsible for supervising and enforcing future AI regulation, although such authority has not yet been formally defined.

AI Legislative Guide

Back XLS

Has specific legislation, final regulations or other formal regulatory guidance addressing the use of AI in your jurisdiction been implemented (vs reliance on existing legislation around IP, cyber, data privacy, etc.)?

Yes. Although Brazil does not yet have a comprehensive AI law in force, certain AI-related matters are already addressed under existing legislation.

At the legislative level, Bill No. 2338/2023, currently under discussion before Congress, proposes a comprehensive risk-based regulatory framework for AI systems in Brazil, but it has not yet been enacted.

Please provide a short summary of the legislation/regulations/guidance and explain how legislators aim to strike the balance between innovation and regulation.

Brazil currently adopts a hybrid regulatory approach to artificial intelligence, combining sector-specific regulation, existing legal frameworks, strategic policy instruments, and a proposed horizontal AI statute.

At the strategic level, the Brazilian Artificial Intelligence Strategy (“EBIA”), established by MCTI Ordinance No. 4.617/2021 and amended by MCTI Ordinance No. 4.979/2021, promotes the ethical and responsible development of AI technologies while encouraging innovation and economic competitiveness.

In particular, Article 20 of the Brazilian General Data Protection Law (“LGPD”) establishes rights related to decisions taken solely on the basis of automated processing of personal data, including the right to request review of automated decisions affecting an individual’s interests.

More recently, the ECA Digital framework and Decree No. 12.880/2026 introduced binding obligations for platforms and digital services accessible to minors. The framework imposes enhanced governance obligations over algorithmic systems and automated decision-making mechanisms that may affect children and adolescents, including obligations relating to content recommendation systems, behavioral profiling, age verification, transparency and proactive risk mitigation measures.

In parallel, Brazil continues to rely on other pre-existing legal frameworks (particularly consumer protection laws, intellectual property rules and sectoral regulation) to address specific AI-related risks, ensuring a broad and flexible regulatory perimeter.

Which agency regulates the use of AI in your jurisdiction?

Currently, Brazil does not have a single dedicated AI regulator.

In the context of the digital protection of children and adolescents, the Brazilian Data Protection Agency (“ANPD”) plays a central role, particularly in relation to the regulatory and supervisory aspects of the Digital Child and Adolescent Statute ("ECA Digital"), with support from bodies participating in an intersectoral committee.

Additionally, Bill No. 2338/2023 proposes that the Executive Branch designate a competent authority responsible for supervising and enforcing future AI regulation, although such authority has not yet been formally defined.