Ecuador has introduced new guidelines governing the use of personal data in artificial intelligence systems through Resolution Nº SPDP-SPD-2026-0009-R, issued by the Superintendent of Personal Data Protection. The regulation establishes a framework to ensure that AI development and deployment comply with existing data protection laws rather than creating a separate AI-specific legal regime. The rules require organizations using AI systems to conduct data protection impact assessments, implement appropriate security measures based on data sensitivity, and clearly document when personal data is processed through AI. Companies must also disclose whether automated decision-making systems are being used and whether such decisions may affect individuals’ rights or legal outcomes. In addition, organizations are required to guarantee user rights under Ecuador’s Organic Law on Personal Data Protection, including protections against fully automated decision-making without human oversight. Transparency obligations are also strengthened, requiring individuals to be informed when AI is involved in processing their data. The Superintendency of Personal Data Protection is granted authority to audit AI systems and enforce corrective measures when violations occur, reinforcing Ecuador’s risk-based and accountability-driven approach to AI governance.
Read more here
