{"id":129966,"date":"2026-03-10T13:13:39","date_gmt":"2026-03-10T13:13:39","guid":{"rendered":"https:\/\/my.legal500.com\/guides\/?post_type=comparative_guide&#038;p=129966"},"modified":"2026-03-10T13:43:05","modified_gmt":"2026-03-10T13:43:05","slug":"taiwan-fintech","status":"publish","type":"comparative_guide","link":"https:\/\/my.legal500.com\/guides\/chapter\/taiwan-fintech\/","title":{"rendered":"Taiwan: Fintech"},"content":{"rendered":"","protected":false},"template":"","class_list":["post-129966","comparative_guide","type-comparative_guide","status-publish","hentry","guides-fintech","jurisdictions-taiwan"],"acf":[],"appp":{"post_list":{"below_title":"<div class=\"guide-author-details\"><span class=\"guide-author\">Xiri Attorneys<\/span><span class=\"guide-author-logo\"><img src=\"https:\/\/my.legal500.com\/guides\/wp-content\/uploads\/sites\/1\/2024\/02\/xirilaw-logo.jpeg\"\/><\/span><\/div>"},"post_detail":{"above_title":"<div class=\"guide-author-details\"><span class=\"guide-author\">Xiri Attorneys<\/span><span class=\"guide-author-logo\"><img src=\"https:\/\/my.legal500.com\/guides\/wp-content\/uploads\/sites\/1\/2024\/02\/xirilaw-logo.jpeg\"\/><\/span><\/div>","below_title":"<span class=\"guide-intro\">This country specific Q&amp;A provides an overview of Fintech laws and regulations applicable in Taiwan<\/span><div class=\"guide-content\"><div class=\"filter\">\r\n\r\n\t\t\t\t<input type=\"text\" placeholder=\"Search questions and answers...\" class=\"filter-container__search-field\">\r\n\t\t\t<\/div>\r\n\r\n\t\t\t\r\n\r\n\r\n\t\t\t<ol class=\"custom-counter\">\r\n\r\n\t\t\t\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Who are the primary regulators overseeing fintechs in your jurisdiction, and how are regulatory boundaries evolving as innovation crosses traditional lines between payments, lending, wealth, and digital assets?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In Taiwan, the primary regulator overseeing fintech businesses is the Financial Supervisory Commission (the \u201cFSC\u201d). The FSC is responsible for the supervision, regulation, inspection and development of the financial markets and financial institutions, covering banking, securities, futures, insurance and emerging financial technologies. In parallel, the FSC actively promotes fintech innovation through policy initiatives and operates Taiwan\u2019s regulatory sandbox under the Financial Technology Development and Innovative Experimentation Act.<\/p>\n<p>The Central Bank of the Republic of China (Taiwan) also plays a complementary regulatory role, particularly in the areas of payment systems and monetary policy. Its current focus includes research and development on Central Bank Digital Currency (CBDC) and a prototype platform for CBDC.<\/p>\n<p>Regulatory boundaries are shifting as digital asset services diversify and financial institutions increasingly integrate fintech solutions or leverage third-party partnerships to deliver financial services. According to the FSC\u2019s 2026 Annual Policy Plan (draft), financial security and innovative development are designated as two core pillars, with one of the six major policy directions focusing on promoting fintech innovation and services. Of the eight policy measures under this policy direction, six are aimed at encouraging incumbent financial institutions to accelerate digital transformation and innovation.<\/p>\n<p>The remaining two measures focus on regulatory adaptation, including the review and amendment of Taiwan\u2019s key fintech legislation, the Financial Technology Development and Innovative Experimentation Act, and continued use of the \u201cFinancial Innovation Regulatory Adjustment Platform\u201d to facilitate dialogue between regulators and market participants.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">As regulators adopt different rules for digital assets, AI, and consumer protection, what key regulatory and operational challenges could slow fintech innovation and growth in your jurisdiction over the next 12 months?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Beyond the legislative landscape, the most persistent operational bottleneck for fintech innovation in Taiwan remains the systemic difficulty of bank account opening during the incorporation phase. In Taiwan, a company in formation must open a \u201cpreparatory bank account\u201d to receive the approved capital contributions. However, intensified anti-fraud mandates and a conservative risk perception within the banking sector have created significant hurdles. Both domestic and international startups frequently encounter categorical refusals or protracted Know-your-customer and onboarding procedures. This procedural friction remains a well-known but unresolved barrier to entry for new market participants and fintech entrepreneurs.<\/p>\n<p>Furthermore, in the future it is possible that a more stringent oversight framework may come into play for the Virtual Asset Service Providers (VASPs) sector. While the Virtual Asset Service Act remains in its draft stage following its release by the FSC in March 2025, it serves as a legislative blueprint for the sector\u2019s transition. The draft contemplates a mandatory licensing regime, where VASPs would be required to obtain regulatory approvals and licenses tailored to their specific service categories as a prerequisite to commencing operations. Furthermore, the draft reveals the FSC\u2019s intent to impose rigorous operational standards, including capital adequacy requirements (based on a debt-to-net-worth ratio to be determined by the FSC), mandatory segregation of proprietary assets from client assets, and the establishment of robust internal control and audit systems.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Are fintechs generally required to obtain licenses or registrations to operate in your jurisdiction, and if so, which activities typically trigger those requirements (e.g., lending, payments, digital assets custody)?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In Taiwan, financial service providers are generally required to obtain license or registrations before conducting regulated financial activities. Financial institutions and fintech companies who intend to operate in areas such as insurance, banking, asset management, securities, futures, and electronic payment services must obtain licenses from the FSC in advance, unless they obtain the regulatory sandbox approval from the FSC.<\/p>\n<p>In addition, VASPs and individuals providing virtual asset services must register with the FSC for AML compliance before offering their services. Non-compliance carries criminal penalties of up to two years of imprisonment. According to the Regulations Governing Anti-Money Laundering and Countering the Financing of Terrorism for Enterprises Handling Virtual Currency Platform or Transaction (the \u201cAML and CFT Regulations\u201d), a VASP refers to a business that engages in the following activities on behalf of others (hereinafter, the \u201cActivities\u201d):<\/p>\n<ol>\n<li>Exchange between virtual currencies and fiat currencies, such as New Taiwan Dollar, foreign currencies, and currencies issued by Mainland China, Hong Kong, or Macao.<\/li>\n<li>Exchange between one and more forms of virtual currencies.<\/li>\n<li>Transfer of virtual currencies.<\/li>\n<li>Safekeeping or administration of virtual currencies or instruments enabling control over virtual currencies.<\/li>\n<li>Participation in and provision of financial services relating to the issuance or sale of virtual currencies.<\/li>\n<\/ol>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Are there emerging cross-functional or omnibus licensing regimes, such as those inspired by the U.S. GENIUS Act, the EU MiCA\/DORA frameworks, or similar integrated models, that allow a single license to cover multiple fintech activities?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Taiwan has not yet adopted a cross-functional or omnibus licensing regime that allows a single license to cover multiple fintech activities. In March 2025, the FSC released a draft Virtual Asset Service Act, which, although introducing common governance and prudential standards for VASPs, maintains a function-based licensing structure rather than an integrated model.<\/p>\n<p>The draft imposes unified obligations on VASPs, including financial prudence requirements, internal control and audit systems, customer protection, data confidentiality, custody of client assets, financial reporting and information disclosure. However, Article 6 categorizes VASPs into seven types, including exchange providers, trading platform operators, transfer service providers, custodians, underwriters, lending service providers and other virtual asset service businesses.<\/p>\n<p>Articles 7 and 8 further require VASPs to obtain regulatory approval separately for each category of business and to operate strictly within the scope approved by the FSC, prohibiting unapproved ancillary activities. Taken together, the draft reflects a regulatory philosophy of prior approval and functional specialization, rather than an omnibus license across multiple fintech verticals.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How have regulatory sandboxes, innovation offices, or digital-testing frameworks matured in 2025, and what measurable impact have they had on time-to-market or capital formation for fintech start-ups?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Taiwan\u2019s regulatory sandbox regime under the Financial Technology Development and Innovative Experimentation Act became effective in April 2018, but its practical impact has been modest. By February 2021, only nine sandbox experiments had been approved, of which merely four continued operating similar businesses after completion. After almost four years with no new approvals, one domestic securities firm obtained sandbox approval in February 2025 for a 12-month experiment period. Against this background, the sandbox\u2019s effectiveness in accelerating time-to-market or capital formation for fintech start-ups remains limited.<\/p>\n<p>By contrast, a more influential mechanism has emerged through the FSC\u2019s \u201cBusiness Trial\u201d framework for financial institutions. In 2024, the FSC expanded the scope of eligible participants from banks, securities firms and insurers to a total of 19 categories, including credit card companies, trust enterprises and electronic payment institutions. Financial institutions may apply in advance to trial business models not yet permitted under administrative rules, guidance letters or self-regulatory codes, provided they do not contravene statutes.<\/p>\n<p>As of December 2025, 123 Business Trial applications had been approved, with 80 subsequently formalized into ongoing business operations. In practice, fintech firms that collaborate with incumbent financial institutions to participate in Business Trials often face fewer regulatory barriers and faster market entry than pursuing sandbox approval independently. Consequently, partnering with regulated financial institutions has become a more practical route for fintech market penetration in Taiwan.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How are regulators adapting their supervisory approaches (e.g., RegTech-enabled supervision, API-based reporting) to oversee fintechs operating across jurisdictions or with embedded finance models?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>At present, Taiwan has not introduced SupTech or API-based reporting frameworks specifically tailored for fintech companies. The FSC continues to apply conventional financial regulatory principles to fintech operators, with temporary and limited exemptions available only to approved sandbox participants.<\/p>\n<p>The FSC\u2019s adoption of RegTech and API-based supervision has focused primarily on traditional financial institutions rather than fintech start-ups. Implementation has been sector-specific, with separate systems for banking, securities and insurance. For example, in 2020 the FSC commissioned the Central Deposit Insurance Corporation (\u201cCDIC\u201d) to develop a supervisory platform for digital-only banks, enabling real-time liquidity monitoring and automated alerts to the FSC, the Central Bank and CDIC. In 2022, the FSC launched an API-based \u201cBank and Bill Finance Supervisory Reporting Portal\u201d, allowing banks to submit full financial statements automatically via APIs.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How do your jurisdiction\u2019s securities, commodities, and banking regulators interpret tokenization, DeFi, and stablecoin products under the current legal landscape, particularly in light of the U.S. state-level stablecoin acts and MiCA implementation in the EU?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The FSC has shown interest in tokenization, particularly in relation to real-world assets (RWA). In June 2024, the FSC partnered with the Taiwan Depository and Clearing Corporation and several financial institutions to establish an RWA tokenization task force, using domestic bonds, foreign bonds and funds as tokenized targets for proof-of-concept (POC) testing. The task force completed its POC report in September 2025.<\/p>\n<p>By contrast, although the FSC has proposed the draft Virtual Asset Service Act, its regulatory focus remains on centralized VASPs; and it has no specific provisions for Decentralized finance (DeFi) protocols.<\/p>\n<p>With respect to stablecoins, the draft Virtual Asset Service Act requires issuers of stablecoins in Taiwan to obtain prior FSC approval, with mandatory consultation with the Central Bank. During legislative discussions, FSC officials have noted the potential risks of stablecoins to monetary sovereignty and financial stability, while also acknowledging their commercial potential. The Central Bank has indicated that stablecoins function as payment instruments and involve the acceptance of funds from the public, requiring reserve assets at least equal to the outstanding stablecoin issuance to safeguard user funds.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">What are the AML\/CFT and travel-rule obligations for virtual asset service providers currently, and how do they apply to \u201cnon-custodial\u201d or \u201cself-hosted wallet\u201d models?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Taiwan\u2019s Money Laundering Control Act was amended in July 2024 to introduce a registration regime for VASPs and criminal liability for illegal operators. The primary AML\/CFT framework is set out in the AML and CFT Regulations. Article 7 adopts obligations similar to the FATF Travel Rule, requiring VASPs to obtain, transmit and retain legally prescribed information on originators and beneficiaries, although this provision has not yet taken effect.<\/p>\n<p>According to the AML and CFT Regulations, VASPs must establish internal control and audit systems proportionate to their money laundering and terrorist financing risks and business scale. Key obligations include risk-based KYC, transaction monitoring, cash transaction reporting above NT$500,000, sanction list monitoring, record keeping, annual AML risk assessments, and pre-launch risk assessments for new products and services.<\/p>\n<p>In addition, the Regulations Governing Anti-Money Laundering Registration of Virtual Asset Service Providers (the \u201cRegistration Regulations\u201d) require VASPs to submit detailed AML policies, CPA-reviewed internal control checklists and audit opinions before commencing operations.<\/p>\n<p>From a regulatory perimeter perspective, these obligations apply only to entities conducting specified virtual asset activities on behalf of others. Accordingly, non-custodial or self-hosted wallet models generally fall outside direct regulation.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">What new prudential or reserve requirements are being imposed on stablecoin issuers or custodians?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Taiwan has not yet approved the issuance of stablecoins. However, the FSC\u2019s draft Virtual Asset Service Act of March 2025 outlines an emerging prudential framework for stablecoin regulation. Articles 34 and 35 emphasize three core principles: maintenance of sufficient reserve assets, segregation of reserve assets from proprietary assets, and periodic audits.<\/p>\n<p>The draft further provides that reserve assets do not form part of the issuer\u2019s bankruptcy estate and may not be claimed by the issuer\u2019s creditors. Additional operational and prudential details are delegated to FSC rulemaking following enactment. Legislative materials and public hearings indicate that both domestic issuance of stablecoins and foreign-issued stablecoins intended for trading in Taiwan will require prior FSC approval before VASPs may provide related services.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How focused are regulators in your jurisdiction on data privacy, cybersecurity, and operational resilience for fintechs, and what enforcement or inquiry trends are emerging?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>At the end of 2025, the FSC released its \u201cFinancial Cyber Resilience Development Blueprint\u201d, aiming to enhance cybersecurity and operational resilience across the financial sector. The initiative focuses primarily on traditional financial institutions and includes measures such as defining the role of Chief Information Security Officers by reference to NYDFS Part 500, promoting Secure-by-Design software development, establishing comprehensive API security standards, and preparing guidance on post-quantum cryptography migration.<\/p>\n<p>For the diverse range of fintech firms, however, there is no dedicated framework addressing data privacy, cybersecurity and operational resilience. Regulatory obligations are mainly imposed on VASPs, which must establish appropriate information security management systems, business continuity policies and cybersecurity controls, and on sandbox participants, which must adopt adequate security measures.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">What practical steps should cryptocurrency and blockchain companies take to detect and prevent fraudulent transactions, and how can they prepare for regulatory audits, inquiries, and enforcement actions?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>As a baseline, VASPs engaging in activities prescribed under the AML and CFT Regulations must establish KYC procedures, internal control systems, and AML frameworks. Furthermore, they are required to complete registration with the FSC and the Registration Regulations. Completing AML registration is not only a legal prerequisite for operation but also a key risk-mitigation mechanism against fraud. These regulations require VASPs to retain transaction data, enabling timely information production during regulatory audits and inquiries.<\/p>\n<p>In addition, registered VASPs are legally required to join an industry association and comply with its self-regulatory codes, such as the Industry Self-Regulatory Code on Combating Fraud and Inter-Industry Defense Mechanisms. These rules prohibit cash transactions with customers, require inter-member notifications of suspicious accounts, mandate reporting to law enforcement, and require retention of records sufficient to reconstruct abnormal transactions.<\/p>\n<p>Beyond statutory compliance, it is advisable for VASPs to deploy transaction-monitoring systems to detect anomalous accounts and behavior, establish shared data platforms or API-based enquiry mechanisms with peers, and integrate electronic reporting systems with law enforcement investigation portals. These operational measures materially enhance fraud detection capabilities and improve preparedness for regulatory inspections and enforcement actions.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How are fintechs adapting to changing immigration frameworks, such as revisions to U.S. H-1B and digital nomad visas in the EU and Asia, to attract tech and compliance talent globally?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Under Taiwan\u2019s legal framework, fintech companies can leverage the Employment Gold Card and Digital Nomad Visa to adapt to changing immigration frameworks and attract global talent.<\/p>\n<p><strong>(1) The Employment Gold Card<\/strong><\/p>\n<p>To attract high-level international talent, the Taiwan government commenced the Employment Gold Card program in 2018.<\/p>\n<p>The gold card application process doesn\u2019t operate under a quota system or immigration caps; instead, each application undergoes a case-by-case review. Functioning as a 4-in-1 card encompassing a work permit, resident visa, Alien Resident Certificate (ARC), and re-entry permit, the Gold Card is designed to attract individuals with specialized expertise.<br \/>\nThe Gold Card offers various benefits and incentives. This card serves as an open work permit, enabling holders to change jobs freely and work for different employers under a single Gold Card. Moreover, individuals whose salary income exceeds NT$ 3 million in a particular tax year while engaged in professional work in Taiwan may enjoy certain tax benefits. Additionally, spouses and underage children of cardholders are eligible to apply for family reunion residence in Taiwan. Those employed, acting as employers, or operating their own businesses in Taiwan, along with their dependent relatives, can directly enroll in the National Health Insurance.<\/p>\n<p><strong>2) The Digital Nomad Visa<\/strong><\/p>\n<p>For fintech firms seeking to retain talent who wish to reside in Taiwan without local payroll ties, the Digital Nomad Visa (officially implemented in January 2025) offers a viable solution.<\/p>\n<p>According to the Directions on Reviewing the Eligibility of Foreign Nationals to Apply for the Digital Nomad Visa, individuals not employed by a Taiwan-based employer may apply if they meet one of the following criteria:<\/p>\n<p>&#8211; Existing Holders: Have previously been issued a digital nomad visa by another country.<br \/>\n&#8211; Experienced Digital Nomads: Aged 30 or above with an annual income of at least US$40,000 in either of the last two years.<br \/>\n&#8211; Young Digital Nomads: Aged between 20 and 29 with an annual income of at least US$20,000 in either of the last two years.<br \/>\nThe visa is initially valid for six months. Holders may apply for extensions of up to six months at a time without departing the country, for a maximum total stay of two years. This framework allows global fintech companies to maintain their workforce mobility while ensuring their employees reside in a tech-friendly jurisdiction.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">What new geopolitical or sanctions-related risks (e.g., digital asset restrictions, AML screening mandates) have emerged that affect fintech operations in cross-border markets?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Further to the 2024 amendments to the AML and CFT Regulations and the introduction of the Registration Regulations in the same year, the Bank Association of the Republic of China recently issued the \u201cSelf-Regulatory Rules for Banks Establishing Business Relationships with Virtual Asset Service Providers (VASPs) and Transaction Monitoring\u201d (the \u201cRules\u201d). The Rules impose strict obligations on banks, effectively transferring regulatory pressure from the FSC directly to financial institutions:<\/p>\n<ol>\n<li>When establishing business relationships, banks must conduct Enhanced Due Diligence (EDD) to verify the VASP\u2019s identity and regulatory compliance status.<\/li>\n<li>Banks providing fund custody or cash flow services must ensure fiat currency is held under full trust custody or secured by a full performance guarantee.<\/li>\n<li>Banks are obligated to conduct continuous review and monitoring of the VASP\u2019s customers and their transaction patterns.<\/li>\n<\/ol>\n<p>Currently, AML rules are becoming increasingly strict, leading to very tough KYC requirements at Taiwanese banks. Consequently, individuals or companies without a local track record or high capital often face difficulties when trying to open new corporate accounts, creating a severe market entry barrier. With the implementation of the new Rules, banks now face higher compliance costs and liability. To avoid these risks, banks may adopt (or are likely to adopt) a \u201cde-risking\u201d strategy, becoming more inclined to refuse account opening requests from new fintech companies.<\/p>\n<p>It is also worth noting that geopolitical sensitivity regarding China.\u00a0If an investor has Chinese citizenship, the investment may face much stricter review when entering Taiwan. There are also more restrictions on the company\u2019s business activities.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How do immigration and workforce-mobility policies\u2014like work visas, remote-work permits, and intra-company transfers\u2014affect fintechs\u2019 ability to move key staff into new markets, and what practical steps can companies take to avoid talent shortages or delays?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\">From a Taiwan legal perspective, immigration and work permit regulations significantly impact the speed at which fintech companies enter the market.\r\n\r\nWhen hiring foreign talent under a standard work permit, the employer must generally meet capital or revenue thresholds. For example, a company established for less than one year typically requires a registered capital of at least NT$5 million to hire foreign Specialized and Technical Talents. For early-stage fintech startups, this constitutes a barrier to entry, preventing them from hiring foreign staff until the local entity is fully funded and operational.\r\n\r\nTo overcome these obstacles and avoid talent shortages, fintech companies can adopt the following strategies:\r\n<ol>\r\n \t<li>Utilize the Digital Nomad Visa as a Bridge: Under the new 2025 regulations, companies can use the Digital Nomad Visa as a temporary bridge. During the preliminary assessment phase\u2014before the company formally commences operations in Taiwan\u2014staff can quickly enter Taiwan to evaluate the market and complete all necessary preparations for the company\u2019s official launch and local operations.<\/li>\r\n \t<li>Adopt the \u201cGold Card\u201d Strategy: Companies should encourage key staff to apply for the Employment Gold Card. This is an open work permit tied to the individual rather than the company. It allows key staff to start working immediately upon arrival. However, it is crucial to note that actual business operations in Taiwan must not commence until the corporate entity is formally established in Taiwan.<\/li>\r\n \t<li>Leverage Legal Exemptions for Startups: Regarding the strict capital and revenue restrictions, the Taiwan government provides specific legal exemptions. For instance, startups recognized for innovation capability, or companies operating within the \u201c5+2 Industrial Innovation Plan\u201d or the \u201cSix Core Strategic Industries,\u201d can be exempted from these capital thresholds. This provides eligible Fintech startups with greater flexibility to hire foreign employees without meeting the standard financial criteria.<\/li>\r\n<\/ol><\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How can fintechs protect their proprietary algorithms and smart-contract code, balancing open-source use with trade-secret protections and any AI-related disclosure rules?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>To effectively protect proprietary algorithms and smart-contract code in Taiwan while balancing open-source use and disclosure rules, fintech companies should consider the following legal framework:<\/p>\n<p>1.Trade Secret Protection for Algorithms and Smart Contracts:<\/p>\n<p>In Taiwan, proprietary algorithms and smart-contract code are inherently considered subject matter eligible for protection under the Trade Secrets Act if the following three statutory requirements are met:<\/p>\n<ul>\n<li>it is not known to persons who generally deal with the information in question;<\/li>\n<li>it has economic value, actual or potential, due to its secretive nature; and<\/li>\n<li>its owner has taken reasonable measures to maintain its secrecy.<\/li>\n<\/ul>\n<p>Since trade secrets are protected in Taiwan without registration, the primary strategy for fintech is to ensure internal compliance with the \u201creasonable measures\u201d requirement (e.g., access controls and NDAs).<\/p>\n<p>2.Management of the Use of AI:<\/p>\n<p>The Bankers Association of the Republic of China (\u201cBAROC\u201d) has established the \u201cGuidelines for the Operation of Artificial Intelligence Technology by Financial Institutions\u201d (hereinafter referred to as the \u201cGuidelines\u201d) to strengthen client data protection and risk management in banking operations involving AI.<\/p>\n<p>Article 10 of the Guidelines specifically mandates the following regarding record retention and auditability:<\/p>\n<ul>\n<li>When financial institutions develop or optimize AI technology internally, they must retain necessary technical documentation and relevant records. This includes records from the design, development, and implementation phases\u2014such as important data, models, or algorithms that may affect decision-making\u2014to ensure they can be audited when necessary.<\/li>\n<li>When using third-party AI technology, financial institutions must conduct investigation, assessment, and supervision operations. This is to ensure that third-party providers maintain their own audit trails (logs) of AI computations to facilitate subsequent verification.<\/li>\n<li>When adopting third-party AI technology, institutions should request relevant information from the provider and clearly define the scope of liability.<\/li>\n<\/ul>\n<p>Consequently, while leveraging open-source or third-party solutions, financial institutions \u00a0are required to satisfy these regulatory obligations. Furthermore, the core compliance obligation for financial institutions is to implement robust data retention protocols, ensuring that all AI-driven operations\u2014whether proprietary or open-source\u2014are traceable and ready for regulatory inspection.<\/p>\n<p>On January 14, 2026, the Artificial Intelligence Basic Act (\u201cAI Basic Act\u201d) was promulgated and made effective as law. Since the AI Basic Act establishes only the general guidelines for Artificial Intelligence in Taiwan, one needs to wait and see how this Act will be implemented by the government in the future in order to have a clearer idea of its implications.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">What strategies are most effective for safeguarding trademarks and digital brands in an era of AI-generated impersonation, deepfakes, and synthetic media fraud?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In the era of AI-generated synthetic media, traditional trademark protection is often insufficient to address hyper-realistic deepfakes or AI impersonations. Under current Taiwan regulations, the following strategies are recommended:<\/p>\n<p>1.Expanded Trademark Portfolio: Incorporating \u201cNon-Traditional Trademarks\u201d<\/p>\n<p>AI impersonation often mimics not just a logo, but a brand\u2019s overall \u201cimage\u201d or \u201cvoice.\u201d Therefore, companies should not limit registration to text and graphics.<\/p>\n<p>Companies should apply for non-traditional trademarks in accordance with the Examination Guidelines for Non-Traditional Trademarks (the \u201cGuidelines\u201d) issued by the Taiwan Intellectual Property Office (\u201cTIPO\u201d).<\/p>\n<p>According to the Guidelines, any sign capable of identifying the source of goods or services can be the subject of protection. This is not limited to the non-traditional trademarks explicitly listed in the Guidelines (such as color, three-dimensional shapes, motion, holograms, and sound). Other signs perceptible by smell, touch, or taste may also be registered and protected, provided they meet the requirements for distinctiveness.<\/p>\n<p>2.Protection via the \u201cFair Trade Act\u201d:<\/p>\n<p>Deepfake technology is frequently used to forge images of corporate leaders (CEOs) or spokespersons for fraud or false endorsements. When AI impersonation does not fall strictly within the scope of trademark infringement, the Fair Trade Act serves as a robust defense.<\/p>\n<p>Under Article 22 of the Fair Trade Act, enterprises are prohibited from using famous names, business names, trademarks, containers, packaging, appearance, or other distinguishing symbols of others on the same or similar goods\/services in a way that causes confusion with the goods\/services of others. Even if specific distinctiveness requirements of Article 22 are not met, Article 25 acts as a catch-all provision. It prohibits \u201cdeceptive or obviously unfair conduct that is sufficient to affect trading order.\u201d This is a powerful weapon against AI-generated false endorsements or synthetic spokespersons intended to mislead consumers.<\/p>\n<p>3. Protection of Personality Rights under the \u201cCivil Code\u201d<\/p>\n<p>If AI is used for voice cloning or creating deepfakes of a CEO or spokesperson, companies may assist the affected individuals in asserting their rights under Articles 18 and 19 of the Civil Code. These articles protect personality rights (including the right to one\u2019s image and name) against unauthorized use or infringement, allowing for the removal of the infringement and claims for damages.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">When fintechs collaborate with outside developers, partners, or open-source communities, how can they make sure they retain ownership of their technology and avoid disputes?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>To ensure ownership retention and minimize disputes when collaborating with outside developers, partners, or open-source communities, fintech companies in Taiwan should implement the following strategies:<\/p>\n<p><strong>(1) Clearly Define Ownership in Contracts<\/strong><\/p>\n<p>&#8211; Differentiation of IP:<\/p>\n<p>Include specific provisions in the contract that define the ownership of intellectual property (\u201cIP\u201d) created during the collaboration. Clearly identify pre-existing IP owned by each party and specify how it will be used in the collaboration, including whether licenses are required and under what terms.<\/p>\n<p>&#8211; Assignment of New IP:<\/p>\n<p>Address the allocation of ownership for any newly developed IP, outlining how it will be assigned or shared. Additionally, include an obligation for the ownership-assigned party to complete any necessary intellectual property registrations, such as patent filings or trademark applications.<\/p>\n<p><strong>(2) Due Diligence and Governance for Open-Source and Third-Party Rights<\/strong><\/p>\n<p>&#8211; Representations and Warranties:<\/p>\n<p>To avoid infringement disputes, the contract should include representations and warranties requiring the partner to confirm that the delivered code does not infringe upon third-party rights.<\/p>\n<p>&#8211; Indemnification:<\/p>\n<p>Simultaneously, indemnification clauses should be included to protect the fintech company from potential damages arising from legal lawsuits.<\/p>\n<p>(3) Confidentiality and Trade Secret Protection<\/p>\n<p>&#8211; NDA and Reasonable Measures:<br \/>\nUnder Taiwan\u2019s Trade Secrets Act, a company must prove it has taken \u201creasonable measures\u201d to maintain secrecy to receive protection. Therefore, signing a Non-Disclosure Agreement (\u201cNDA\u201d) is not merely a contractual formality but a necessary means to satisfy statutory requirements.<br \/>\n&#8211; Scope and Non-Compete:<\/p>\n<p>The NDA should clearly define the scope of confidential information and the duration of confidentiality obligations. Additionally, non-compete clauses should be utilized to prevent partners from building rival products using the fintech\u2019s specific know-how immediately after the collaboration ends.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">What steps should fintechs take to detect, prevent, and respond to competitors or third parties who might copy or misuse their technology, algorithms, or branding, and how do enforcement strategies differ across jurisdictions?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>To effectively prevent, and respond to infringement, fintech companies in Taiwan should adopt a comprehensive strategy that begins with establishing a robust IP portfolio and enforcement via specialized courts.<\/p>\n<p>1.Establishing a Comprehensive IP Protection Framework<\/p>\n<p>Before enforcement can take place, fintech companies must secure their rights. Patents, trade secrets, copyrights, and trademarks can be utilized to safeguard fintech assets:<\/p>\n<ul>\n<li>Patents: There are three types of patents\u2014invention, utility model, and design patents\u2014all of which require application with TIPO before being granted, provided they meet the statutory criteria.<\/li>\n<li>Trademarks: For fintech startups wishing to protect their brand identity, they can apply for trademark registration with the TIPO.<\/li>\n<li>Trade Secrets: Trade secrets receive legal protection as long as they meet statutory requirements (see above) and do not require registration.<\/li>\n<li>Copyrights: Similar to trade secrets, once a work is completed, copyright is protected by the Copyright Act automatically without registration, provided it meets statutory requirements.<\/li>\n<\/ul>\n<p>2. Prevention Strategies<\/p>\n<p>To qualify for trade secret protection, fintechs must strictly control access to core algorithms and technology, establishing the necessary \u201creasonable measures\u201d for future litigation.<\/p>\n<p>3.Enforcement Strategies under Taiwan Regulations<\/p>\n<p>For any incident that could potentially constitute infringement of IP, fintech companies can seek remedy via the Intellectual Property and Commercial Court in Taiwan, which specializes in intellectual property and commercial disputes. Enforcement mechanisms include:<\/p>\n<ul>\n<li>Criminal Prosecution (Trade Secrets): Taiwan\u2019s Trade Secrets Act imposes criminal liability and it is possible to prosecute against wilful violator(s).<\/li>\n<li>Civil Injunctions (Preliminary Injunction): Fintechs can apply for a \u201cPreliminary Injunction\u201d to immediately prohibit a competitor from using the infringing technology before a final judgment is reached.<\/li>\n<li>Preservation of Evidence: Utilizing the Intellectual Property Case Adjudication Act, companies can ask the court to secure evidence from the opposing party before filing a lawsuit to prevent destruction.<\/li>\n<\/ul>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How are jurisdictions addressing cross-border IP enforcement for fintech products involving distributed infrastructure and decentralized code bases?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>There is no specific or pre-determined way to address cross-border IP enforcement for fintech products involving distributed infrastructure and decentralized code bases. If a main actor or distributor of the distributed or decentralized infrastructure can be found, then it is most likely possible to pursue remedies using one of the methods mentioned in paragraph (3) of Item 18 above, e.g., criminal or civil prosecution, injunctions or preservation of evidence.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How should fintechs approach IP protection when licensing or selling software, smart contracts, or AI models to ensure ongoing control and compliance with different countries\u2019 laws?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>To ensure ongoing control and cross-border compliance when licensing or selling software, smart contracts, or AI models, fintech companies are advised to adopt the following strategies:<\/p>\n<ol>\n<li>Clearly Define the Scope of License: The agreement should explicitly stipulate the duration (e.g., subscription-based or term-limited), territory (geographic restrictions), and field of use to prevent unauthorized expansion of the software&#8217;s application.<\/li>\n<li>Shift Compliance Burden via Representations and Warranties: Include specific clauses requiring the licensee (client) to warrant that their &#8220;use&#8221; of the software and AI models complies with all applicable local laws (e.g., data privacy or AI regulations). This effectively transfers the risk of localized regulatory compliance to the user.<\/li>\n<\/ol>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Under emerging AI-governance frameworks, such as the EU AI Act and U.S. GENIUS Act, what legal obligations apply to fintechs using AI in underwriting, robo-advisory, and fraud protection?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In Taiwan, the Guidelines as well as the newly enacted AI Basic Act set forth the general parameters of operations for financial companies.<\/p>\n<p>With respect to underwriting, the Self-regulating Rules for Use of Artificial Intelligence by Insurance Companies stipulates that insurance companies should:<\/p>\n<ol>\n<li>Establish risk-based control and periodic audit mechanisms to ensure fairness, system security, model quality, data quality, fairness, sustainability, transparency and explainability of AI;<\/li>\n<li>Ensure that third-party supplier of AI systems retain adequate records for subsequent examination or auditing;<\/li>\n<li>Appoint personnel or committee to be responsible for the AI system currently being used; and<\/li>\n<li>Ensure fairness and avoid bias; as well as protect the privacy of clients.<\/li>\n<\/ol>\n<p>With respect to robo-advisory, Under Article 25-1 of the Regulations Governing Securities Investment Consulting Enterprises, only financial companies licensed by the FSC can offer automated robo-advisory services for financial investment consulting. Furthermore, a licensed financial consulting company offering robo-advisory services must establish KYC and client suitability procedures so as to coordinate the robo-advisory services with the client(s) in question, as well as establish measures for data privacy, emergency response and prevention of conflict of interests.<\/p>\n<p>For fraud protection, the Personal Data Protection Act (PDPA) and the AI Basic Act generally requires that a business must only collect the necessary personal information to guard against data leaks; and mandates the government to promote the establishment of information security measure against hacks and security threats. Furthermore, the Fraud Crime Hazard Prevention Act mandates if any online advertisement uses deep fake technologies or AI-generated image(s) of individual(s), the Internet platform that provides such advertisement must label it as such.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How can fintechs evidence algorithmic fairness, explainability, and bias mitigation in compliance with new supervisory expectations for automated credit and AML decisioning systems?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The AI Basic Act of Taiwan mandates the government to promote AI development in adherence to principles including: (i) support of human autonomy and respecting fundamental human rights such as personality rights and cultural values; (ii) provide appropriate information disclosure or labeling for AI outputs to facilitate risk assessment and understanding of the impact on relevant rights, thereby enhancing the trustworthiness of AI; (iii) avoid algorithmic bias and discrimination during R&amp;D and application to ensure that results do not lead to discrimination against specific groups. However, the AI Basic Act did not address the details on how the government address these principles on the issues of automated credit and AML decisioning. It is likely that follow-on regulations will be promulgated in the near future to further implement the requirements and principles of the AI Basic Act.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">What are the IP and data-protection considerations around training proprietary AI models on financial data, and how can fintechs structure data-sharing agreements to minimize risk?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In Taiwan, the legal landscape for AI training is shifting from a set of general guidelines to a formal regulatory framework following the passage of the AI Basic Act. This legislation serves as a foundation from which various government agencies to update their sector-specific regulations for further implementation.<\/p>\n<p>However, the AI Basic Act does not explicitly define whether using copyrighted materials to train AI models constitutes \u201cfair use\u201d under local copyright laws. Until clearer legislative amendments or judicial precedents emerge, the legal risk of training proprietary models on datasets containing protected intellectual property remains an issue of concern.<\/p>\n<p>The AI Basic Act codifies a specific set of principles that fintechs must navigate when handling data. The mandated standards focus on: (i) ensuring the privacy of personal data while respecting corporate trade secrets; (ii) actively avoiding data leakage risks through robust cybersecurity; (iii) adopting the \u201cdata minimization principle\u201d by only collecting and processing what is strictly necessary for the AI\u2019s purpose; and (iii) facilitating the openness and reuse of non-sensitive data.<\/p>\n<p>To minimize legal exposure in respect of data-sharing agreements, it is recommended to reach formal license agreements with data owners to avoid potential IP disputes. Regarding personal information, fintechs should consider and implement de-identification processes, i.e. data should be processed such that it is no longer possible to re-identify individuals, which can serve to limit exposure of legal risks under the Personal Data Protection Act.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">How are regulators treating AI-driven investment or credit-decisioning tools for purposes of fiduciary duty, fair lending, and disclosure obligations under updated consumer protection frameworks?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>As mentioned above, under Article 25-1 of the Regulations Governing Securities Investment Consulting Enterprises, only financial companies licensed by the FSC can offer automated robo-advisory services for financial investment consulting. Furthermore, a licensed financial consulting company offering robo-advisory services must establish KYC and client suitability procedures so as to coordinate the robo-advisory services with the client(s) in question, as well as make disclosures in contracts with the consumer which include:\u00a0 (i) fees for using the automated service; (ii) the method of operation, as well as important assumptions and limitations; (iii) the scope and recommended mode(s) of operation; (iv) rebalancing threshold(s) and agreed condition(s); and (v) risk factors.<\/p>\n<p>While the AI Basic Act does not explicitly set out rules that govern AI credit-decisioning, it does stress that the government must promote AI development while stressing principles such as privacy protection, data management, transparency, explainability, non-discrimination as well as establishing appropriate liability standards for the deployment of AI.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">What emerging liability theories (e.g., negligent model governance, failure to supervise AI) could expose fintechs to enforcement or civil litigation in the next 12 months, and how should firms build defensible risk management frameworks?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The AI Basic Act mandates the government to clarify the liability attribution and liability conditions when deploying high-risk AI systems. It is likely that the government will in the near future define the scope of \u201chigh-risk AI\u201d as well as liability parameters. Currently for risk management purposes, it is recommended that fintechs should evaluate its own product(s) and clearly label warning notices for consumers so that consumers can be notified of such risks when using AI systems.<\/p>\n<p>Furthermore, when facing consumers, fintech companies generally need to comply with the Consumer Protection Act, which stipulates in Article 12 that any standard terms and conditions used with consumers that are in violation of the principle of good faith and are patently unfair to consumers (e.g. in violation of the principle of equality and reciprocity) shall be null and void. Therefore, if a fintech company offer services that, based on its terms of services, is decided by AI and the AI model produces results that are not in good faith and patently unfair, it could theoretically be argued under the Consumer Protection Act that such terms of service shall be considered as null and void. Fintechs should therefore establish proper human intervention mechanism so as to ensure that any issue with the AI services can be promptly reflected and dealt with if consumers do raise legitimate complaints with the result(s) of AI.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\r\n<div class=\"word-count-hidden\" style=\"display:none;\">Estimated word count: <span class=\"word-count\">6384<\/span><\/div>\r\n\r\n\t\t\t<\/ol>\r\n\r\n<script type=\"text\/javascript\" src=\"\/wp-content\/themes\/twentyseventeen\/src\/jquery\/components\/filter-guides.js\" async><\/script><\/div>"}},"_links":{"self":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/comparative_guide\/129966","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/comparative_guide"}],"about":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/types\/comparative_guide"}],"wp:attachment":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/media?parent=129966"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}