RegulationAI ActCompliance
EU AI Act and AI regulation in Mexico: what every SMB should know
Practical summary of the 2026 AI regulatory framework and what real obligations Mexican companies have.
April 8, 2026 · Lixto Labs Team · 1 min read
The AI Act is in force
The EU AI Act fully applied in August 2026 and affects you even if your company is in Mexico, when you sell to EU clients, use European providers, or process EU citizens' data.
Four risk levels (simple version)
- Unacceptable risk: prohibited (subliminal manipulation, government social scoring).
- High risk: HR, education, critical infra, justice. Requires technical docs, impact assessments, registration.
- Limited risk: chatbots, deepfakes, systems that interact with people. Only transparency is required.
- Minimal risk: everything else. No specific obligations beyond GDPR.
Most enterprise chatbots fall into limited risk: declare it's an AI and allow human escalation.
In Mexico
The Mexican Senate has been discussing a Federal AI Regulation Law since 2025, similar to the EU AI Act. As of early 2026 it's still in committees but likely to pass this year.
What already applies in Mexico:
- LFPDPPP: training models with personal data (clients, employees) requires informed consent and explicit privacy notice.
- Profeco: if your chatbot makes mistakes that harm a consumer, your company is liable, not the model provider.
Three things to do today
- Clearly label that the user is talking to an AI.
- Provide a visible human escalation route.
- Document which model you use, what data feeds it, what decisions it automates.
This covers 80% of compliance with minimal effort.