A recent IDC report found that over 60% of enterprises across the Asia-Pacific region are already experiencing moderate to significant disruptions to their IT operations due to evolving data privacy, cybersecurity, and AI regulations.
The report, titled "Regulatory Turning Point: How Data Privacy, Cybersecurity, and AI Laws Are Reshaping Enterprise Strategy in Asia/Pacific," finds that regulations, once seen as mere formalities, have become architectural imperatives, shaping critical decisions across cloud investments, data governance, and AI deployment.
Regional developments
Key regional developments advancing sovereignty-driven mandates tailored to domestic priorities include the following:
- India’s DPDP Act (2023): Establishes consent-first data governance, introduces DPO requirements, and imposes localisation in sensitive sectors.
- Singapore’s PDPA and Cybersecurity Act: Expanding breach notification and third-party oversight while piloting AI governance frameworks.
- Australia’s Privacy Act Reforms (2025): Emphasise algorithmic accountability, which is the requirement for organisations to explain the decisions made by their algorithms, data portability, and steep penalties (up to AUD50 million).
- China’s AI and Cybersecurity Regulations: Enforce AI explainability, content controls, and mandatory data localisation for CIIs (Critical Information Infrastructures).
Looking forward
The report strongly advocates for organisations to take proactive control oftheirgovernance, particularly in areas such as AI explainability, consent orchestration, and privacy engineering.
Organisations should also operationalise mandates with localised control frameworks, automated breach reporting, and real-time auditability, and invest in infrastructure that supports dynamic compliance, such as data discovery tools, de-identification tools, and AI governance platforms.

“As AI accelerates digital transformation across Asia/Pacific, enterprises can no longer afford to treat data privacy and cybersecurity regulations as legal afterthoughts,” says Sakshi Grover, senior research manager, Cybersecurity Products and Services, IDC Asia/Pacific. “These mandates are now strategic levers, influencing everything from cloud architecture to AI model governance. Enterprises must embed regulatory foresight into every technology decision to remain agile, trusted, and globally competitive.”