MJAB Insights | Artificial Intelligence: How to regulate risk without stifling innovation

The advancement of AI in Brazil requires a regulatory framework capable of protecting fundamental rights, ensuring corporate accountability, and, at the same time, avoiding excessive barriers to innovation.

The regulation of artificial intelligence (AI) is no longer an abstract discussion and has become a central issue on Brazil’s legislative, regulatory and corporate agenda. Bill No. 2,338/2023, approved by the Senate and forwarded to the Chamber of Deputies, seeks to establish parameters for the development, use and governance of AI systems in the country. In the Chamber, the bill is currently under review by a Special Committee chaired by Congresswoman Luisa Canziani, with Congressman Aguinaldo Ribeiro serving as rapporteur.

The proposed legislation adopts a risk-based regulatory approach, distinguishing between artificial intelligence systems, generative artificial intelligence and applications with a greater potential impact on fundamental rights, automated decision-making and sensitive environments. The Chamber itself highlights that the proposal classifies AI systems according to risk levels and requires preliminary assessments, particularly for generative AI and general-purpose AI systems.

For businesses, the discussion extends far beyond technology. The future regulatory framework may affect business models, internal compliance policies, data governance, civil liability, algorithmic transparency, supplier management and the use of automated tools across sectors such as healthcare, finance, education, human resources, consumer markets, infrastructure and public services.

MJAB Insights: The trend is for Brazilian AI regulation to evolve under significant tension between two competing objectives: on one hand, the demand for the protection of rights, transparency and accountability; on the other, concerns that excessively broad obligations may hinder innovation, competitiveness and technological adoption.

The key challenge will be translating the concept of “risk-based regulation” into objective, proportionate and operationally viable criteria.

The most significant regulatory risk lies not only in the approval of the legislation itself, but also in the manner in which it is implemented. Broad concepts such as “high risk”, “significant impact”, “automated decision-making” and “human oversight” may create legal uncertainty if they are not accompanied by clear technical parameters, coordination with sector-specific authorities and alignment with the LGPD, the Brazilian Civil Rights Framework for the Internet and other applicable regulatory regimes.

From a strategic perspective, organisations that already use or intend to adopt AI should prepare in advance. The debate is likely to shift from a general legislative discussion to a concrete governance agenda involving AI system inventories, risk assessments, technical documentation, human oversight policies, supplier management, auditing, explainability and mechanisms for contesting automated decisions. The most likely scenario is the approval of a legal framework followed by extensive sector-specific regulation. In this context, competitive advantage will depend less on “waiting for the law” and more on building internal structures capable of demonstrating the responsible, proportionate and auditable use of artificial intelligence from the outset.