Mexico is rapidly integrating artificial intelligence (AI) into its tax enforcement, security, and citizen services. However, an examination of 45 transparency requests indicates that this deployment is outpacing the development of regulatory frameworks. Sensitive data protection is inconsistent, and the newly introduced Chapultepec principles lack enforceable power within the government.
One of the more immediate uses of AI can be seen in a WhatsApp chatbot developed by the foreign ministry. The PTAT chatbot, designed to streamline passport renewal appointments, requests personal information such as CURP (Clave Única de Registro de Población) and passport numbers. While this may seem like a standard bureaucratic procedure, it raises significant privacy concerns. Many users comply with such requests to avoid delays, yet a moment of hesitation often accompanies the act of sharing personal data.
The Mexican government asserts that AI adoption is intended to enhance institutional efficiency. However, this push occurs amid a regulatory void. Documented evidence reveals a tacit endorsement of AI initiatives throughout federal agencies, yet there are no specific laws governing how these technologies should be monitored, audited, or made transparent. This discrepancy is critical, as AI applications in government involve overseeing tax compliance, security, surveillance, and citizen interactions—areas where state power directly impacts lives. The expectation of increased efficiency must be balanced against risks such as rapid errors and compromised public trust.
As of November 2025, at least 14 federal agencies were either utilizing AI or exploring internal AI projects, suggesting that AI is no longer a mere experimental phase. In tax enforcement, the Servicio de Administración Tributaria employs statistical learning models to identify fraudulent billing and irregularities among importers, underscoring the potential consequences of improper data use.
Administrative applications of AI may seem benign, yet they intersect with the sensitive data governments retain. The culture ministry employs a variety of AI tools for data management, while the Secretaría Anticorrupción y Buen Gobierno has tested Google’s Gemini for standardizing text in training certificates. With citizen services, chatbots like PTAT serve as a primary interface, enhancing efficiency but also collecting personal data in the process. The ministry’s claim that PTAT does not process personal data stands in stark contrast to the evidence of data collection in WhatsApp interactions.
In security applications, the stakes are considerably higher. Documents reveal that AI aids in surveillance and managing security events across agencies, including the Institute of Security and Social Services for State Workers. The use of AI in such critical roles raises alarms about data privacy and the implications of automated decision-making in law enforcement. However, some agencies, such as the National Guard, have opted for confidentiality regarding their AI integration, citing national security concerns while simultaneously limiting public scrutiny.
Concerns have been voiced regarding potential misuse of generative AI technologies by public employees. Without established guidelines, employees may inadvertently expose confidential information while using AI tools. “I know some armed forces members who have used AI to process information faster, and often that information is sensitive,” remarked Juan Manuel Aguilar Antonio, a researcher at UNAM’s Center for Research on North America. This highlights the risks inherent in the informal use of AI, which could lead to sensitive data leaks.
Addressing the regulatory gap is imperative, yet current attempts at legislative action have stalled. A proposed Ethical Regulation Law for Artificial Intelligence and Robotics presented in May 2023 did not advance in Congress. While some institutions, like Banco de México, have created guidelines for AI use, others lag significantly behind. The Secretaría Anticorrupción y Buen Gobierno, for instance, lacks any formal documentation on ethical AI usage, raising questions about accountability.
The Chapultepec Principles, introduced in January 2026, outline ten ethical guidelines for AI development and use. However, the principles remain non-binding, leaving their implementation subject to interpretation. This regulatory uncertainty poses broader implications for governance in Mexico, where AI’s increasing role in handling personal and sensitive information coincides with a fragile public trust. The challenge lies not only in technological advancement but in ensuring that safeguards are in place to prevent the erosion of democratic values amidst a growing reliance on automated systems.
See also
OpenAI’s Rogue AI Safeguards: Decoding the 2025 Safety Revolution
US AI Developments in 2025 Set Stage for 2026 Compliance Challenges and Strategies
Trump Drafts Executive Order to Block State AI Regulations, Centralizing Authority Under Federal Control
California Court Rules AI Misuse Heightens Lawyer’s Responsibilities in Noland Case
Policymakers Urged to Establish Comprehensive Regulations for AI in Mental Health
