CoE Framework Convention signatory
This content is for informational and educational purposes only and does not constitute legal advice.
The first national AI Policy on regulation and ethics was published in December 2023 by the Ministry of Innovation, Science and Technology (MIST) and the Ministry of Justice. It identifies seven key challenges, discrimination, human oversight, explainability, AI interaction disclosure, safety, accountability, and privacy, and recommends a risk-based, sector-specific regulatory approach aligned with the OECD AI Recommendations.
In May 2025, the Privacy Protection Authority (PPA) published draft guidelines on applying the Protection of Privacy Law to AI systems, covering informed consent, data protection impact assessments, restrictions on web scraping for model training, and security against inference attacks. The entry into force of Amendment 13 to the Privacy Protection Law in August 2025 significantly strengthened the PPA's enforcement powers.
An AI Policy Coordination Centre within MIST is being formalised to coordinate cross-sectoral regulatory work. The Ministry of Justice is exploring a potential Framework Law to address algorithmic discrimination, liability for autonomous systems, and the legal status of AI-generated content — though this would supplement rather than replace sectoral rules.
Israel's National AI Program supports infrastructure, talent development, regulatory sandboxes, and compute capacity. An interministerial task force published interim recommendations on AI compute infrastructure and electricity system resilience in February 2026.
Israel signed the Council of Europe Framework Convention on AI (CETS 225) at the opening ceremony in Vilnius on 5 September 2024.
On 14 August 2025, the Privacy Protection Bill (Amendment No. 13, formerly No. 14) entered into force. The Bill expands the supervisory powers of the Privacy Protection Authority, which will now have the authority to impose financial sanctions for violations of the Privacy Protection Law. In addition, the Bill establishes the obligation to appoint a privacy protection officer for organisations primarily processing sensitive personal information or the systematic monitoring or tracking of people. Furthermore, the Bill limits the obligation to register digital databases to databases managed by those engaged in information trade. Finally, the Bill introduces a chapter on criminal offences in databases and includes a blanket ban on the processing of illegally collected personal information.
On 14 August 2025, the Privacy Protection Authority published a guide on Amendment No. 13 to the Privacy Protection Law, enacted in August 2024, which introduces a reform applying to public and private organisations processing personal data. The amendment updates core definitions, reduces the obligation to register databases, requires notification of large sensitive databases, mandates appointment of Data Protection Officers (DPOs), establishes a financial sanctions mechanism, introduces new criminal offences, and repeals the shortened statute of limitations for privacy violations. The amendment entered into force on 14 August 2025.
On 13 August 2025, the Privacy Protection Authority issued a ruling against Hot Mobile with a fine of NIS 70,000 over failure to comply with a data removal request. It was highlighted that the company operates in the telecommunications sector, and it used a former customer’s personal data after service termination. It was also highlighted that it sent repeated marketing messages despite deletion requests. The company also failed to meet notification obligations and used the data for purposes other than originally intended.
Last updated: 14/08/2025