← Back to Ratio
Regulation · · 5 min read

AI directed at children in Mexico: the legal risk does not wait for the AI Act

Article 5.1(a) of the AI Act prohibits the manipulation of minors by AI systems. In Mexico, the Best Interests of the Child principle already creates the same liability.

#regulation #ai-act #child-rights #legal-liability #ai-law

A conversational assistant with a persona, a name, and a voice, embedded in an educational or commercial product directed at children. The scenario is no longer hypothetical: it appears in toys, in educational apps, and in chatbots marketed as companions or tutors. Each time it appears, the same questions surface in the legal teams asked to evaluate it: what does the regulation say? Is a warning screen sufficient? Can the product be launched in Mexico while the European Union completes its debate?

Article 5.1(a) of the European Artificial Intelligence Act (AI Act), one of the few regulatory provisions that addresses this scenario directly, offers an answer that is more interesting than it appears. Read from Mexico, it reveals what almost no one in the public conversation is naming: the legal risk is not imported from Brussels. It is already present.

What Article 5.1(a) of the AI Act actually prohibits

The AI Act lists, among its strictly prohibited practices, the use of AI systems that deploy subliminal or purposefully manipulative techniques, or that exploit any vulnerability of a person or a group of persons, where such conduct materially distorts behavior and causes or is reasonably likely to cause significant harm.

Applied to the hypothesis of a personified assistant directed at minors, the provision decomposes into three legally verifiable elements:

  1. Exploitation of a vulnerability based on age. A minor is, by legal and psychological definition, a developing subject; the minor’s capacity to distinguish a human interlocutor from a generative system is limited and depends on cognitive development.
  2. Induced emotional bias. Endowing an AI with a personality, a voice, a name, or simulated memory is not a neutral design choice; it produces a unilateral emotional bond, that is, a form of manipulation that operates below the threshold of informed consent.
  3. Possible significant harm. Harm need not materialize for the conduct to fall within the prohibition; emotional dependence, inappropriate intimate attachment, and self-harming behavior following prolonged interactions are already documented outcomes and sufficient to trigger the prohibition.

Legally, Article 5.1(a) does not require proof of intent to harm. It requires proof of three objective conditions: the technique exploits a vulnerability, it distorts the subject’s behavior, and it is reasonably likely to cause significant harm.

”But we are in Mexico, not in the EU”

The objection arises, almost mechanically, in any corporate conversation about the AI Act: that applies to Europe; it does not apply here. The statement is literally correct: the European regulation does not bind a Mexican company operating exclusively within Mexican territory.

Yet consider the following.

The reversal that most analyses overlook is this: the risks that the European regulation seeks to prevent are not inventions of the European legislator. They are human-rights risks, codified in international conventions and, in this specific case, in a Mexican constitutional principle.

The Best Interests of the Child principle is established in Article 4 of the Mexican Constitution, developed in the Ley General de los Derechos de Niñas, Niños y Adolescentes, and supported by the Convention on the Rights of the Child, ratified by Mexico in 1990. It is not a European directive. It is a fundamental legal principle of the Mexican domestic order, enforceable against any actor, public or private, that deploys a product capable of affecting minors.

The European regulation does not create the risk: it exposes it

This is where the most common strategic misunderstanding sits. Many legal departments read the AI Act as a text that creates new obligations. As soon as direct applicability is ruled out, the file is closed.

Yet regulation, when it functions correctly, does not fill a legal vacuum: it formalizes a duty that already exists. Article 5.1(a) of the AI Act is not the source of the duty not to manipulate a minor through an AI system. That duty already exists in the Mexican legal order: through the Best Interests of the Child, through extra-contractual civil liability for harm caused to a vulnerable third party, and through the general principles of manufacturer liability for defective or hazardous products.

What the European regulation adds is threefold, and the distinction matters:

  • A technical definition of what counts, in law, as prohibited manipulation, a definition that serves as reference even outside European jurisdiction.
  • A preventive fine triggered by the conduct alone, without requiring the harm to materialize.
  • A market signal directed at investors, insurers, and contractual partners, which progressively shifts the global standard of what counts as reasonably safe.

What the regulation changes, and what it does not

In Mexico, without an AI Act, the sanction for the conduct itself, launching a product that relies on such a technique, does not exist as such. The sanction for the harm, when it materializes, does exist, and it exists with or without regulation. This is where the maturity of a Mexican legal team’s analysis becomes visible.

A manufacturer or distributor that launches today in Mexico a product with a personified AI assistant directed at minors, without a serious analysis of the three elements listed above, is, in risk-management terms:

  • Operating under the assumption that the absence of specific regulation equals the absence of liability.
  • Betting that no case will reach the courts, in a jurisdiction where the Best Interests of the Child is interpreted broadly and where collective amparo proceedings can invoke it.
  • Accepting, in addition, a reputational risk whose cost on social media and in the press routinely exceeds that of any administrative sanction.

Regulation adds a fine. Liability for harm is added by no one: it pre-exists, and the absence of specific regulation merely makes it less visible to readers who do not read the legal order as a whole. This reading connects directly to the organizational dimension of the problem, which I address in my article on AI governance in legal teams: the inability to read European regulation as a map of risks that already exist is, in itself, a governance failure.

The AI Act is not the boundary between the permitted and the prohibited. It is a translation, in the European sanctioning format, of a duty of care that Mexican law already contains. Any other reading is not regulatory analysis. It is geography.


This article is adapted from an original LinkedIn publication by Philippe Prince Tritto (19 October 2025). Original publication.

Adapted to the site style. Substance preserved.

Original LinkedIn post — Originally published on October 18, 2025 · read the original