At the 3rd Meeting for the Draft Guidelines for AI Service Providers, the results of the public comment process were released. The submission from the Policy Research Institute is also published in Document 1 (March 14, 2024).

The Draft Guidelines for AI Service Providers outline the following key “principles”: (1) support for voluntary initiatives by service providers, (2) alignment with international discussions, and (3) clarity for readers. In terms of process, (4) a multi-stakeholder approach and (5) a “living document” framework are also emphasized (p. 4). We strongly support the importance of these elements. However, we have reservations as to whether the current draft sufficiently puts these principles into practice.

Moreover, while the Draft Guidelines set forth requirements to be observed in the development of “advanced AI systems, including cutting-edge foundation models and generative AI” (p. 22), the content remains in need of further deliberation.

1. Support for Voluntary Initiatives by Service Providers

Although this Draft Guideline is intended to serve merely as a reference document, it contains language with mandatory implications—such as immediately following Figure 2 on page 4, where it refers to “necessary actions for AI development, deployment, and use.” Similar expressions using terms such as “necessary” and “responsibility” appear throughout the document. (Setting aside for now the separate issue, discussed in Section 6 below, of whether a certain level of AI regulation may ultimately be warranted,) given that the framework is positioned as one to support voluntary initiatives, such terminology should be avoided. The Guideline should more explicitly and consistently state that it merely serves as a set of reference principles for service providers’ voluntary efforts. It should not be used as a checklist-style compliance tool.

(Even when administrative bodies intend a document to be illustrative or suggestive—such as by adding explanatory notes—the reality is that readers may review only parts of the content and fail to recognize that the document is intended merely as guidance. This can lead to attempts to interpret or implement it literally. This concern is especially acute in relatively new fields like AI, where even diligent readers may frequently misinterpret the material, and thus particular care in wording is essential.)

Additionally, under label ① in Figure 2, the phrase “risk-based approach” is used. However, this term is typically associated with regulatory regimes—for example, the EU’s AI Act also adopts a risk-based approach. Therefore, it seems inappropriate to use this phrase to describe the purpose of ①, which is to support voluntary initiatives. Instead, this portion should explain that the approach being adopted is a “soft law” approach. Furthermore, since this Draft Guideline is positioned as Japan’s unified policy statement on AI governance and is likely to attract international attention, it would be advisable to avoid potentially misleading terms such as “responsibility” in the English translation when it is eventually published.

2.Coordination with International Discussions

As emphasized by the Hiroshima AI Process, which highlights the necessity of interoperability between differing national systems, this Draft Guideline should also ensure consistency with internationally established frameworks, such as the U.S. National Institute of Standards and Technology (NIST) AI Risk Management Framework and relevant international standards like ISO 42001 (AI Management Systems). However, the current Draft Guideline fails to demonstrate any alignment with these global frameworks and does not ensure interoperability. At the very least, it should provide a clear mapping or cross-reference to these two documents. (It is presumed that this issue will be addressed in Annex 9, but Annex 9 does not appear to be available.)

3. Readability for Users

While the Guideline emphasizes “readability for users,” the document—including its annexes—is voluminous, and the relationship between the main text and annexes is riddled with overlap and structural redundancy. Frankly speaking, the document is difficult to understand.

Furthermore, throughout the text, definitions are vague, leaving service providers unsure of what to use as a reference. For example, in the definition of “AI providers,” the phrase “in the provision of AI services…” and in the definition of “AI users,” the phrase “Furthermore, with respect to AI…” describe concepts that would apply to other types of AI operators as well, yet it is unclear why they are specifically mentioned. Additionally, the definition of AI as the “AI system itself” is ambiguous and unclear. Given the existence of the above-mentioned international frameworks, it would be advisable to establish clearer and more structured definitions.

4.Multi-Stakeholder Participation

Regarding multi-stakeholder participation, page 3 of the Draft Guideline states that “this Guideline has been developed not through government leadership alone, but by emphasizing effectiveness and legitimacy through repeated deliberations among a multi-stakeholder group consisting of educational and research institutions, civil society including general consumers, and private enterprises.” However, the specific process and background of how this multi-stakeholder framework was actually implemented should be disclosed.

5.Living Document Approach

Regarding the “Living Document” approach, the Draft Guideline states that “drawing on the concept of agile governance, the Guideline is intended to be updated as appropriate, with the involvement of multi-stakeholders.” However, the government should also commit to a concrete review process to ensure the Guideline is not left stagnant once published.

That is, the Draft Guideline acknowledges the rapid pace of developments in the AI field and states that “rather than relying on AI governance based on pre-established rules and procedures, it is important to implement ‘agile governance’ through continuous and rapid cycles of ‘environment/risk analysis,’ ‘goal-setting,’ ‘system design,’ ‘implementation,’ and ‘evaluation’ across various governance systems—such as corporate regulations, legal frameworks, infrastructure, market mechanisms, and social norms—by engaging multi-stakeholders” (p.25). Nonetheless, although the Draft Guideline notes the importance of “assessing the level and likelihood of risk associated with the planned development, provision, and use of AI, and considering the resource constraints of each entity” (p.25), the contents merely reiterate the material in METI’s “Governance Guidelines for Implementation of AI Principles ver.1.1” from the previous year. It fails to lay out a clear path for enabling multi-stakeholder engagement.

In order to realize agile governance, collaboration among multi-stakeholders on goal-setting, system design, and evaluation is essential. What is needed is a mechanism through which stakeholders relevant to both government- and enterprise-led governance can meaningfully participate.

However, the Draft Guideline lacks any concrete proposal for how stakeholder feedback will be gathered or how such feedback will be reflected in future revisions of the Guideline. Although the document mentions that the development of a concrete implementation framework remains a future issue (p.3), the absence of such a mechanism makes it difficult to expect any continuous and rapid updates.

If, as stated in the Draft Guideline (p.2), the government aims to “co-create a framework that promotes both innovation and risk mitigation throughout the AI lifecycle, by encouraging those using AI in various business activities to properly understand AI-related risks—considering international trends and stakeholder concerns—and to voluntarily implement necessary measures across the lifecycle, while working with stakeholders and following a ‘common framework’ and governance principles relevant to each party,” then the government should go a step further and present concrete proposals for stakeholder involvement.

6.Treatment of Foundation Models and Generative AI

(1) Possibility of a Factual Basis for Legislative Regulation

In Japan, there is currently no comprehensive AI regulatory legislation, and the government appears to be taking a cautious approach to legislating AI regulation. Nonetheless, there have already been instances in which the development and use of AI have been regulated by law in specific sectors. For example, in the area of autonomous driving using AI, amendments to the Road Traffic Act in 2019 introduced obligations for drivers using automated driving systems and the installation of data recorders, thereby enabling the safe operation of Level 3 autonomous vehicles on public roads. The same year, the Road Transport Vehicle Act was also amended to include automated driving systems as devices subject to safety regulations. In 2022, the Road Traffic Act was further amended to establish a licensing system for Level 4 autonomous driving operations.

When AI or AI-enabled products fall under the category of medical devices, their safety and effectiveness have been regulated under the Pharmaceuticals and Medical Devices Act. Additionally, anticipating the growth of AI-generated content, the Copyright Act was amended in 2018 to allow the use of copyrighted works without permission from the rights holder, provided such use does not unduly harm their interests and is limited to what is necessary for purposes such as data analysis. While these legislative measures are generally aimed at promoting the use of AI, they also incorporate regulatory mechanisms to mitigate associated risks. Furthermore, even in the absence of AI-specific legislation, existing laws and regulations impose certain requirements on high-risk sectors.

Looking ahead, foundation models and general-purpose AI—such as generative AI—may pose significant risks to individual rights or national security. Should these risks become evident or significantly increase, or should such technologies come to influence the behavior of numerous AI systems and digital services, there may be a factual basis for introducing legal regulations. In such cases, legislating the development and use of specific types of AI to establish a societal foundation may be worth considering.

(2) Comparison with the EU AI Act

Part II, Section C of the Draft Guideline, “Matters to Be Observed in the Development of Advanced AI Systems,” states that developers of advanced AI systems, including foundation models and generative AI systems, should “comply with the Hiroshima Process International Code of Conduct for Organizations Developing Advanced AI Systems.” In other words, beyond compliance with this international code, there are no other specified obligations for advanced AI systems.

Generative AI is recognized as posing risks. For instance, the annex (pp. 95, 130) notes the increasing risk that AI-generated disinformation, misinformation, and biased information—appearing to be truthful or impartial—could destabilize or confuse society, and emphasizes the need for countermeasures. Annex 1, Part I, Section B also mentions concerns such as misuse, data leaks, hallucinations, overreliance on misinformation, copyright implications, certification issues, and the reproduction of bias. While the risks are appropriately acknowledged, the proposed responses remain within the realm of soft law, offering a framework for voluntary initiatives rather than binding legal obligations.

In contrast, the European Union has adopted a hard law approach in its AI Act. For general-purpose AI, providers of such systems must notify the Commission (Article 52b), prepare and update technical documentation (Article 52c(1)(a)), provide information to providers who integrate the foundation model into their AI systems (Article 52c(1)(b)), implement policies respecting copyright law (Article 52c(1)(c)), and publish sufficiently detailed summaries of training data based on templates provided by the AI Office (Article 52c(1)(d)). They must also appoint representatives (Article 52ca) and are subject to supervision (Articles 68f onward).

Regarding generative AI, the preamble to the AI Act explains that generative AI is a representative example of general-purpose AI (Recital 60c), and that it presents both significant innovation opportunities and challenges to creators such as artists and writers (Recital 60i). Article 52(1a) requires that outputs generated or modified by such systems be marked in a machine-readable format as AI-generated and be detectable as such. Article 52(3a), paragraph 1 obligates deployers of deepfake-generating AI systems to disclose that the content was AI-generated or modified. Paragraph 2 requires that deployers of AI systems generating or modifying public communications intended to inform the public on matters of public interest also disclose the AI-generated or modified nature of such content.

Japan should also consider raising certain obligations—such as transparency and responses to fake news—from the soft law level to more binding legal obligations. In doing so, it is important to recognize that transparency requirements are already being addressed in existing regulatory domains when significant use is involved, and that fake news is not unique to AI. Instead, it is a broader issue amplified by the rise of the attention economy. Regulation should not be limited to AI tools capable of generating fake images, but also include platform content moderation and media policy considerations.

In any case, the EU—while sharing similar concerns with Japan—is pursuing a hard law approach. If Japan intends to adopt a different approach based on soft law, it should clearly articulate the reasons for this choice (acknowledging, of course, that there is no need to adopt the EU’s entire approach wholesale).

(February 19, 2024)