Status of the AI Regulations

As noted above, at this time, there are no laws or regulations in Japan specifically enacted to govern the development, use, or provision of AI. Note, however, the Proposed AI Bill (see the section titled "Laws/Regulations directly regulating AI" above) may result in a "basic law" directed to AI-based systems and applications.

Other laws affecting AI

There are various laws that, though not adopted specifically to regulate AI, are likely to affect the development or use of AI in Japan. A non-exhaustive list of key examples includes:

• The Digital Platform Transparency Act, which imposes requirements on large online malls, app stores, and digital advertising businesses to ensure transparency and fairness in transactions with business users
• The Financial Instruments and Exchange Act, which requires businesses engaging in algorithmic high-speed trading to register with the government, establish a risk management system, and maintain transaction records
• The Civil Code, which allows tort claims to be brought against a person who has given instructions to AI to produce defamatory content about another person and published such content
• The Copyright Act and the Act on the Protection of Personal Information, which can be applied to inappropriate uses of AI

In relation to the online spread of fake or wrong content, there has been efforts to legislate the takedown and prevention of such content. On May 9, 2024, the Information Distribution Providers Act (which is the amendment of the existing Providers' Liability Limitation Act) was passed by the Diet (the national legislature of Japan) aiming to expedite content takedown requests. Even though it is, in fact, not an AI-specific law and does not address AI-generated content, the Draft Discussion Points refer to it as a means for addressing risks from AI.

In addition, various acts involving AI may already be caught by the Criminal Code: using AI to defame another could fall under the ambit of defamation; using AI-generated fake content to interfere with someone's business could be punishable as an obstruction of business; and giving unauthorized commands to another person's computer can also be punishable under the criminal code.

Definition of “AI”

There is no legally recognized definition of "AI" in Japan. The Guidelines note that there is currently no established definition for AI and that it is difficult to strictly define its scope. However, for the purpose of the Guidelines, AI is an abstract concept that includes AI systems themselves as well as machine-learning software and programs.³

Territorial scope

As noted above, at this time, there are no laws or regulations in Japan specifically enacted to regulate AI. The Guidelines do not refer to a territorial scope or contemplate extra-territorial jurisdiction, nor do they distinguish between on-shore and off-shore entities or actions. However, the Proposed AI Bill may set out the appropriate territorial scope for a regulatory system.

Sectoral scope

As noted above, at this time, there are no specific laws or regulations in Japan that directly regulate AI. Accordingly, there is no specific sectoral scope at this stage.

The Guidelines are broadly applicable to AI developers, AI providers, and business users (each an "AI business actor").⁴

Compliance roles

As noted above, at this time, there are no specific laws or regulations in Japan that directly regulate AI; however, AI business actors are expected to determine how to give effect to the principles set forth in the Guidelines.

Core issues that the AI Regulations seek to address

As noted above, at this time, there are no specific laws or regulations in Japan that directly regulate AI. Nevertheless, the Hiroshima Principles identify several significant risks, including disinformation, copyright, cybersecurity, risks to health and safety, and societal risks such as the ways in which advanced AI systems can give rise to harmful bias and discrimination. The Draft Discussion Points identify the following risks as ones that Japan should prioritize: safety, privacy and fairness, national security and crime, property protection, and intellectual property.

Further, regarding copyright, in-depth discussions are being held in Japan about how existing laws (i.e., the Copyright Act of Japan) should address issues concerning rights and harms that may arise from generative AI. Also, the Council of the Agency for Cultural Affairs is expected to announce its position regarding copyright where AI is trained on the works of humans and AI-generated content.

Risk categorization

As noted above, at this time, there are no specific laws or regulations in Japan that directly regulate AI. In addition, AI or AI systems are not generally classified according to risk in the relevant guidelines and principles announced in Japan. However, it has been reported that some government officials believe that a risk-based approach is necessary.⁵ The Draft Discussion Points suggest that there may be hard law regulations for high-risk AI, while continuing to use soft law where relevant. The Draft Discussion Points present the approach that classifies: (i) AI developers; and (ii) AI providers and AI users into "large impact and high risk" group and "little impact and low risk" group.

Key compliance requirements

The Guidelines provide certain general principles which AI business actors are expected to incorporate into the training and deployment of their products and services; however, it is up to each business actor, taking into consideration the likely risks, to determine how to give effect to the principles. The principles⁶ are:

• Human-centric – The utilization of AI must not infringe upon the fundamental human rights guaranteed by the constitution and international standards
• Safety – Each AI business actor should avoid damage to the lives, bodies, minds, and properties of stakeholders
• Fairness – Elimination of unfair and harmful bias and discrimination
• Privacy protection – Each AI business actor respects and protects privacy
• Ensuring security – Each AI business actor ensures security to prevent the behaviors of AI from being unintentionally altered or stopped by unauthorized manipulations
• Transparency – Each AI business actor provides stakeholders with information to the reasonable extent necessary and technically possible while ensuring the verifiability of the AI system or service
• Accountability – Each AI business actor is accountable to stakeholders to ensure traceability, conforming to common guiding principles, based on each AI business actor's role and degree of risk posed by the AI system or service
• Education/literacy – Each AI business actor is expected to provide persons engaged in its business with education regarding knowledge, literacy and ethics concerning the use of AI in a socially correct manner, and provide stakeholders with education about complexity, misinformation, and possibilities of intentional misuse
• Ensuring fair competition – Each AI business actor is expected to maintain a fair competitive environment so that new businesses and services using AI are created
• Innovation – Each AI business actor is expected to promote innovation and consider interconnectivity and interoperability

Regulators

As noted above, at this time, there are no specific laws or regulations in Japan that directly regulate AI, and so there is no specific AI regulator. Nevertheless, the following ministries and agencies are substantively engaged in establishing and promoting guidelines regarding AI:

• The Ministry of Economy, Trade, and Industry
• The Ministry of Internal Affairs and Communications
• The Agency for Cultural Affairs (particularly for copyright issues)
• The Personal Information Commission

Guidelines promulgated by ministries in Japan are often followed closely by companies and the public, even though they are not binding law.

Enforcement powers and penalties

As noted above, at this time, there are no specific laws or regulations in Japan that directly regulate AI. As such, enforcement and penalties relating to the creation, dissemination and/or use of AI are governed by related violations in non-AI legislation (such as those set out in the section titled "Other laws affecting AI" above).⁷ However, the Proposed AI Bill contemplates implementing a regulatory system that would include fines and penalties for certain violations.

1 See the AI Guidelines for Business Version 1.0 here
2 See the Hiroshima Process International Code of Conduct for Organizations Developing Advancing AI Systems here
3 See the AI Guidelines for Business Version 1.0 (here), page 9
4 See the AI Guidelines for Business Version 1.0” (here), page 4 and the Appendices here
5 See here
6 See the AI Guidelines for Business Version 1.0 (here), Part 2C
[1] In addition to enforcement set out in item 3: METI is authorized to issue a recommendation or an order to a large digital platform provider if they do not disclose certain factors used to determine search rankings; the Personal Information Commission (PIC) is authorized to supervise and monitor businesses handling personal or other related information, and it may issue a recommendation or an order; the PIC may publish the name of businesses that failed to comply with its order; and, while the Criminal Code does not specifically focus on AI, as discussed above, activity using AI may constitute a crime and be punished

_{White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.}

_{This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.}

_{© 2024 White & Case LLP}

Maoko Kamiya (Associate, White & Case, Tokyo) and James Keate (Associate, White & Case, Tokyo) contributed to this publication.