Our thinking

AI Watch: Global regulatory tracker

What's inside

Keeping track of AI regulatory developments around the world.

The global dash to regulate AI

Artificial intelligence (AI) has made enormous strides in recent years and has increasingly moved into the public consciousness.

Subscribe

We encourage you to subscribe to receive AI-related updates.

Subscribe here

Explore Trendscape

Our take on the interconnected global trends that are shaping the business climate for our clients.

Read more

Increases in computational power, coupled with advances in machine learning, have fueled the rapid rise of AI. This has brought enormous opportunities, as new AI applications have given rise to new ways of doing business. It has also brought potential risks, from unintended impacts on individuals (e.g., AI errors harming an individual's credit score or public reputation) to the risk of misuse of AI by malicious third parties (e.g., by manipulating AI systems to produce inaccurate or misleading output, or by using AI to create deepfakes).

Governments and regulatory bodies around the world have had to act quickly to try to ensure that their regulatory frameworks do not become obsolete. In addition, international organizations such as the G7, the UN, the Council of Europe and the OECD have responded to this technological shift by issuing their own AI frameworks. But they are all scrambling to stay abreast of technological developments, and already there are signs that emerging efforts to regulate AI will struggle to keep pace. In an effort to introduce some degree of international consensus, the UK government organized the first global AI Safety Summit in November 2023, with the aim of encouraging the safe and responsible development of AI around the world. The EU is also implementing the first comprehensive horizontal legal framework for the regulation of AI systems across EU Member States (the EU AI Act is addressed in more detail here: AI watch: Global regulatory tracker - European Union, and you can read our EU AI Act Handbook here).

Most jurisdictions have sought to strike a balance between encouraging AI innovation and investment, while at the same time attempting to create rules to protect against possible harms. However, jurisdictions around the world have taken substantially different approaches to achieving these goals, which has in turn increased the risk that businesses face from a fragmented and inconsistent AI regulatory environment. Nevertheless, certain trends are becoming clearer at this stage:

  1. "AI" means different things in different jurisdictions: One of the foundational challenges that any international business faces when designing an AI regulatory compliance strategy is figuring out what constitutes "AI." Unfortunately, the definition of AI varies from one jurisdiction to the next. For example, the EU AI Act adopts a definition of "AI systems" that is based on (but is not identical to) the OECD's definition, and which leaves room for substantial doubt due to its uncertain wording. Canada has proposed a similar, though more concise, definition. Various US states have proposed their own definitions, which differ from one another. And many jurisdictions (e.g., the UK, Israel, China, and Japan) do not currently provide a comprehensive definition of AI. Because several of the proposed AI regulations have extraterritorial effect (meaning more than one AI regulation may apply simultaneously), international businesses may be forced to adopt a "highest common denominator" approach to identifying AI based on the strictest applicable standard.
  2. Emerging AI regulations come in different forms: The various emerging AI regulations have no consistent legal form – some are statutes, some are executive orders, some are expansions of existing regulatory frameworks, and so on. The EU AI Act is a "Regulation" (which means that most of it will apply directly in all EU Member States, without the need for national implementation in most cases). The UK has taken a different approach, declining to legislate at this early stage in the development of AI, and instead choosing to task existing UK regulators with the responsibility of interpreting and applying five AI principles in their respective spheres. In the US, there is a mix of White House Executive Orders, federal and state initiatives, and actions by existing regulatory agencies, such as the Federal Trade Commission. As a result, the types of compliance obligations that international businesses face are likely to be materially different from one jurisdiction to the next. Many other jurisdictions have yet to decide whether they will issue sector-specific or generally applicable rules and have yet to decide between creating new regulators or expanding the roles of existing regulators, making it challenging for businesses to anticipate what form their AI regulatory relationships will take in the long term.
  3. Emerging AI regulations have different conceptual approaches: The next difficulty is the lack of a consistent conceptual approach among emerging AI regulations around the world – some are legally binding while others are not, some are sector-specific while others apply across all sectors, some will be enforced by regulators while others are merely guidelines or recommendations, and so on. As noted above, the UK approach is to use existing regulators to implement five AI principles, but with no new explicit legal obligations. This has the advantage of meaning that businesses will deal with AI regulators with whom they are already familiar but has the disadvantage that different UK regulators may interpret these principles differently in their respective spheres. The EU AI Act is cross-sectoral and creates new regulatory and enforcement powers for existing bodies, including the European Commission, and also creates entirely new bodies such as the AI Board and the AI Office, while leaving EU Member States to appoint their own AI regulators tasked with enforcing the EU AI Act. In the US, the Federal Trade Commission, Equal Employment Opportunity Commission, Consumer Financial Protection Bureau, and Department of Justice issued a joint statement clarifying that their existing authority covers AI, while various state regulators are also likely to have competence to regulate AI. International organizations including the OECD, the UN, and the G7 have issued AI principles, but these impose no legal obligations on businesses. In principle, these initiatives encourage consistency across members of each organization, but in practice this does not seem to have worked.
  4. Flexibility is a double-edged sword: In an effort to create AI regulations that can adapt to technological advances that have not yet been anticipated, many jurisdictions have sought to include substantial flexibility in those regulations, either by using deliberately high-level wording and policies, or by allowing for future interpretation and application by courts and regulators. This has the obvious advantage of prolonging the lifespan of such regulations by allowing them to be adapted to future technologies. However, it also creates the disadvantage of uncertainty because it leaves businesses uncertain of how their compliance obligations will be interpreted in the future. This is likely to mean that it is harder for businesses to know whether their planned implementations of AI will be lawful in the medium-to-long term and may make it harder to attract long-term AI investment in those jurisdictions.
  5. The overlap between AI regulation and other areas of law is complex: A substantial number of laws that are not directly focused on AI nevertheless apply to AI by association within their respective spheres, meaning that any use of AI will often trigger compliance issues and legal challenges even where there is not (yet) any enforceable AI-specific law. These areas of overlap include: IP (e.g., IP infringement issues with respect to AI model training data, and questions about copyright and patentability of AI-assisted inventions); antitrust; data protection (which adds restrictions to processing of personal data, and in some cases imposes special compliance obligations for processing carried out by automated means, including by AI); M&A (where AI innovation is driving dealmaking in many markets); financial regulation (where financial regulatory requirements may limit the ways in which AI can lawfully be deployed); litigation; digital infrastructure; securities; global trade; foreign direct investment; mining & metals; and so on. This overlap will mean that many businesses need to understand not just AI regulations in general, but also any rules that affect the use of AI in the context of the relevant sector or business activity.

Businesses in almost all sectors need to keep a close eye on these developments to ensure that they are aware of the AI regulations and forthcoming trends, in order to identify new opportunities and new potential business risks. But even at this early stage, the inconsistent approaches each jurisdiction has taken to the core questions of how to regulate AI is clear. As a result, it appears that international businesses may face substantially different AI regulatory compliance challenges in different parts of the world. To that end, this AI Tracker is designed to provide businesses with an understanding of the state of play of AI regulations in the core markets in which they operate. It provides analysis of the approach that each jurisdiction has taken to AI regulation and provides helpful commentary on the likely direction of travel.

Because global AI regulations remain in a constant state of flux, this AI Tracker will develop over time, adding updates and new jurisdictions when appropriate. Stay tuned, as we continue to provide insights to help businesses navigate these ever-evolving issues.

Articles

African Union

The African Union's Continental AI Strategy sets the stage for a unified approach to AI governance across the continent.

Read 10 min. article
Africa Union

Australia

Voluntary AI Ethics Principles guide responsible AI development in Australia, with potential reforms under consideration.

Read 11 min. article
Australia

Brazil

The enactment of Brazil's proposed AI Regulation remains uncertain with compliance requirements pending review.

Read 8 min. article
Sao Paulo

Canada

AIDA expected to regulate AI at the federal level in Canada but provincial legislatures have yet to be introduced.

Read 15 min. article
Canada

China

The Interim AI Measures is China's first specific, administrative regulation on the management of generative AI services.

Read 9 min. article
China

Colombia

Despite congressional activity on AI in Colombia, regulation remains unclear and uncertain.

Read 10 min. article
Colombia

Council of Europe

The Council of Europe is developing a new Convention on AI to safeguard human rights, democracy, and the rule of law in the digital space covering governance, accountability and risk assessment.

Read 7 min. article
European Union

Czech Republic

The successful implementation of the EU AI Act into national law is the primary focus for the Czech Republic, with its National AI Strategy being the main policy document.

Read 7 min. article
Czech Republic

European Union

The EU introduces the pioneering EU AI Act, aiming to become a global hub for human-centric, trustworthy AI.

 

Read 16 min. article
European Union

France

France actively participates in international efforts and proposes sector-specific laws.

Read 10 min. article
Paris

G7

The G7's AI regulations mandate Member States' compliance with international human rights law and relevant international frameworks.

Read 11 min. article
G7 flags

Germany

Germany evaluates AI-specific legislation needs and actively engages in international initiatives.

Read 9 min. article
Germany

Hong Kong

Hong Kong lacks comprehensive AI legislative framework but is developing sector-specific guidelines and regulations, and investing in AI.

Read 8 min. article
Photo of Hong Kong

India

National frameworks inform India’s approach to AI regulation, with sector-specific initiatives in finance and health sectors.

Read 5 min. article
India

Israel

Israel promotes responsible AI innovation through policy and sector-specific guidelines to address core issues and ethical principles.

Read 10 min. article
Israel

Italy

Italy engages in political discussions for future laws.

Read 9 min. article
Milan

Japan

Japan adopts a soft law approach to AI governance but lawmakers advance proposal for a hard law approach for certain harms.

Read 11 min. article
Tokyo

Kenya

Kenya's National AI Strategy and Code of Practice expected to set foundation of AI regulation once finalized.

Read 8 min. article
Kenya
Kenya

Nigeria

Nigeria's draft National AI Policy underway and will pave the way for a comprehensive national AI strategy.

Read 7 min. article
Nigeria
Nigeria

Norway

Position paper informs Norwegian approach to AI, with sector-specific legislative amendments to regulate developments in AI.

Read 9 min. article
Norway

OECD

The OECD's AI recommendations encourage Member States to uphold principles of trustworthy AI.

Read 10 min. article
country flags

Saudi Arabia

Saudi Arabia is yet to enact AI Regulations, relying on guidelines to establish practice standards and general principles.

Read 6 min. article
Riyadh_Hero_1600x600 Saudi Arabia

Singapore

Singapore's AI frameworks guide AI ethical and governance principles, with existing sector-specific regulations addressing AI risks.

Read 11 min. article
Singapore

South Africa

South Africa is yet to announce any AI regulation proposals but is in the process of obtaining inputs for a draft National AI plan.

Read 6 min. article
Johannesburg

South Korea

South Korea's AI Act has been promulgated as the fundamental body of law governing AI.

Read 9 min. article
Korea

Spain

Spain creates Europe's first AI supervisory agency and actively participates in EU AI Act negotiations.

Read 12 min. article
Madrid

Switzerland

Switzerland's National AI Strategy sets out guidelines for the use of AI, and aims to finalize an AI regulatory proposal in 2025.

Read 11 min. article
Switzerland

Taiwan

Draft laws and guidelines are under consideration in Taiwan, with sector-specific initiatives already in place.

Read 6 min. article
Taiwan city

Turkey

Turkey has published multiple guidelines on the use of AI in various sectors, with a bill for AI regulation now in the legislative process.

Read 11 min. article
Türkiye

United Arab Emirates

Mainland UAE has published an array of decrees and guidelines regarding regulation of AI, while the ADGM and DIFC free zones each rely on amendments to existing data protection laws to regulate AI.

Read 14 min. article
UAE

United Kingdom

The UK prioritizes a flexible framework over comprehensive regulation and emphasizes sector-specific laws.

Read 17 min. article
London hero image

United Nations

The UN's AI resolutions encourage Member States to adopt national rules to establish safe, secure and trustworthy AI systems and create forums to advance global cooperation, scientific understanding, and share best practices.

Read 11 min. article
United Nations

United States

The US relies on existing federal laws and guidelines to regulate AI but aims to introduce AI legislation and a federal regulation authority.

Read 27 min. article
New York city photo

Contacts

Tim Hickman
Tim Hickman
Partner
| London
Erin Hanson
Erin Hanson
Partner
| New York
Dr. Sylvia Lorenz
Dr. Sylvia Lorenz
Partner
| Berlin

Service areas

Tokyo

AI Watch: Global regulatory tracker - Japan

Japan's first AI legislation becomes law – Focus is on promoting research and development; no monetary penalties.

Insight
|
11 min read

Laws/Regulations directly regulating AI (AI Regulations)

On May 28, 2025, Japan's Parliament enacted an Act to establish a national law to promote, and lightly regulate, AI, titled the "Act on Promotion of Research and Development and Utilization of Artificial Intelligence-Related Technologies" (the "AI Act").1 The AI Act is Japan's first law expressly directed at AI technology; however, its focus is on establishing basic policies and principles rather than creating detailed prescriptions and prohibitions like those, for example, in the EU AI Act.

The AI Act was enacted to promote innovation while establishing the framework to respond to risks associated with AI. Japan has to date taken a soft law approach as evidenced by the government's AI Guidelines for Business (last updated March 2025)2 and its role in helping to establish international guidelines, such as the Hiroshima AI Process International Guiding Principles.3 The provisions of the AI Act are thus not a major shift from its previous stance. Japan has stated that it is aiming to "establish a legal system [for AI] that serves as a global model" and that it is aiming to become "the world's most friendly country for developing and utilizing AI."4 The AI Act acts as a "fundamental law," which in the Japanese context means legislation that forms basic policies and creates broad rules for governing the subject matter. The AI Act also impels the government to take legislative and financial actions concerning AI (see Article 10), which will enable the government to enact more specific laws regulating AI should it become desirable.

The AI Act primarily focuses on establishing core principles for the research, development and use of AI, formulating a basic policy framework ("Basic AI Plan"), and establishing the AI Strategic Headquarters ("Headquarters"), the government's central body for AI policy.

While the majority of the provisions set forth a framework for future laws and policies relating to AI, there are several that impose duties on private business, but with no described penalty. For example, provisions in Article 7 outline the responsibilities of AI developers, AI providers and business users (each an "AI business actor").

Article 7 – describes the duty of AI business actors to make reasonable efforts in utilizing AI to improve the efficiency and overall level of their business in line with the core principles of the Act.

Articles 4 and 5 – set forth that AI business actors must also comply with any policies that may be created by the national or local government bodies through the authority granted to them.

Article 25(2) – gives the Headquarters the general ability to request cooperation from any entity when deemed especially necessary in performing its duties.

While the AI Act itself does not provide detailed guidance for AI business actors, the Headquarters published the Guidelines for Ensuring the Appropriateness of Research & Development and Utilization of AI-Related Technology ("AI Utilization Guidelines") on December 19, 2025, pursuant to Article 13 of the Act.5

Separately, Japan has published the Hiroshima International Guiding Principles for Organizations Developing Advanced AI Systems (the Hiroshima Principles), which aim to establish and promote guidelines worldwide for safe, secure, and trustworthy AI.

Status of the AI Regulations

As stated above, the AI Act was approved by the Cabinet Office on February 28, 2025, and approved by Parliament on May 28, 2025. The General Assembly of the Headquarters held its first meeting on September 12, 2025, and the Basic AI Plan was approved by the Cabinet Office on December 23, 2025.

Other laws affecting AI

Various laws, though not adopted specifically to regulate AI, are likely to affect the development or use of AI in Japan. A non-exhaustive list of key examples includes:

  • The Digital Platform Transparency Act, which imposes requirements on large online malls, app stores, and digital advertising businesses to ensure transparency and fairness in transactions with business users
  • The Financial Instruments and Exchange Act, which requires businesses engaging in algorithmic high-speed trading to register with the government, establish a risk management system, and maintain transaction records
  • The Civil Code, which allows tort claims to be brought against a person who has given instructions to AI to produce defamatory content about another person and published such content
  • The Copyright Act and the Act on the Protection of Personal Information, which can be applied to inappropriate uses of AI

There have also been efforts to legislate the takedown and prevention of fake or wrong content. On May 9, 2024, the Information Distribution Providers Act (which is the amendment of the existing Providers' Liability Limitation Act) was passed by the Diet (the national legislature of Japan) with an aim to expedite content takedown requests. Even though it is not an AI-specific law and does not address AI-generated content, the draft discussion points of the Information Distribution Providers Act refer to it as a means for addressing risks arising from AI.

In addition, various acts involving AI may already be caught by the Criminal Code: using AI to defame another could fall under the ambit of defamation; using AI-generated fake content to interfere with someone's business could be punishable as an obstruction of business; and giving unauthorized commands to another person's computer can also be punishable under the criminal code.

The Intellectual Property Strategic Headquarters of the Cabinet Office also released a draft principle code relating to intellectual property and AI ("Principle Code").6 While there is no connection of the Principle Code to a specific Article in the AI Act, the draft does state that it is based on the intent of the AI Act. According to the draft, the Principle Code would apply to "Generative AI Businesses" (as defined in the Principle Code) and the government will expect such businesses to publish an acceptance statement on their website and describe how the company has implemented the three principles defined in the Principle Code or provide an explanation of why they have not implemented them, as applicable. Each principle contains detailed requirements, but includes, among other things, (i) that the company would disclose an overview of the type of data used to train AI models, (ii) that the company will create internal controls for protecting IP rights and post a summary of its policy, and (iii) that if requested by a third party that believes it may have a legal claim against the company regarding such person's rights or other legally protected interests, the company will confirm whether certain webpages were used in the AI model. Similar to the AI Act, the draft Principle Code, as released on December 26, 2025, does not provide for monetary penalties for noncompliance.ction of business; and giving unauthorized commands to another person's computer can also be punishable under the criminal code.

Definition of AI

"Artificial Intelligence-related technologies" is defined under Article 2 of the AI Act to mean: the technology necessary to realize functions that substitute human cognitive, reasoning, and judgment abilities through artificial means. It also includes technology related to information processing systems that process information using such technology and outputs results.

Territorial scope

The AI Act does not clearly set out a territorial scope; however, Article 16 states that the government will be analyzing information regarding the development and use of AI domestically and abroad. Furthermore, neither the AI Act nor the Basic AI Plan distinguishes between on-shore and off-shore entities in its definition of research institutions or AI business actors, and the AI Utilization Guidelines state that overseas businesses are included among the "AI utilizing businesses" described within. It also appears that the Principle Code is intended to have extraterritorial effect.

Sectoral scope

There is no clearly defined sectoral scope, which is not surprising given the fundamental law role of the Act. Rather, the law applies generally to developers, providers and business users of AI.

Compliance roles

As noted above, private businesses are under a duty to make reasonable efforts to use AI in accordance with the Act's core principles. They also must comply with any policies that may be created by the national or local government bodies through the authority granted to them.

Core issues that the AI Regulations seek to address

The AI Act states that its core principles are to promote competitiveness, ensure transparency, and to foster productivity through advancing fundamental AI research and personnel development. While advancing these goals, the government aims to investigate and guide organizations away from the improper use of AI, which are uses that may lead to the violation of rights or harm prosperity.

Additionally, the Hiroshima Principles identify several significant risks, including: disinformation, copyright, cybersecurity, risks to health and safety, and societal risks (e.g., the ways in which advanced AI systems can give rise to harmful bias and discrimination).

The government has noted the following risks as ones that Japan should prioritize: safety, privacy and fairness, national security and crime, property protection, and intellectual property.

Further, regarding copyright, in-depth discussions are being held in Japan about how existing laws (i.e., the Copyright Act of Japan) should address issues concerning rights and harms that may arise from generative AI.

Risk categorization

There are no specific risk categories defined in the AI Act. The investigation right granted to the government is aimed at the research, development or use of AI for improper purposes. Improper purposes are described broadly as potentially leading to the violation of rights or harming prosperity.

Key compliance requirements

As noted above, the AI Act does not provide for detailed compliance obligations, but the AI Strategic Headquarters has published the AI Utilization Guidelines. The AI Utilization Guidelines recommend a general policy to ensure the appropriate use of AI for all subjects of the AI Act, which is comprised of (i) taking a risk-based approach, (ii) actively involving stakeholders in AI governance, (iii) establishing a holistic AI life-cycle governance framework to address risks present in the development and use of AI, and (iv) having an agile response to the risks related to AI.

The Guidelines for Business also provide certain general principles which AI business actors are expected to incorporate into the training and deployment of their products and services. However, it is up to each AI business actor to determine how to give effect to the principles. The principles are:

  • Human-centric – The use of AI must not infringe upon the fundamental human rights guaranteed by the constitution and international standards
  • Safety – Each AI business actor avoids damage to the lives, bodies, minds, and properties of stakeholders
  • Fairness – Elimination of unfair and harmful bias and discrimination
  • Privacy protection – Each AI business actor respects and protects privacy
  • Ensuring security – Each AI business actor ensures security to prevent the behaviors of AI from being unintentionally altered or stopped by unauthorized manipulations
  • Transparency – Each AI business actor provides stakeholders with information to the reasonable extent necessary and technically possible while ensuring the verifiability of the AI system or service
  • Accountability – Each AI business actor is accountable to stakeholders to ensure traceability, conforming to common guiding principles, based on each AI business actor's role and degree of risk posed by the AI system or service
  • Education/literacy – Each AI business actor is expected to provide persons engaged in its business with education regarding knowledge, literacy and ethics concerning the use of AI in a socially correct manner, and provide stakeholders with education about complexity, misinformation, and possibilities of intentional misuse
  • Ensuring fair competition – Each AI business actor is expected to maintain a fair competitive environment so that new businesses and services using AI are created
  • Innovation – Each AI business actor is expected to promote innovation and consider interconnectivity and interoperability

Regulators

The Headquarters, as headed by the Prime Minister and comprised of all Cabinet members, is the leading government body for AI. The Headquarters has also established its Expert Investigation Team to conduct the investigations described in the Act. Additionally, the following ministries and agencies have been substantively engaged in establishing and promoting guidelines regarding AI:

  • The Ministry of Economy, Trade, and Industry
  • The Ministry of Internal Affairs and Communications
  • The Agency for Cultural Affairs (particularly for copyright issues)
  • The Personal Information Commission
  • Digital Agency

Guidelines promulgated by ministries in Japan are often followed closely by companies and the public, even though they are not binding law.

Enforcement powers and penalties

As noted above, the AI Act imposes the duty to make reasonable efforts to: (i) use AI in accordance with the Act's core guiding principles; (ii) cooperate with investigations; and (iii) follow guidance issued as a result. There are no specific penalties or fines associated with refusing to cooperate, but the AI Act gives the government broad authority to take actions it believes are necessary based on its investigations and to fulfill its duties.

Further insights from White & Case:

1 See the AI Act language here (only available in Japanese).
2 See the AI Guidelines for Business Version 1.1 here, issued by the Ministry of Internal Affairs and Communications and the Ministry of Economy, Trade and Industry.
3 See the Hiroshima Guiding Principles here.
4 From the overview of the AI Act published here.
5 See the AI Utilization Guidelines here.
6 See the draft Principle Code here.

White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.

This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.

© 2026 White & Case LLP

Contacts

David Albagli
David Albagli
Local Partner|Tokyo
Services
Intellectual Property, Technology Transactions, Life Sciences and Healthcare, Technology, Japan, United States
Toshio Dokei
Toshio Dokei
Partner Of Counsel|Tokyo
Services
Antitrust/Competition, Debt Finance, Environment & Climate Change, Mergers & Acquisitions, Project Development and Finance, Economic Sanctions & Export Controls
Arthur M. Mitchell
Arthur M. Mitchell
Senior Advisor|Tokyo
Services
Antitrust/Competition, Project Development and Finance, Environment & Climate Change, Data, Privacy & Cybersecurity, Power, Economic Sanctions & Export Controls
Shinsuke Yakura
Shinsuke Yakura
Partner|Tokyo
Services
International Arbitration, Intellectual Property, White Collar/Investigations, Data, Privacy & Cybersecurity, Technology, Artificial Intelligence (AI)
Jonathon Jackson
Jonathon Jackson
Associate|Tokyo
Services
Mergers & Acquisitions

Service areas

Top