Protecto – AI Regulations and Governance Monthly Update – April 2025

Japan Embraces Light-Touch AI Regulation to Foster Innovation

In a bold move to position itself as a global artificial intelligence (AI) leader, Japan has introduced legislation to foster innovation through a flexible regulatory framework. The Bill on the Promotion of Research, Development, and Utilization of Artificial Intelligence-Related Technologies (AI Bill), submitted to Parliament on February 28, 2025, marks Japan’s first comprehensive AI law. Unlike the EU’s prescriptive AI Act, Japan’s approach prioritizes collaboration with the private sector and relaxed data protection rules to accelerate AI development.

Key Provisions of the AI Bill

The AI Bill imposes minimal obligations on businesses, requiring only that private entities “cooperate” with government-led AI initiatives. While “cooperate” remains undefined, analysts speculate this may involve adhering to future guidelines or participating in data-sharing programs. The government, meanwhile, is tasked with drafting international-standard AI guidelines, collecting research, and monitoring risks. Notably, the bill lacks penalties for non-compliance, though egregious violations of individual rights could result in public naming or corrective orders.

The legislation’s geographic scope is ambiguous, but government documents suggest obligations may extend to foreign companies operating in Japan. This aligns with Japan’s broader strategy to attract global tech investment while maintaining oversight.

Relaxing Data Protections for AI Development

Complementing the AI Bill, Japan’s Personal Data Protection Commission (PPC) proposed amendments to the Act on the Protection of Personal Information (APPI) on February 5, 2025. The changes would exempt AI developers from obtaining consent when collecting sensitive data—such as medical histories or criminal records—provided the information is anonymized and used solely for AI model training. The PPC argues that anonymization mitigates privacy risks, though critics warn this could erode public trust in data governance.

Japan’s Regulatory Philosophy: Agile Governance

Japan’s approach contrasts sharply with the EU’s risk-based AI regulations, reflecting a philosophy of “agile governance.” This strategy emphasizes sector-specific laws, voluntary industry standards, and iterative updates to guidelines rather than rigid legislation. For example, existing laws like the Copyright Act and Unfair Competition Prevention Act already address AI-related issues such as data usage and IP rights, reducing the need for new horizontal rules.

The government has also prioritized public-private collaboration, encouraging businesses to adopt voluntary frameworks like the AI Guidelines for Business Ver1.0. These non-binding guidelines outline best practices for developers and users, emphasizing transparency, bias mitigation, and safety checks.

Global Context and Implications

Japan’s light-touch stance emerges amid global regulatory fragmentation. While the EU enforces strict AI classifications and the U.S. grapples with inconsistent state-level laws, Japan aims to balance innovation with ethical considerations. The AI Bill’s focus on government-led research mirrors initiatives like the EU’s AI Office but avoids prescriptive mandates.

Analysts note that Japan’s strategy could attract AI investment, particularly from startups deterred by compliance costs in stricter jurisdictions. However, concerns persist about accountability gaps, especially for advanced AI systems like generative models.

Looking Ahead

The AI Bill is expected to pass Parliament by late 2025, solidifying Japan’s commitment to becoming an “AI-ready society.” Legal experts advise businesses to monitor guideline developments and prepare for potential expansions of the “cooperate” obligation. Meanwhile, the proposed APPI amendments face scrutiny from privacy advocates, who argue that anonymization alone cannot fully safeguard sensitive data.

As the global AI race intensifies, Japan’s experiment with agile governance will test whether innovation can thrive under minimal regulation—or if the lack of enforceable safeguards risks unintended consequences.

EU Releases Third Draft of General-Purpose AI Code of Practice, Prioritizing Ethical Development

The European Union has unveiled the third draft of its General-Purpose AI Code of Practice, a landmark voluntary framework designed to steer developers toward ethical and accountable artificial intelligence (AI) systems. Published on July 10, 2024, by an independent expert group convened under the EU’s Digital Strategy, the code aims to bridge gaps in the bloc’s upcoming AI Act by addressing risks posed by advanced AI models like chatbots and generative tools. The draft emphasizes transparency, accountability, and human oversight, reflecting the EU’s commitment to balancing innovation with fundamental rights.

Key Requirements for AI Developers

The code outlines seven core principles for developers of general-purpose AI (GPAI) systems:

1. Risk Mitigation: Proactive identification of systemic risks, including bias, misinformation, and cybersecurity vulnerabilities.
2. Transparency: Public documentation of model capabilities, training data sources, and limitations.
3. Human Oversight: Safeguards to ensure human control over high-stakes decisions, such as employment or healthcare recommendations.
4. Data Governance: Audits of training datasets to remove illegal or discriminatory content.
5. Monitoring: Post-deployment tracking of societal impacts, including environmental costs and labor disruptions.
6. Stakeholder Engagement: Collaboration with civil society, academia, and affected communities.
7. Accountability: Implementation of redress mechanisms for individuals harmed by AI outputs.

Notably, the code urges developers to avoid using copyrighted material without explicit permission—a direct response to ongoing legal battles over generative AI tools trained on protected content.

Governance and Compliance Mechanisms

Unlike binding regulations, the code operates as a voluntary “soft law” instrument. However, its principles align with the EU AI Act’s mandatory requirements for high-risk systems, set to take effect in 2026. Developers adhering to the code may receive regulatory “bonuses,” such as reduced liability under the AI Act.

Independent audits are central to the framework, with developers encouraged to submit systems for third-party evaluations. The draft also proposes a public registry for compliant organizations, though participation remains optional. Critics argue that the lack of enforcement mechanisms undermines accountability, while industry groups praise the flexibility for startups and smaller firms.

Addressing Global and Sector-Specific Challenges

The code acknowledges the cross-border nature of AI risks, urging developers to respect international human rights standards even outside the EU. It also includes sector-specific annexes for industries like healthcare and education, recommending tailored safeguards such as clinical validation for diagnostic tools and age-appropriate content filters for educational AI.

Environmental sustainability features prominently, with guidelines to optimize energy consumption during model training—a nod to growing concerns over AI’s carbon footprint.

Mixed Reactions from Stakeholders

Civil society organizations, including the European Digital Rights Network, have criticized the draft for relying too heavily on corporate self-assessment. “Voluntary codes let companies mark their own homework,” said one representative, calling for mandatory audits and fines for non-compliance.

Conversely, tech industry leaders like the European Tech Alliance applaud the code’s “pragmatic” approach. A spokesperson noted, “This draft recognizes the need for adaptable rules in a fast-moving field,” though concerns linger about potential overlaps with stricter AI Act requirements.

Academics highlight the code’s focus on systemic risks as a step forward but warn that vague terms like “human oversight” require clearer definitions to prevent loopholes.

Next Steps and Global Implications

After a public consultation period, the expert group will finalize the code by late 2024. While voluntary, its principles are expected to shape global norms, similar to the EU’s influence on data privacy via GDPR.

The draft arrives as global regulators grapple with AI governance. Unlike Japan’s innovation-first approach or the U.S.’s sectoral policies, the EU positions itself as a middle ground, promoting ethical standards without stifling growth. However, questions remain about how the code will interact with non-EU regulations, particularly for multinational firms.

Trump Administration Unveils Sweeping AI Policies to Reshape Federal Governance

The Trump administration has released two pivotal memos, M-25-21 and M-25-22, overhauling federal guidelines for artificial intelligence (AI) adoption and procurement. Effective April 3, 2025, these policies replace Biden-era directives and aim to accelerate AI integration across government operations while balancing innovation with safeguards for privacy and civil liberties.

M-25-21: Accelerating Federal AI Adoption

The first memo, Accelerating Federal Use of AI through Innovation, Governance, and Public Trust, mandates a rapid shift toward “government by AI,” prioritizing efficiency, deregulation, and national competitiveness. Key provisions include:

1. AI Leadership: Agencies must appoint Chief AI Officers (CAIOs) within 60 days and establish AI Governance Boards to oversee deployment.
2. Risk Management: “High-impact” AI systems—those affecting civil rights, healthcare, or critical infrastructure—require pre-deployment testing, impact assessments, and ongoing monitoring. However, agencies can waive requirements via CAIO approval, raising concerns about accountability.
3. Workforce Development: Agencies must train staff in AI tools and prioritize hiring technical talent to build an “AI-ready” workforce.
4. Transparency: Public AI use case inventories will track high-impact applications, though critics warn the waiver system could undermine transparency.

M-25-22: Overhauling AI Procurement

The companion memo, Driving Efficient Acquisition of Artificial Intelligence in Government, targets procurement reforms to foster competition and reduce vendor dependence:

1. Market Competition: Agencies must prioritize interoperability, data portability, and modular AI systems to avoid vendor lock-in. Contracts should favor U.S.-developed AI, aligning with “America First” priorities.
2. Data Rights: Strict terms govern government data usage in AI training, requiring explicit consent for reuse and clear ownership delineation. Contractors must isolate federal data from commercial datasets.
3. Post-Award Oversight: Agencies must monitor AI performance post-deployment, with cross-functional teams assessing risks like bias and cybersecurity. The General Services Administration (GSA) will create a public repository of procurement tools by late 2025.

Broader Implications

These policies signal a strategic pivot toward embedding AI in governance, with Lynne Parker of the White House OSTP framing them as critical to U.S. global leadership. However, the balance between innovation and accountability remains precarious. Public trust hinges on transparent risk management—only 17% of Americans currently view AI’s impact positively.

As agencies race to meet deadlines, the memos’ success will depend on rigorous enforcement of safeguards and equitable access to AI’s benefits. For now, they mark a defining step in the federal government’s AI transformation.