AI Guidelines for Business Ver 1.0 (Provisional Translation)

当翻訳は仮訳であり、正確には原文を参照してください。 Please refer to the original text for accuracy. AI Guidelines for Business Ver1.0 April 19, 2024 Ministry of Internal Affairs and Communications Ministry of Economy, Trade and Industry 仮訳 Provisional Translation 1 Contents Preface ...................................................................................................................................2 Part 1 Definitions ...................................................................................................................9 Part 2 Society to aim for with AI, and matters each AI business actor works on .................. 11 A. Basic philosophies ........................................................................................................ 11 B. Principles ......................................................................................................................12 C. Common Guiding Principles .........................................................................................13 D. Common Guiding Principles for AI Business actors involved in advanced AI systems ..23 E. Building AI governance ................................................................................................. 25 Part 3 Matters Related to AI Developers ...............................................................................27 Part 4 Matters Related to AI Providers ..................................................................................32 Part 5 Matters Related to AI Business Users ..........................................................................35 2 Preface Technologies related to AI (Artificial Intelligence) are constantly evolving, opportunities to use AI and its various possibilities have been increasing continuously, and AI is being used for making industrial innovations and solving social challenges as well. In addition, interactive generative AI has recently appeared leading to AI democratization, which has made it easy for many people to use AI for various purposes through dialogues. Therefore, companies have been making efforts to not only incorporate AI into their business processes but also reconstruct their business models themselves based on the values that will be created by AI. Some private individuals have also increased their efforts to apply their knowledge to AI and enhance their productivity. Japan has been promoting Society 5.0, a concept of a human-centric society in which both economic growth and solutions for social challenges are achieved through a system that merges the cyberspace and physical space in an advanced way, called a "Cyber-Physical System" (CPS). To embody this concept and enable the society to accept AI and use it appropriately, "Social Principles of Human- Centric AI" was established in March 2019. Meanwhile, risks have been increasing as the scope of use of AI technologies and the users have been increasing. Generative AI, especially, has incurred new societal risks that are not carried by conventional AI, such as infringements of intellectual property rights and generation and transmission of disinformation or misinformation, leading to the diversification and increase of societal risks resulting from AI. Against this background, the Guidelines present unified guiding principles in AI governance in Japan to promote safe and secure use of AI. It is intende d to help people who use AI in various businesses to fully recognize AI risks based on international trends and stakeholders' concerns, and to voluntarily take the necessary countermeasures across the entire lifecycle. The Guidelines aim to actively and co operatively develop a framework that achieves both promotion of innovation and reduction of risks across the lifecycle through mutual cooperation among interested parties in implementing the common guiding principles , important matters for each AI business actor, and AI governance. Japan led discussions held at international forums, such as the G7, G20, and OECD, and made a lot of contributions, starting with the proposal for the AI R&D Principles at the G7 ICT Ministers' Meeting in Takamatsu, Kagawa, in A pril 2016. Incidentally, the following matters have been pointed out regarding the actual implementation of the principles in AI:  AI use is viewed as a solution to some social challenges, such as decreasing labor caused by a declining birthrate and aging population.  There is a time lag between formulation and enforcement of laws and the speed and complexity of AI technology development and social implementation.  Rule-based regulations that stipulate detailed obligations might inhibit innovations. Thus, it was decided to draw up guidelines on the basis of the goal -based concept that would lead to the achievement of purposes through soft laws without any legally binding force that would encourage interested parties to make voluntary efforts to reduce societal risks in AI and promote innovations and use of AI. On this understanding, the "Draft AI R&D G uidelines for International Discussions" and "AI Utilization Guidelines: Practical Reference for AI Utilization" were established and announced on the initiative of the Ministry of Internal Affairs and Communications, and "Governance Guidelines for Implementation of AI Principles ver. 1.1" were established and announced on the initiative of the Ministry of Economy, Trade and Industry. And this occasion, b y integrating and modifying those three guidelines, the Guidelines (soft laws without any legally binding force) were newly established to help business operators cooperate to conduct social implementation of AI and governance in it, reflecting the features of AI technologies that had further advanced in recent years, and the domestic and international discussions about social implementation of AI. (See "Figure 1. Positioning of the Guidelines.") It is intended to help business operators (including 3 public institutions such as governments and municipalities) who use AI by referring to the Guidelines instead of the existing guidelines to understand the guiding principles that lead to desirable actions for safe and secure use of AI. Th e Guidelines are established through studies conducted by multiple stakeholders that consisted of academic and research institutions, civil societies including general consumers, private sector companies, and the like, rather than having the government take the initiative alone, to prioritize effectiveness and validity. Figure 1. Positioning of the Guidelines The use of AI might incur a great risk to society depending on the field and how it is used, and social disagreement caused by this risk might inhibit AI use itself. On the other hand, taking too many measures might inhibit AI use itself or decrease the be nefits of using AI. Therefore, it’s important to take a risk-based approach in which we estimate the level of risks ( impact and probability of hazards) that can be entailed by how it is used in the applicable field beforehand, to ensure the degree of measures taken are appropriate to the level of risks. Th e Guidelines provide the guides to the measures to be taken by companies based on a risk -based approach. Note that the concept of a risk -based approach has been commonly adopted by countries with advanced AI. Trends in AI are constantly changing, so it is planned that the Guidelines will be updated as a living document as needed, also in response to international discussions, with the multi ple stakeholder engagement while reflecting the agile governance philosophy to continuously improve AI governance 1. In such activities, it will be determined how the guiding principles and implementation should be updated as the countermeasures against risks in accordance with maturity of AI in the society. (See "Figure 2. Basic concepts of the Guidelines.") 1 The report is compiled by the Ministry of Internal Affairs and Communications' conference toward AI Network Society and the Ministry of Economy, Trade and Industry's Study Group on AI Business Guidelines. The review system will be determined and modified as appropriate in line with future circumstances. Social Principles of Human-Centric AI AI R&D Guidelines  Consists of basic philosophies, visions, and social principles of AI that society should pay close attention to.  Describes that business operators should establish and observe the "R&D and Utilization Principles of AI." Corresponds to a reference document for establishing "R&D and Utilization Principles of AI"  Contains the AI R&D Principles to pay close attention to during AI system development and the descriptions of the principles. AI Utilization Guidelines Governance Guidelines for Implementation of AI Principles  Contains the AI Utilization Principles which are expected to be paid close attention to during use and the descriptions of the principles.  Presents the action goals to be achieved by AI companies and describes virtual examples for the implementation in order to support the implementation of AI principles necessary for promoting the social implementation of AI. Foundation Integration/ Review AI Guidelines for Business Consideration Trends in foreign countries Appearance of new technologies 4 Figure 2. Basic concepts of the Guidelines The G uidelines present basic concepts regarding efforts necessary for the development, provision, and use of AI. Therefore, for the actual development, provision, and use of AI, it is important that all business operators who intend to use AI will voluntarily promote sp ecific efforts using the Guidelines as one of their references. At the same time, all business operators who intend to use AI should recognize the magnitude of AI's impact on society and be conscious of using it to develop human society better. It is important that the business operators pay close attention that if society considers the efforts to be inappropriate or insufficient, it might lead to opportunity losses in their businesses and it might become difficult to maintain business values. Paying close attention to these possibilities enables to maximize the benefits from AI, strengthen competitiveness, and maintain and improve the business values. Incidentally, because the Guidelines contain reference information for AI use and risk information, it is also helpful for people who are not business operators relevant to AI, for example, staff of academic and research institutions and general consumers (including minors). The Guidelines are intended for all AI business actors (including public institutions such as governments and municipalities) who develop, provide, or use AI in various businesses. On the other hand, the Guidelines are not intended for those who use AI for non-business activities and those who derive benefits from AI systems and services without directly using AI for business and, in some cases, sustain damage (hereinafter, both are referred to as "non -business users"). H o w ev er, necessary points for those who develop, provide, or use AI for business purposes to serve non-business users are included in this guideline. Data is dispensable for AI to learn. Specific companies and individuals (hereinafter referred to as "data providers") who provide such data are similarly not included in the target of this guideline. This guideline assumes those who develop, provide or use AI are themselves responsible for those data as data holders. As described above, the parties that the Guidelines are intended for are roughly grouped under "AI developers," "AI providers," and "AI business users" as AI business actors who conduct AI businesses and are defined herein. It is assumed that these AI business actors are business operators (or departments of business operators), and a business operator might take on two or more roles as an AI developer , AI provider , and AI business user depending on the AI use method. (See "Figure 3. Correlation between AI business actor and general AI use flow.") 2  AI developer 2 Generative AI is included in the targets of the development, provision, and use of AI. If an AI provider or AI business user is a public institution, such as a government or municipality, a concept different from that for private business operators might be required. Concepts Support for voluntary efforts by business operators Coordination with international discussions Understand- ability for readers Show directions for AI business actors founded on the risk-based approach where the degree of measures should be proportionate to the level and probability of risks. Ensure consistency with trends and contents of domestic and overseas relevant principles. Readers can check risks and handling policies that should be considered regarding AI, for each of AI developers, AI providers, and AI business users. Processes Multiple stakeholders Established through studies conducted by multiple stakeholders that consisted of academic and research institutions, civil societies including general consumers, private sector companies, and the like, to prioritize effectiveness and validity . Living Document To continuously improve AI governance, updated as needed while reflecting the agile governance philosophy. 5 Business operators who develop AI systems (including business operators who research AI). They develop AI models as well as algorithms and contribute to construction of AI systems including AI models, base system, as well as I/O functions via data collection (incl uding purchase), data preprocessing, training with data.  AI provider Business operators who incorporate AI systems into applications, products, or existing systems, business processes, etc., and provide them to AI business users and, in some cases, non-business users as services. They verify AI systems, integrate AI systems with other systems, provide AI systems and services, offer operation support for AI business users on AI systems for normal operations, or perform the AI service operation itself. Communication with various stakeholders might be required during the provision of AI services.  AI business user Business operators who use AI systems or AI services in their businesses. Their role is to use an AI system or AI service in an appropriate way inte nded by the AI provider, share information such as environmental changes with the AI provider, continue the normal operation, operate the provided AI system as necessary. In addition, when non- business users might be affected by AI use in some ways 3 , AI business users are also responsible for making efforts to prevent AI from incurring unexpected disadvantages for those non-business users and maximize benefits from AI. Figure 3. Correlation between AI business actor and general AI use flow 3 Non-business users need to pay close attention that they may suffer some type of damage if they do not follow the instructions and precautions from AI business users. 6 It is important that each party clarifies "the efforts to be made regarding AI (guiding principles = what)" based on "the ideal society while considering stakeholders' expectations (basic philosophies = why)" from each relevant perspective (AI dev eloper , AI provider , or AI business user). In addition, it is conceivable that studying, determining, and implementing "the specific approach to be adopted (implementation = how)" to fulfill the guiding principles are useful to use AI safely and securely. Actual AI systems and services can be used in various cases depending on the purpose, used technology, data, usage environment, etc. Therefore, it is important that AI developers, AI providers, and AI business users cooperate with each other to devise the optimum approach while considering changes in the external environment, such as the advancement of technologies. For the sake of readability, the main part of the Guidelines covers the basic philosophies and guiding principles, and the appendix covers implementation. The structure of the main part of the Guidelines , which covers the basic philosophies and guiding principles, is shown below:  Part 1 This part mainly describes definitions of terms to help understand the Guidelines.  Part 2 This part describes the society to aim for through AI use, the basic philosophies (why) and principles for realizing it, and the common guiding principles (what) among AI business actors. It also describes the establishment of governance required for implementing the common guiding principles considering the possibility of risks in AI to the society during the pursuit of benefits from AI use. Part 2 describes matters that form the base for Part 3 and later parts, so it is important that all business operato rs who use AI read it and understand its descriptions.  Parts 3 to 5 These parts describe the precautions for each of the three AI business actors who conduct businesses using AI that are not mentioned in Part 2. It is important that each business operator who uses AI understands the precautions relevant to itself. In addition, it is also important that each AI business actor understands the precautions for other AI business actors as well, because there are many matters relevant to adjacent AI business act ors. (See "Figure 4. Structure of the Guidelines.") 7 Figure 4. Structure of the Guidelines For AI developers, AI providers, and AI business users, in addition to Parts 1 and 2, reading the corresponding part among Parts 3 to 5 and the appendix will help them understand risks in AI use and the basic concept of the policy for handling them. Because the examples described in the appendix are helpful as references for business operators who have not determined any specific efforts to make, it is important to chiefly read relevant contents in the appendix. For business executive officers4, including management, to fulfill their duties, it is important to consider and take countermeasures against risks in AI use together with the business strategy, in accordance with the basic philosophies (why) and guiding principles (what) described in th e Guidelines to promote safe and secure AI use. The environment surrounding AI is rapidly advancing worldwide, so it is important that business operators who intend to use AI pay attention to international trends. Under these circumstances, Japan took the initiative in establishing an international common understanding on AI and its guiding principles through the Hiroshima AI Process 5 and took on the key role in the development of the Hiroshima AI Process Comprehensive Policy Framework in December 2023. The Guidelines are also intended to contribute to the Process and have been established taking into account international discussions including the Process. On the other hand, the policies and rules for AI vary with country and region, so business operators who perform cross -border activities should obey local laws and fulfill stakeholders' expectations. As for advanced AI systems, especially, some countries and regions take some measures to assure effective AI governance, for example, 4 Business executive officers include those in public institutions such as governments and municipalities. 5 Based on the result of the G7 Hiroshima Summit held in May 2023, the Hiroshima AI Process was initiated to study international rules concerning generative AI. After that, the G7 Digital & Tech Minister Meeting was held in December 2023 based on the "G7 Leaders' Statement on the Hiroshima AI Process" announced after the Hiroshima AI Process Minister-level Meeting in September 2023 and the Multi -stakeholder High-level Meeting at Kyoto IGF in October. As the achievements of 2023, the "Hiroshima AI Process Comprehensive Policy Framework" and "Work Plan to advance Hiroshima AI Process" were formulated. https://www.soumu.go.jp/hiroshimaaiprocess/ 8 establishing a safety framework of AI validation prior to their release to the market 6, so it is important to pay attention to them. 6 In November 2023, the UK announced a plan for founding the AI Safety Institute that would develop and perform evaluations of advanced AI systems. The US announced that it would establish the US AI Safety Institute in the National Institute of Standards and Technology (NIST) to implement an AI risk management framework and evaluate red teaming. Japan is also planning to found the AI Safety Institute in the Information- technology Promotion Agency(IPA) on February 14th, 2024 in cooperation with the Cabinet Office and r elevant Ministries and Agencies with the purpose of discussion of standards, guidance, etc. that contribute to improving the safety of AI development, provision, and use, research on AI safety evaluation methods, technologies and cases related to AI safety, etc. in collaboration with overseas institutes mentioned above. 9 Part 1 Definitions The term "AI," which means Artificial Intelligence, is said to first used at the Dartmouth Conference in 1956 for the first time. Although there is no agreed definition of AI, as implied from the fact that it is the abbreviation of "Artificial" and "Intelligence," it refers to a computer program that works in a similar way to human's thinking process and a system that can make intelligent decisions on a computer. In the past, some systems called "expert systems," which make inferences from a large amount of knowledge data that is input based on experts' knowledge without machine learning (ML), were considered as a type of AI. However, in 2000s and later, deep learning emerged, and they used it for image recognition, natural language processing (including translation), and speech recognition with machine learning. And systems able to predict, propose or make decisions in specific areas are now called AI. In addition, since 2021, foundation models 7 have appeared, prompting developments of general-purpose AI, which is different from AI that specializes in a specific field. That led to not only predictions, recommendations and decision making but also emergence of “ generative AI” of images, sentences and etc., which attracts attention of society as a whole. As described above, there are many different types of AI, and it is difficult for even experts to predict the future of AI technologies. With these circumstances, related terms in the Guidelines are defined as follows. Related terms  AI No agreed definition has been existed as of now ("Social Principles of Human -Centric AI" formulated by the Integrated Innovation Strategy Promotion Council on March 29, 2019), and it is difficult to strictly define artificial intelligence in a broad sense. AI in th e Guidelines is an abstract concept, which includes AI systems (defined below) themselves or software or programs that perform machine learning. (For reference, it is defined in JIS X 22989:2023 based on ISO/IEC 22989:2022 as follows.) <Academic discipline> Research and development of mechanisms and applications of AI systems Note 1: Research and development can be conducted in several fields, including computer science, data science, natural science, human science, and mathematics.  AI system A system (such as a machine, robot, and cloud system) that works at various levels of autonomy during the use process and incorporates a software element that has a learning function. (For reference, it is defined in JIS X 22989:2023 based on ISO/IEC 22989:2022 as follows.) An engineering system that produces outputs such as contents, predictions, recommendations, and decision -makings in response to a given set of goals defined by humans. Note 1: As for an engineering system, models that represent data, knowledge, processes, etc., that can be used to perform tasks can be developed using various techniques and approaches relevant to artificial intelligence. Note 2: An AI system is designed to work at various autonomous levels. (For reference, it is defined in the OECD AI Principles overview as follows.) An AI system is a machine -based system that, for explicit or implicit objectives, makes inferences. It generates outputs including predictions, contents, recommendations, 7 Fundamental models typified by large language models are core technological foundations for creating individual models that support various services. They have characteristics different fr om general AI from the viewpoints of development of models adapted to a broad range of downstream tasks derived from a fundamental model and knowledge acquired through the development process itself. 10 decisions and so on to place impact on physical or virtual environments from received data. Different AI systems vary in their levels of autonomy and adaptiveness after deployment.  Advanced AI system The most advanced AI systems including the cutting -edge foundation models and generative AI systems. (Quoted from the definition in the Hiroshima AI Process)  AI model (ML model) A model incorporated into an AI system and acquired through machine learning using training data. It produces prediction results in accordance with the input data. (For reference, it is defined in JIS X 22989:2023 based on ISO/IEC 22989:2022 as follows.) A mathematical structure that produces inferences or predictions based on input data or information. Example: When a univariate linear function y = θ 0 + θ 1x is trained using the linear regression, the result model is y = 3 + 7x or the like. Note 1: A machine learning model is acquired as a result of training based on a machine learning algorithm.  AI service A service that uses AI system s. It refers to providing AI business users with values in general. AI services are provided and operated through not only technologies that constitute an AI system, but also non -technological approaches, including monitoring by humans and appropriate communications with stakeholders.  Generative AI A general term representing AI developed from an AI model that can generate texts, images, programs, etc.  AI governance The design and operation of technological, organizational, and social systems by stakeholders for the purpose of managing risks posed by the use of AI at levels acceptable to stakeholders and maximizing their positive impact (benefit). 11 Part 2 Society to aim for with AI, and matters each AI business actor works on Part 2 describes "A. Basic philosophies" as the society to aim for with AI first. Next, it describes "B. Principles" at which each AI business actor works on to realize the basic philosophies and "C. Common Guiding Principles" that are derived from the principles. Furthermore, it describes "D. Common Guiding Principles for AI Business actors involved in advanced AI systems," which should be followed by business operators involved in advanced AI systems. After that, it describes "E. Building AI governance," which is important for the implementation of "C. Common guiding principles" and safe and secure use of AI. A. Basic philosophies As described in the "Preface," "Social Principles of Human -Centric AI" formulated by Japan in March 2019 states that it is expected that AI will contribute to the creation of Society 5.0. Additionally, the document states that it is important to use AI as a public asset of humans that can lead to the achievement of global sustainability through qualitative changes of the ideal society as well as true innovations. The document also states that the following three values should be respected as basic philosoph ies in order to build a society that upholds such philosophies. (1) Dignity: A society that has respect for human dignity Rather than building a society in which effectiveness and convenience are pursued through AI use to the point that humans become excessively dependent on AI and AI is used to control human behaviors, it is necessary to build a society that has respect for human dignity and for humans to take full advantage of AI as a tool to fully demonstrate their various capabilities. This will al low them to exert more creativity or engage in more challenging jobs and live physically and mentally rich lives. (2) Diversity & Inclusion: A society where people with diverse backgrounds can pursue their own well-being One of the present-day ideals and big challenges is the creation of a society in which people with diverse backgrounds, values, or ways of thinking can seek different well - being, so they can be flexibly included and new values can be created. Powerful AI technologies can be an effective tool for approaching this ideal. We need to transform the state of society as described above through proper development and deployment of AI. (3) Sustainability: A sustainable society We need to use AI to bring new businesses and solutions into the world one after another to build a sustainable society that can eliminate social disparities and address global environmental problems and climate changes. As a science -and-technology-oriented country, Japan has a responsibility to contribute to the creation of such a so ciety by using AI to strengthen its accumulated scientific and technological expertise and knowledge. 12 Figure 5. Basic philosophies These fundamental concepts remain goals for us to achieve and do not change despite significant technological evolution. Therefore, these basic philosophies should be respected as objectives to achieve through domestic and international frameworks as AI evolves. B. Principles To realize the basic philosophies, it is important that each AI business actor makes efforts to comply with the philosophies. Therefore, we categorized the principles that should be kept in mind by each AI business actor into the activities to be implemented by each AI business actor and the activities expected to be implemented in cooperation with society. These principles have been formulated by restructuring "Social Principles of Human -Centric AI" in accordance with overseas principles, including OECD's AI principles. Activities to be implemented by each AI business actor It is important that each AI business actor achieves its purposes of AI, such as creating business value and solving social challenges, while promoting the development, provision, or use of AI systems and services and maintaining human dignity, based on the human -centric 8 concept derived from the basic philosophies. To accomplish this, it is important that each AI business actor ensures values, such as safety and fairness, to reduce societal risks arising from AI use. In addition, it is important to protect privacy including the prevention of inappropriate use of personal data and ensure security against risks such as a decreasing availability and external attack caused by vulnerabilities of AI systems. To achieve these goals, it is important that each AI business actor ens ures the verifiability of systems and improves transparency by providing appropriate information to stakeholders9 and ensures accountability. In consideration of the possibility of the roles of AI business actors changing due to value chain changes caused by the diversification of AI architectures, it is important that AI business actors cooperate with each other to make efforts to improve the quality of AI in the entire value chain and continue discussions among multiple stakeholders. By making these efforts, each AI business actor is expected to derive maximum benefit from the development, provision, or use of AI systems and services while minimizing the AI risks. 8 The underlined parts are organized as "C. Common Guiding Principles" in the latter part. 9 Stakeholder: All the AI business actors who might be directly or indirectly affected by AI use including third parties other than AI developers, AI providers, AI business users, and non-business users. (The same shall apply hereafter.) Dignity: A society that has respect for human dignity Diversity & Inclusion: A society where people with diverse backgrounds can pursue their own well-being Sustainability: A sustainable society Basic philosophies 13 Activities expected to be implemented in cooperation with society In order to enhance benefits from AI for the society and realize the basic philosophies that we should pursue, each AI business actor is expected to actively collaborate with the society, including the governments, municipalities, and communities, as well as individually comm it to its own activities. To accomplish this, each AI business actor is expected to provide opportunities for ensuring education and literacy in cooperation with the society to avoid divisions within the society and spread the benefits from AI to all of the people. In addition to that, each AI business actor is expected to contribute to activities that ensure fair competition and facilitate innovation that can create new businesses and services, maintain sustainable economic growth, and provide solutions for social challenges. C. Common Guiding Principles In the activities, each AI business actor should develop, provide, or use AI systems and services respecting the rule of law, human rights, democracy, diversity, and fair and just society in light of "1) Human-centric" described below. In addition, relevant laws, including the Constitution of Japan, Intellectual Property Basic Act and relevant laws, and Act on the Protection of Personal Information as well as existing laws and regulations in individual fields pertaining to AI should be observed, and it is important to pay close attention to the circumstances of the drafting of international guiding principles 10,16. It is important that each AI business actors understand characteristics, intended use, purposes and social context of AI system s/services and positively process these activities with limited resources. 1) Human-Centric When developing, providing, or using an AI system or service, each AI business actor should act in a way that does not violate the human rights guaranteed by the Constitution of Japan or granted internationally, as the foundation for accomplishing all matters to be conducted, including the matters described later. In addition, it is important that each AI business actor acts so that the AI expands human abilities and enables diverse people to seek diverse well- being. (1) Human dignity and autonomy of individuals  Based on the social context of AI use, respect human dignity and the autonomy of individuals.  In particular, when linking AI with someone's brain or body, refer to discussions about bioethics in foreign countries and research institutions, together with information of peripheral technologies.  When profiling using AI in a field where personal rights and benefits can be severely affected, use AI respecting the dignity of individuals, maintaining the utmost accuracy of the outputs, understanding limitations of predictions, recommendations, and judgments of AI, and carefully considering possible drawbacks, and do not use it for inappropriate purposes. (2) Paying attention to manipulations by AI on decision-makings and emotions 10 Governing laws should be obeyed in accordance with the geographic business deployment status, locations of the AI providers and AI business users of the developed AI models, the loca tions of the servers to be used for training and the like. When you are required to comply with Japanese laws, handle personal data, intellectual property rights, and such like in compliance with their respective applicable laws in accordance with the data type. As for the handling of data, note that the use of some data might be prohibited by a contract between stakeholders, even when it is not stipulated by laws. 14  Do not develop, provide, or use AI systems and services with purpose of manipulating human decision making, recognition and emotion or on the premise of unconscious control.  When developing, providing, or using an AI system or service, pay attention and take necessary countermeasures against the risk of heavy dependence on AI, such as automated biases 11.  Pay attention to AI use that might instigate biased information or values and unwillingly limit the options that should be originally available to people including AI business users, such as a filter bubble 12.  Carefully handle AI outputs, especially when they can be relevant to procedures that might significantly affect the society, such as an election and decision-making in a community. (3) Countermeasures against disinformation, etc.  Generative AI has enabled everyone to forge fake information that seems to be true and fair, so recognize the increasing risk of destabilizing and confusing the society through disinformation, misinformation, and biased information generated by AI, and take necessary countermeasures 13. (4) Ensuring diversity/inclusion  In addition to ensuring fairness, to prevent information poverty and digital poverty and allow more people to enjoy the benefits of AI, pay attention to make it easy for socially vulnerable people to use AI.  Adopt universal design, ensure accessibility, and provide relevant stakeholders 14 with education and support. (5) Providing user support  Offer rational information about the functions and peripheral technologies of the AI system or service, and allow users to use functions that timely and appropriately offer the information for judging choices.  For example, default settings, provision of understandable options, provision of feedbacks, alerts in an emergency, and handling of errors. (6) Ensuring sustainability  Examine the impact of the whole lifecycle on the global environment during the development, provision, and use of AI systems and services. Each AI business actor is expected to consider these matters as preconditions and to enhance the performance (usefulness) of AI as much as possible to provide people with benefits and richness and achieve well-being. 11 Refers to a phenomenon in which automated systems or technologies are excessively trusted or depended on when humans make judgments and decisions. 12 A filter bubble refers to an information environment where an algorithm analyzes and learns about search histories and click histories of individual Internet users to preferentially show information they like, regardless of whether or not they want it to do so, separating them from information that disagrees with their viewpoints, and consequently, isolating them in a "bubble" of their own ways of thinking and values. In addition to a filter bubble, an echo chamber is also mentioned as one of the phenomena that are said to be caused by the interaction between the intrinsic human tendency and the characteristics of Internet media. While there are risks described above, AI also has a benefit that provides personalized and filtered answers to AI business users and non-business users enabling to offer proposals in a beneficial manner. 13 The Ministry of Internal Affairs and Communications will discuss ways for appropriate information distribution in the dig ital space, including countermeasures to disinformation and misinformation on the Internet. They discuss them in institutional aspects, as well as various rights and interests such as freedom of expression. A thoughtful and comprehensive study has been carried out, and a report is scheduled to be compiled around the summer of 2024, so the status of these studies should be kept in mind. (Japanese Only) https://www.soumu.go.jp/main_sosiki/kenkyu/digital_space/index.html 14 Relevant stakeholder: The AI business actors who are directly or indirectly involved in AI use including AI developers, AI providers, AI business users, and non-business users. (The same shall apply hereafter.) 15 2) Safety Each AI business actor should avoid damage to the lives, bodies, minds, and properties of stakeholders during the development, provision, and use of AI systems and services. In addition, it is important that the environment is not damaged. (1) Taking into consideration the lives, bodies, properties and minds of humans and the environment  Ensure that the AI system/service is sufficiently fulfilling the requirements, including the accuracy of outputs (reliability).  Ensure that the performance level is maintained under various circumstances, and that grossly incorrect judgments are not made for irrelevant events (robustness).  Ensure controllability that allows humans to control AI as necessary including objective monitoring and handling, in accordance with the cha racteristics and purposes of the relevant AI, in light of the severity and possibility of rights violations that can result from AI use or unintended AI behaviors.  Conduct appropriate risk analyses to take countermeasures against risks (avoidance, mitigation, transference, or acceptance).  If there are potential hazards to the lives, bodies, properties, and minds of humans and the environment, organize measures to be taken in advance and offer related information to stakeholders.  Clearly specify measures that should be taken by relevant stakeholders and the terms of use.  Determine the responses for cases where the safety of AI systems or services is endangered so that the steps can be quickly taken in such cases. (2) Proper use (of AI)  Develop, provide, or use AI systems and services within the range in which the AI business actor can control, preventing damage due to a provision or use that deviates from the intended purpose. (3) Proper training 15  In accordance with the characteristics and p urposes of AI systems and services, ensure the accuracy, and recency as necessary, of the data (appropriateness of the data) to be used for training.  Properly take actions such as the securement of transparency of data used for training, compliance with the legal framework 16, and update of AI models, within reasonable extent. 3) Fairness During the development, provision, or use of an AI system or service, it is important that each AI business actor makes efforts to eliminate unfair and harmful bias and discrimination against any specific individuals or groups based on race, gender, national origin, age, political opinion, religion, and so forth. It is also important that before developing, providing, or using an AI system or service, each AI business actor recognizes that there are some unavoidable biases even if such attention is paid, and determines whether the 15 It is important that AI providers and AI business users, in addition to AI developers, also make efforts to ensure safety if they make adjustments or conduct re-trainings. 16 As for the relationship with the laws with regard to intellectual properties, discussions are in progress in the Intellectual Property Strategy Promotion Office under the Cabinet Office and the Agency for Cultural Affairs, so pay close attention to th e consideration status in the future. As for the relationship between AI and copyrights, especially, the Legal System Subcommittee of the Copyright Subdivision of the Culture Council is arranging their discussions , so it is important that each AI business actor understands the intent of these discussions. ・Intellectual Property Strategy Promotion Office under the Cabinet Office (Japanese Only) https://www.kantei.go.jp/jp/singi/titeki2/index.html ・Legal System Subcommittee of the Copyright Subdivision of the Cul ture Council(Japanese Only) https://www.bunka.go.jp/seisaku/bunkashingikai/chosakuken/hoseido/ 16 unavoidable biases are allowable from the viewpoints of respect for human rights and diverse cultures. (1) Consideration for bias in technologies forming AI models  There are a broad range of factors that can produce an inappropriate bias, so identify the factors that might produce biases that can be considered as problems from the viewpoint of fairness. Those factors may include technological elements (training data, AI model training process, prompts entered by AI business users or non-business users 17 , and reference information and collaborating external services used by AI models for inference) and behaviors of AI business users.  Study the possibility that potential biases might be produced depending on the characteristics and purposes of the AI system or service. (2) Intervention by decisions made by humans  To prevent AI from generating unfair results, consider implementing timely human interventions, rather than letting AI make the decisions alone.  Introduce a process for analyzing an d handling the purposes, restrictions, requirements, and decisions for the AI system or service through clear and transparent methods, to see whether any biases have been produced.  Be careful of unconscious biases and potential biases, and communicate with stakeholders from various backgrounds including culture or speciality for direction. 4) Privacy protection It is important that during the development, provision, or use of an AI system or service, each AI business actor respects and protects privacy in accordance with its importance. At this time, relevant laws should be obeyed. (1) Protection of privacy across AI systems and services in general  Observe relevant laws, including the Act on the Protection of Personal Information, and formulate and announce the privacy policy of each AI business actor, to take measures to respect and protect the privacy of stakeholders, in accordance with its importance, based on the social contexts and legitimate expectations of people.  Consider measures for privacy protection while taking into account the following matters:  Ensure measures based on the Act on the Protection of Personal Information.  Refer to international principles and standards for personal data protection.18 5) Ensuring security During the development, provision, or use of an AI system or service, it is important that each AI business actor ensures security to prevent the behaviors of AI from being unintentionally altered or stopped by unauthorized manipulations. (1) Security measures relevant to AI systems and services 19 17 AI business users can train generative AI, including large -scale language models, for a specific task using a training method called in -context learning without updating the learned parameters in accordance with AI business users' inputs (called prompts). 18 AI business actors are expected to follow international guiding principles on privacy, including "OECD, Recommendation of the Council concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, OECD/LEGAL/0188" and "ISO/IEC 29100:2011 Information technology Security techniques Privacy framework." In addition, the Global Cross-Border Privacy Rules (CBPR) Forum has been established with the purpose of promoting the smooth cross -border transfer of personal data and the interoperability of regulations in countries across a broader range, and Japan joined it in April 2022 and has announced the Global CBPR Framework. As for generative AI, refer to the "Statement on Generative AI" by the G7 Data Protection and Privacy Authorities Roundtable (June 2023) and the "Resolution on Generative Artificial Intelligence Systems" by the Global Privacy Assembly (GPA) (October 2023) as well. 19 For details on methods, refer to the "Guidelines for secure AI system development" (November 2023) by the National Cyber Security Centre (NCSC) of the UK as well. https://www8.cao.go.jp/cstp/stmain/20231128ai.html 17  To maintain the confidentiality, integrity, and availability of AI systems and services and ensure safe and secure AI use constantly, take reasonable measures based on the technological level at the time.  Understand the characteristics of AI systems and services, and examine whether the inter -system connections necessary for normal operations are properly established.  Bearing in mind that relevant stakeholders might make unexpected judgments by mixing detailed information into inference targe t data, recognize that vulnerabilities cannot be completely eliminated from AI systems and services. (2) Consideration for the latest trends  New methods for attacking AI systems and services from the outside are increasing on a daily basis. In order to address those risks, check the matters to be noted. 6) Transparency20 When developing, providing, or using an AI system or service, based on the social context when the AI system or service is used, it is important that each AI business actor provides stakeholders with information to the reasonable extent necessary and technically possible while ensuring the verifiability of the AI system or service. (1) Ensuring verifiability  In order to ensure verifiability relating to decisions made by AI, record or store logs of AI training processes, inference processes, rationales of decisions made by AI, and the like (for example, input/output generated when developing and using the AI system or service) to the extent possible based on the data amount or contents.  Discuss method, frequency, maintenance period and so on recordings of data logs, taking into account the importance for identifying causes of accidents , devising preventive measures, or proving requirements for responsibilities for damages, in accordance with characteristic of used technology as well as purposes. (2) Providing relevant stakeholders with information  Based on the relations with AI and the nature and purpose of AI, provide and explain information summarizing the items listed below according to the knowledge and ability of each stakeholder.  AI systems and services in general  Fact that AI is used and its scope  Methods for data collection and annotation  Methods for training and evaluation  Information on the underlying AI models  Capabilities and limitations of the A I system or service, and proper/improper use by AI business users  Relevant laws applicable in the country/region where those provided with the AI system or service or AI business users are located  Encourage a variety of stakeholders to engage actively through dialogues and collect various opinions on social impacts and safety.  In addition, show actual advantages of providing or using the AI system or service and risks to relevant stakeholders. 20 Various countries define transparency in different ways. For example, the "Artificial Intelligence Risk Management Framework" by NIST (January 2023) defines it in three categories for AI: transparency (which can answer the question of "what happened" in the system), explainability (which can answer the question of "how" a decision was made in the system), and interpretability (which can answer the question of "why" a decision was made by the system and its meaning or context to the user), while the "ETHICS GUIDELINES FOR TRUSTWORTHY AI" by the European Commission (April 2019) defines it as traceability, explainability, and communication. The international standard ISO/IEC JTC1/SC42 defines the transparency as the degree to which appropriate information about the AI system is communicated to relevant stakeholders. In this document, matters relating to information disclosure are broadly referre d to as "transparency ." 18 (3) Reasonable and truthful support  Provision of information to stakeholders described above "(2) Providing relevant stakeholders with information" doesn’t assume disclosure of algorithms or source code, but it assumes providing them to the extent that satisfies social rationality based on the characteristics and uses of the technologies to be adopted while respecting privacy and trade secrets.  If any open technologies are used, conform to the rules specified for them.  When disclose developed AI systems as open source, consider any potential social impacts. (4) Improving explainability and interpretability for relevant stakeholders  Share necessary explanations for those to be explained with actors who explain to analyze requirements of such explanation to gain relevant stakeholders' understanding and sense of safety to provide proof of AI operations.  AI provider: Inform the AI developer about things that are required to be explained.  AI business user: Inform the AI developer and AI provider about things that are required to be explained. 7) Accountability21 When developing, providing, or using an AI system or service, it is important that each AI business actor executes its accountability to stakeholders within reasonable extent for ensuring traceability, conforming to common guiding principles, and the like based on each AI business actor's roles and the degree of risks posed by the AI system or service. (1) Improving traceability  Establish a situation that allows the origin of data and decisions made during the development, provision, or use of the AI system or service to be traced forward and backward to the extent that is reasonable and technically possible. (2) Explanation of conformity to common guiding principles  Provide and explain information on how AI business actors conform to common guiding principles regularly to stakeholders, including suppliers, according to their knowledge and competence. This information summarizes, for example, the following items:  General  Whether any risk is found that prevents the common guiding principles from being implemented, to what extent it prevents the implementation of those guiding principles  Implementation progress of the common guiding principles  Human-centric  How disinformation is considered, and how diversity, inclusion, user support, and sustainability are ensured  Safety  Known risks relating to AI systems and services, countermeasures against them, and how to ensure safety against them  Fairness  Possibility that technological elements forming AI models will introduce bias. Those elements may include training data, A I model training process, prompts expected to be entered by AI business users or non- 21 While accountability is sometimes defined as explainability, the Guidelines handle information disclosure in the context of transparency, so accountability is defined as the concept of taking actual and legal responsibilities for AI and setting prerequisites for taking the responsibilities. 19 business users, and reference information and collaborating external services used by AI models for inference.  Privacy protection  Risks of infringements of privacy of AI business actors or stakeholders entailed by the AI system or service, countermeasures against those risks, and actions expected to be taken when the privacy breach actually occurred.  Ensuring security  Conformity to standards required to facilitate collaboration between AI systems and services or with other systems if such collaboration occurs  Any risks that may occur when the AI system or service collaborates with other AI systems and services via the Internet, and measures to be taken against the risks (3) Designation of responsible persons  Appoint someone as the person responsible for executing its accountability in each AI business actor. (4) Sharing responsibilities among actors  As for responsibilities shared among actor s, clarify who take the responsibilities through contracts or social promises (voluntary commitments) between AI business actors including non-business users. (5) Specific actions for stakeholders  As necessary, establish and publicly report policies, including those created by each AI business actor on AI governance or privacy in relation to risk management or safety assurance associated with the use of AI systems and services. Those policies involve social responsibilities, including sharin g visions with and giving out and providing information to society and general citizens.  As necessary, set opportunities for accepting comments from stakeholders on incorrect AI output and the like, and conduct objective monitoring of the output.  Set policies to handle cases that might affect the interests of stakeholders. Execute those policies reliably and report the progress regularly to the stakeholders as necessary. (6) Documentation 22  Document and store information on the items described above and keep them available for a prescribed period whenever and wherever required and able to be referenced in a manner appropriate for their use. The specific activities expected to be implemented by each AI business actor in cooperation with society are organized as follows. 8) Education/literacy Each AI business actor is expected to provide the persons engaged in AI in the AI business actor with the necessary education to gain the knowledge, literacy, and ethical views to correctly understand and use AI in a socially correct manner. Each AI business actor is also expected to provide stakeholders with education, in consideration of the characteristics of AI, including its complexity and the misinformation that it may provide, and possibilities of 22 Regarding "documentation," there is no problem as long as records are kept using appropriate tools so that they can be easily confirmed later, and they do not necessarily need to be recorded in the paper or specific document. 20 intentional misuse of AI.23 (1) Ensuring AI literacy  Take the necessary steps to ensure that the persons engaged in AI in each AI business actor acquire AI literacy of the level sufficient for the engagement. (2) Education and reskilling  It is assumed that the division of tasks between AI and humans will change due to the expansion of generative AI use, so discuss actively about education and reskilling to promote new ways of working.  Provide educational opportunities taking into account d ifferences in knowledge and skills among generations so that various people can acquire a deeper understanding of benefits of AI and enhance the resilience against risks. (3) Support for stakeholders  To improve the safety of the whole AI system or AI service, provide stakeholders with education and literacy advancement as necessary. 9) Ensuring fair competition Each AI business actor is expected to maintain the fair competitive environment surrounding AI so that new business es and services using AI are created, the sustainable economic growth is maintained, and solutions for social challenges are provided. 10) Innovation Each AI business actor is expected to make efforts to actively contribute to the promotion of innovation for the whole society. (1) Promoting open innovation, etc.  Promote internationalization, diversification, collaboration among industry, academia, and government sectors, and open innovation.  Make efforts to maintain the environment in which data necessary for AI innovation is created. (2) Consideration for interconnectivity and interoperability  Ensure the interconnectivity and interoperability between your AI systems/services and other AI systems/services.  When there are standard specifications, comply with them. (3) Providing information appropriately  Provide necessary information to the extent that does not hinder the innovation of the information provider. In addition to the matters described above, important matters for AI developers, AI providers or AI business users, respectively, are organized in "Table 1. Important matters for each AI 23 The Ministry of Economy, Trade and Industry and IPA published "Digital Skill Standards" (December 2022) that organized the profile of ideal human resources needed in the DX era as a guiding principle on personal studies and recruitment and education of human resources in companies. In addition, to further promote DX in companies through the use of generative AI, they compiled "Concept of Human Resources and Skills Needed to Promote DX in Generative AI Era" in August 2023 and added the necessity for the familiarity with directions (prompts) and capabilities to put queries and build up and verify hypotheses to the skill standards. ・Digital Skill Standards(Japanese Only) https://www.meti.go.jp/policy/it_policy/jinzai/skill_standard/main.html ・Study group on human resources policy in the digital age (Japanese Only) https://www.meti.go.jp/shingikai/mono_info_service/digital_jinzai/index.html 21 business actor in addition to common guiding principles." As for the matters expressed as " -" in the table, each AI business actor is expected to implement the actions described in the "Part 2. C. Common guiding principles" column, rather than doing nothing. Hereinafter , each matter (item) described in "Table 1. Important matters for each AI business actor in addition to common guiding principles" will be identified and indicated with the notation [AI business actor - Guiding principle number) Description.].  An AI business actor is indicated by its initial: AI Developer, AI Provider, and AI Business User. A guiding principle number and description number are indicated by numbers, respectively, given in the table. "D-2) i.", for example, refers to the important matter for AI developers about the proper data training regarding safety. 22 Table 1. Important matters for each AI business actor in addition to common guiding principles Part 2. C. Common guiding principles Important matters for each AI business actor in addition to common guiding principles Part 3. AI Developer (D) Part 4. AI Provider (P) Part 5. AI Business User (U) 1) Human- centric (1) Human dignity and autonomy of individuals (2) Paying attention to manipulations by AI on decision-makings and emotions (3) Countermeasures against disinformation (4) Ensuring diversity/inclusion (5) Providing user support (6) Ensuring sustainability - - - 2) Safety (1) Taking into consideration the lives, bodies, properties and minds of humans and the environment (2) Proper use (of AI) (3) Proper training i. Proper data training ii. Development that takes into consideration the lives, bodies, properties and minds of humans and the environment iii. Development contributing to proper use (of AI) i. Actions against risks that consider the lives, bodies, properties, and minds of human and the environment ii. Provision contributing to proper use (of AI) i. Proper use (of AI) that considers safety 3) Fairness (1) Consideration for bias in technologies forming AI models (2) Intervention by decisions made by humans i. Consideration for bias in data ii. Consideration for bias in algorithms, etc., of AI models i. Consideration for bias in configurations and data of AI systems and services i. Consideration for bias in input data or prompt 4) Privacy protection (1) Protection of privacy across AI systems and services in general i. Proper data training (Repeat of D-2) i.) i. Deployment of mechanisms and measures for protecting privacy ii. Countermeasures against privacy violation i. Countermeasures against inappropriate input of personal data and privacy violation 5) Ensuring security (1) Security measures relevant to AI systems and services (2) Consideration for the latest trends i. Deployment of mechanisms for security measures ii. Consideration for the latest trends i. Deployment of mechanisms for security measures ii. Handling of vulnerabilities i. Implementation of security measures 6) Transparency (1) Ensuring verifiability (2) Providing relevant stakeholders with information (3) Reasonable and truthful support (4) Improving explainability and interpretability for relevant stakeholders i. Ensuring verifiability ii. Providing relevant stakeholders with information i. Documentation of system architectures and the like ii. Providing relevant stakeholders with information i. Providing relevant stakeholders with information 7) Accountability (1) Improving traceability (2) Explanation of conformity to common guiding principles (3) Designation of responsible persons (4) Sharing responsibilities among actors (5) Specific actions for stakeholders (6) Documentation i. Explanation to AI providers of conformity to common guiding principles ii. Documentation of development-related information i. Explanation to AI business users of conformity to common guiding principles ii. Documentation of service agreements or the like i. Explanation to relevant stakeholders ii. Effective use of provided documents and conformity to agreements 8) Education/ literacy (1) Ensuring AI literacy (2) Education and reskilling (3) Support for stakeholders - - - 9) Ensuring fair competition - - - - 10) Innovation (1) Promoting open innovation, etc. (2) Consideration for interconnectivity and interoperability (3) Providing information appropriately i. Contribution to creation of opportunities for innovation - - 23 D. Common Guiding Principles for AI Business actors involved in advanced AI systems On the basis of "Hiroshima Process International Guiding Principles for All AI Actors" established through the Hiroshima AI Process and its foundation "Hiroshima Process International Guiding Principles for Organizations Developing Advanced AI System," the business actors involved in advanced AI systems should comply with the following in addition to the common guiding principles 24. Note that some items from I) to XI) are applicable only to AI developers of advanced AI systems, so AI providers and AI business users are required to comply with items within the appropriate scope as described later in Parts 3 to 5. I) Take appropriate measures throughout the development of advanced AI systems, including prior to and throughout their deployment and placement on the market, to identify, evaluate, and mitigate risks across the AI lifecycle. ("2) Safety", "6) Transparency")  Specifically, employing diverse internal and independent external testing measures, through a combination of methods such as red-teaming 25, and implementing appropriate mitigation to address identified risks and vulnerabilities  In support of such testing, developers should seek to enable traceability, in relation to datasets, processes, and decisions made during system development. II) Identify and mitigate vulnerabilities, and, where appropriate, incidents and patterns of misuse, after deployment including placement on the market. ("5) Ensuring security " and "7) Accountability")  Use, as and when appropriate commensurate to the level of risk, AI systems as intended and monitor for vulnerabilities, and take appropriate action to address these.  encouraged to maintain appropriate documentation of reported incidents and to mitigate the identified risks and vulnerabilities, in collaboration with other stakeholders. III) Publicly report advanced AI systems’ capabilities, limitations and domains of appropriate and inappropriate use, to support ensuring sufficient transparency, thereby contributing to increase accountability. ("6) Transparency" and "7) Accountability")  Make a reasonable explanation of what decision was made, starting with the source of the data, and document and publish it to ensure traceability.  Document and publish in a clear and understandable manner so that relevant stakeholders can interpret the output of the AI system and use it appropriately by AI business users and non-business users IV) Work towards responsible information sharing and reporting of incidents among organizations developing advanced AI systems including with industry, governments, civil society, and academia. (“5) Ensuring security”, "6) Transparency", "7) Accountability", "10) Innovation")  These include reports on monitoring results and documents related to security and safety risks. 24 For details, refer to "II. Hiro shima Process International Guiding Principles for All AI Actors and for Organizations Developing Advanced AI Systems" of "Hiroshima AI Process Comprehensive Policy Framework" in "Hiroshima AI Process G7 Digital & Tech Ministers' Statement" adopted in the G7 Digital & Tech Ministers' Meeting (December 2023). https://www.soumu.go.jp/menu_news/s-news/01tsushin06_02000283.html 25 A team that verifies the effectiveness of security response system and countermeasures from the perspective of how attackers attack target organizations. 24 V) Develop, implement and disclose AI governance and risk management policies grounded in a risk-based approach – including privacy policies, and mitigation measures, in particular for organizations developing advanced AI systems. (see "(4) Privacy protection", "7) Accountability")  If appropriate case, publish privacy policy  It is expected to establish and disclose AI governance policies and practices. VI) Invest in and implement robust security management, including physical security, cyber security and security measures against internal threats, throughout the AI lifecycle. ("5) Ensuring security")  Consider operational measures for information security and appropriate cyber/physical access control, etc. VII) Develop and deploy reliable content authentication and provenance mechanisms, where technically feasible, such as watermarking or other techniques to enable users to identify AI-generated content. ("6" Transparency")  Specifically, it includes content authentication and usual mechanisms created by the organization's advanced AI systems where appropriate and technically feasible.  Make effort to develop tools and APIs that allow AI business users and non-business users to determine whether or not specific content through watermarks has been created using advanced AI systems.  It is encouraged to introduce other mechanisms, such as labelling and disclaimer labelling, to help AI business users and non-business users know that they are interacting with the AI system.  Prioritize research to reduce social, safety and security risks and prioritize investment in effective mitigation measures ("10) Innovation”) Includes research on improving AI safety, security, reliability, and handling risks VIII) Prioritize research to mitigate societal, safety and security risks and prioritize investment in effective mitigation measures. ("10 Innovation")  Implement efforts to develop reliable, human-centric AI, and at the same time provide support for the improvement of literacy among non-business users. IX) Prioritize the development of advanced AI systems to address the world’s greatest challenges, notably but not limited to the climate crisis, global health and education. ("10) Innovation").  Contribute to the development of international technical standards and best practices, including watermarks, use them if appropriate, and go along with the Standard Development Organization (SDO) X) Advance the development of and, where appropriate, adoption of international technical standards. ("2) Safety" and "3) Fairness")  Appropriate measures to manage the quality of data, such as training data and data collection, are encouraged to mitigate harmful bias  Appropriate transparency of the training dataset should also be supported and adherence to applicable legal frameworks XI) Implement appropriate data input measures and protections for personal data and intellectual property. ("5) Ensuring security" and "8) Education and literacy")  Provide opportunities to improve the literacy and awareness of each AI business actor and stakeholder , including issues such as how advanced AI systems increase specific risks (e.g., those related to the proliferation of fake information) and how new risks are created It is encouraged to collaborate among AI business actors to share information to identify and handle new risks and vulnerabilities associated with advanced AI systems. 25 XII) Promote and contribute to trustworthy and responsible use of advanced AI systems. ("5) Ensuring security" and "8) Education and literacy")  Provide opportunities to improve their own and, where appropriate, others ’ digital literacy, training and awareness, including on issues such as how advanced AI systems may exacerbate certain risks (e.g. with regard to the spread of disinformation) and/or create new ones E. Building AI governance In order to implement the common guiding principles across value chains with the cooperation of AI business actors and use AI safely and securely, it is important to build AI governance that manages risks posed by AI at levels acceptable to stakeholders and maximizes their benefits. In order to create Society 5.0, it is also essential to socially implement a system that merges the cyberspace and physical space in an advanced way (CPS) and build appropriate AI governance for the system. A society with CPS set as its foundation is complex and rapidl y changes, and it is difficult to control the risks in such a society. Those social changes cause the goals targeted by the AI governance to continuously change. Therefore, it is important to practice agile governance instead of regular AI governance where the predefined rules or procedures remain unchanged. In agile governance, multiple stakeholders continuously and rapidly run a cycle consisting of environment and risk analysis, goal setting, system design, operation, and then evaluation in various governance systems in companies, regulations, infrastructure, markets, social codes and the like26. For specific studies, it is important to take into consideration the severity and probabilities of risks posed by the AI developed, provided, or used by each AI business actor and limitations on the resources of each AI business actor. (1) Each AI business actor first conducts an environment and risk analysis for the AI system or service based on the benefits and risks the AI system or service may bring about during the overall lifecycle, social acceptance relating to the development and operation, changes in the external environment, and the maturity of AI. (2) Then, according to the analysis results, each AI business actor determine s whether to develop, provide, or use the AI system or service. If it decides to do so, consider setting AI governance goals 27 by estab lishing policies relating to AI governance. These AI governance goals should be consistent with each AI business actor's reason for existence and management goals such as philosophy and vision. (3) After that, each AI business actor designs the AI management system to achieve the AI governance goals and operate the system. In this stage, each AI business actor establishes transparency and ensure accountability (such as fairness) towards external stakeholders about its AI governance goals and the operation status of those goals. (4) Then, each AI business actor continuously monitor s and evaluate s whether the AI management system, including risk assessment, is effectively functioning, and make continuous improvements. (5) After the operation of the AI system or service co mmences, each AI business actor repeatedly analyze s the environments and risks based on changes in the external 26 For reference, the appendix provides a detailed explanation for practicing AI governance based on "Governance Guidelines for Implementation of AI Principles ver. 1.1" by the Ministry of Economy, Trade and Industry, as well as action goals, which are specific activities that each AI business actor works on, and virtual "practice cases" that assume each AI business actor. 27 As AI governance goals, some AI business actors might establish an action policy (the name may vary with the AI bu siness actor, for example, "AI policy") that consists of action items for the common guiding principles described in the Guidelines, whereas some AI business actors might establish an action policy that includes other elements in addition to action items f or the common guiding principles (data use policy, for example). Guiding principles can also be provided to increase benefits. For example, inclusion may be improved through effective use of AI. The naming is left to each AI business actor's discretion as well. 26 environment, including those in the social system, such as regulations, and review the goals as necessary. Figure 6. Basic model of agile governance Furthermore, when studying AI governance, it is important to keep in mind the value chain and pay close attention to the following points.  Secure the cooperation among AI business actors from the viewpoints of value chain and risk chain.  Example of issues among multiple AI business actors: Understanding of AI risks, improvement of quality, creation of new values through interconnections among AI systems and services (System of Systems), development of literacy of AI business users or non-business users, and so on.  Example of points necessary to be organi zed among AI business actors: Contracts concerning rights to training and using data and generated AI models.  Clarify the risk chain including data distribution, conduct risk management activities suitable to each of the development, provision, and use sta ges, and build the AI governance regimes.  If the value and/or risk chains from AI development to service implementation are expected to span across multiple countries, understand how the international society is studying AI governance suitable for ensuring free distribution of data (Data Free Flow with Trust (DFFT)), and ensure interoperability (consisting of two aspects: "standard" and "interoperability between frameworks") that is based on that study. To make those activities effective, the management has a great responsibility, so it is important that the management exhibits leadership. It is important to think of the building of AI governance as prior investment with the aim of achieving sustainable growth and medium - and long-term expansion of each AI business actor, not to regard the building of AI governance as costs from the viewpoint of short-term pursuit of profit. Under such leadership, run the agile governance cycle shown above and fit AI governance into the strategy of each organization and the company system expecting the cycle to take hold in each organization as its culture. Goal setting Environment and risk analyses Evaluation System design Changes in external environment Operation Transparency and accountability for stakeholders (such as fairness) 27 Part 3 Matters Related to AI Developers AI developers can directly design and modify AI models, so they significantly affect the output from AI as for overall AI systems and services. The society also expects them to drive innovation, so they have significant impact on the society. Therefore, it is important for AI developers to study in advance as much as possible the impacts that the AI they develop may pose when it is provided or used and take necessary measures against the impacts. When developing AI, excessively focusing on accuracy may cause privacy or fairness to be compromised, or excessively focusing on privacy may cause transparency to be compromised. Thus, there may be conflict between different risks or from an ethical viewpoint. In such cases, it is important that the AI developers appropriately makes decisions or corrections based on its business risks and social impacts. When an unexpected incident occurs in an AI system, any party in the AI value chain may be required to explain that incident. Bearing this in mind, it is important for AI developers to leave records that help them reasonably explain how they were involved in the AI system. The matters important for AI developers are shown below.  During data preprocessing and training  D-2) i. Proper data training  Properly collect training data through privacy -by-design, etc., and if it contains third-parties' personal data, data requiring attention to intellectual property rights, etc., ensure that such data is properly handled in compliance with laws and regulations throughout the lifecycle of AI ("2) Safety," "4) Privacy protection," "5) Ensuring security").  Implement proper protective measures before and across training by, for example, considering the deployment of any data management and restriction function that controls access to data ("2) Safety," "5) Ensuring security").  D-3) i. Consideration for bias in data  Take reasonable measures to control the quality of the data, noting that depending on the learning process of training data and AI models, there may be biases (including potential biases that do not appear in the training data) ("3) Fairness").  Based on the fact that biases cannot be completely eliminated from the process of training data, make sure AI models are trained with properly represented data sets and check AI systems assume no bias ("3) Fairness").  When developing AI  D-2) ii. Development that takes into consideration the lives, bodies, properties and minds of humans and the environment  Set clear policy/guidance about safe use of AI to avoid danger incurred unexpected service/use of AI by developers ("2) Safety"):  Requirements for not only the performance under use conditions expected under various circumstances but also the performance achievable under the use in an unexpected environment  Requirements for methods for minimizing risks (loss of control of a linked robot, inappropriate output, etc.) (guardrail technologies, etc.)  D-2) iii. Development contributing to proper use (of AI)  Establish clear policies and guidance on how AI can be used safely in order to avoid unexpected harm caused by the provision or use of AI ("2) Safety"). 28  When giving a post-training to a pre-trained AI model, select a proper pre-trained AI model (whether a license for the commercial use is granted, pre-training data, specs required for the training and execution, and so on) ("2) Safety").  D-3) ii. Consideration for bias in algorithms, etc., of AI models  Consider the possibility that bias can be included by each technical element that makes up the AI model (prompts entered by AI business users or non-business users, reference information and collaborating external services used by AI models for inference, etc.) ("3) Fairness")  Make sure AI models are trained with properly represented data sets and AI systems assume no bias based on the fact that bias cannot be completely eliminated from AI models ("3) Fairness")  D-5) i. Deployment of mechanisms for security measures  Throughout the development of an AI system, take security measures appropriately based on the characteristics of the adopted technologies (security by design) ( "5) Ensuring security").  D-6 ) i. Ensuring verifiability  Note that the prediction performance and output quality of AI may significantly change or may fail to attain the expected precision after the use of AI is started. Preserve work records for follow -up verification and take measures to maintain and improve the AI quality ("2) Safety," "6) Transparency").  After developing AI  D-5) ii. Consideration for the latest trends  New attack methods to AI systems are increasing on a daily basis. In order to address those risks, considerations to be noted in each step of development should be identified 28 ("5) Ensuring security").  D-6) ii. Providing relevant stakeholders with information  Provide information to relevant stakeholders in a timely manner (including cases where you provide the information via AI providers) about the AI systems that you develop ("6) Transparency"). This information may include, for example, the items listed below:  Possibility of changes in output or programs due to learning by AI systems ("1) Human-centric")  Information on safety, including technical characteristics of AI systems, mechanisms for ensuring safety, foreseeable risks that may arise as a result of using the AI system, and remedies against them ("2) Safety")  The expected scope of use set by AI developers in which the AI can be safely used in order to prevent harm by AI provision or use unexpected during development ("2) Safety")  Information on the operational status of AI systems, causes of failures, and status of actions against them ("2) Safety")  Details of an update for AI, if any, and information on reasons for the update ("2) Safety")  Policies on collecting data learned by AI models, how AI models learn the data, and the system for implementing the learning ("3) Fairness," "4) Privacy protection," "5) Ensuring security") 28 You can collect information via "Promotion of AI" of IPA , etc. (Japanese Only) https://www.ipa.go.jp/digital/ai/index.html 29  D-7) i. Explanation to AI providers of conformity to common guiding principles  Explain to AI providers that the prediction performance or output quality of AI may significantly change or may fail to attain the expected precision after AI starts to be used and that risks may arise as a result of this characteristic. Provide AI providers with relevant information as well. Specifically, communicate the following items ("7) Accountability"):  Measures against bias that technologic al elements forming AI models may introduce. Those elements may include training data, AI model training process, prompts assumed to be entered by AI business users or non-business users, and reference information and collaborating external services used by AI models for inference ("3. Fairness").  D-7) ii. Documentation of development-related information  In order to improve traceability and transparency, prepare documents on your AI system development processes, data collection and labeling affecting deci sion- makings, algorithms you have used, and the like, as far as possible in a form that third parties can use to validate the documents ("7) Accountability"). (Note) This does not require to disclose all the documents prepared. The matters at which AI developers are expected to make efforts are listed below:  D-10) i. Contribution to creation of opportunities for innovation  It is expected to implement the following items as far as possible and contribute to the creation of innovation opportunities ("10) Innovation"):  Research and develop quality, reliability, and development methodologies, and the like for AI.  Contribute to the maintenance of the sustainable economic growth and the provision of solutions for social challenges.  Promote internationalizatio n, diversification, and collaboration among industry, academia, and government sectors, including watching trends in international arguments, such as DFFT , and joining AI developer communities and academic societies.  Provide all of society with information about AI. 30 Additional matters described in "Hiroshima Process International Code of Conduct for Organizations Developing Advanced AI Systems" In addition to the matters mentioned above, AI developers who develop advanced AI systems should comply with "D. Common Guiding Principles for AI business actors involved in advanced AI systems" in Part 2 and the "Hiroshima Process International Code of Conduct for Organizations Developing Advanced AI Systems."29 The following descriptions show the matters additionally described in the "Code of Conduct" in comparison with "D. Common Guiding Principles for AI business actors involved in advanced AI systems" in Part 2. For the whole contents of the "Code of Conduct," refer to "Appendix 3. C. Matters to be observed in developing advanced AI systems." I. Take appropriate measures throughout the development of advanced AI systems, including prior to and throughout their deployment and placement on the market, to identify, evaluate, and mitigate risks across the AI lifecycle.  Document measures for risk mitigation and update them regularly. In addition, each AI business actor should evaluate and adopt mitigation measures against these risks in cooperation with relevant parties from across sectors. II. Identify and mitigate vulnerabilities, and, where appropriate, incidents and patterns of misuse, after deployment including placement on the market.  Encourage consideration of incentives to disclose vulnerabilities through reward systems, contests, prizes, etc. III. Publicly report advanced AI systems’ capabilities, limitations and domains of appropriate and inappropriate use, to support ensuring sufficient transparency, thereby contributing to increase accountability.  In addition to the Transparency Report, the Instructions for Use and related technical documents should be kept up to date. IV. Work towards responsible information sharing and reporting of incidents among organizations developing advanced AI systems including with industry, governments, civil society, and academia.  Develop and promote shared standards and mechanisms to ensure the safety and security of AI systems. In addition, appropriate documentation and cooperation with other AI business actors, sharing of relevant information and reporting to social should be conducted throughout the AI lifecycle. V. Develop, implement and disclose AI governance and risk management policies, grounded in a risk-based approach – including privacy policies, and mitigation measures, in particular for organizations developing advanced AI systems.  If possible, the AI Governance Policy should be developed, implemented, disclosed and regularly updated to identify, evaluate, prevent and address AI risks throughout the entire AI lifecycle. In addition, an education policy should be established for business staff, etc. VI. Invest in and implement robust security controls, including physical security, cybersecurity and insider threat safeguards across the AI lifecycle.  Assess the cyber security risks of advanced AI systems and require the storage of work and documents in an appropriate and secure environment. Measures to deal with unauthorized disclosure of risks, and the establishment of robust internal threat detection programs that are consistent with the protection of intellectual property and corporate secrets. 29 The "Hiroshima Process International Code of Conduct for Organizations Developing Advanced AI Systems" (October 2023) which was endorsed by the G7 Leaders' Statement on the Hiroshima AI Process. Note that this document is a living document compiled based on the existing OECD AI Principles in accordance with the trends in advanced AI systems. https://www.mofa.go.jp/mofaj/files/100573472.pdf 31 VII. Develop and deploy reliable content authentication and provenance mechanisms, where technically feasible, such as watermarking or other techniques to enable users to identify AI-generated content.  In addition to using watermarks and identifiers, each AI business actor should cooperate and invest in research to advance the context in this area. VIII. Prioritize research to mitigate societal, safety and security risks and prioritize investment in effective mitigation measures.  Research and cooperate preferentially to handle risks, such as maintaining democratic values, respecting human rights, and protecting children and vulnerable populations. In addition, it is preferred to manage risks actively, including environmental and climate impacts, and to share risk research and best practices. IX. Prioritize the development of advanced AI systems to address the world’s greatest challenges, notably but not limited to the climate crisis, global health and education.  Support digital literacy initiatives that enable individuals and local communities to benefit from the use of AI and promote education and training for the public. Also develop solutions and identify issues with the public community and community groups. X. Advance the development of and, where appropriate, adoption of international technical standards  In addition to the development of international technology standards, the development of technology standards that can distinguish between AI-generated content and other content should be done. XI. Implement appropriate data input measures and protections for personal data and intellectual property.  As appropriate measures for managing the quality of data, implement machine learning for transparency and privacy protection and countermeasure including testing and fine tuning of leaks of sensitive data, and the introduce appropriate safeguards to honor rights related to privacy and intellectual property, including copyright -protected content. 32 Part 4 Matters Related to AI Providers AI providers are responsible for adding value to AI systems that AI developers develop and providing AI business users with AI systems and services. AI providers let AI gain popularity and expand within the society and significantly contribute to the growth of society and the economy. They have a considerable impact on society, so it is important that they provide AI systems and services on the precondition that AI is used properly. Therefore, in addition to examining whether the AI to be incorporated into an AI system or service is s uited to the system or service, it is important to conduct the appropriate change management, configuration management, and service maintenance works taking into account that the expectations for AI might change in accordance with changes in the business strategy or social environment. It is important to implement AI systems and services within the expected scope of use set by AI developers, maintain proper operation and use of the systems or services, and request AI developers to properly develop AI systems. It is important to provide AI business users with the AI service while providing and supporting the operation of the AI system or while operating the AI system. Upon provision, AI providers are expected to pay attention to prevent violations of stakeholders' rights and the occurrence of social drawbacks, etc., and share information of incidents and the like within reasonable extent to provide safer , more secure and reliable AI systems and services. The matters important for AI providers are shown below.  When implementing an AI system  P-2) i. Actions against risks that consider the lives, bodies, properties, and minds of human and the environment  Take measures that prevent AI from causing any harm on the lives, bodies, properties, and minds of stakeholders including AI business users, and the environment. The measures involve ensuring proper performances under usage conditions expected at the time of provision, enabling the AI system to maintain those performances in various situations, and minimizing (by guardrail technology or the like) risks caused by, for example, an uncontrollable robot linking to AI or improper output ("2) Safety").  P-2) ii. Provision contributing to proper use (of AI)  Establish correct considerations to note for using AI systems and services ("2) Safety").  Use AI within the expected scope of use set by AI developers ("2) Safety").  Guarantee the accuracy of AI systems/services and recency as necessary (appropriateness of data) of training data at the time of its provision ("2) Safety").  Examine how AI usage environments of the users of the AI system or service differ from those that AI developers expect ("2) Safety").  P-3) i. Consideration for bias in configurations and data of AI systems and services  Guarantee fairness of data at the time of its provision and examine bias contained in referenced information and collaborating external services ("3) Fairness").  Regularly evaluate inputs/outputs of AI models and rationales of decisions made by AI models to monitor for any bias generated. As necessary, encourage AI developers to re-evaluate the bias generated by each technical element forming AI models and promote the improvement of AI models based on the re-evaluation results ("3) Fairness").  Examine the possibility where bias may be introduced that arbitrarily restricts business processes and decisions made by AI business users, or non-business users on AI systems, services, or user interfaces receiving AI output results ("3) Fairness"). 33  P-4) i. Deployment of mechanisms and measures for protecting privacy  Throughout the implementation of an AI system, take privacy protection measures by, for example, introducing a mechanism that appropriately manages and restricts access to personal data based on the characteristics of the adop ted technologies (privacy by design) ("4) Privacy protection").  P-5) i. Deployment of mechanisms for security measures  Throughout the provision of an AI system or AI service, take security measures appropriately based on the characteristics of the adopted technologies (security by design) ("5) Ensuring security").  P-6) i. Documentation of system architectures and the like  In order to improve traceability and transparency, prepare documents describing the system architecture and data processing of the provided AI system or service that influences the decision-making ("6) Transparency").  After an AI system or service starts to be provided  P-2) ii. Provision contributing to proper use (of AI)  Periodically verify whether the AI system or service is used for proper purposes ("2) Safety").  P-4) ii. Countermeasures against privacy violation  Properly collect necessary information concerning privacy protections on AI systems/services and discuss protection strategy when its violation is recognized to avoid repeated occurrence. ("4) Privacy protection").  P-5) ii. Handling of vulnerabilities  There are many new attack methods targeting AI systems and services, so identify trends in the latest risks and matters requiring attention in each provision step. And, discuss to deal with vulnerabilities ("5) Ensuring security").  P-6) ii. Providing relevant stakeholders with information  Provide information on the AI system or service to be provided (for example, the items listed below) in a timely and appropriate manne r so that it can be easily understood and accessed ("6) Transparency").  Fact that AI is used, appropriate/inappropriate use methods, etc. ("6) Transparency").  Information on safety, including technical characteristics of the AI systems and services provided, foreseeable risks that may arise as a result of using the AI systems and services, and remedies against them ("2) Safety").  Possibility of changes in output or programs due to learning by the AI systems and services ("1) Human-centric").  Information on the operational status of the AI systems and services, causes of failures, status of actions against them, incidents, etc. ("2) Safety").  Details of an update of the AI system, if any, and information on reasons for the update ("2) Safety").  Policies on collecting data learned by AI models, how AI models learn the data, and the system for implementing the learning ("3) Fairness," "4) Privacy protection," "5) Ensuring security").  P-7) i. Explanation to AI business users of conformity to common guiding principles 34  Encourage AI business users to use AI properly and provide them with the following information ("7) Accountability"):  Call attention to the use of data for which accuracy, and recency as necessary (appropriateness of data), are guaranteed ("2) Safety").  Call attention to the learning of inappropriate AI models during in- context learning ("2) Safety").  Precautions for when inputting personal data ("4) Privacy protection").  Call attention to inappropriate input of personal data into the AI systems and services to be provided ("4) Privacy protection"). P-7) ii. Documentation of service agreements or the like  Compile service agreements for AI business users or non-business users ("7) Accountability").  Present privacy policies ("7) Accountability"). Incidentally, AI providers who handle advanced AI systems should comply with "D. Common Guiding Principles for AI business actors involved in advanced AI systems" in Part 2 as follows:  I) to XI): Comply with them within the appropriate scope.  XII): Comply with it. 35 Part 5 Matters Related to AI Business Users AI providers provide AI business users with safe, secure, and reliable AI systems and services. It is important that AI business users always use the AI systems and services properly within the scope of use set by the AI providers and, as necessary, operate the AI systems. By doing so, AI business users can derive the maximum benefits from the innovation enabled by AI, including greater business effectiveness, productivity, and creativity. In addition , human intervention allows human dignity and autonomy to be conserved, helping to prevent unexpected incidents. If AI business users are requested to explain the abilities or output results of AI by the society or stakeholders, do so to gain their acceptance by obtaining the support of AI providers. It is also expected to learn the necessary insights to use AI more effectively. The matters important for AI business users are shown below.  When using AI systems and services  U-2) i. Proper use (of AI) that considers safety  Conform to instructions for use specified by AI providers, and use AI systems and services within the expected scope of use set by AI providers during the design process ("2) Safety").  Input data for which accuracy, and recency as necessary (appropriateness of data), are guaranteed ("2) Safety").  Understand the degrees of precision and risks of AI output and use AI output after confirming various risk factors ("2) Safety").  U-3) i. Consideration for bias in input data or prompt  Input data for which fairness is guaranteed to avoid significant lack of fairness, pay attention to bias in prompts, and be responsible for determining whether to use AI output results for business ("3) Fairness").  U-4) i. Countermeasures against inappropriate inpu t of personal data and privacy violation  Refrain from improperly inputting personal data to AI systems and services ("4) Privacy protection").  Collect information on privacy violation in AI systems and services properly and take the necessary steps to prevent violations ("4) Privacy protection").  U-5) i. Implementation of security measures  Conform to instructions for security specified by AI providers ("5) Ensuring security").  Pay attention not to improperly input secured information into AI systems/services ("5) Ensuring security").  U-6) i. Providing relevant stakeholders with information  Input data for which fairness is guaranteed to avoid significant lack of fairness, and pay attention to bias in prompts when obtaining the output result from the AI system or service. When using the output result for business decision- making, inform the relevant stakeholders about the result ("3) Fairness," "6) Transparency").  U-7) i. Explanation to relevant stakeholders  Provide information, including instructions for proper use, in a plain and accessible manner to the reasonable extent according to the nature of the relevant stakeholders ("7) Accountability"). 36  If planning to use data provided by relevant stakeholders, let the stakeholders know in advance how to provide the data and its formats based on the characteristics and use purposes of AI, contact points with the relevant stakeholders as data providers, privacy policies, and the like ("7) Accountability").  If intending to use the AI output result as a reference for an evaluation of a specific individual or group, notify the specific individual or group to be evaluated about the use of AI, follow procedures for guaranteeing the accuracy, fairness, transparency, etc., of the output result as recommended by th e Guidelines, and make a reasonable judgment by humans taking into account automation bias. If the individual or group evaluated demands you to give an explanation, fulfill your accountability by accepting the demand ("1) Human-centric," "6) Transparency," "7) Accountability").  In accordance with the characteristics of the AI systems and services to be used, set up a help desk, at the reasonable level, that handles inquiries from relevant stakeholders to give explanations and receive requests in cooperation with the AI providers ("7) Accountability").  U-7) ii. Effective use of provided documents and conformity to agreements  Properly store and use the documents about the AI systems and services provided by the AI providers ("7) Accountability").  Conform to the service agreements specified by the AI providers ("7) Accountability"). Incidentally, AI business users who handle advanced AI systems should comply with "D. Common Guiding Principles for AI business actors involved in advanced AI systems" in Part 2 as follows:  I) to XI): Comply with them within the appropriate scope.  XII): Comply with it.