Two Philosophies, One Technology
The world’s two largest AI regulatory experiments are running in opposite directions. The European Union’s AI Act imposes binding legal requirements with specific obligations, prohibited uses, conformity assessments, and penalties of up to EUR 35 million. Japan’s AI Promotion Act, approved by the Cabinet on February 28, 2025 and fully effective September 1, 2025, takes a fundamentally different approach: national objectives, coordination structures, guidance, cooperation, and sector-specific laws — but no comprehensive AI-specific mandates.
The contrast is deliberate. Japan explicitly aims to become the “world’s most AI-friendly country”, prioritizing innovation promotion while acknowledging the need for risk management. The EU prioritizes risk mitigation as its primary objective, with innovation support handled through separate policy initiatives.
For enterprises operating across both jurisdictions, this divergence creates both opportunities and compliance complexity. Understanding where the two frameworks converge and diverge is now essential for any company deploying AI globally.
Japan’s Soft Law Architecture
The AI Promotion Act establishes a framework that relies on what Japanese regulators call “agile governance” — the principle that in rapidly evolving fields like AI, rigid ex-ante regulations are likely to become obsolete quickly and may hinder innovation. Instead of heavy fines or rigid obligations, the law sets national objectives, creates coordination structures, and relies on guidance and voluntary business initiatives.
The enforcement mechanism is reputational rather than financial. Authorities can investigate potential concerns and publicly name non-compliant business operators — a “name and shame” model that leverages Japan’s corporate culture, where reputational damage often carries more weight than financial penalties. There are no mandatory AI-specific fines, no banned AI applications list, and no conformity assessment requirements comparable to the EU’s.
This does not mean Japan lacks AI governance. The country has built an extensive soft law infrastructure: the 2022 Governance Guidelines for Implementation of AI Principles, the 2024 AI Business Operator Guidelines, and the forthcoming Principles and Code on Generative AI, which completed public consultation in January 2026. These documents are non-binding but define what responsible AI use looks like, creating de facto standards that shape industry practice.
Advertisement
The AISI Evaluation Framework
The Japan AI Safety Institute (AISI) is the technical backbone of Japan’s approach. Rather than regulating AI outputs, AISI develops evaluation methodologies that enable organizations to assess their own AI systems against safety benchmarks.
AISI has published several key documents: the Guide to Red-Teaming Methodology on AI Safety (Version 1.10), the Guide to Evaluation Perspectives on AI Safety (Version 1.10), and the Data Quality Management Guidebook (Version 1.0, March 2025). These are not regulatory requirements — they are frameworks that organizations can use to demonstrate responsible AI practices.
The institute’s AI Safety Evaluation Environment provides evaluation tools and datasets designed to support automated red teaming, incorporating domain-specific requirements into test content. For high-risk applications, AISI’s work feeds directly into sector-specific regulators: healthcare AI is regulated as Software as a Medical Device (SaMD) by the PMDA, with AISI benchmarks informing clinical evaluation of diagnostic algorithms and surgical robotics.
Where Japan Aligns with the EU
Despite the philosophical divergence, the two frameworks converge on several points. Both recognize that high-risk AI applications require additional scrutiny. Both emphasize transparency in how AI systems use data and make decisions. And both align with international standards frameworks, including the Hiroshima AI Process — Japan’s G7 initiative on AI governance — and the OECD AI Principles.
The practical convergence matters for multinational companies. An AI system that complies with the EU AI Act’s requirements for high-risk applications will generally satisfy Japan’s non-binding expectations for similar systems. However, a system designed only for Japan’s lighter-touch requirements will likely fail EU compliance assessments.
Cross-Border Implications
For companies operating in both markets, Bird & Bird’s analysis highlights a practical reality: the EU AI Act sets the compliance floor for any company selling into the European market, regardless of where they are headquartered. Japan’s framework offers additional flexibility for domestic operations and Asia-Pacific deployments but cannot serve as a substitute for EU compliance.
The broader strategic question is whether Japan’s lighter-touch model will prove more effective at fostering AI innovation while maintaining adequate safety standards, or whether the lack of binding enforcement will create gaps that the EU’s prescriptive approach avoids. The answer will emerge over the next several years as both frameworks encounter real-world AI incidents, competitive pressures, and evolving technological capabilities.
For emerging economies developing their own AI regulatory frameworks, Japan’s approach offers an alternative template that may be more feasible to implement than the EU’s resource-intensive compliance infrastructure. The AISI’s open-source evaluation tools, available on GitHub, lower the barrier for countries building AI safety capacity from scratch.
Frequently Asked Questions
How does Japan’s AI Promotion Act differ from the EU AI Act?
Japan’s AI Promotion Act relies on non-binding guidelines, multi-stakeholder cooperation, and reputational enforcement (“name and shame”) rather than the EU’s binding mandates, conformity assessments, and financial penalties of up to EUR 35 million. Japan prioritizes innovation promotion and uses “agile governance” that can adapt quickly, while the EU prioritizes risk mitigation with prescriptive rules. Both frameworks align on international principles through the Hiroshima AI Process and OECD standards.
What tools does Japan’s AI Safety Institute provide?
AISI publishes the Guide to Red-Teaming Methodology on AI Safety, the Guide to Evaluation Perspectives on AI Safety, and the Data Quality Management Guidebook. It also provides an open-source AI Safety Evaluation Environment on GitHub with automated red teaming capabilities and domain-specific test content. These tools feed into sector-specific regulators like the PMDA for healthcare AI assessment.
Which AI regulatory model should developing countries follow — EU or Japan?
Japan’s lighter-touch model is generally more feasible for developing countries because it requires less institutional infrastructure, relies on existing sector-specific regulators, and provides open-source evaluation tools. However, companies wanting to sell AI products into the EU market must comply with the EU AI Act regardless. A practical approach is to adopt Japan’s evaluation frameworks domestically while building toward EU compliance for export-oriented AI products.
Sources & Further Reading
- Understanding Japan’s AI Promotion Act: An Innovation-First Blueprint — Future of Privacy Forum
- Japan’s New AI Act vs EU’s Comprehensive Risk Framework — Bird & Bird
- Japan AI Regulation: No Fines, No Bans, No Mandates — MailMate
- AISI AI Safety Evaluation Environment — GitHub
- Unpacking Japan’s AI Policy — CSIS
- AI Regulation in EU and Japan: Cross-Border Guide — So & Sato
🔗 Related Intelligence
The EU AI Act: The World’s First Major AI Law Is Now in Force
EU AI Act Enforcement Begins: How High-Risk Classification Changes Everything
The AI Liability Gap: Who Is Responsible When an AI System Harms Someone?
Governance-as-Code for AI Agents: Compliance and Security
