The Hiroshima AI Process started as a frontier-lab instrument. That scope is changing.
According to initial reporting, the OECD has released an updated version of the Hiroshima AI Process (HAIP) voluntary reporting framework, a mechanism that allows organizations to publicly report their alignment with the G7 Hiroshima Process International Code of Conduct for Organisations Developing Advanced AI Systems. The update reportedly streamlines participation to encourage uptake beyond the hyperscalers that dominated the first reporting cycle.
The framework’s design intent, as documented on OECD.AI, is broad: it’s open to organizations “across the AI value chain, including developers, deployers, and providers of advanced AI systems.” That language has always been in the framework. What the reported update signals is a deliberate push to make that inclusivity operational, not just a stated goal. The Brookings Institution, which assessed the first reporting cycle, noted the HAIP framework’s role in giving organizations a structured mechanism to report on Code of Conduct alignment.
Analysis
Voluntary frameworks routinely precede regulatory requirements by 18–36 months in the EU governance cycle. HAIP's expansion to deployers and SMEs follows the same pattern as the Hiroshima Code's influence on GPAI provisions in the EU AI Act, organizations that treat this as a frontier concern only are likely to be caught flat-footed when the next regulatory cycle references it as baseline.
The version number and precise launch date haven’t been confirmed by a directly accessible source, so treat the “updated framework” framing as reported, not definitively verified. The event context, reportedly a Tech7 gathering on the margins of the G7 Digital and Tech Ministerial Meeting in Paris, is similarly unconfirmed from primary sources. The OECD’s own announcement confirms the framework’s existence and governance role but doesn’t specify version numbering in available excerpts.
Why does this matter to compliance teams outside the frontier lab tier? Because voluntary frameworks have a way of becoming baseline expectations. The EU AI Act’s GPAI provisions drew heavily on the Hiroshima Code’s structure. NIST’s AI RMF governance profiles map to similar principles. When the OECD explicitly signals that deployers and SMEs should be participating in this reporting cycle, not just the Anthropics and OpenAIs of the world, it’s previewing where the governance floor is heading. Organizations that haven’t looked at the Hiroshima Code because they assumed it was a frontier concern should revisit that assumption.
The catch is that “voluntary” still means voluntary. There’s no enforcement mechanism, no penalty structure, and no mandatory disclosure timeline attached to HAIP participation. The framework’s leverage comes from reputational signaling and from its influence on future regulatory drafting, not from direct compliance obligations today.
Definition
What to watch
whether the reported update includes a simplified reporting template or tiered participation structure for smaller organizations, that would be the operational proof of the SME inclusion intent. Also watch whether G7 member governments reference HAIP participation in their domestic AI governance guidance, which would begin converting voluntary signaling into soft-mandatory expectation.
The real question is whether this update moves the needle for mid-market AI deployers. The Hiroshima framework’s first cycle saw participation concentrated among large developers. If the updated design genuinely lowers the documentation burden for smaller organizations, it could become the entry-level governance credential for deployers operating in G7 markets, the kind of baseline that procurement teams and enterprise customers start asking about before any regulator requires it.