Three instruments. Ninety days. One jurisdiction most AI compliance programs hadn’t flagged as a priority.
Japan’s AI governance trajectory has shifted faster than most practitioners anticipated. The country spent years as a counterexample to EU and US regulatory pressure, a major economy that published guidelines, encouraged industry self-governance, and explicitly avoided the statutory mandates that compliance teams in Brussels and Washington were building programs around. That era ended. What replaced it isn’t a copy of the EU AI Act or a US executive order. It’s something distinctly Japanese: layered, structured, transparency-oriented, and built on a comply-or-explain logic that shifts enforcement burden without creating a traditional penalty regime.
Understanding what happened, and what it means for organizations operating in or training on Japanese data, requires looking at all three instruments together, not in isolation.
Instrument One: The AI Strategy Council and the Basic AI Plan
Japan activated its AI Strategy Council under the Basic AI Plan in early 2026, as covered in the hub’s prior brief on the end of Japan’s soft-law era. The Council’s function is coordination and oversight, it sits at the center of Japan’s AI governance architecture, responsible for cross-ministry alignment and for translating the Basic AI Plan’s ambitions into operational policy.
The Basic AI Plan itself doesn’t impose compliance obligations on private companies in the way that EU AI Act provisions do. It’s a strategic framework. But it established the institutional machinery that subsequent instruments are now filling with substance.
Instrument Two: Privacy Rule Revisions for AI Training Data
Japan’s revised approach to privacy rules for AI training data, also covered in a prior hub brief, created a two-directional change: it loosened some restrictions on using personal data for AI training while adding profit-clawback penalties for intentional violations. The practical effect was clarification, developers operating in Japan got guidance on what’s permissible for training data collection, but also a clearer liability exposure for deliberate misuse.
That combination, more freedom, more consequence for abuse, fits the Japanese regulatory tradition of enabling innovation while building in accountability structures that don’t require continuous regulatory surveillance.
Instrument Three: The Draft AI IP Code
Released on April 26, 2026, by Japan’s Intellectual Property Strategy Headquarters, the draft AI IP Code is the most operationally demanding of the three instruments for AI developers. According to analysis from the Center for Data Innovation, the draft would require companies to maintain granular records of training data types and sources, distinguishing between public, private, and synthetic data, and to document crawler activity. It would also require annual compliance statements under a “comply or explain” enforcement model: firms that can’t meet disclosure requirements must publicly account for their non-compliance status.
The primary source, the official draft from Japan’s IP Strategy Headquarters, hasn’t been confirmed via direct access. All requirements described here are drawn from secondary analysis. They’re proposed, not enacted. But the direction is unambiguous.
The Feasibility Problem at the Center of the IP Code
The draft’s most contested element isn’t the disclosure requirement itself. It’s what the disclosure requires practitioners to demonstrate. According to legal analysis from White & Case, requirements to identify training data “similar” to specific model outputs may be technically infeasible for large frontier models at current capability levels.
This is a genuine architectural problem, not a compliance inconvenience. Developers who’ve trained on billions of documents across years of crawling activity can’t readily reconstruct which specific inputs correspond to any given output. The model doesn’t store that mapping, the training process is a transformation, not an index. Requirements built on the assumption that developers can retrieve training-output correspondences on demand are requirements built on an inaccurate model of how these systems work.
That feasibility gap creates a compliance risk even for companies acting in good faith. If the IP Code is adopted as drafted, organizations that can demonstrate reasonable training data governance practices may still face “explain” status simply because the technical disclosure is impossible, not because they’ve done anything wrong.
Japan’s Expert Investigation Team, expected to convene in Q3 2026, will define thresholds for “high-impact” AI models, the category that triggers the code’s full obligations. Until those thresholds are set, developers can’t determine whether their systems fall within scope. That uncertainty is itself a planning constraint.
How Japan Now Compares to the EU and US
The three-instrument picture puts Japan in a distinct position in the global AI governance landscape.
The EU AI Act addresses training data transparency primarily through its general-purpose AI (GPAI) provisions, requiring providers of GPAI models to maintain and publish summaries of training data used for pre-training. The EU’s approach is detailed, legally binding once enacted, and backed by administrative fines. Japan’s draft IP Code is transparency-oriented but relies on reputational enforcement rather than financial penalties.
The US has no federal training data disclosure requirement. The America’s AI Action Plan and associated frameworks have emphasized voluntary commitments and existing legal principles rather than new mandates. The hub’s coverage of federal preemption efforts reflects the US approach: the federal government is more focused on preventing a patchwork of state requirements than on establishing new federal disclosure rules.
Japan now sits between these two poles. More structured than the US. Less financially punitive than the EU. But with a transparency mandate that, if adopted, creates real compliance obligations for organizations that have trained on Japanese content or operate models in Japan’s market.
What Compliance Teams Should Do Now
The draft status matters enormously. Nothing in the IP Code is currently in force. But the time between “draft released” and “final adoption” is exactly when compliance programs should be doing gap analysis, not waiting for the final text.
Three practical steps are worth taking now. First, audit your training data provenance documentation practices, specifically for Japanese-sourced content and crawler activity. If your current documentation wouldn’t support a disclosure statement, that gap exists regardless of whether Japan’s IP Code passes. Second, track the Q3 2026 Expert Investigation Team milestone. The “high-impact model” threshold definition will determine your scope exposure. Third, engage legal counsel with Japanese IP practice to monitor the draft’s progress and the official text, the secondary sources available now characterize the draft’s intent, but the enforceable obligations will be in the primary text.
Japan’s pivot isn’t complete. The IP Code is still a draft. The Basic AI Plan’s enforcement mechanisms remain limited. But the direction of travel is now clearly toward statutory obligation. Three instruments in 90 days is a pattern, not a coincidence.