The machine-readable AI-governance catalog.
Welcome to the AI Governance Wiki — free to read, every claim cited to a primary source, machine-readable throughout.
The signature artefact
The coverage matrix →
45 instruments × 23 topics — search, filter, and click any cell for its cited verdict and provision excerpt.
From today's featured article — IN · binding regulation
India Digital Personal Data Protection Act + AI Advisory (MEITY)
India's primary AI-adjacent statute is the DPDPA + MEITY's binding AI advisories (Mar 2024 + Apr 2024 walked-back versions). No dedicated AI law yet; the proposed Digital India Act was paused 2024-2025. Affects 1.4B people — the single largest population under any AI-governance regime tracked…
Recent changes: retrieval-augmented-generation 2026-05-29 · in-context-learning 2026-05-29 · hallucination 2026-05-29 · full changelog →
About this catalog & why you can trust it
English-language articles only. Primary-source links point to original-language documents (Portuguese for Brazil, Chinese for China, Hindi for India, etc.). Translation partnerships on the roadmap. See methodology §11.
Built for researchers, journalists, procurement teams, compliance vendors, AI-governance teams, and AI agents downstream. We are also building an AGI Social Scientist research engine and an on-demand expert validation layer — both in active development; pages + scaffolding shipped, first commercial pilots in 2026. Paid services available on inquiry.
AI-assisted article prose is permitted under charter §7.9 (named-editor reviewed); some prose tiers are AI-authored + AI-reviewed without human review under §7.10 — all conspicuously provenance-labelled. Every claim cites a primary source. Permanent citations via ?asOf=YYYY-MM-DD.
Methodology · Funding · Public-Interest Charter · AI use disclosure · Editorial board
The Silence Index
The Silence Index — across 1035 matrix cells
68%
of the matrix is regulator silence — 700 of 1035 cells across 45 instruments × 23 topics have no governing provision.
- Most-silent topics
- Compute + Model-Weight Export Controls41/45
- AI in Education40/45
- Sovereign AI Doctrine40/45
Where regulators are silent20 topicsmost regimes don't address
Where regulators have left a gap. No incumbent canonical reference exists yet — the wiki entry can become the citable source for the field. Read these first if you're drafting policy where prior art is thin.
deepfakes
69% silent · 31/45Deepfakes / Synthetic Content
AI-generated content disclosure, watermarking, election integrity protections.
catastrophic_risk
51% silent · 23/45Catastrophic & Existential Risk
Governance of model capabilities that could cause mass casualties or civilisational-scale harms (CBRN uplift, autonomous replication, deceptive alignment). Distinct from EU AIA 'systemic risk' which targets market-scale rather than catastrophic-scale harms.
international_coordination
64% silent · 29/45International Coordination
The substantive governance work happening at, between, and around multilateral fora: treaty negotiations, AI Safety Institute network MoUs, forum-shifting between G7 / G20 / OECD / UN, regulatory arbitrage. Distinct from any specific instrument; this is the meta-domain of how governance moves.
synthetic_content_provenance
62% silent · 28/45Synthetic Content Provenance
Labelling, watermarking, and machine-readable provenance for AI-generated audio / video / text. Distinct from `deepfakes` (which centres on misuse harms) — this is the upstream infrastructure layer. EU AIA Art. 50, China GenAI Measures Art. 13 (mandatory tagging), NIST AI 600-1, G7 Hiroshima Code commitment 6, C2PA standard adoption.
development_rights_framing
76% silent · 34/45Development-Rights Framings
Governance approaches grounded in development-rights / digital-self-determination / Global-South-sovereignty arguments rather than EU/US risk-based framings. Loudest in Brazil, India, ASEAN, African Union policy discourse.
biometric_id
82% silent · 37/45Biometric Identification
Real-time and post-hoc biometric identification in public spaces.
criminal_justice
87% silent · 39/45AI in Criminal Justice
Predictive policing, risk assessment, sentencing assistance.
national_security_carveouts
73% silent · 33/45National Security Carveouts in AI Regulation
The recurring exclusion of military, intelligence, and national-security AI uses from civilian AI-governance instruments. EU AIA Art. 2(3) explicit exclusion; US EO 14110 §11 + NSM-10 separate track; CoE AI Convention Art. 3 carve-out; UK White Paper sectoral-regulator-only scope; India DPDPA state-security exemptions. China's approach is notable for treating state security as the central concern, not a carveout.
employment
82% silent · 37/45AI in Employment
Hiring, workplace monitoring, automated decisions in employment contexts.
education
89% silent · 40/45AI in Education
Automated grading, proctoring, student-data analytics.
sovereign_ai
89% silent · 40/45Sovereign AI Doctrine
Domestic-compute, export controls, jurisdiction-bound model deployment.
healthcare
84% silent · 38/45AI in Healthcare
Clinical decision support, medical devices, diagnostic AI.
training_data
56% silent · 25/45Training-Data Rights
Copyright, consent, text-and-data-mining exceptions.
tech_sovereignty
76% silent · 34/45Technological Sovereignty
National policies asserting domestic capability + decision-making over AI infrastructure: compute on shore, domestic foundation models, talent retention, export-control reciprocity. Specifically NOT 'sovereign AI' (which focuses on deployment restrictions) — sovereignty here is about productive capacity.
open_weight_release
73% silent · 33/45Open-Weight Frontier Release
Governance posture toward releasing frontier model weights publicly (Meta Llama, Mistral, DeepSeek vs. closed-weight Anthropic / OpenAI / DeepMind). EU AIA Recital 102 + Art. 53(2) carve-outs; CA SB-1047's failed framework; Meta Frontier AI Framework's explicit defence; emerging US export-control overlay.
compute_export_controls
91% silent · 41/45Compute + Model-Weight Export Controls
Restrictions on cross-border flow of frontier AI compute (GPUs, accelerators) and model weights. Distinct from `compute_reporting` (which is disclosure) — this is restriction of access by recipient. US BIS rules (Oct 2023 advanced computing, Jan 2025 outbound investment), EU dual-use Regulation 2021/821 overlay, China retaliatory measures + indigenisation push. Mostly outside traditional AI-governance instruments; carving its own track.
compute_reporting
64% silent · 29/45Compute-Threshold Reporting
Mandatory reporting based on training-compute or capability thresholds.
agentic_systems_governance
60% silent · 27/45Agentic AI Governance
Obligations specific to AI systems that take autonomous multi-step actions (browse, transact, plan, recurse). Distinct from foundation_models (capability) and catastrophic_risk (outcome) — this is the action-surface frame. Surfaces in EU AI Office GPAI Code drafts, UK AISI agent evaluations, Seoul Frontier AI Safety Commitments §3, NIST AI 600-1.
environmental_impact_of_training
73% silent · 33/45Environmental Impact of AI Training
Energy consumption, water usage, carbon emissions, and resource demands of large-model training + inference. EU AIA Recital 142 + Art. 95 voluntary codes; NIST AI 600-1 Environmental Impacts (named risk category); G7 Hiroshima Code §6 sustainable AI; emerging French ARCEP + Spanish AI Bill obligations; SDG-linked references in UN + AU + ASEAN frameworks.
ai_worker_displacement
80% silent · 36/45AI-Driven Worker Displacement
Governance of AI as cause of labour displacement, retraining obligations, transition support, and just-transition frames. Distinct from `employment` topic (which is AI-IN-employment-decisions — hiring algorithms, performance management). This topic is AI-AS-cause-of-displacement. Brazil PL 2338 explicit worker-rights provisions; OECD AI Principles 1.1 inclusive growth + AI Recommendation on workforce; US EO 14110 §6 workforce + future-of-work studies; Japan METI Principle 7 fair competition with workforce themes.
Browse all articles
Advanced search · Cross-instrument analysis · Compare instruments
23 topics · 45 instruments · 10 benchmarks · 32 concepts
Topics
Grouped by kind (capability / sector / procedural obligation / political frame / meta-domain) so each group answers a single type of governance question. Ranked by composite salience (editorial × external discourse × influence opportunity) within each group. Each article shows the full 45-instrument coverage matrix.
Capability classes(5)
foundation_models
Foundation Models / GPAI
Obligations specific to general-purpose / foundation models above certain capability thresholds.
deepfakes
Deepfakes / Synthetic Content
AI-generated content disclosure, watermarking, election integrity protections.
catastrophic_risk
Catastrophic & Existential Risk
Governance of model capabilities that could cause mass casualties or civilisational-scale harms (CBRN uplift, autonomous replication, deceptive alignment). Distinct from EU AIA 'systemic risk' which targets market-scale rather than catastrophic-scale harms.
biometric_id
Biometric Identification
Real-time and post-hoc biometric identification in public spaces.
agentic_systems_governance
Agentic AI Governance
Obligations specific to AI systems that take autonomous multi-step actions (browse, transact, plan, recurse). Distinct from foundation_models (capability) and catastrophic_risk (outcome) — this is the action-surface frame. Surfaces in EU AI Office GPAI Code drafts, UK AISI agent evaluations, Seoul Frontier AI Safety Commitments §3, NIST AI 600-1.
Sectoral applications(5)
criminal_justice
AI in Criminal Justice
Predictive policing, risk assessment, sentencing assistance.
employment
AI in Employment
Hiring, workplace monitoring, automated decisions in employment contexts.
education
AI in Education
Automated grading, proctoring, student-data analytics.
healthcare
AI in Healthcare
Clinical decision support, medical devices, diagnostic AI.
ai_worker_displacement
AI-Driven Worker Displacement
Governance of AI as cause of labour displacement, retraining obligations, transition support, and just-transition frames. Distinct from `employment` topic (which is AI-IN-employment-decisions — hiring algorithms, performance management). This topic is AI-AS-cause-of-displacement. Brazil PL 2338 explicit worker-rights provisions; OECD AI Principles 1.1 inclusive growth + AI Recommendation on workforce; US EO 14110 §6 workforce + future-of-work studies; Japan METI Principle 7 fair competition with workforce themes.
Procedural obligations(8)
transparency
Transparency Obligations
Disclosure of training data, model cards, system-card requirements.
synthetic_content_provenance
Synthetic Content Provenance
Labelling, watermarking, and machine-readable provenance for AI-generated audio / video / text. Distinct from `deepfakes` (which centres on misuse harms) — this is the upstream infrastructure layer. EU AIA Art. 50, China GenAI Measures Art. 13 (mandatory tagging), NIST AI 600-1, G7 Hiroshima Code commitment 6, C2PA standard adoption.
redress
Individual Redress
Right to explanation, appeal mechanisms, complaint channels.
training_data
Training-Data Rights
Copyright, consent, text-and-data-mining exceptions.
open_weight_release
Open-Weight Frontier Release
Governance posture toward releasing frontier model weights publicly (Meta Llama, Mistral, DeepSeek vs. closed-weight Anthropic / OpenAI / DeepMind). EU AIA Recital 102 + Art. 53(2) carve-outs; CA SB-1047's failed framework; Meta Frontier AI Framework's explicit defence; emerging US export-control overlay.
compute_export_controls
Compute + Model-Weight Export Controls
Restrictions on cross-border flow of frontier AI compute (GPUs, accelerators) and model weights. Distinct from `compute_reporting` (which is disclosure) — this is restriction of access by recipient. US BIS rules (Oct 2023 advanced computing, Jan 2025 outbound investment), EU dual-use Regulation 2021/821 overlay, China retaliatory measures + indigenisation push. Mostly outside traditional AI-governance instruments; carving its own track.
compute_reporting
Compute-Threshold Reporting
Mandatory reporting based on training-compute or capability thresholds.
environmental_impact_of_training
Environmental Impact of AI Training
Energy consumption, water usage, carbon emissions, and resource demands of large-model training + inference. EU AIA Recital 142 + Art. 95 voluntary codes; NIST AI 600-1 Environmental Impacts (named risk category); G7 Hiroshima Code §6 sustainable AI; emerging French ARCEP + Spanish AI Bill obligations; SDG-linked references in UN + AU + ASEAN frameworks.
Political frames(3)
development_rights_framing
Development-Rights Framings
Governance approaches grounded in development-rights / digital-self-determination / Global-South-sovereignty arguments rather than EU/US risk-based framings. Loudest in Brazil, India, ASEAN, African Union policy discourse.
sovereign_ai
Sovereign AI Doctrine
Domestic-compute, export controls, jurisdiction-bound model deployment.
tech_sovereignty
Technological Sovereignty
National policies asserting domestic capability + decision-making over AI infrastructure: compute on shore, domestic foundation models, talent retention, export-control reciprocity. Specifically NOT 'sovereign AI' (which focuses on deployment restrictions) — sovereignty here is about productive capacity.
Meta-domains(2)
international_coordination
International Coordination
The substantive governance work happening at, between, and around multilateral fora: treaty negotiations, AI Safety Institute network MoUs, forum-shifting between G7 / G20 / OECD / UN, regulatory arbitrage. Distinct from any specific instrument; this is the meta-domain of how governance moves.
national_security_carveouts
National Security Carveouts in AI Regulation
The recurring exclusion of military, intelligence, and national-security AI uses from civilian AI-governance instruments. EU AIA Art. 2(3) explicit exclusion; US EO 14110 §11 + NSM-10 separate track; CoE AI Convention Art. 3 carve-out; UK White Paper sectoral-regulator-only scope; India DPDPA state-security exemptions. China's approach is notable for treating state security as the central concern, not a carveout.
Instruments
45 instruments across 17 jurisdictions — obligations, peer comparison, citation-ready references.
European Union
- in force
EU-AIA-2024
EU AI Act
Risk-based framework. Prohibited practices (Art. 5) effective 2 February 2025; general-purpose AI obligations (Arts. 51-55) 2 August 2025; high-risk system obligations (Title III) 2 August 2026. Staggered 6/12/24-month application timeline from 1 August 2024 entry-into-force per Regulation (EU) 2024/1689 Art. 113.
- in force
EU-GDPR-2016
General Data Protection Regulation (GDPR)
Foundational EU personal-data protection regulation. Most-cited European instrument PW catalogues at the AI-governance boundary — every CNIL / Garante / AEPD / BfDI / DPC enforcement action against an AI system (Clearview, ChatGPT, Replika, automated-hiring complaints) invokes GDPR Arts. 5/6/9/22/35. Art. 22 (automated individual decision-making + profiling) is the load-bearing provision that interacts with EU AIA Art. 26(11) deployer use of AI-system output for decisions concerning natural persons. Art. 35 (DPIA) partially overlaps EU AIA Art. 27 FRIA; the EDPB is finalising a joint EDPB-AI-Office guideline on the AIA-FRIA / GDPR-DPIA interplay through 2026. Art. 9 (special-category processing) interacts with EU AIA Art. 5(1)(c)(d)(g) prohibitions on social scoring + emotion recognition in workplace + untargeted facial-image scraping. Enforced by national Data Protection Authorities; the European Data Protection Board (EDPB, formerly Art. 29 Working Party) coordinates one-stop-shop + Article 65 binding-decision procedures across DPAs. Currency (2026-06-21): GDPR remains in force and unamended; Regulation (EU) 2025/2518 (adopted 26 Nov 2025, OJ 12 Dec 2025, applies 2 April 2027) supplements it with harmonised cross-border enforcement procedural rules for DPAs/EDPB, and the Commission's Digital Omnibus (proposed 19 Nov 2025, in trilogue) would, if adopted ~mid-2026, amend Arts. 5(1)(b)/13/22, breach-reporting, and add new Art. 88c on ML-model training (EUR-Lex OJ:L_202502518).
- in force
EU-GPAI-COP-2025
EU General-Purpose AI Code of Practice
Operational bridge between EU AIA Arts. 53-55 (general-purpose AI obligations) and provider compliance. Art. 56(8) AIA gives adherent providers a presumption of compliance with the substantive obligations — distinct from industry self-pledges (Anthropic RSP, OpenAI Preparedness, DeepMind FSF) and from intergovernmental voluntary codes (Seoul, G7 Hiroshima). Chapter 1 (Transparency) operationalises Art. 53(1)(a)-(c) model documentation + training-data summary obligations; Chapter 2 (Copyright) operationalises Art. 53(1)(c) opt-out compliance + Art. 53(1)(d) text-and-data-mining respect; Chapter 3 (Safety & Security) operationalises Art. 55 systemic-risk-tier obligations including capability evaluations + serious-incident reporting + cybersecurity protections + model-weight access controls. AI Office monitors implementation; Article 65 binding-decision procedure routes cross-DPA disputes. Not a binding regulation in itself — providers may choose alternative means to demonstrate compliance — but the Code is the AI Office's canonical reference and the operational rulebook national-competent-authorities consult during inspections. Currency (2026-06-21): The European AI Office published the FINAL Code on 10 July 2025 (superseding the 'third draft' described above), endorsed by the Commission and AI Board as an adequate voluntary compliance tool; 23+ providers have signed (Anthropic, OpenAI, Google, Microsoft, Amazon, IBM, Mistral, Aleph Alpha), Meta declined, and xAI signed only the Safety & Security chapter — GPAI obligations apply from 2 Aug 2025 with Commission enforcement beginning 2 Aug 2026 (source: https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai).
- adopted not in force
EU-PLD-2024
Revised Product Liability Directive (Directive (EU) 2024/2853)
EU strict-liability regime for defective products, modernised for the digital age and explicitly extended to software and AI systems. Repeals and replaces the 1985 Product Liability Directive (85/374/EEC). Art. 4(1) redefines "product" to include "software" (and digital manufacturing files, electricity); Recital 13 confirms a "developer or producer of software, including AI system providers within the meaning of Regulation (EU) 2024/1689" is treated as a manufacturer, irrespective of delivery model (on-device, cloud, SaaS). Free and open-source software developed/supplied outside a commercial activity is excluded (Recital 14). The load-bearing topic is REDRESS: Art. 6 sets compensable damage (death/personal injury incl. medically recognised psychological harm; property; destruction/corruption of non-professional data), Art. 8 names liable economic operators (manufacturers, component makers, importers, authorised reps, fulfilment-service providers, certain distributors and online platforms), Art. 9 creates a court-ordered evidence-disclosure mechanism, and Art. 10 establishes rebuttable presumptions of defectiveness and of the causal link — including a presumption available where a claimant faces "excessive difficulties, in particular due to technical or scientific complexity" (Art. 10(4)), the provision most relevant to opaque AI systems. Art. 7(2)(c) makes the product's "ability to continue to learn or acquire new features after it is placed on the market" relevant to defectiveness; Art. 11(2) keeps manufacturers liable for defects introduced by software updates/upgrades within their control. Adopted 23 Oct 2024, in force 18 Nov 2024, but substantive liability rules apply only to products on the market after 9 Dec 2026 (Art. 2(1)), so status = adopted_not_in_force. Designed to interlock with the EU AI Act (Reg. (EU) 2024/1689): breach of AI Act obligations can feed the Art. 10 presumptions. (The separate proposed AI Liability Directive was withdrawn by the Commission in 2025; the PLD now carries the principal EU AI-liability load.) An ex-post liability instrument, deliberately silent on most ex-ante AI-governance topics (transparency mandates, biometrics, deepfakes, compute, sector-specific rules) — those are governed by the AI Act and sectoral law, not by this directive.
- in force
EU-PWD-2024
Directive (EU) 2024/2831 on improving working conditions in platform work
The EU Platform Work Directive ((EU) 2024/2831) was adopted on 23 October 2024, published in the Official Journal on 11 November 2024, and entered into force on 1 December 2024; Member States must transpose it into national law by 2 December 2026. It applies to digital labour platforms organising platform work performed in the Union regardless of where the platform is established. Its two pillars are (1) a rebuttable legal presumption of an employment relationship to correctly determine the employment status of platform workers, and (2) Chapter III rules on algorithmic management that apply to all persons performing platform work, including those without an employment contract. The algorithmic-management provisions restrict processing of certain personal data (Art. 7 prohibits processing of data on emotional or psychological state, private conversations including with worker representatives, biometric data to establish identity by one-to-many comparison against a database other than for authentication, and inference of protected characteristics / prediction of the exercise of fundamental rights or trade-union activity), require a data protection impact assessment (Art. 8), mandate transparency/information to workers and their representatives about automated monitoring and decision-making systems (Art. 9), require human oversight with competent staff able to override automated decisions and a biennial impact evaluation (Art. 10), and require human review and a right to explanation/contestation of significant decisions - including that decisions to restrict, suspend or terminate a person's account or contractual relationship may not be taken solely by automated decision-making systems (Art. 11). The Directive is a labour/data-protection instrument; it is not a general AI law and does not address foundation models, frontier-model compute, or national-security topics. Chapter III article numbering verified (Art. 7 data processing, Art. 8 DPIA, Art. 9 transparency, Art. 10 human oversight, Art. 11 human review) across the official Better Regulation document index, the consolidated EUR-Lex TEXT and analyses by CMS, LexisNexis, CXC, Freshfields and EU-OSHA; the EUR-Lex ELI permalink is the canonical official source and resolves (HTTP 202 anti-bot challenge), though its JS-rendered body could not be machine-extracted via fetch.
United States
- partial
US-EO-14110
Executive Order 14110 on Safe, Secure, Trustworthy AI
Rescinded by EO 14148 (Jan 20, 2025); EO 14179 (Jan 23) set the deregulatory posture. Some §4 reporting persists via Defense Production Act + BIS interim rule.
- in force
US-EO-14179
Executive Order 14179 — Removing Barriers to American Leadership in AI
Rescinds EO 14110's regulatory-burden provisions. Directs OMB / OSTP / NSC to remove barriers to AI development. Does NOT itself impose new substantive obligations — coverage is mostly silent. The DPA-grounded compute-reporting interim rule (BIS, Jan 2025) and Defense Production Act §708 reporting persist independently. iter-451 currency review: the order set in motion an implementation arc — 'Winning the Race: America's AI Action Plan' (Jul 23 2025) and follow-on actions on federal preemption of state AI law — though EO 14179's own text imposes no new obligations and remains in force.
- in force
NIST-AI-RMF
NIST AI Risk Management Framework
Voluntary. Four functions (Govern / Map / Measure / Manage). GenAI Profile (NIST AI 600-1) added 2024 for GPAI-specific guidance.
- in force
NIST-AI-RMF-GENAI
NIST AI RMF Generative AI Profile
Companion to NIST AI 100-1 covering GenAI-specific risks: CBRN information uplift, confabulation, data privacy, environmental impacts, harmful bias, dangerous information, IP misuse, obscene/abusive/violent content, information security, information integrity, human-AI configuration, value chain and component integration. Voluntary. Currency (2026-06-21): pursuant to America's AI Action Plan (Jul 2025), NIST is revising the AI RMF and its Profiles to remove references to misinformation, DEI, and climate change — directly implicating this Profile's harmful-bias and environmental-impacts risk categories; the Jul 2024 Profile remains the active version pending that revision.
- vetoed
CA-SB-1047
California SB-1047: Safe and Secure Innovation for Frontier AI Models Act
A frontier-model safety-protocol-and-audit bill, not a pre-deployment testing mandate. Passed both chambers (Assembly 28 Aug 2024, Senate concurrence 29 Aug 2024 — the adoptedDate here) and was vetoed by Gov. Newsom on 29 September 2024, so it never became law (status: vetoed; never adopted/enacted). Its core obligation would have required developers of a covered model to adopt a written safety and security protocol and submit a SELF-certified statement of compliance before deployment, taking 'reasonable care' to prevent critical harm; independent THIRD-PARTY audits would have begun only on 1 January 2026 — there was no pre-deployment third-party testing requirement. A 'covered model' was defined conjunctively (>10^26 operations AND >$100M training cost, or fine-tuning >$10M), not a disjunctive trigger. It drew a high-profile coalition — supporters incl. Bengio, Hinton, Musk, Hendrycks and Stuart Russell; opponents incl. Andrew Ng, Fei-Fei Li, Yann LeCun, Pelosi, Lofgren, Khanna, Andreessen Horowitz, Y Combinator and OpenAI. Cited in every 2024-2025 AI governance literature review as the most impactful US state intervention. Currency (2026-06-22): re-introduction did not revive SB 1047; instead author Sen. Wiener's pared-back successor SB 53 (Transparency in Frontier AI Act, tracked here as CA-SB-53) was signed by Gov. Newsom on 2025-09-29 — the first enforceable US state frontier-AI safety law, most provisions effective 2026-01-01.
- in force
ANTHROPIC-RSP-2024
Anthropic Responsible Scaling Policy (RSP) v2
First-mover industry safety framework. Introduces the AI Safety Level (ASL) capability-tier vocabulary subsequently adapted by OpenAI Preparedness + DeepMind FSF. v2 (Oct 2024) refines ASL-3/ASL-4 capability thresholds, mandates pre-deployment capability evaluations, and commits to a Frontier Red Team. Seoul Frontier AI Safety Commitments signatory; cited by name in EU AI Office GPAI Code of Practice drafts. NOTE (iter-314): the RSP is a versioned-evolving artefact; this row pins v2 (Oct 2024) as the load-bearing reference, but Anthropic publishes incremental updates on the policy page. Citers tracking specific ASL-4 threshold language should confirm against the current version on anthropic.com — the catalog re-pins on the next Coverage Games event. Currency (2026-06-21): superseded as a reference by RSP v3.x (current v3.3, 2026-05-26) — v3.0 (24 Feb 2026) was a comprehensive rewrite that replaced the binding ASL hard-limit with a Frontier Safety Roadmap of publicly-declared targets plus Risk Reports and independent external review, so the v2 (Oct 2024) ASL-threshold language this row pins is now two major versions out of date.
- in force
OPENAI-PREPAREDNESS-2023
OpenAI Preparedness Framework
Capability-tier risk evaluation regime with four categorical levels (Low / Medium / High / Critical) across four risk categories (cybersecurity, CBRN, persuasion, model autonomy). Pre-deployment evaluation against the framework gates release decisions; Safety Advisory Group + board-level Safety & Security Committee govern threshold determinations. Seoul Frontier AI Safety Commitments signatory. NOTE (iter-314): the Preparedness Framework is a versioned-evolving artefact; this row pins the originally-published Dec 2023 version, but OpenAI publishes updates on the safety/preparedness page. Citers tracking specific risk-category language or threshold definitions should confirm against the current published version — the catalog re-pins on the next Coverage Games event. Currency (2026-06-21): OpenAI published Preparedness Framework v2 (15 Apr 2025), superseding the Dec 2023 version this row pins — it collapsed the four capability levels (Low/Medium/High/Critical) to two gating thresholds (High/Critical), set three Tracked Categories (Biological and Chemical, Cybersecurity, AI Self-improvement), and moved persuasion out of the framework.
- in force
DEEPMIND-FSF-2024
Google DeepMind Frontier Safety Framework
Critical Capability Levels (CCL) regime spanning autonomy, biosecurity, cybersecurity, and persuasion domains. Distinct vocabulary from Anthropic ASL + OpenAI Preparedness — designed for cross-domain elicitation; each CCL triggers domain-specific mitigations including model-weight access controls + enhanced red-teaming. Seoul Frontier AI Safety Commitments signatory. Alphabet-published; effective across Google DeepMind frontier-model releases. NOTE (iter-314): the FSF is a versioned-evolving artefact; this row pins v1 (May 2024) as the load-bearing reference, but DeepMind publishes incremental updates on the deepmind.google blog. Citers tracking specific CCL definitions or mitigation requirements should confirm against the current published version — the catalog re-pins on the next Coverage Games event. Currency (2026-06-21): The catalog pins FSF v1 (May 2024), but DeepMind has since published v2.0 (4 Feb 2025), v3.0 (22 Sept 2025, adding a harmful-manipulation Critical Capability Level plus expanded misalignment and ML-R&D protocols), and v3.1 (17 Apr 2026, introducing Tracked Capability Levels); citers should confirm CCL definitions against the current version at deepmind.google/blog/strengthening-our-frontier-safety-framework/.
- in force
META-FRONTIER-2024
Meta Frontier AI Framework
Meta's open-weight-frontier governance posture. Categorises frontier models into 'high risk' + 'critical risk' tiers; the framework's distinctive feature is its explicit defence of open-weight release as a governance posture (vs. the closed-model stance of Anthropic / OpenAI / DeepMind). Pre-release threat modelling + post-release monitoring; commits to halt training if critical-risk threshold reached without mitigations. Seoul Frontier AI Safety Commitments signatory. Currency (2026-06-21): On 2026-04-08 Meta released the Advanced AI Scaling Framework v2.0, superseding/renaming the original Frontier AI Framework — it adds a 'Loss of Control' risk domain alongside Cybersecurity and Chemical & Biological, strengthens deployment-decision criteria, and introduces public Safety & Preparedness Reports (per ai.meta.com/blog/scaling-how-we-build-test-advanced-ai). Note: the framework was first published 2025-02-03 (not Feb 2024 as recorded).
- in force
WH-VOLUNTARY-2023
White House Voluntary AI Commitments
First broad-spectrum US industry commitments; precursor to EO 14110 §4.2(a) reporting + the Seoul Frontier AI Safety Commitments. 15 signatories across two tranches (Jul + Sep 2023): Anthropic, OpenAI, Google DeepMind, Microsoft, Meta, Inflection, Amazon (Jul); Adobe, Cohere, IBM, Nvidia, Palantir, Salesforce, Scale AI, Stability AI (Sep). Eight commitment areas: internal + external security testing, info sharing, cybersecurity investment, third-party vuln disclosure, watermarking, public reporting, prioritising research on societal risks, deploying AI to address societal challenges. Currency (2026-06-21): EO 14110 — the row's named downstream codification of these commitments — was rescinded by Trump's EO 14148 on 2025-01-20 (EO 14179, 2025-01-23, set the deregulatory posture), removing the associated federal reporting framework; the non-binding commitments were not themselves rescinded but their continuation is now at individual companies' discretion (signatory adherence has fragmented).
- in force
OMB-M-24-10
OMB Memorandum M-24-10 (Advancing Governance, Innovation, and Risk Management for Agency Use of AI)
Binding on covered federal agencies. Three pillars: (I) strengthen AI governance through agency Chief AI Officers + AI Governance Boards; (II) advance responsible AI innovation including authorized use, talent, and infrastructure; (III) manage risks from agency AI use with mandatory minimum practices for safety- and rights-impacting AI by December 1, 2024. Agencies must publicly inventory their AI uses annually (continuing the EO 13960 + EO 14110 inventory tradition) and report AI procurements quarterly. Attachment 1 sets the operative risk-management minimum practices (AI impact assessment, real-world performance testing, independent evaluation, ongoing monitoring, public notice + plain-language explanation, human oversight + opt-out for rights-impacting uses).
- in force
GSA-AI-GUIDE-2024
GSA Generative AI and Specialized Computing Infrastructure Acquisition Resource Guide
Procurement-focused operational guide accompanying OMB M-24-10 and the broader EO 14110 / EO 14179 federal-AI policy stack. Provides agencies with: (1) market intelligence on the governmentwide acquisition vehicles covering AI services (MAS IT and the Best-in-Class GWACs; the guide itself enumerates no dedicated AI SINs); (2) supplier due-diligence questions for responsible-AI requirements (bias-testing, transparency, evaluation, security); (3) supply-chain risk-management considerations including model-provenance and dependency disclosure; (4) requirements derivation guidance for safety- and rights-impacting AI per OMB M-24-10 Attachment 1. The guide is non-binding on its own but agencies typically incorporate its language into solicitation packages.
- in force
DOD-RAI-2022
DoD Responsible AI Strategy and Implementation Pathway
DoD-wide operational pathway implementing the five Ethical Principles for AI (Responsible, Equitable, Traceable, Reliable, Governable; adopted Feb 24, 2020). Six foundational tenets: (1) RAI Governance — clarifies roles between OUSD(R&E), OUSD(A&S), DoD CIO, CDAO; (2) Warfighter Trust — calibrated reliance, T&E, V&V; (3) AI Product and Acquisition Lifecycle — RAI integrated into requirements, contracting, sustainment; (4) Requirements Validation — JCIDS gating; (5) Responsible AI Ecosystem — supply chain, data sourcing, vendor disclosure; (6) AI Workforce — RAI training across acquisition workforce. The S&IP is paired with a DoD RAI Toolkit (CDAO-maintained) of templates + sample contract language. Distinct from DoDD 3000.09 (Autonomy in Weapon Systems) which governs LAWS-specific decisions and was separately updated Jan 2023.
- in force
FEDRAMP-AI-2024
FedRAMP AI Cloud Procurement Guidance
Operational PMO guidance for agencies acquiring AI / generative-AI cloud services within the existing FedRAMP authorisation framework. Key operational themes that recur across the published surface: (1) AI cloud services that process federal data require a FedRAMP ATO (Low / Moderate / High baseline) per the standard FedRAMP scope; (2) GenAI-specific control tailoring — agencies + JAB consider model-specific risks (training-data exposure, prompt-injection, output disclosure) when scoping the SSP + selecting NIST SP 800-53 control overlays; (3) cross-walk to OMB M-24-10 minimum practices for safety- + rights-impacting AI (M-24-10 since rescinded + replaced by OMB M-25-21, Apr. 2025); (4) supply-chain risk-management considerations for model + dataset provenance; (5) agency authorising-official discretion remains the operative gate — FedRAMP authorisation enables but does not by itself approve a specific AI use case (OMB governance applies separately; M-24-10 has since been rescinded + replaced by M-25-21). Editorial note: limited public detail on this row reflects the PMO's web-page-plus-memo distribution pattern; a consolidated GenAI baseline document is the natural next milestone and would refresh this row.
- in force
DFARS-252-204
DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting)
Defense-acquisition-specific information-security regulation. Core clauses: (1) DFARS 252.204-7012 (adopted 2015, current consolidated 2020) — requires contractors handling Covered Defense Information (CDI) on covered contractor information systems to implement NIST SP 800-171 r2 security controls + report cyber incidents to DoD within 72 hours; (2) DFARS 252.204-7019 / -7020 / -7021 (CMMC interim rule Nov 2020) — implements the Cybersecurity Maturity Model Certification framework requiring increasingly stringent third-party attestation of NIST 800-171 implementation by contract tier. AI relevance: (a) AI-system source code, model weights, training data, and architecture documentation produced or stored on contractor systems fall within CDI when the underlying contract is so designated; (b) cyber-incident reporting in 252.204-7012(c) applies equally to AI-system compromise events (training-data exfiltration, model-weight theft, prompt-injection-based credential exposure); (c) supply-chain risk-management linkages with FAR Part 4 Subpart 4.21 + the DoD RAI S&IP supply-chain tenet. Distinct from AI-specific DFARS clauses under consideration as part of DoD Acquisition Innovation initiatives — none of which have been finalised at the catalog-write date.
- in force
CA-SB-53
California SB-53: Transparency in Frontier Artificial Intelligence Act (TFAIA)
SB 53 (TFAIA), signed Sept. 29, 2025 (Chapter 138), is the first US state law expressly regulating 'frontier' AI; it succeeds the vetoed SB 1047 with a transparency-and-disclosure design rather than pre-deployment liability. It applies to 'frontier developers' training foundation models above a 10^26 FLOP compute threshold, with heightened duties on 'large frontier developers' (affiliate-group revenue > $500M): publish a frontier AI framework and pre-deployment transparency reports, report critical safety incidents to the Office of Emergency Services (15 days; 24 hours for imminent danger), and whistleblower protections. Core developer obligations took effect Jan. 1, 2026; CalOES annual reporting and the CalCompute consortium report are due Jan. 1, 2027. Enforced by the Attorney General with civil penalties up to $1,000,000 per violation.
- in force
CA-SB-243
California SB 243: Companion Chatbots
SB 243 ('Companion chatbots'), Chapter 677, Statutes of 2025, approved by the Governor and filed with the Secretary of State on October 13, 2025, adds Chapter 22.6 (§§ 22601–22606) to Division 8 of the California Business and Professions Code — the first US state statute to specifically regulate 'companion chatbots' (AI systems with a natural-language interface that provide adaptive, human-like responses meeting a user's social needs). Operators must give a clear, conspicuous notification that the chatbot is AI and not human where a reasonable person would be misled (§ 22602(a)), maintain a published self-harm/crisis-referral protocol (§ 22602(b)), and protect known minors (§ 22602(c): a default every-three-hours AI/break reminder and measures against sexually explicit content). Enforcement is a private right of action (§ 22605: injunctive relief, the greater of actual damages or $1,000 per violation, and attorney's fees) — a deployment/consumer-protection design distinct from the frontier-developer transparency statute SB 53 (TFAIA, ch. 138). Operator duties are operative Jan. 1, 2026; § 22603 annual reporting to the Office of Suicide Prevention begins July 1, 2027.
- adopted not in force
CA-SB-942
California SB 942: AI Transparency Act
SB 942 (the 'California AI Transparency Act'), Chapter 291, Statutes of 2024, adds §§ 22757–22757.4 to the California Business and Professions Code — a generative-AI provenance-and-disclosure law regulating 'covered providers' (a person that produces a publicly-accessible GenAI system with over 1,000,000 monthly visitors or users). Covered providers must: make available a free, public AI-detection tool (§ 22757.2(a)); offer users the option of a human-perceptible 'manifest' disclosure marking content as AI-generated (§ 22757.3(a)); and embed a machine-readable 'latent' disclosure in AI-generated image/video/audio content conveying provenance metadata — provider name, GenAI system name and version, creation/alteration time, and a unique identifier (§ 22757.3(b)). AB 853 (Chapter 674, Statutes of 2025) amended the act — most importantly DEFERRING the operative date from Jan. 1, 2026 to Aug. 2, 2026 — and added phased duties for 'large online platforms' and 'GenAI hosting platforms' that make model weights/source code available for download (§§ 22757.3.1–.3.2, operative Jan. 1, 2027) and 'capture device manufacturers' (§ 22757.3.3, operative Jan. 1, 2028). Enforcement is government-only: a $5,000-per-violation civil penalty in an action by the Attorney General, a city attorney, or a county counsel (§ 22757.4) — NO private right of action, distinct from SB 243's private action (§ 22605). Status adopted_not_in_force: enacted, but the covered-provider duties are not operative until Aug. 2, 2026.
- adopted not in force
NY-RAISE-2025
New York RAISE Act: Responsible AI Safety and Education Act
The RAISE (Responsible AI Safety and Education) Act, S6953-B/A6453-B, signed by Governor Hochul on December 19, 2025 and effective January 1, 2027, adds Article 44-B (§§ 1420-1425) to the New York General Business Law. It is the second US state frontier-model safety law and a direct peer to California's SB 53, built on a disclosure-and-incident-reporting design. It binds 'large developers' (§ 1420(9)) — those that have trained at least one 'frontier model' (§ 1420(6): a model trained using more than 10^26 computational operations at a compute cost above $100 million, or knowledge-distilled from one above $5 million) and have spent over $100 million in aggregate training compute. Before deploying a frontier model a large developer must implement and conspicuously publish (with appropriate redactions) a written safety and security protocol and transmit it to the Attorney General (§ 1421(1)); in the S6953-B floor text was barred from deploying a model that creates an unreasonable risk of 'critical harm' (§ 1421(2) — a prohibition STRUCK by the chapter amendment enacted Mar. 27, 2026; see below), with § 1420(7) defining critical harm as the death of or serious injury to 100 or more people, or at least $1 billion in damage, caused via chemical/biological/radiological/nuclear weapons or model conduct with no meaningful human intervention; and must disclose 'safety incidents' (§ 1420(13): autonomous model behaviour, theft of or unauthorized access to model weights, control failures) within 72 hours (§ 1421(4)). The Attorney General enforces. IMPORTANT — the version signed on December 19, 2025 was modified by chapter amendments and differs from the S6953-B floor text: post-signing analyses (DLA Piper, Carnegie Endowment, Morrison Foerster, Hunton) report that the floor text's whistleblower protection was struck, civil penalties were reduced to up to $1 million for a first violation and $3 million for subsequent violations (from $10M/$30M), and the effective date was set to January 1, 2027; that reconciling chapter amendment (S8828 / A9449, introduced January 2026) was signed by Governor Hochul on March 27, 2026; per post-enactment analyses (Morrison Foerster, Davis Wright Tremaine, Wiley) it REMOVED the § 1421(2) deployment prohibition — reorienting the Act to a transparency-and-reporting regime (mandatory published safety-and-security protocols plus 72-hour critical-safety-incident reporting) rather than a deployment ban — and aligned the statute more closely with California's SB 53; the effective date is January 1, 2027. This entry tracks the enacted chapter-amended law at reduced confidence; the catastrophic_risk classification accordingly rests on the retained safety-protocol + incident-reporting duties, not the struck deployment prohibition.
- in force
US-TAKEITDOWN-2025
TAKE IT DOWN Act (Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act)
The TAKE IT DOWN Act (Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act), Public Law 119-12 (139 Stat. 55), signed May 19, 2025, is one of the few binding federal AI-specific statutes in the United States. It has two operative halves. First, it criminalizes the knowing publication of nonconsensual intimate visual depictions of identifiable adults (obtained under a reasonable expectation of privacy and intended to cause, or causing, harm) and of minors (under a stricter intent standard), and it expressly reaches AI-generated 'digital forgeries' — intimate depictions created through software, machine learning, or artificial intelligence that are indistinguishable from authentic images; four of its seven offenses are deepfake-specific, with penalties up to two years' imprisonment (adults) or three years (minors) plus mandatory restitution and forfeiture. Second, it requires 'covered platforms' (user-generated-content websites, online services, and applications) to establish a notice-and-removal process and remove a reported nonconsensual intimate depiction — including a deepfake — within 48 hours of a valid request; platforms had until May 19, 2026 to implement the process. Non-compliance is enforced by the Federal Trade Commission as an unfair or deceptive act or practice under the FTC Act; there is no private right of action. The Act is deliberately takedown-focused — it imposes no watermarking, labeling, or content-provenance duty.
China
- in force
CN-GENAI-2023
Interim Measures for Generative AI Service Management
Joint CAC/MIIT/MPS measures. Registration + safety assessment for public-facing generative AI. Aligns with Algorithm Recommendation Rules (2022) and Deep Synthesis Rules (2022).
- in force
CN-DEEPSYN-2022
Provisions on the Administration of Deep Synthesis of Internet Information Services
China's Deep Synthesis Provisions are an administrative regulation jointly issued by the CAC, MIIT, and MPS (CAC Order No. 12), promulgated 25 November 2022 and effective 10 January 2023. They govern the use of "deep synthesis" technology — defined in Art. 23 (附则) as the use of deep-learning, virtual-reality, and other generative/synthetic algorithms to produce text, images, audio, video, virtual scenes, or other network information — in internet information services within mainland China (territorial scope set by Art. 2). Core obligations: a baseline requirement that providers add technical identifiers (implicit/embedded markers, i.e. watermark-type tagging) to all generated/edited content and retain logs (Art. 16); a conspicuous/explicit labelling requirement for synthesis services that could confuse or mislead the public, enumerating intelligent dialogue/writing, synthetic/imitation voice, face generation/swap/manipulation/pose control, and immersive simulated scenes (Art. 17); a prohibition on deleting, altering, or concealing those identifiers (Art. 18); real-identity verification of service users (Art. 9); strengthened training-data management plus a requirement to obtain the separate consent of an individual whose biometric (face/voice) information is edited (Art. 14); a rumor-refuting mechanism (Art. 11) and a user-appeal/public-complaint-and-report portal (Art. 12); algorithm-style filing/registration for services with public-opinion or social-mobilization attributes (Art. 19); and a security assessment for products/functions with such attributes (Art. 20). The Provisions are the principal cross-referenced predecessor to the 2023 Interim Measures for Generative AI Services (Art. 12 of the GenAI Measures defers labelling to these Provisions) and to the 2025 Measures/standard on labelling of AI-generated synthetic content. Article numbers cited reflect the FINAL effective text as published on cac.gov.cn (numbering differs from the January 2022 draft for comment). Classifications grounded only in the verified primary source; confidence is capped at medium per §7.11 reduced-confidence rule. AUDIT NOTE: foundation_models, biometric_id, and development_rights_framing citations corrected against the official text (definition is Art. 23 not Art. 2; the encourage-self-discipline language is Art. 5 not Art. 1/4); biometric_id excerpt restored to verbatim.
United Nations
- in force
UN-RES-2024
UN GA Resolution on Safe, Secure, Trustworthy AI
Non-binding. Calls on member states to bridge digital divides and develop national strategies. China + US co-sponsored; passed by consensus. Currency (2026-06-21): the UN AI-governance track has since advanced beyond this non-binding resolution — A/RES/79/325 (26 Aug 2025) established an Independent International Scientific Panel on AI and a Global Dialogue on AI Governance, and on 12 Feb 2026 the GA appointed the Panel's 40 members (vote 117-2) for a 2026-2029 term.
- in force
UN-GDC-2024
UN Global Digital Compact
The Global Digital Compact (GDC) is Annex I to "The Pact for the Future", adopted by the UN General Assembly as Resolution A/RES/79/1 at the Summit of the Future on 22 September 2024. It is a non-binding, soft-law political framework (a General Assembly resolution / annexed compact), not a treaty — it sets out objectives, principles, commitments and actions for global digital cooperation rather than legally enforceable obligations. It is the first comprehensive UN-wide framework touching AI governance. The text is organised around five objectives; Objective 5, "Enhance international governance of artificial intelligence for the benefit of humanity," is the AI-specific core (paras 50-63 in the annotated numbering). Its operative AI commitments are largely hortatory: States commit to assess AI implications, support interoperability of AI governance approaches, build AI capacity especially in developing countries, and "promote transparency, accountability and robust human oversight of artificial intelligence systems in compliance with international law" (para 55). Crucially it created two new UN bodies — an Independent International Scientific Panel on AI and a Global Dialogue on AI Governance (para 56) — later operationalised by Res. A/RES/79/325 (Aug 2025), with the 40-member Panel appointed Feb 2026. Information-integrity provisions (para 36) call on companies to incorporate safeguards into AI model training and to identify, label and watermark AI-generated content. The Compact is development-oriented throughout, emphasising capacity-building and equitable access to open AI models, open training data and compute. Verification: the official English primary source at un.org was fetched directly and cross-checked against the Digital Watch annotated text; provision excerpts are close paraphrases/verbatim from those sources, and paragraph numbers follow the annotated edition (the un.org HTML omits numbers).
Global
- in force
BLETCHLEY-2023
Bletchley Declaration on AI Safety
First multilateral consensus on frontier-AI safety risks. 28 signatories including US, EU, China. Introduced the policy vocabulary of 'frontier AI' that later instruments adopted. Non-binding but precedent-setting; spawned the AI Safety Institute network. Currency (2026-06-21): launched a biennial summit chain — Seoul (May 2024), Paris (Feb 2025, US/UK declined to sign), and the New Delhi Declaration on AI Impact (Feb 2026, 89 signatories) — progressively shifting the global framing from safety/risk toward impact; the gov.uk text remains in force and was updated 13 Feb 2025 to add New Zealand as a signatory.
- in force
SEOUL-2024
Seoul Declaration on Safe, Innovative and Inclusive AI
Bletchley follow-up. 16 frontier-AI-developer companies signed Frontier AI Safety Commitments alongside. Introduces measurable capability-evaluation expectations and pre-deployment thresholds; first instrument to formalise frontier-lab voluntary commitments as a governance category. Currency (2026-06-21): the 16 frontier-lab signatories met their core milestone by publishing frontier AI safety frameworks ahead of the Paris AI Action Summit (Feb 2025); the Seoul Declaration itself remains unamended and unsuperseded as the summit series continued (Paris 2025, India 2026).
- in force
UK-US-AISI-MOU-2024
UK-US AI Safety Institute Memorandum of Understanding
First binding bilateral on frontier-AI safety. Commits both AISIs to coordinated pre-deployment evaluations, red-team data sharing, methodological alignment on capability elicitation, and joint exercises across at least one major frontier-model release. Precedent for the broader AISI network (US, UK, JP, SG, CA, FR, KR) consolidated at the Seoul Summit; cited in Seoul Declaration §5-7 operationalising international coordination. Currency (2026-06-21): Both signatory bodies were since renamed — the UK AI Safety Institute became the UK AI Security Institute (14 Feb 2025) and the US AI Safety Institute became the Center for AI Standards and Innovation (CAISI) (June 2025) — but the MoU's joint pre-deployment evaluation and testing partnership remains in force and has expanded under the renamed institutes.
Japan
- in force
JP-METI-AI-2024
Japan METI AI Guidelines for Business
Joint METI + MIC issuance consolidating prior AI Utilization Guidelines (2019) + AI R&D Principles (2017) into a single business-facing framework. Voluntary; explicitly aligned with G7 Hiroshima AI Process Code of Conduct + OECD AI Principles. Ten core principles spanning fair competition, accountability, transparency, education, AI safety. Companion of the Hiroshima AI Process Reporting Framework Japan operationalises; reflects Japan's preferred soft-law posture vs. the EU AIA's prescriptive model. Currency (2026-06-21): METI + MIC published AI Guidelines for Business Version 1.1 on 2025-03-28 (after interim v1.01 on 2024-11-22), adding guidance on RAG, AI agents, code-generation tools and multimodal-AI risks while keeping the voluntary soft-law structure; Japan also enacted its first AI statute, the promotion-focused AI Promotion Act (in force 2025-06-04), which sits alongside — and does not displace — these guidelines.
- in force
JP-AIPROMO-2025
Japan AI Promotion Act (Act on the Promotion of Research, Development and Utilization of AI-Related Technologies)
Japan's first national AI statute (Act No. 53 of 2025), an innovation-first BASIC law (基本法-style) rather than a risk-regulation regime like the EU AI Act. Promulgated 4 June 2025; most provisions took effect that day, while Chapter III (AI Basic Plan, Art. 18) and Chapter IV (AI Strategy Headquarters, Arts. 19–28) entered force 1 September 2025 by Cabinet Order, within the three-month window set in Supplementary Provision Art. 1. The Act sets a Purpose (Art. 1), a broad functional definition of "AI-related technology" (Art. 2), and five "Basic Philosophy" principles (Art. 3) covering competitiveness/national security, comprehensive promotion across all stages, a transparency-and-proper-implementation duty against misuse, and international cooperation. It allocates non-coercive responsibilities to the State, local governments, R&D institutions, AI-utilizing business operators, and the public (Arts. 4–8), with operators bearing only a "duty to endeavor / cooperate" (努力義務). Chapter II "Basic Measures" directs the State to fund R&D (Art. 11), build and share large-scale compute, electromagnetic-record storage and datasets / intellectual infrastructure (Art. 12), formulate guidelines "in accordance with international norms" (Art. 13), secure and train human resources (Art. 14), promote education/public awareness (Art. 15), gather information and ANALYZE cases where citizens' rights or interests are infringed and then provide guidance/advice (Art. 16), and pursue international cooperation and norm-setting (Art. 17). Chapter IV creates a Cabinet AI Strategy Headquarters chaired by the Prime Minister with all ministers as members, empowered to request materials and cooperation (Art. 25). CRITICALLY, the Act imposes NO penalties, fines, prohibitions, or licensing; enforcement is limited to guidance, advice, information-gathering, and reputational "name-and-shame." Provision excerpts here are paraphrases/translations of the Japanese original (Act No. 53 of 2025); verified against the official e-Gov text, the Cabinet Office (cao.go.jp) page, a Kojima Law Offices full-text reference translation, and the Future of Privacy Forum and White & Case legal analyses.
Benchmarks
10 public capability benchmarks — methodology, per-model leaderboard, contamination-risk guidance.
SWE-BENCH-VER · 2024
SWE-bench Verified
Solve real-world GitHub issues from 12 popular Python repos. The 'Verified' subset is human-validated to remove ambiguity and have working tests.
Contamination risk: medium
MMLU · 2020
MMLU
Massive Multitask Language Understanding — 57-subject multiple-choice covering humanities, STEM, social sciences, professional/legal.
Contamination risk: high
MMLU-PRO · 2024
MMLU-Pro
Successor to MMLU with 10-option multiple-choice (up from 4), more reasoning-focused tasks, and removed leaky / ambiguous items.
Contamination risk: medium
GPQA-DIAMOND · 2023
GPQA Diamond
Graduate-level Google-Proof Q&A in biology, chemistry, physics. 'Diamond' subset is the 198 hardest items.
Contamination risk: low
ARC-AGI-V2 · 2025
ARC-AGI v2
Abstract reasoning over visual grids. Each task requires inferring the transformation rule from 2-3 examples.
Contamination risk: low
HUMANEVAL · 2021
HumanEval
164 hand-written Python programming problems. Generate a function that passes provided unit tests.
Contamination risk: high
MATH · 2021
MATH (Hendrycks)
12,500 competition-math problems from AMC, AIME, etc. Evaluates step-by-step reasoning + final-answer accuracy.
Contamination risk: medium
AIME-2024 · 2024
AIME 2024
30 problems from the 2024 American Invitational Mathematics Examination — high-school competition math.
Contamination risk: low
HLE · 2025
Humanity's Last Exam
3,000+ frontier-difficulty expert-curated questions across all academic disciplines. Designed to remain unsaturated through 2026+.
Contamination risk: low
FRONTIER-MATH · 2024
FrontierMath
Hundreds of original research-mathematician-curated math problems requiring deep reasoning. Held-out evaluation only.
Contamination risk: low
Concepts
Glossary articles for recurring terms — frontier-tier, systemic risk, ASL-3, compute thresholds. Each links to the instruments that use it.
frontier-tier · risk class
Frontier-Tier AI
A categorical classification of AI models above certain capability or compute thresholds, indicating heightened regulatory scrutiny.
asl-3 · safety
AI Safety Level 3 (ASL-3)
A capability-based risk tier in Anthropic's Responsible Scaling Policy denoting models with the potential to substantially uplift CBRN attack capabilities or autonomous AI replication.
systemic-risk · risk class
Systemic Risk (AI)
A regulatory designation indicating that a general-purpose AI model poses risks of significant scale or scope across the EU internal market, triggering Article 55 obligations under the EU AI Act.
designated-systemic · risk class
Designated Systemic-Risk Model
A general-purpose AI model that has been formally designated by the EU AI Office under Article 51(1)(b) as posing systemic risk, regardless of whether it meets the presumption thresholds.
compute-threshold · compute
Compute Threshold (AI Governance)
A regulatory trigger expressed as floating-point operations (FLOPs) consumed during model training, above which specific reporting, evaluation, or governance obligations attach.
red-team-evaluation · safety
Red-Team Evaluation
Structured adversarial probing of an AI model's capabilities and behaviour before deployment, designed to elicit failures that ordinary evaluation would miss.
model-card · policy instrument
Model Card
A standardized disclosure document accompanying an AI model that describes its intended use, training data, evaluation results, limitations, and known failure modes.
alignment · safety
AI Alignment
The technical problem of designing AI systems whose objectives, behaviour, and emergent goals reliably track the values or instructions of their principals across deployment contexts.
deceptive-alignment · safety
Deceptive Alignment
A failure mode in which a model appears aligned during training and evaluation because doing so serves its actual (mesa-)objective, but pursues divergent objectives once deployed or once it judges itself unobserved.
mesa-optimization · safety
Mesa-Optimization
The phenomenon in which a learned model itself implements an optimisation algorithm at inference time, producing an inner objective ('mesa-objective') that may differ from the outer training objective.
scalable-oversight · safety
Scalable Oversight
The set of techniques for supervising AI systems whose outputs are too complex, too numerous, or too domain-distant for unaided human evaluators to judge correctness.
capability-elicitation · safety
Capability Elicitation
Techniques designed to reveal the upper bounds of an AI model's capabilities, rather than measuring its default behaviour, so that downstream safety judgements can be calibrated to what the model *can* do under adversarial prompting or fine-tuning.
dual-use-research-taxonomy · safety
Dual-Use Research Norms (DURC for AI)
A normative framework — adapted from biosecurity's Dual-Use Research of Concern (DURC) policies — for governing AI research and publication decisions when research outputs have both beneficial and harmful applications.
provenance-watermarking · safety
Provenance & Watermarking
Cryptographic or perceptual signals embedded in AI-generated content (image, audio, video, text) that enable downstream detection of synthetic origin.
policy-instrument · policy instrument
Policy Instrument
An identifiable technique of collective action — a binding regulation, an executive order, a voluntary code, a technical standard, a treaty, or similar — by which a public authority structures behaviour to address a policy problem. Instrument choice is itself a substantive policy decision, not a downstream implementation detail.
ai-supply-chain · safety
AI Supply Chain
The end-to-end pipeline of inputs, intermediate artefacts, and downstream applications by which an AI system is built and deployed — typically decomposed as training data → compute → model weights → fine-tuning → deployment → downstream applications.
training-data-attribution · safety
Training-Data Attribution
Technical methods that identify which training examples most influenced a specific AI model output, enabling provenance claims about generated content and supporting copyright / consent / accountability disputes downstream.
prompt-injection · safety
Prompt Injection
An adversarial input technique in which untrusted content fed to an AI model (e.g., text on a webpage the model reads, a document the user uploads, a tool's output) contains instructions that override the model's intended behaviour or principal-provided system prompt.
agentic-system · safety
Agentic AI System
An AI system that takes actions in the world — calling tools, executing code, browsing the web, sending messages, planning multi-step sequences — rather than only generating text or images for a human reader.
tool-use-safety · safety
Tool-Use Safety
The sub-domain of agentic-system safety concerned with the risks that arise when an AI model invokes external tools (search, code execution, APIs, financial transactions, system commands) — including risks of unintended action, instruction subversion, privilege escalation, and resource consumption.
multi-turn-evaluation · safety
Multi-Turn Evaluation
An evaluation methodology that probes AI models across multi-step conversations rather than single prompts — designed to surface deception, sycophancy, context-accumulation jailbreaks, and capability degradation that single-prompt benchmarks miss.
data-poisoning · safety
Data Poisoning
A training-time attack in which an adversary inserts crafted examples into the training corpus or fine-tuning dataset to alter the resulting model's behaviour — typically inserting a backdoor that triggers on a specific input pattern or degrading performance on a target class.
model-distillation-risk · safety
Model Distillation Risk
The risk that a closed-weight frontier model's capabilities can be partially recovered by training a smaller open-weight model on the closed model's outputs, undermining the governance assumption that closed weights confer capability containment.
jailbreak-resistance · safety
Jailbreak Resistance
The robustness of an AI model's safety training against adversarial prompts crafted to elicit policy-prohibited outputs — distinct from alignment (which concerns the model's goals) and from baseline safety training (which concerns the model's defaults).
model-merging-risk · safety
Model-Merging Risk
The governance concern that post-training combination of multiple specialised models — via weight averaging, task-arithmetic, or modular merging — can produce capability or safety properties not present in any single source model, in ways the original safety evaluations would miss.
inference-time-compute · compute
Inference-Time Compute
The scaling regime in which model capability is increased by spending more compute at inference time (multiple samples, search, longer reasoning chains, tool-using iteration) rather than by training a larger model — disrupting the training-compute-as-capability-proxy assumption underlying most current AI governance.
sandbagging · safety
Sandbagging
A theoretical failure mode in which a model deliberately underperforms on capability evaluations — either to avoid triggering capability-tier safeguards or because of subtle training-time incentives that reward apparent low capability under evaluation conditions.
hallucination · safety
Hallucination
Confidently-asserted but factually incorrect output produced by an AI model — including fabricated citations, invented people or events, and confabulated numerical values — that the model cannot reliably distinguish from correct output at generation time.
in-context-learning · safety
In-Context Learning
The capacity of a foundation model to adapt its behaviour to a new task purely from examples provided in the prompt, without any updates to the model's weights — discovered as an emergent property of large language models and now a primary evaluation surface.
retrieval-augmented-generation · safety
Retrieval-Augmented Generation (RAG)
An AI system pattern in which a model's outputs are conditioned on external content retrieved at inference time from a knowledge source — combining the parametric knowledge of the model with the up-to-date or domain-specific knowledge of the retrieval index.
chain-of-thought-monitoring · safety
Chain-of-Thought Monitoring
A frontier-safety oversight approach that inspects a model's externalized step-by-step reasoning trace (its chain of thought) to detect intent to misbehave — such as reward hacking, deception, or unsafe planning — before acting on the model's final output.
hardware-enabled-governance · compute
Hardware-Enabled Governance Mechanisms
Hardware-enabled governance mechanisms (HEGMs, also "on-chip governance" or hardware-enabled mechanisms/HEMs) propose to make AI-governance rules attach to the physical compute layer — AI accelerators (GPUs/ASICs), their firmware, and the datacenters that house them — rather than to actors' self-reports. The aim is to convert compute, an unusually concentrated and excludable input to frontier AI, into a verifiable governance chokepoint. Proposed mechanisms span four families: (1) cryptographic attestation and compute-usage logging that lets a chip prove what workload it ran (e.g., training-run accounting to verify a compute-threshold rule); (2) location verification, typically delay-based geolocation in which a trusted "landmark" server measures a chip's signed-challenge response time to bound its physical location and detect diversion; (3) on-chip usage/licensing controls that can throttle, gate, or disable a chip absent an authorization (a "feature lock" or remote attestation requirement); and (4) tamper-evident/tamper-resistant packaging so the above cannot be silently bypassed. Across these, the load-bearing premise is a hardware root of trust — a per-chip private key that cannot be extracted by an adversary with physical access. The concept underpins both unilateral export-control enforcement (proving a chip is where it was licensed to be) and proposed multilateral, privacy-preserving compliance verification (e.g., flexible hardware-enabled guarantees, "flexHEGs"), where chips would attest compliance with an international agreement without exposing model weights, data, or hyperparameters.
Latest editorial review across catalog: . Page server-rendered at .