Living evidence map · scoping-review idiom
Japan AI Promotion Act (Act on the Promotion of Research, Development and Utilization of AI-Related Technologies)
JP-AIPROMO-2025 · JP
Japan's first national AI statute (Act No. 53 of 2025), an innovation-first BASIC law (基本法-style) rather than a risk-regulation regime like the EU AI Act. Promulgated 4 June 2025; most provisions took effect that day, while Chapter III (AI Basic Plan, Art. 18) and Chapter IV (AI Strategy Headquarters, Arts. 19–28) entered force 1 September 2025 by Cabinet Order, within the three-month window set in Supplementary Provision Art. 1. The Act sets a Purpose (Art. 1), a broad functional definition of "AI-related technology" (Art. 2), and five "Basic Philosophy" principles (Art. 3) covering competitiveness/national security, comprehensive promotion across all stages, a transparency-and-proper-implementation duty against misuse, and international cooperation. It allocates non-coercive responsibilities to the State, local governments, R&D institutions, AI-utilizing business operators, and the public (Arts. 4–8), with operators bearing only a "duty to endeavor / cooperate" (努力義務). Chapter II "Basic Measures" directs the State to fund R&D (Art. 11), build and share large-scale compute, electromagnetic-record storage and datasets / intellectual infrastructure (Art. 12), formulate guidelines "in accordance with international norms" (Art. 13), secure and train human resources (Art. 14), promote education/public awareness (Art. 15), gather information and ANALYZE cases where citizens' rights or interests are infringed and then provide guidance/advice (Art. 16), and pursue international cooperation and norm-setting (Art. 17). Chapter IV creates a Cabinet AI Strategy Headquarters chaired by the Prime Minister with all ministers as members, empowered to request materials and cooperation (Art. 25). CRITICALLY, the Act imposes NO penalties, fines, prohibitions, or licensing; enforcement is limited to guidance, advice, information-gathering, and reputational "name-and-shame." Provision excerpts here are paraphrases/translations of the Japanese original (Act No. 53 of 2025); verified against the official e-Gov text, the Cabinet Office (cao.go.jp) page, a Kojima Law Offices full-text reference translation, and the Future of Privacy Forum and White & Case legal analyses.
Background & scope
Japan AI Promotion Act (Act on the Promotion of Research, Development and Utilization of AI-Related Technologies) addresses 3 contested AI-governance topics explicitly, 7 via general principles.
Provisions & coverage
- implicit
- implicit
- governsTransparency Obligations
Art. 3(4)[1] - implicitIndividual Redress
Art. 16[1] - implicitTraining-Data Rights
Art. 12[1] - implicitSovereign AI Doctrine
Art. 3(2)[1] - implicitTechnological Sovereignty
Art. 3(2)[1] - governsDevelopment-Rights Framings
Art. 3(3)[1] - governs
- implicit
Enforcement & impact
Cross-jurisdiction comparison
How peer instruments treat the topics Japan AI Promotion Act (Act on the Promotion of Research, Development and Utilization of AI-Related Technologies) governs.
| Topic | EU-AIA-2024 | US-EO-14110 | US-EO-14179 | UK-WHITEPAPER-2023 | CN-GENAI-2023 | G7-HIROSHIMA | OECD-AI-PRIN | COE-AI-CONV | UN-RES-2024 | NIST-AI-RMF | BLETCHLEY-2023 | SEOUL-2024 | NIST-AI-RMF-GENAI | CA-SB-1047 | IN-DPDP-2023 | BR-AIBILL-2024 | ASEAN-AI-GUIDE-2024 | AU-AI-STRATEGY-2024 | ANTHROPIC-RSP-2024° | OPENAI-PREPAREDNESS-2023° | DEEPMIND-FSF-2024° | META-FRONTIER-2024° | UK-US-AISI-MOU-2024 | WH-VOLUNTARY-2023 | SG-MODEL-AI-2024 | JP-METI-AI-2024 | EU-GDPR-2016 | EU-GPAI-COP-2025 | OMB-M-24-10 | GSA-AI-GUIDE-2024 | DOD-RAI-2022 | FEDRAMP-AI-2024 | DFARS-252-204 | CA-SB-53 | CA-SB-243 | CA-SB-942 | EU-PLD-2024 | UNESCO-AI-ETHICS-2021 | EU-PWD-2024 | CN-DEEPSYN-2022 | NY-RAISE-2025 | US-TAKEITDOWN-2025 | IT-AILAW-2025 | UN-GDC-2024 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Transparency Obligations | governs | implicit | silent | implicit | conflicts | governs | governs | governs | implicit | governs | implicit | governs | governs | implicit | implicit | governs | governs | silent | governs | implicit | implicit | governs | implicit | governs | governs | governs | governs | governs | governs | governs | governs | governs | silent | governs | governs | governs | implicit | governs | governs | governs | governs | silent | governs | governs |
| Development-Rights Framings | silent | silent | silent | silent | implicit | silent | implicit | implicit | governs | silent | silent | silent | silent | silent | governs | governs | implicit | governs | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | governs | silent | silent | silent | silent | silent | governs |
| International Coordination | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | governs | governs | silent | silent | silent | silent | governs | governs | implicit | implicit | implicit | implicit | governs | implicit | governs | governs | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | governs | silent | silent | silent | silent | implicit | governs |
°= industry self-imposed voluntary framework. Comparing a voluntary code's "governs" tint with a binding regulation's "governs" tint flattens the legal-force distinction; use the instrument-page banner for the operative status of each.
See also
Per-audience views
- Provisions →Article-by-article obligation breakdown for procurement + RFP authors.
- Disclosure form →Vendor-disclosure questionnaire derived from this instrument's operative obligations.
- Harm narratives →Documented harms relevant to this instrument's topics, for civil-society advocacy.
- Briefing pack →Journalist-ready summary with quotes + dates + primary-source links.
Article tools — track changes, suggest an edit
View history — every captured revision of this article · What links here
Further reading
152 academic & grey-literature sources on the topics this instrument addresses (not commentary on the instrument itself) — catalogued metadata with a primary link; one-line findings are ✦ AI-generated summaries, labeled as such (charter §7.9). Browse the full literature index.
- Open Foundation Models and TDM Exceptions to Copyright – Building Blocks for an AI Ecosystem Peer-reviewed✦ AIArgues Art. 3 CDSM Directive's scientific-research TDM exception 'does not grant rightsholders any control' and can be a 'safe harbor' for training openly released foundation models without licensing data.
- Geopolitical ecologies of cloud capitalism: Territorial restructuring and the making of national computing power in the U.S. and China Peer-reviewed✦ AIUS and Chinese drives for sovereign AI/cloud dominance depend on reorganizing land, energy and regulatory systems to sustain large-scale national computing power.
- European ambitions captured by American clouds: digital sovereignty through Gaia-X? Peer-reviewed✦ AIShows Gaia-X paradoxically incorporates dominant US cloud providers, undermining the very European digital sovereignty it was meant to advance.
- A Framework for Evaluating Global AI Governance Initiatives Peer-reviewed✦ AIOffers a framework to evaluate global AI governance initiatives, recommending capacity-building so Global South states can meaningfully participate in standard-setting.
- Large language models reflect the ideology of their creators Peer-reviewed✦ AIEmpirically shows LLMs encode their creators' ideologies, supporting policy incentives for home-grown models reflecting local cultural views, especially in low-resource-language regions.
- Predictive policing and predictive justice: Ethics, data protection, and the AI act Peer-reviewed✦ AIExamines how predictive-policing and predictive-justice systems interact with data-protection law and the AI Act's law-enforcement provisions, exposing accountability and oversight shortfalls.
- National Security and New Forms of Surveillance: From the Data Retention Saga to a Data Subject Centred Approach Peer-reviewed✦ AIArgues the CJEU's controller-based route for applying EU law to national-security surveillance 'creates significant legal uncertainties,' proposing a data-subject-focused scope instead.
- Cop out: security exemptions in the Artificial Intelligence Act (in: Automating Authority — AI in European police and border regimes) Civil society✦ AIDocuments how AI Act security exemptions plus police powers to restrict supervisory information-sharing will make meaningful supervision of policing and migration AI 'extremely difficult.'
- An interdisciplinary account of the terminological choices by EU policymakers ahead of the final agreement on the AI Act: AI system, general purpose AI system, foundation model, and generative AI Peer-reviewed✦ AITraces how the AI Act's legal text shifted across versions among the terms 'AI system, general purpose AI system, foundation model, and generative AI', exposing definitional instability in the regime.
- The EU model of AI governance: regulating artificial intelligence through law and policy Peer-reviewed✦ AIAnalyses how the AI Act's risk-based model handles general-purpose and foundation models whose 'autonomous content generation challenges legal categories of authorship, accountability, and control'.
- Generative AI and data protection Peer-reviewed✦ AIExamines friction between foundation-model training and the GDPR, noting models that 'memorize and leak pieces of training data' cannot be treated as anonymous.
- Defending Compute Thresholds Against Legal Loopholes Preprint✦ AIIdentifies 'enhancement techniques that are capable of decreasing training compute usage while preserving... model capabilities', exposing loopholes in compute-reporting thresholds.
+ 140 more across this instrument's topics — see the literature index.
References
The primary instrument sources behind the article's classifications.
- Act on the Promotion of Research, Development and Utilization of AI-Related Technologies (人工知能関連技術の研究開発及び活用の推進に関する法律), Act No. 53 of 2025 (Reiwa 7), promulgated 4 June 2025; Chapters III–IV in force 1 September 2025.
- Act No. 53 of 2025, Arts. 2 & 12
- Act No. 53 of 2025, Art. 12
- Act No. 53 of 2025, Art. 3(4)
- Act No. 53 of 2025, Art. 16
- Act No. 53 of 2025, Arts. 12 & 3(4)
- Act No. 53 of 2025, Art. 3(2)
- Act No. 53 of 2025, Arts. 1 & 3(3)
- Act No. 53 of 2025, Arts. 17 & 3(5)
How to cite this article
Cite this article
8 formats · 1-click copyPersistent identifier: https://policywindow.org/wiki/japan-ai-promotion-act — committed-stable URL with content-versioning via ?asOf= (rollout pending per methodology §7). DOIs via Zenodo are on the roadmap.
Does this instrument’s approach work? — the social-science evidence
Aggregated over the 10 topics this instrument governs: whether each harm is empirically real, and whether the peer-reviewed evidence shows governance reduces it. The badge is the epistemic status of the evidence— “thin”/“absent” efficacy evidence is itself a finding (the “second silence”). Each epistemic-status label is Policy Window's editorial assessment of the cited evidence base (a structured classification), not a verdict any single source issues.
Of the 10 governed topics with a social-science evidence review, evidence that governance reduces the harm is established for 0, contested for 0, thin for 0, and absent for 10 — for most, no replicated study yet shows this instrument's approach works (the "second silence").
Compute-Threshold Reporting
Whether training-compute (FLOP) is a defensible proxy for governance-relevant capability is genuinely contested in the literature. The strongest empirical pressure against it is algorithmic efficiency: Ho, Besiroglu, Erdil et al. (2024) estimate the compute needed to reach a fixed language-model performance level has halved roughly every eight months (95% CI ~5-14 months, i.e. ~3x/year), so any static FLOP-to-capability mapping decays quickly; Hooker (2024) argues FLOP measures operations rather than end-performance, since techniques such as fine-tuning, retrieval, chain-of-thought and tool use can add large capability gains without proportional training compute, and Ord (2025) shows inference-time scaling further decouples deployed capability from training compute. Honest caveat: defenders (Heim & Koessler 2024; Pilz, Heim & Brown 2025) note compute remains the most quantifiable, externally verifiable, and ex-ante measurable correlate of frontier capability currently available, while themselves conceding it is an imperfect proxy that should not be used in isolation — the disagreement is about durability and precision, not whether any correlation exists.
Sources: Ho, Besiroglu, Erdil, Owen, Rahman, Guo, Atkinson, Thompson & Sevilla 2024, Algorithmic progress in language models, NeurIPS 2024 (arXiv:2403.05812; Epoch AI); Hooker 2024, On the Limitations of Compute Thresholds as a Governance Strategy (arXiv:2407.05694); Ord 2025, Inference Scaling Reshapes AI Governance (arXiv:2503.05705); Heim & Koessler 2024, Training Compute Thresholds: Features and Functions in AI Regulation (arXiv:2405.10799); Pilz, Heim & Brown 2025, Increased Compute Efficiency and the Diffusion of AI Capabilities (AAAI 2025; arXiv:2311.15377)
There is no rigorous evidence that compute-threshold reporting reduces harm or achieves its stated aim, because the regimes have not produced an evaluable record. The US 10^26-FLOP reporting obligation (Executive Order 14110, invoking the Defense Production Act) was revoked on 20 January 2025 (by EO 14148) before its recurring binding reporting rule was finalized — the implementing BIS notice of proposed rulemaking (Sept 2024) never took effect, so no durable reporting record materialized; and the EU AI Act's 10^25-FLOP systemic-risk obligations for general-purpose models only became applicable on 2 August 2025 (with transitional periods into 2027), so no outcome evaluation yet exists. Moreover the 10^25 figure is a rebuttable presumption sitting alongside qualitative high-impact criteria (Art. 51(1)(a) and (2), rebuttable under Art. 52(2)), not a validated risk cutoff. The closest analogue is the broader regulatory-disclosure-mandate literature (Fung, Graham & Weil 2007), which documents that transparency policies' effects on outcomes are highly heterogeneous and frequently ineffective or counterproductive absent enforcement and downstream use — implying that the reporting trigger working as intended is an open empirical question, not a documented result.
Sources: U.S. Executive Order 14110 (2023), Sec. 4.2 (10^26 FLOP, Defense Production Act); revoked by Executive Order 14148 (Jan 20, 2025); EU AI Act, Reg. (EU) 2024/1689, Art. 51 (10^25 FLOP systemic-risk rebuttable presumption; applicable Aug 2, 2025); Fung, Graham & Weil 2007, Full Disclosure: The Perils and Promise of Transparency (Cambridge University Press)
Development-Rights Framings
Development-rights framing is a normative/doctrinal frame, so its empirical status splits: the underlying North-South asymmetry it responds to is real and documented, but the claim that a development-rights diagnosis is the correct one is contested doctrine, not a settled finding. The strongest empirical anchor is the exploitative-data-labour evidence — Miceli & Posada's (2022) multi-method qualitative study of Latin American annotation work (Foucauldian dispositif analysis of 210 instruction documents, 55 interviews, plus participant observation) found workers paid cents-per-task with strict surveillance and whose worldviews are subordinated to requesters' — which substantiates the extraction the frame names, building on the data-colonialism thesis (Couldry & Mejias 2019), and extended by comparative political-economy work on AI annotation 'data empires' (Wu, Muldoon & Xia 2025). Honest caveat: whether 'digital self-determination' or 'Global-South sovereignty' is the right operational response (and whether it conflicts with the EU AIA's rights-based design) is a conceptual/legal question with essentially no empirical evidence base — the frame is established as a critique, thin as a tested governance prescription.
Sources: Miceli & Posada 2022, 'The Data-Production Dispositif' (Proc. ACM Hum.-Comput. Interact. 6, CSCW2, Art. 460:1-37); Couldry & Mejias 2019, 'Data Colonialism' (Television & New Media 20(4):336-349); Wu, Muldoon & Xia 2025, 'Global data empires' (Big Data & Society 12(2))
There is no rigorous impact evaluation showing that development-rights / digital-self-determination / sovereignty governance achieves its stated developmental or self-determination aims — the evidence that the frame 'works' as policy is itself missing, largely because the frame is recent, heterogeneous, and rarely instantiated in a single measurable instrument. The closest empirical literature studies one common operational proxy (data localization) and measures economic cost rather than the frame's goals: Ferracane, Kren & van der Marel's (2020) firm/industry productivity analysis finds data-policy restrictiveness associated with lower TFP in data-intensive downstream sectors, Ferracane & van der Marel's (2021) gravity analysis finds data restrictions inhibit trade in digital services, and Bauer, Lee-Makiyama, van der Marel & Verschelde's (2014) GTAP general-equilibrium estimates project GDP losses from localization across seven jurisdictions including Brazil and India. None tests whether sovereignty framing reduces extractive asymmetry or advances local AI capability — so claims on both the benefit and cost sides rest on weak or indirect evidence.
Sources: Ferracane, Kren & van der Marel 2020, 'Do data policy restrictions impact the productivity performance of firms and industries?' (Review of International Economics 28(3):676-722); Ferracane & van der Marel 2021, 'Do data policy restrictions inhibit trade in services?' (Review of World Economics 157(4):727-776); Bauer, Lee-Makiyama, van der Marel & Verschelde 2014, 'The Costs of Data Localisation: Friendly Fire on Economic Recovery' (ECIPE Occasional Paper 3/2014)
Foundation Models / GPAI
Whether the foundation-model category maps to a coherent capability/risk tier is genuinely contested. The original case rests on scale-driven 'emergent abilities' that appear unpredictably above a size threshold (Wei et al. 2022; Ganguli et al. 2022 documented capabilities that are smoothly predictable in aggregate loss yet locally surprising), but Schaeffer, Miranda & Koyejo (2023, a NeurIPS Outstanding Paper) showed many 'emergent' jumps are artefacts of discontinuous metrics and dissolve under linear/continuous scoring — implying capability scales more smoothly than a sharp tier would suggest. Honest caveat: this is a live empirical disagreement about measurement, not a settled finding either way, and compute (the regulatory proxy) is an imperfect stand-in for capability or risk regardless of which side is right.
Sources: Wei et al. 2022 (Emergent Abilities of Large Language Models, TMLR; arXiv:2206.07682); Schaeffer, Miranda & Koyejo 2023 (Are Emergent Abilities of Large Language Models a Mirage?, NeurIPS 2023, Outstanding Paper; arXiv:2304.15004); Ganguli et al. 2022 (Predictability and Surprise in Large Generative Models, ACM FAccT; DOI 10.1145/3531146.3533229)
There is no impact evaluation showing that GPAI/foundation-model governance reduces harm — the rules are too new (EU AI Act GPAI obligations and the 10^25-FLOP systemic-risk presumption only began binding on 2 August 2025) and the central regulatory lever is itself contested: Hooker (2024) argues compute thresholds are a shortsighted proxy because compute does not reliably track capability or risk, and the thresholds already diverge across jurisdictions (EU 10^25 vs. the now-rescinded US EO 14110's 10^26 operations, rescinded 20 January 2025). The mandated mitigation methods also lack validated efficacy: model evaluation and red-teaming face well-documented coverage limits and an 'audit gap' in the survey/position literature (behavioural testing cannot establish the absence of untested failure modes), and adversarial red-teaming repeatedly defeats deployed safeguards — the UK AI Safety Institute reports finding universal jailbreaks for every frontier system it has tested, and a large public agent-injection competition elicited policy violations across all 22 frontier models tested from ~1.8M attacks (Zou et al. 2025). Even compliant evaluation therefore cannot yet certify the safety the rules demand. (Caveat: this is an absence-of-evidence claim — no efficacy study has been done — not evidence the rules are ineffective.)
Sources: Hooker 2024 (On the Limitations of Compute Thresholds as a Governance Strategy, arXiv:2407.05694); EU AI Act Arts. 51 & 55 (GPAI systemic-risk presumption, 10^25 FLOP; binding 2 Aug 2025); US EO 14110 (10^26-operation reporting threshold, rescinded 20 Jan 2025 by EO 14148); Zou et al. 2025 (Security Challenges in AI Agent Deployment: Insights from a Large Scale Public Competition / Gray Swan Arena, arXiv:2507.20526 — 22 frontier agents, ~1.8M attacks); UK AI Safety/Security Institute, Frontier AI Trends Report (universal jailbreaks for every system tested); METR, Common Elements of Frontier AI Safety Policies (2024)
International Coordination
The DESCRIPTIVE premise is well-established: IR scholarship now treats global AI governance as a fragmented 'regime complex' of partially overlapping G7/G20/OECD/GPAI/UN/standards-body arrangements with no central hierarchy (Tallberg et al. 2023 — verified verbatim: 'the emerging governance architecture for AI can be described as a regime complex'; Cihon, Maas & Kemp 2020). But the implied HARM — that forum-shopping and regulatory arbitrage cause a measurable race-to-the-bottom or relocate AI development to lax jurisdictions — is largely theorized/anticipated rather than empirically demonstrated for AI; Tallberg et al. explicitly flag forum-shopping as a dynamic whose presence in the AI regime complex is an open empirical question ('Establishing whether these patterns and dynamics are key features also of the AI regime complex stand out as important priorities in future research'). Honest caveat: the strongest empirical arbitrage evidence comes from analogue footloose digital markets (e.g., ICO reallocation after US securities enforcement) — itself a mixed/contested literature — not from AI firms, so the magnitude of coordination-failure harm in AI specifically remains contested and under-measured.
Sources: Tallberg, Erman, Furendal, Geith, Klamberg & Lundgren 2023 (International Studies Review 25(3): viad040); Cihon, Maas & Kemp 2020 (Should AI Governance be Centralised?, AIES '20: 228-234); Lancieri, Edelson & Bechtold 2025 (AI Regulation: Competition, Arbitrage & Regulatory Capture, Theoretical Inquiries in Law 26(1): 239-262)
There are essentially no impact evaluations showing that the negotiated-coordination mode (AI Safety Institute network MoUs, forum-shifting, multilateral declarations) actually produces regulatory convergence or reduces arbitrage — the AISI Network began only as a statement of intent at the Seoul Summit (Seoul Statement of Intent, 21 May 2024) and held its first operational meeting in November 2024, with no defined metrics or outcome studies, so these soft-law instruments are too new to have measurable effects. The closest analogue evidence is mixed and works through DIFFERENT mechanisms than this topic describes: Bradford's Brussels Effect documents de-facto convergence driven by market access rather than negotiated coordination, and the FATF transgovernmental-network literature shows peer-review mutual evaluation can drive AML convergence — but neither evaluates voluntary AI MoU networks, and FATF's effects come with well-documented unintended consequences (de-risking, financial exclusion). The plain finding: the evidence that AI-governance coordination 'works' is itself missing.
Sources: Bradford 2020 (The Brussels Effect: How the European Union Rules the World, Oxford University Press); Nance 2018 (The regime that FATF built: an introduction to the Financial Action Task Force, Crime, Law and Social Change 69(2): 109-129; cf. Slaughter 2004, A New World Order, Princeton University Press); International Network of AI Safety Institutes — Seoul Statement of Intent toward International Cooperation on AI Safety Science (21 May 2024; network's first meeting San Francisco, Nov 2024)
National Security Carveouts in AI Regulation
That civilian AI-governance instruments carve out national-security uses is black-letter and undisputed (EU AIA Art. 2(3); CoE Framework Convention Art. 3(2) on national-security activities, distinct from Art. 3(4) on national defence; US NSM-25 (Oct. 2024) as the national-security-track instrument fulfilling §4.8 of EO 14110); civil-society legal analysis argues a blanket exclusion is harder to square with a necessity-and-proportionality approach than a qualified one (Korff/ECNL 2022; Vogiatzoglou 2024). But whether the carveout itself produces concrete unredressed harm is empirically under-observed almost by construction — the secrecy it confers suppresses the very evidence needed to measure it. The closest analogue, national-security deference in the courts, shows the mechanism is real (the FISC granted all but eleven of 33,900 applications 1979-2012, a 99.97% approval rate; Sinnar 2022 documents downstream harms to securitized communities), yet Clarke (2014) shows that lopsided ex parte approval rates alone do not prove rubber-stamping, because rational case selection and pre-vetting produce similar rates in ordinary Title III wiretaps (99.93%) and delayed-notice warrants (99.6-99.8%) — so the magnitude of harm attributable to the carveout, as opposed to the legitimate secrecy of the domain, remains genuinely contested.
Sources: Korff 2022 (ECNL Opinion on the implications of the exclusion of national security from AI legislation, Oct. 2022); Sinnar 2022 (Harvard Law Review Forum 136:59, 'A Label Covering a "Multitude of Sins": The Harm of National Security Deference'); Clarke 2014 (Stanford Law Review Online 66:125, 'Is the Foreign Intelligence Surveillance Court Really a Rubber Stamp?'); EPIC FISC statistics 1979-2012
There is no impact evaluation showing that any specific design of the national-security carveout — categorical exclusion versus parallel governance track versus civilian-compliance-with-override — measurably improves oversight or reduces harm relative to the alternatives; the question is argued doctrinally (Vogiatzoglou 2024; Korff/ECNL 2022) but has never been tested empirically. The closest analogue evaluation literature is on the parallel-track model already in use for intelligence surveillance (the FISC / FISA oversight regime), and even there the evidence that the mechanism delivers effective scrutiny is itself contested rather than established (Clarke 2014; Sinnar 2022). No direct evaluation exists because the carveouts are recent (EU AIA 2024, CoE Framework Convention 2024, US NSM-25 2024), enforcement actions are by design non-public, and private parties typically lack standing to challenge a specific exempt deployment — the structural features that make the harm hard to observe also make the governance impossible to evaluate.
Sources: Vogiatzoglou 2024 (Verfassungsblog, 'The AI Act National Security Exception: room for manoeuvres?', 9 Dec. 2024); Korff 2022 (ECNL Opinion, exclusion of national security from AI legislation); Clarke 2014 (Stanford Law Review Online 66:125); Sinnar 2022 (Harvard Law Review Forum 136:59)
Individual Redress
The premise behind redress — that affected people lack meaningful recourse against automated decisions — is real, but the flagship instrument is weaker than commonly assumed. Wachter, Mittelstadt & Floridi (2017) show GDPR creates only a limited 'right to be informed,' not a binding 'right to explanation' of specific decisions; and controlled work finds the explanations actually delivered do not measurably improve lay decision accuracy over showing the bare AI prediction (Alufaisan et al. 2021; and a 2022 meta-analysis by Schemmer et al. — screening 393 articles down to 9 in the final analysis — reports 'no effect of explanations on users' performance compared to sole AI predictions,' even though XAI overall had a positive effect). Honest caveat: the legitimacy/dignity value of being heard is empirically well established in the procedural-justice tradition even where outcome accuracy is unchanged, so 'redress fails' depends on which aim is measured.
Sources: Wachter, Mittelstadt & Floridi 2017 (International Data Privacy Law 7(2):76); Alufaisan, Marusich, Bakdash, Zhou & Kantarcioglu 2021 (Proceedings of the AAAI Conference on AI 35(8):6618); Schemmer, Hemmer, Nitsche, Kühl & Vössing 2022 (AAAI/ACM AIES '22, meta-analysis)
There is no rigorous impact evaluation showing that mandated redress mechanisms (right-to-explanation, appeal, human-in-the-loop review) actually reduce erroneous or unfair automated decisions — the evidence that the rule works is itself missing. The closest experimental analogues are discouraging: explanations increase humans' acceptance of AI recommendations regardless of correctness (Bansal et al. 2021), and algorithm-in-the-loop oversight can introduce racial disparities and exhibit automation bias rather than reliably catching model errors (Green & Chen 2019). The procedural-justice literature (Tyler 1990; Lind & Tyler 1988) robustly supports a legitimacy and compliance benefit of fair process, but it measures perceived fairness, not reduction of the substantive decision harm redress is meant to cure.
Sources: Bansal, Wu, Zhou, Fok, Nushi, Kamar, Ribeiro & Weld 2021 (CHI '21); Green & Chen 2019 (Disparate Interactions, ACM FAT* '19); Tyler 1990 (Why People Obey the Law, Yale Univ. Press); Lind & Tyler 1988 (The Social Psychology of Procedural Justice, Plenum Press)
Sovereign AI Doctrine
Sovereign-AI doctrine is post-2023 and largely aspirational, so its core empirical premise — that frontier model deployment can be meaningfully bound to a national jurisdiction — is only just beginning to be tested. What IS measurable is the underlying compute geography the doctrine reacts to: an audit of 775 non-U.S. data-center projects estimates U.S. companies operate ~48% of them when weighted by investment value (a proxy for compute capacity, and explicitly an initial public-data approximation), implying 'in-territory' hardware is frequently still subject to foreign corporate/legal control (Richardson et al. 2025). Honest caveat: there is no peer-reviewed evidence base establishing whether jurisdiction-bound frontier deployment is technically feasible at scale — the descriptive dependency (foreign operation of locally-sited hardware) is documented, but the doctrine's central feasibility claim is thin and early.
Sources: Richardson et al. 2025 (arXiv:2508.00932, 'How Sovereign Is Sovereign Compute? A Review of 775 Non-U.S. Data Centers'); Gupta, Walker & Reddie 2024 (arXiv:2411.14425, 'Whack-a-Chip: The Futility of Hardware-Centric Export Controls', UC Berkeley Risk & Security Lab)
There is no rigorous impact evaluation showing that sovereign-AI governance achieves its stated aim of secure, contained national AI capability. The closest direct levers have measurable but mostly adverse or contested evidence: ex-ante simulations of the closest analogue — data-localization mandates — project GDP losses (EU GDP −0.4% under proposed/GDPR-style measures rising to −1.1% under economy-wide localization; Bauer, Lee-Makiyama, van der Marel & Verschelde 2014, ECIPE Occasional Paper No. 3/2014) yet quantify no realized sovereignty benefit, and chip export controls — the other main instrument — show contested efficacy: one cross-firm study finds no innovation harm to 30 leading semiconductor firms (Schumacher 2024, CSIS) while case evidence documents systematic circumvention via software/efficiency gains and chip exfiltration/smuggling (Gupta, Walker & Reddie 2024). No replicated study demonstrates that any sovereign-AI regime measurably delivers the jurisdictional control it asserts.
Sources: Bauer, Lee-Makiyama, van der Marel & Verschelde 2014 (ECIPE Occasional Paper No. 3/2014, 'The Costs of Data Localisation: Friendly Fire on Economic Recovery'); Schumacher 2024 (CSIS, 'Did U.S. Semiconductor Export Controls Harm Innovation?'); Gupta, Walker & Reddie 2024 (arXiv:2411.14425, 'Whack-a-Chip: The Futility of Hardware-Centric Export Controls')
Technological Sovereignty
The structural fact that compute capacity is geographically concentrated is well-measured: Lehdonvirta, Wú & Hawkins find only ~33 countries host facilities with AI-accelerator hardware and roughly 24 have the capacity to train full-scale foundation models, the Stanford AI Index 2026 reports low-income countries collectively hold ~0.1% of global data-centre compute (the US hosting >10x any other nation), and Cottier et al. document amortized frontier-training cost rising 2.4x/year (95% CI 2.0-3.1x) toward $1B+ models by 2027. But this is a political-economy FRAME, not a documented harm, and the core contested claim of the topic, that the cost curve locks mid-sized economies OUT of capability, is empirically cut both ways: a feasibility study of Brazil and Mexico (Malagon et al. 2025) estimates usable (non-frontier) 10-trillion-token sovereign models are fiscally viable at roughly $8-14M on H100 hardware, and DeepSeek-style efficiency gains (V3 trained for ~$5.5M, ~11x less compute than Llama 3 405B) show frontier-adjacent performance at a fraction of prior compute, so whether domestic frontier-tier capability is foreclosed for middle powers remains genuinely unsettled.
Sources: Lehdonvirta, Wú & Hawkins 2024 (Compute North vs. Compute South, Proceedings of the 2024 AAAI/ACM Conference on AI, Ethics & Society 7:828-838); Cottier, Rahman, Fattorini, Maslej & Owen 2024 (The Rising Costs of Training Frontier AI Models, arXiv:2405.21015); Stanford AI Index 2026 (Maslej et al., Stanford HAI); Malagon, Ulloa Ruiz, Sandoval Plaza, Rosario Bolívar, García Mesa & Alvarado Morales 2025 (The Feasibility of Training Sovereign Language Models in the Global South: A Study of Brazil and Mexico, arXiv:2510.19801)
There is no rigorous impact evaluation showing that technological-sovereignty policies (on-shore compute mandates, national foundation-model champions, talent-retention schemes such as EuroHPC AI Factories or India's IndiaAI Mission) actually deliver sustained domestic capability or strategic autonomy; these programs are recent, utilization and cost-per-GPU-hour are largely unpublished, and no counterfactual study exists. The closest analogue evidence base, the industrial-policy literature synthesized by Juhász, Lane & Rodrik, finds that properly-identified studies are more favorable than older correlational work suggested but that outcomes depend heavily on instrument design and structural context, and the older national-champion record warns of subsidized 'zombie' firms and government capture, so the closest analogue is mixed and the direct evidence that the sovereignty rule works is simply missing.
Sources: Juhász, Lane & Rodrik 2024 (The New Economics of Industrial Policy, Annual Review of Economics 16:213-242); Ahmed & Wahed 2020 (The De-democratization of AI: Deep Learning and the Compute Divide in Artificial Intelligence Research, arXiv:2010.15581); IndiaAI Mission (Indian Cabinet, March 2024); EuroHPC Joint Undertaking AI Factories (2024 regulation amendment; no published impact evaluation)
Training-Data Rights
That foundation models ingest copyrighted and personal works without consent is undisputed; whether that ingestion produces legally cognizable reproduction harm is genuinely contested. The CS evidence that models can memorize and emit verbatim training text is robust and replicated — Carlini et al. (2021) extracted hundreds of verbatim sequences (including PII) from GPT-2, and follow-up work (Carlini et al., Quantifying Memorization, ICLR 2023) showed extraction scales log-linearly with model size and with example duplication. Honest caveat: verbatim reproduction is the exception, not the norm — the UK High Court held that Stable Diffusion's model weights never stored copies of the training images (defeating the secondary-infringement theory), and Getty abandoned its primary training-infringement claim at trial for lack of evidence, so whether the empirical phenomenon amounts to actionable harm (rather than transient, non-expressive use) remains the open question driving NYT v. OpenAI and parallel regimes.
Sources: Carlini, Tramèr, Wallace, Jagielski, Herbert-Voss, Lee, Roberts, Brown, Song, Erlingsson, Oprea & Raffel 2021 (Extracting Training Data from Large Language Models, 30th USENIX Security Symposium); Carlini, Ippolito, Jagielski, Lee, Tramèr & Zhang 2023 (Quantifying Memorization Across Neural Language Models, ICLR 2023; arXiv:2202.07646); Getty Images (US) Inc & ors v Stability AI Ltd [2025] EWHC 2863 (Ch) (UK High Court, 4 Nov 2025 — no secondary infringement; primary training claim abandoned at trial); The New York Times Co. v. Microsoft Corp. & OpenAI (S.D.N.Y., No. 1:23-cv-11195; consolidated In re OpenAI Copyright Infringement Litigation, Apr. 2025; ongoing 2025-2026)
There is no impact evaluation showing that the CDSM Directive Article 4 TDM exception plus its Article 4(3) opt-out reservation regime actually reduces unlicensed ingestion or channels compensation to rightsholders — the evidence that the rule works as designed is itself missing. The only available evidence is early case law and doctrinal scholarship, which document the mechanism's contested operation rather than its success: in Kneschke v. LAION the Hamburg Higher Regional Court (on appeal, 10 Dec 2025) held that a rights reservation in natural language did NOT satisfy Article 4(3)'s machine-readability requirement, invalidating the opt-out (note: the first-instance Regional Court had left the Article 4 question largely open and the case ultimately turned on the Article 3 scientific-research exception, so this machine-readability holding is appellate and not yet settled — a further appeal to the Federal Court of Justice was permitted). Legal scholars characterize the Article 4 opt-out as practically difficult and unharmonized, with no observed market in TDM licences or systematic enforcement to evaluate.
Sources: Kneschke v. LAION (Hamburg Regional Court, 27 Sept 2024, 310 O 227/23; on appeal Hamburg Higher Regional Court, 10 Dec 2025, 5 U 104/24 — opt-out held not machine-readable; further appeal to BGH permitted); Margoni & Kretschmer 2022 (A Deeper Look into the EU Text and Data Mining Exceptions, GRUR International 71(8):685-701); Quintais 2025 (Generative AI, Copyright and the AI Act, Computer Law & Security Review 56:106107)
Transparency Obligations
Documentation artifacts (model cards, datasheets) are well-specified as proposals and are genuinely adopted, but the empirical premise that mandated disclosure produces meaningful transparency is contested. Selbst & Barocas (2018) argue inscrutability and non-intuitiveness are distinct problems and that disclosing rules does not resolve the latter, and large-scale audits find documentation is sparsely and unevenly completed: a systematic analysis of 32,111 Hugging Face model cards (Liang et al. 2024) found environmental-impact, limitations and evaluation sections least often filled, and Bhat et al. (2023, 45 practitioners) found a substantial gap between the documentation proposal and actual practice. Honest caveat: the documentation frameworks themselves are real and adopted, so the dispute is about whether disclosure conveys decision-relevant information, not whether the artifacts exist.
Sources: Selbst & Barocas 2018 (Fordham Law Review 87:1085-1139); Liang et al. 2024 (Nature Machine Intelligence, s42256-024-00857-z, 'Systematic analysis of 32,111 AI model cards'); Bhat et al. 2023 (CHI '23, 'Aspirations and Practice of ML Model Documentation', DOI 10.1145/3544548.3581518); Mitchell et al. 2019 (FAccT, Model Cards for Model Reporting); Gebru et al. 2021 (CACM 64(12):86-92, Datasheets for Datasets)
There is no rigorous impact evaluation showing that AI transparency mandates (model cards, training-data summaries) measurably reduce bias, misuse or accidents — the central regulatory assumption is empirically untested, partly because flagship mandates like EU AI Act Art. 53(1)(d) GPAI training-data summaries are only subject to AI Office enforcement/verification from 2 August 2026 (the obligation itself began 2 August 2025 for new models). The closest analogue, mandated consumer disclosure, shows small and context-dependent effects: Bollinger, Leslie & Sorensen (2011) found mandatory calorie posting cut average calories per transaction by about 6%, while Loewenstein, Sunstein & Golman (2014) review evidence that disclosure effects are frequently diminished or even reversed by limited attention and often change provider rather than recipient behavior. These are analogues, not AI studies; no study demonstrates that AI transparency disclosure achieves its stated downstream safety aims.
Sources: Bollinger, Leslie & Sorensen 2011 (AEJ: Economic Policy 3(1):91-128); Loewenstein, Sunstein & Golman 2014 (Annual Review of Economics 6:391-419, 'Disclosure: Psychology Changes Everything'); EU AI Act Art. 53(1)(d) GPAI training-data summary (obligation from 2 Aug 2025; AI Office enforcement from 2 Aug 2026)