Skip to main content

This page has been translated using TexTra by NICT. Please note that the translation may not be completely accurate.If you find any mistranslations, we appreciate your feedback on the "Request form for improving the automatic translation ".

First Advanced AI Utilization Advisory Board

Last Updated:

Overview

  • Date and Time: September 18, 2025 (Thursday) from 10:00 to 12:00
  • Location: Council Room, Online
  • Agenda:
    1. Opening
    2. Agenda
      1. Operation of the Advanced AI Utilization Advisory Board
      2. Outline of the Regular Report on the AI System Generated by Each Office
      3. Trends in generative AI in Japan and other countries
      4. Potential issues for the enhancement of the Guidelines for the Procurement and Use of Generative AI to Advance and Innovate Public Administration
    3. Adjournment

Material

References

Summary of the proceedings

At the beginning of the meeting, Mr. Kishi, Parliamentary Vice-Minister for Digital Transformation spoke about the significance of AI utilization in the government, Digital Agency's initiatives related to AI utilization, and the roles expected of advisory boards.

1. Explanation on the operation of the Advanced AI Utilization Advisory Board

The secretariat explained the operation of the Advisory Board on Advanced AI Use and Application based on Materials 1 and 2, and explained that Mr. Kadobayashi would be elected as the chairman with the prior consent of the board members.

There were no questions or comments from the participants regarding the operation.

2. Explanation of the Outline of the Periodic Report of the AI System generated by each Ministry and Agency

The secretariat reported the results of an analysis of the status of use and application of generated AI by ministries and agencies in Reference 3.

The main questions and opinions of the participants are as follows.

Nabatame: I would like to comment from the standpoint of a private citizen in , I appreciate your accurate analysis. There are two points of opinion. Regarding the first point, I understand that we have entered a phase in which we can grasp the overall structure by the number of users, form, etc., and deepen our awareness of what the purpose of AI is. I think that the purposes include operational efficiency improvement, accuracy improvement, and analysis / classification, etc., and I think that the direction of utilization of AI by the government will become clear. As an example introduced by you, the System to Collect Initial Information on laws and regulations Violations was mentioned, and I think it is a wonderful initiative. Since it is described with the purpose of improving the operational efficiency of ministry and agency employees and it seems to contribute to the purpose of improving the accuracy of laws and regulations observance, I think that we have entered a phase in which we are asked to organize the intentions of individual AI and how they relate to national interests. As the second point, under the situation that the introduction of AI in the government is still in the early stage, I think it is better to consider whether to implement guardrails for cases where individual employees use it without permission.

Secretariat: If the creation of purpose part is related to how to measure the effects of the introduction. It is important to effectively set goals such as how much information collected hits critical violation cases. Regarding the problem of personal AI use, it is important to make the latest and most stable model available to the staff of all ministries and agencies as much as possible, and to provide generated AI in a form that is easy for each ministry and agency to use. It is not necessary to use AI only as a purpose. It is important to clarify goal setting and objectives.

Yoshinaga, LLM, the staff may not know about the domestic model that can be used in the first place. When handling highly confidential data and sensitive information in the healthcare field, etc., the government considers that the domestic model is necessary. In the future, it is necessary to actively provide information to each ministry and agency when the domestic model becomes available. I would like to ask if there were characteristics of the usage model for each ministry and agency.

Secretariat: If the creation of Digital Agency not only publishes the guidelines but also cooperates with CAIO, it is conceivable that information is disseminated via CAIO. As for the characteristics of each ministry and agency, I will refrain from discussing them here because it is a matter of comparing the names of individual ministries and agencies. However, from the perspective of use cases, there are ministries and agencies that are limited to general-purpose utilization as a whole, and there are also ministries and agencies that have stepped into utilization up to specialized type 1 and specialized type 2. We can see some differences.

Member Torisawa: Although the number of users is used as the axis of analysis, since the ratio of active users / inactive users is not visible, I would like to see the frequency of use for accurate analysis. There is a possibility that they may dislike the provision, but I think that it will be more accurate analysis if they receive information.

Secretariat: If the creation of I think the number of users is now the number of people who can use it. We would like to consider whether we can specifically take active users, etc.

SHIBAYAMA, Member: users, I wonder if the type of 10,000 or more users is at the level of ministries and agencies or at a smaller organizational level.

Secretariat: If the creation of The category of 10,000 or more people probably includes use by related local organizations.

SHIBAYAMA, Member: Regarding the point raised by the member that personal use must be prevented, I think it is important to eliminate people who cannot use general-purpose type 1. If there is something that can be used officially, they will use it. I think it will be important to eliminate blank areas. For that purpose, I think it is necessary to break down and specify the rules for using the generated AI.

K. Okada: I would like to share information on the consultations I have often received from ministries and agencies, local governments, and companies in I felt that the purpose of introducing the AI raised by the members is important. In all the projects you shared, I assume that the objectives, performance indicators, and activity indicators have been set at the stage of raising the budget request. In the first place, I am concerned about whether performance indicators and activity indicators have been set, and if so, what they are based on. It is important to grasp the whole picture, and it is also important to learn from the cases of other ministries and agencies, so I would like you to consider it.

Secretariat: If the creation of The points you pointed out are also important for raising awareness, so we would like to consider them. We are also developing procedures to enable the use of AI. Even if it can be used free of charge, as long as it is Confidentiality class-1 information, it is acceptable to use it. In reality, many of them are used without clearly defining performance indicators, etc., in order to actively utilize them without being a burden. Digital Agency is also seeking indicators for examples of system development. I think it is important to use them without setting performance indicators at first, so we would like to proceed while making good adjustments.

3. Explanation of trends in generative AI in Japan and other countries

The secretariat explained the trends of formation and AI in Japan and foreign countries based on Document 4.

The main questions and opinions of the participants are as follows.

Kitamura: I would like to add two points. Regarding the evaluation tool of AISI, I have submitted an open source project that includes automatic red teaming. Details are available on GitHub. Regarding the introduction of generative AI, there is a move to move to generative AI based on the control of conventional AI because it is necessary to take steady steps in Germany. There is no internationally established definition of agentic AI yet, but based on a provisional understanding of practice, specific efforts such as audit and the use of meta-agents are being made in Germany, for example, and it is necessary to be aware that competition is increasing toward the next stage.

Yoshinaga, : On September 15, 2025, OpenAI, Duke University, and Harvard University released a report titled "How people are using ChatGPT." I heard that it is mainly used as guidance, as information collection like search engines, and as documentation support. At present, I think that it can be classified into these three categories in the government ministries and agencies. In the previous report, it was said that it was used for research support for legal systems, etc. As a researcher of a think tank who has studied legal systems in dozens of countries, I think that such research will no longer need to use think tanks. However, it is necessary to scrutinize the accuracy of hallucination, and I think we need to look at each government ministry and agency to see if they are providing information after thorough scrutiny. In this regard, I would like Digital Agency to communicate closely with each government ministry and agency.

Secretariat: If the creation of Population AI, each ministry will establish rules for its use, provide training, and disseminate information on hallucination, etc. that should be kept in mind when using it.

Kitamura: It is necessary for the Advisory Board to cooperate with CAiOS in each ministry and agency. While there are CDOs and CISOs, we, as experts, would like to supplement the practical work of CAiOS by providing expert advice in the form expected of CAiOS as partners so that excessive burdens are not concentrated on CAiOS.

Nabatame: I would like to comment from the standpoint of a private citizen in Basic Plan for AI, are extremely positive, and I think we have been able to contribute to the people who are the beneficiaries. I understand that it is extremely timely, partly because the action plan of the United States was released in July. Based on that, it is important to see how dynamically the AI can be operated in the future as a continuous transformation. Since the pace of change in the AI may exceed our predictions, the government needs to strike a balance between risk and utilization. AI will continue to evolve in the future, but it is difficult to seek perfect infallibility. In addition to the technical challenge of hallucination, the output created from limited data is not completely accurate, and I don't think there will be any change in the need for manual correction, so it is important for the government to continuously monitor and consider issues. I think it is important for each government agency to continuously reflect on the imperfections of change and infallibility as initiatives in the future. In Pillar II of the U.S. Action Plan, Promote Mature Federal Capacity for ICT Incident Response, the United States has set its point of view on realizing a society in which benefits outweigh risks while incidents are accepted as inevitable.

Secretariat: If the creation of The current GL defines the roles of each ministry and agency and defines their respective roles. There is a description of monitoring in the operation, but we would like to consider improving the description while receiving your opinions.

Kitamura: The keyword for future generation AI is multi-agent. In the past, "wrong answers" included in the generation result were a problem, but in the future, "malfunction" that occurs in the course of cooperation of multiple AI systems - in other words, unexpected behavior due to interactions between systems - will be a problem.

Chairman Kadobayashi: were mentioned, and we would like to continue discussions at future advisory board meetings.

4. Explanation of Potential Issues for Enhancement of Guidelines for Procurement and Use of Generative AI for Evolution and Renovation of Public Administration

The Secretariat explained potential points for improvement of the Guidelines.

The main questions and opinions of the participants are as follows.

Chairman Kadobayashi: members ("Basic Concept on AI Systems"), I would like to ask Naganuma members.

Member NAGANUMA: Keidanren. In the last fiscal year, the Federation of Economic Organizations participated in the study group on AI systems from the viewpoint of industry. At that time, the Japan Federation of Economic Organizations (Keidanren) conducted a questionnaire on what AI use and systems should be like, and this material summarizes the results of responses from AI developers, AI providers, and AI users. The government's use of AI was also taken into consideration, and the Study Group on AI Systems was approached. I hope you will refer to what Keidanren has said. Regarding the basic concept of the principles, regarding "(1) Compatibility of risk response and innovation promotion", the division of responsibilities is clearly described, including certification systems for AI products and safety measures, support measures as industrial policies, and human resource development with AI literacy. This part is also reflected in the AI Act. "(2) Designing flexible systems that can respond to the speed of changes in technology and business" has been incorporated into the AI Law as a system that can respond to the speed of technology and business. "(3) Compliance with International Interoperability and International Guidelines" refers to matters based on compliance with international codes of conduct as international interoperability. As you know, it is reflected in the AI law. We also received many opinions regarding "(4) Views on the appropriate procurement and use of AI by the government". There are also opinions that dependence on foreign countries should be reduced, and voices have been received regarding clarification of responsibility, transparency of the decision-making process, and construction of a governance system within the government. They also called for the strengthening of international competitiveness and the establishment of standards such as ISMAP. The fostering of the domestic technology is also greatly requested from the industrial world. There are also calls to clarify responsibility, make the decision-making process transparent and establish governance within the government, and I would like to deepen discussions. I think there will be a discussion later on what exactly will happen regarding the strengthening of international competitiveness. Systems such as ISMAP will also be discussed later. As for "(5) Other opinions," it was necessary to consider the certification system, responses by business type, and consideration for small and medium-sized enterprises. In the future, we would like to deepen discussions on "(4) Views on the appropriate procurement and use of AI by the government". This material is from a year ago, but it should be used as a reference.

Yuasa: There are three opinions. First, although it is a well-known fact that there is no infallibility in AI, as was also raised by members of Nabatame, I feel that there is a growing public opinion that administrative work should be perfect. It is necessary to send a clear message that the accuracy of AI is not 100%. Second, there is an issue of what to do if the illegality is pointed out by the administration and local governments, etc., but there is a viewpoint of whether there is a risk if the administration is sued. Regarding the high risk judgment of GL, I think that it is not a risk judgment that is directly linked to illegality under the administrative law. It is necessary to review whether it is a direction that high risk = possible violation. Third, regarding the logic of the risk axis, considering that personal data is assumed to be used in most use cases, it may be too strict to say that personal data will immediately become high risk when it is handled. It may become a barrier to the use of AI by each government agency. The handling will change depending on whether it is Special Care-required Personal Information or not. I would not call it relaxed, but shouldn't it be a logic that is easy for the administration to introduce?

Secretariat: If the creation of We would like to deepen our discussion while listening to your opinions. We believe that the fact that AI is not infallible will be particularly important in use cases for the public, and we would like to proceed based on the fact that points to note and disclaimers are indicated in text and that they are embodied.

Secretariat: If the creation of risk judgment logic, the current idea is that "C. Whether or not information that requires confidentiality or personal information has been learned" is concerned with the risk of information leakage, and "B. The nature of the work of using and utilizing generated AI" includes the illegality of civil affairs that causes damage due to the generation of erroneous information. Regarding "A. Scope and type of users," it is from the perspective of reducing risks by thoroughly implementing rules if users can be identified. Regarding "D. Use of output results through judgment by government officials," it is from the perspective of human-in-the-loop and that people are responsible for the content. Regarding the part of "C. Whether or not information that requires confidentiality or personal information has been learned," etc., which was mentioned in the opinion, we would like to further discuss it in the future.

Chairman Kadobayashi: Regarding personal data, privacy-enhancing technologies (PETs) are evolving, such as named entity recognition, which automatically masks personal data, and confidential computing, which can maintain confidential data in the cloud and handle it using AI in local environments.

Secretariat: If the creation of In relation to this, the review of the Act on the Protection of Personal Information is a point of discussion at the next Diet session, and I would like to pay close attention to its trends.

Chairman Kadobayashi: Regarding "A. Scope and type of users," it is important for the administration to provide guidelines to the industry.

Member Torisawa: , I would like to make a few comments. Regarding the procurement check sheet, I think it is very difficult to express and secure the point that AI is not infallible in this sheet. Requirement 19, "The output of the generative AI system must be free of harmful bias and unfair discrimination," is considered to be impossible to realize. There is no AI with which the probability can be said to be zero. It is also difficult to write it in a way that is understandable to those involved in procurement. There is also a problem with the description of the example of measures. There is a system in which the generative AI can refuse to respond. Whether the fact that the response can be refused means 100% or 90%, it can be interpreted as the former in common sense. However, this is currently impossible and will be almost impossible in the future. Named Entity Recognition also has difficulty in dealing with rare individual names, etc., and it does not mean that individual names can be identified 100% accurately and completely. It is considered that non-professionals will read this description regarding AI in procurement, and it is difficult for the supplier to write "has technology." One way of thinking is to use benchmark results to show that there is no bias. In the case of evaluation by benchmark tests, if the benchmark is open, if it is learned, it can get a high score in that range and be outwitted. Therefore, it can be a certain brake but not an ultimate solution. It can also be considered to use AISI tools, but in that case, it is difficult to score. How to write it is important. I think it is the same for Requirement 27, "The AI accessed by the generative data system is kept in an appropriate state."

Secretariat: If the creation of Generation AI is not infallible should be included in the check sheet. Basically, it is not required to be infallible, but the essence is that we are taking risk mitigation measures against it. Therefore, it is necessary to review the specific expressions from the perspective of the indication. The secretariat will continue to confirm it, and we will continue to receive opinions from the members to improve it.

Kitamura: AI We must not forget that the "Evaluation Tool for AI Safety Evaluation" published by SI is also just one of the evaluation methods, and it is not an absolute evaluation. Given that AI has no geographical boundaries, looking at the difficulty of cross-border regulations, the British Association for Quality Assurance believes that in Europe, data management and the extent to which it can be released or not will be a competitive area in each country in the future. The currency of AI is data, so it is data access that is regulated. Looking at the limits of control of the AI model, there is a growing view that the main battlefield will shift to data.

Secretariat: If the creation of Government's Guidelines for Procurement and Utilization of Generative AI, it is likely to be discussed in the future as a AI policy.

Chairman Kadobayashi: knows no borders. However, with the spread of the Internet, laws and regulations on privacy have gradually been introduced. The same trend is expected with regard to AI. It is important for the Government of Japan to provide guidelines on data, such as whether or not it is okay to study administrative documents. In administrative affairs, bias in thought is also important.

Kitamura: government's move toward the use and application of generative AI is also being seen in the private sector. Japan's benchmarks were also seen in Germany.

Yoshinaga, : There are four opinions. First, there is room for consideration of the flow chart as specific risks have not yet been identified. The risk assessment sheet should be revised after collecting information from ministries and agencies and brainstorming within the advisory board. Second, although it may be discussed separately in the guidelines of local governments, there was a case of child abuse protection in Mie prefecture. The decision not to provide protection was made based on the results of the AI. It is difficult to judge whether it should have been judged as high risk with a protection rate of 39% or not. Operational rules for AI, such as standards, should also be considered. Third, I would like to know how government agencies in foreign countries use generated AI. For example, if there are cases in which government agencies use AI in the U.S., the U.K., Singapore, etc., I would like you to present them in future reports. Fourth, regarding the composition of the guidelines, there is a division of reference essential / recommendation in the annex. It would be easier to understand if the classification was changed from essential to recommendation. Also, I thought it would be easier to use if it was clearly indicated in the annex whether it was recommended or essential.

Secretariat: If the creation of I would like to deepen the discussion while showing the direction based on today's opinions. I have heard that deep learning is used for AI on child abuse protection. Regarding the order of the attachment, the current numbering is the order in which they appear in the text, but we will consider it.

Chairman Kadobayashi: has its own jurisdiction. I think child abuse is under the jurisdiction of the Agency for Children and Families. I think they should cooperate with each other.

Kitamura: AI management system. Regarding ISO/IEC42001, I am one of the members who were involved in the discussion, but there is no contradiction in the context of procurement. However, efforts are just beginning in Japan, and I think it would be better to start working after the ISO/IEC42001 management system actually starts working next year.

Secretariat: If the creation of We would like to consider including it as an option for the next fiscal year and beyond.

Kitamura: The key point of America's Action Plan is the full stack. As opinions are divided in the United States, it is necessary for Japan to take proactive measures.

Member NAGANUMA: From the perspective of the private sector, I assume that the private sector will take the lead in both use cases and risks of generative AI, even if it is the utilization of government for the four points of contention. The current procurement GL is closely linked to the AI business operator GL. As guidelines based on the AI Act will be established in the future, from the perspective of ensuring consistency with the government's rules, it is conceivable that too many updates will make it difficult for users to use. It is necessary to see how far we can move forward. It will be important for the private sector to cross-reference with an awareness of the time base.

Nabatame: I would like to comment from the standpoint of a private citizen in . The AI Governance Association, of which I am the representative director, has now become an association of about 120 companies. I launched it with the intention of disclosing to society the knowledge and efforts of the private sector to deal with risks. Through my activities so far, I have felt that there are many aspects of the risks inherent to AI that are clearly covered by existing legal systems, such as physical damage. There are difficulties even for private business operators with value norms that are not covered by existing legal systems, such as ethics, dignity, and bias. There are expressions in the procurement check sheet that show consideration for bias, ethics, and dignity, but I think it is difficult to just check with sample data. This is because AI, unlike IT, has a complicated process of recognizing, understanding, and generating information. I would like to discuss what should be done to address the differences.

SHIBAYAMA, Member: It is also difficult to reduce the risk of infringement to zero. When infringement occurs, the main legal effects are injunctions and claims for damages. Injunctions are stopped whether or not there is negligence. Regarding damages, negligence is required. If it can be said that reasonable measures are taken to prevent infringement, the possibility of negligence can be reduced and the risk of damages can be significantly reduced. It is possible to reduce the risk of infringement by providing a certain technical guarantee, etc., but this is not something that users can do, but basically only developers can do. There is little that users can do, but I think it is important to assess risks based on the mode of use, etc. and respond. JDLA (Japan Deep Learning Association) is also discussing this. I think it would be good if the private sector, which can take risks, promotes the use of it and then refers it to the government. In addition, regarding the contract check sheet, JDLA is about to disclose the GL of the development contract for the system with the generated AI incorporated and the contract template.

Secretariat: If the creation of images is also covered, I think it is required as a government guideline to describe the infringement of intellectual property rights by products. This is similar to the conventional discussion in cybersecurity. Control in terms of prevention and emergency response is important in AI. Similarly, in AI, it is important to limit before use, but I would like to proceed with it while also considering restrictions when used.

Member Torisawa: In relation to the current law, the description may be too vague for the developers to understand. We are concerned that the ambiguity will be taken over and the guideline will be described. There is a description about "beliefs" regarding Special Care-required Personal Information, but there is a point of contention about what beliefs are. There is a point of contention about whether posts on SNS are beliefs. Based on this situation, it is considered difficult to incorporate it into the guideline.

K. Okada: I would like to share information on the consultations I have often received from ministries and agencies, local governments, and companies in over the past two years. First, regarding the utilization of personal data, I would like to ask whether it is all right to use information processed under pseudonyms as generated AI. Second, regarding the acceptance of hallucination, I would like to ask how far I can accept the fate that hallucination always exists as shown mathematically just recently, and how I can alert and raise awareness. Third, regarding reviews at the time of AI procurement, I would like to ask how and when to conduct technical reviews and user reviews at the time of procurement and development. Fourth, regarding AI system audits, I would like to ask how and when to conduct audits to determine whether the generated AI services procured and developed function properly after operation and whether there are any problems.

Chairman Kadobayashi: The parties that have stipulated the system, the parties that are operating the system, and the parties that are developing the system gathered and were able to have a conversation. Steel refining and automobiles using fire have also been promoted despite the risks. It is important how to utilize such things. Some of the materials that are not disclosed will not be disclosed in accordance with the operational guidelines.