Full version with references (English PDF) is available here. Japanese version is available here.

Global AI Regulatory and Policy Developments: 2025 Update and Implications for 2026

As the use of artificial intelligence (AI) continues to expand and the underlying technology develops rapidly, 2025 saw notable regulatory and policy developments across jurisdictions. This newsletter provides a brief overview of key regulatory and policy trends in major jurisdictions in 2025—focusing on Japan and the European Union (EU)—and discusses issues companies should address in 2026 to strengthen their AI governance.

Table of Contents

Executive Summary

In 2025, against the backdrop of the rapid proliferation of AI—particularly generative AI—legal and policy frameworks advanced significantly across countries and regions to promote AI adoption while addressing associated risks. Notably, Japan implemented its first comprehensive AI-related statute, and the EU began the phased application of the EU Artificial Intelligence Act (the “EU AI Act”), the world’s first comprehensive AI regulation—developments that directly affect corporate AI governance.

In Japan, the Act on the Promotion of Research, Development and Utilization of AI-Related Technologies (the “AI Act”) became fully effective in September 2025. The AI Act adopts a framework without criminal penalties or administrative fines, seeking to avoid hindering innovation while enabling administrative involvement in response to issues such as malicious misuse of generative AI. In December 2025, the Cabinet approved the Basic Plan for Artificial Intelligence, clarifying that AI governance leadership and the enhancement of trustworthiness are core policy priorities. In addition, a draft Principles Code on generative AI and intellectual property was released as soft law, further underscoring the expectation that companies will strengthen AI governance primarily through voluntary initiatives heading into 2026.

In the EU, under the EU AI Act (which entered into force in 2024), rules on prohibited AI practices and on general-purpose AI models (GPAI) began to apply in 2025. From August 2026, the EU will begin applying requirements for certain high-risk AI systems and transparency obligations for limited-risk AI. These developments may have broad impact on non-EU companies, including Japanese companies, due to the EU AI Act’s extraterritorial reach. Meanwhile, the so-called “EU Digital Omnibus” initiative released in November 2025 has proposed potential amendments to certain provisions of the EU AI Act, including possible deferrals of application dates for some high-risk AI requirements, making it important to monitor legislative developments.

In the United States and across Asia, frameworks for AI governance are also taking shape. While the U.S. does not currently have an EU AI Act–style comprehensive federal AI statute, national strategy is being articulated through the America’s AI Action Plan and executive orders, alongside continued state-level legislative activity. China has introduced robust rules emphasizing data control and traceability. South Korea and Taiwan have enacted “basic” AI statutes, reflecting rapid progress in building AI governance frameworks across the region.

Looking ahead to 2026, key priorities for companies include: (i) enhancing AI governance through AI ethics policies, internal guidelines, and operational implementation; (ii) establishing structured compliance programs for overseas regimes with extraterritorial reach, including the EU AI Act; and (iii) conducting ongoing risk assessments that reflect both hard law and soft law requirements. As AI becomes a core driver of competitiveness, the effectiveness of regulatory compliance and governance will increasingly determine business risk outcomes, making practical cross-functional collaboration among legal, management, and technical teams indispensable.

Japan

Key Developments in 2025

Full Implementation of the AI Act (effective September 1)

Historically, Japan has not adopted a comprehensive AI statute; instead, relevant authorities addressed AI-related risks and issues through sector-specific laws and soft law instruments. On June 4, 2025, Japan promulgated and partially put into effect the Act on the Promotion of Research, Development and Utilization of AI-Related Technologies (the “AI Act”) to promote AI innovation while responding to risks, and on September 1, 2025, the Act became fully effective, including provisions relating to the establishment of the AI Strategy Headquarters.

The AI Act sets out a framework to promote R&D and utilization of AI technologies while addressing potential risks. The Act provides for the development of guidelines by the Japanese government (including matters to be observed by business operators and others) and for investigations into malicious cases, as well as guidance and advice based on the results of such investigations. At the same time, the AI Act does not include specific criminal penalties or administrative fines, reflecting a structure intended to address risks while avoiding undue constraints on technological development.

Cabinet Approval of the Basic Plan for Artificial Intelligence (December 23)

On December 23, the Cabinet approved the Basic Plan for Artificial Intelligence (titled “Revitalizing Japan through ‘Trustworthy AI’”). The Plan aims to realize “trustworthy AI” and make Japan “the world’s most AI-friendly country for development and deployment.” Under this policy direction, measures are organized around the following four basic pillars:

Guidelines on Ensuring the Appropriateness of R&D and Utilization of AI-Related Technologies

The Guidelines on Ensuring the Appropriateness of R&D and Utilization of AI-Related Technologies were formulated pursuant to Article 13 of the AI Act and are intended to encourage voluntary and proactive efforts by all stakeholders to ensure appropriate implementation of AI R&D and utilization. They provide that AI users and R&D organizations should undertake, among other things:

Developments to Watch in 2026

As described above, 2025 was a significant year, marked by the full implementation of the AI Act and the formulation of the Basic Plan for Artificial Intelligence and the above Guidelines. However, Japan’s AI Act does not establish a comprehensive, EU-style risk-based regulatory framework (e.g., the EU AI Act). Accordingly, continued strengthening of voluntary corporate initiatives remains important.

In particular, companies are expected to promote AI governance initiatives in light of existing laws (including the Act on the Protection of Personal Information (APPI), the Copyright Act, and other intellectual property laws) and soft law instruments (including AI business operator guidelines). Developments to watch in Japan in 2026 include, for example, the following:

Amendment of the APPI

On January 9, 2026, the Personal Information Protection Commission (PPC) published the “Draft Policy for Amendments under the Triennial Review of the APPI.” The document considers a policy direction under which, with respect to third-party provision of personal data and the acquisition of publicly available special care-required personal information, data subject consent may be made unnecessary subject to conditions—such as ensuring that use is limited to the creation of statistical information and similar outputs (including AI development that can be characterized as statistical processing). The draft also considers a policy direction to establish mechanisms such as a surcharge (administrative monetary penalty) system to effectively deter egregious violations involving economically motivated handling of large volumes of personal information. Further developments in the amendment process should be closely monitored.

Publication of the Draft Principles Code

On December 26, 2025, the Cabinet Office Intellectual Property Strategy Headquarters Secretariat released a draft titled “Principles Code (tentative) on the Protection of Intellectual Property and Transparency for Appropriate Use of Generative AI (Draft).” The draft is positioned as soft law and sets out principles for developers and providers of generative AI, focusing on transparency and copyright protection. While the draft does not have legally binding force, it may, from a practical perspective, have certain normative effects in practice. Public comments are being accepted until January 26, 2026, and future developments warrant attention.

European Union (EU)

Under the EU AI Act (which entered into force in 2024), a risk-based approach applies obligations to providers, deployers, and other relevant operators depending on the risk level of the AI system (e.g., prohibited, high-risk, and limited-risk). In addition, the EU AI Act establishes a dedicated regulatory framework for general-purpose AI models (GPAI). Following its entry into force in 2024, the Act is being applied in phases, with full application targeted for 2027. Due to its broad extraterritorial reach, companies outside the EU—including Japanese companies—may fall within scope and should prepare accordingly.

Key Developments in 2025

Application of the Prohibition on Prohibited AI Practices

From February 2, 2025, the prohibition on certain AI practices classified as “unacceptable risk” under the EU AI Act became applicable. In connection with this, the European Commission published guidelines on prohibited AI practices under Regulation (EU) 2024/1689 (the EU AI Act).

Application of Rules on General-Purpose AI Models (GPAI)

On August 2, 2025, rules concerning general-purpose AI models began to apply. Prior to this, in July 2025, the European Commission published a Code of Practice for providers of general-purpose AI models. The Code of Practice is positioned as a voluntary framework that can be used by GPAI providers to demonstrate compliance with the EU AI Act.

In addition, on July 18, 2025, the European Commission issued supplementary guidelines intended to clarify relevant legal concepts and help stakeholders across the AI value chain understand and comply with their obligations.

Developments to Watch in 2026

Start of Application of Requirements for High-Risk AI Systems (August 2026)

Under the EU AI Act as currently in force, requirements for high-risk AI systems will apply from August 2, 2026 to high-risk use cases listed in Annex III, while high-risk AI systems that are safety components of products—or are products themselves—will be subject to application from August 2, 2027.

To support implementation of the high-risk AI regime, the European Commission conducted a public consultation on high-risk AI systems in June 2025. The Commission is expected to publish guidance on the practical operation of the classification rule under Article 6 (high-risk AI system classification) no later than February 2, 2026.

The EU AI Act also provides that compliance with certain harmonised standards gives rise to a presumption of conformity with relevant requirements for high-risk AI systems. The European Committee for Standardization (CEN) and the European Committee for Electrotechnical Standardization (CENELEC) are progressing work on harmonised standards for high-risk AI systems, which are expected to be published on a rolling basis. Companies should monitor these publications and plan their compliance accordingly.

Start of Application of Transparency Obligations for Limited-Risk AI (August 2026)

Transparency obligations applicable to limited-risk AI systems will begin to apply on August 2, 2026. In this context, on December 17, 2025, the European Commission released the first draft Code of Practice on Transparency of AI-generated Content. The draft Code aims to support providers and deployers in complying with transparency obligations under Article 50 of the EU AI Act, including identification and disclosure requirements for AI-generated or manipulated content and labeling obligations for deepfakes and similar content. The Commission has indicated that a final version is expected around May–June 2026.

Possible Amendments to the EU AI Act under the EU Digital Omnibus Initiative

As described above, certain high-risk requirements and limited-risk transparency obligations under the EU AI Act are scheduled to apply in phases during 2026. However, the so-called “EU Digital Omnibus” initiative published by the European Commission on November 19, 2025 indicates the possibility of revisiting certain provisions of the EU AI Act, and legislative developments should be monitored.

In particular, the initiative identifies as a subject for consideration potential deferrals of application dates for certain high-risk AI systems, including high-risk systems in specific domains and high-risk systems linked to the EU’s product safety regime, in light of the status of harmonised standards and guidance. As a result, for certain categories, the start of application may be pushed to 2027 or later.

Other Jurisdictions

United States

AI Action Plan

In July 2025, the White House published America’s AI Action Plan. The Plan aims to secure U.S. leadership and global competitiveness in AI and is structured around three pillars: (i) accelerating AI innovation, (ii) building AI infrastructure in the United States, and (iii) establishing leadership in international AI diplomacy and security.

State-Level AI Legislation and Federal Developments

The United States has not enacted a comprehensive AI statute comparable to the EU AI Act, and AI regulatory activity continues largely at the state level, including developments such as California’s AI transparency legislation and Texas legislative developments relating to responsible AI governance.

At the federal level, a White House executive order issued in December 2025 is positioned as articulating common federal principles on AI and may influence technology companies and regulated industries through federal agency initiatives and policy coordination. Companies should monitor both state-level developments and federal policy trends.

China

In January 2025, China implemented the Regulations on Network Data Security Management promulgated in September 2024. The Regulations state that their purposes include regulating network data processing activities, ensuring network data security, promoting reasonable and effective use of data in accordance with law, protecting the legitimate rights and interests of individuals and organizations, and safeguarding national security and the public interest.

In addition, in March 2025, the Cyberspace Administration of China (CAC) and three other departments released the Measures for the Identification of Artificial Intelligence-Generated Synthetic Content, which took effect on September 1, 2025. Under these Measures, service providers that provide online information content dissemination services are required to ensure that AI-generated or AI-synthesized content is appropriately labeled.

South Korea

In South Korea, the Framework Act on the Development of Artificial Intelligence and Establishment of Trust was enacted on December 26, 2024 and promulgated on January 21, 2025. The Act is a comprehensive “framework” statute aimed at promoting the development and use of AI while ensuring trustworthiness, and is positioned as one of the earlier comprehensive AI statutes adopted in Asia.

The Act also includes provisions contemplating a degree of extraterritorial application, and therefore may affect Japanese companies conducting AI-related business connected to the Korean market.

Taiwan

In Taiwan, the Legislative Yuan passed the Artificial Intelligence Basic Act on December 23, 2025. The Act aims to promote human-centered AI R&D and the growth of the AI industry, establish a safe environment for AI applications, and achieve digital equality while protecting fundamental human rights. It is also positioned as establishing legal and regulatory foundations to ensure that the application of technology aligns with social ethics, protects national and cultural values, and strengthens international competitiveness.

What Companies Should Do in 2026

As described above, in 2026, companies should continue monitoring AI regulatory developments and conducting ongoing risk assessments, while building and enhancing internal AI governance frameworks based on those assessments.

Establishing and Operating AI Ethics Policies and Internal Governance

Companies should continue efforts to develop AI governance, as referenced in Japan’s Basic Plan for Artificial Intelligence and the relevant Guidelines. Key challenges include compliance with existing laws relating to AI utilization and response measures based on soft law instruments such as AI business operator guidelines. In practice, companies should strengthen initiatives for appropriate AI use through AI ethics policies, internal guidelines, and internal training programs.

Preparing for EU AI Act Compliance

Companies operating globally must address not only Japanese requirements but also compliance with overseas regimes. In particular, the EU AI Act has broad extraterritorial reach and can affect Japanese companies. As 2026 marks the start of application of key requirements for high-risk AI systems and the continued development of harmonised standards, companies should advance EU AI Act readiness while monitoring potential schedule changes under the EU Digital Omnibus initiative. Specifically, companies should: (i) assess whether and how the EU AI Act applies; (ii) identify applicable requirements; and (iii) implement compliance measures accordingly.

---

Contact

Akiko Araki
Managing Partner of Araki International IP&Law
Attorney-at-law (Japan and California)
akiko.araki@arakiplaw.com
CV: https://arakiplaw.com/our-people/araki/

About Araki International IP&Law

Araki International IP&Law is a Japanese domestic law firm established by an attorney having experience with international law firms. The firm’s mission is to make companies and people shining in the global market. To reach that goal, the firm is active in helping international clients running businesses in Japan in various legal areas.

Our firm advises companies on Japanese AI-related laws and regulations, including emerging AI governance frameworks, data protection, and intellectual property issues. We support corporate clients in navigating regulatory developments and building practical compliance and governance structures for the use of AI in Japan.

https://arakiplaw.com/en/
info@arakiplaw.com

Notice

This newsletter does not provide any legal advice, and thus it does not create any attorney-client relationship with the recipients. If you have any questions on any particular matters in relation to this subject matter, please contact AIL directly.

This newsletter has been distributed to those who have exchanged contacts with Araki International IP&Law (AIL) or registered for events hosted by AIL. If you no longer wish to receive emails from AIL, you may subscribe by sending a message here. AIL’s privacy policy can be found here.

© Araki International 2026