Japan Mandates AI Safety Testing for All Foundation Models

Japan's government has announced mandatory AI safety testing standards that will apply to all foundation models developed or deployed within the country, marking one of the most comprehensive regulatory moves in Asia's AI landscape. The new framework, spearheaded by Japan's Ministry of Economy, Trade and Industry (METI), establishes binding requirements for pre-deployment evaluation, red-teaming, and ongoing monitoring of large-scale AI systems.

The mandate positions Japan alongside the European Union and its AI Act as one of the few jurisdictions worldwide to impose enforceable safety benchmarks on foundation model developers. Unlike voluntary commitments previously adopted by companies like OpenAI, Google, and Anthropic in the United States, Japan's approach carries regulatory teeth — with potential penalties for non-compliance.

Key Takeaways at a Glance

• Scope: All foundation models with more than 10 billion parameters must undergo standardized safety evaluations before public deployment in Japan
• Timeline: Companies have until Q1 2026 to achieve full compliance; interim reporting begins in late 2025
• Enforcement: METI gains authority to issue warnings, demand corrective action, and levy fines up to ¥500 million ($3.3 million) for violations
• Domestic impact: Major Japanese AI developers including Preferred Networks, NEC, and Fujitsu must align their model pipelines with the new framework
• International reach: Foreign companies deploying models in Japan — including OpenAI, Google DeepMind, and Meta — must demonstrate compliance or face market restrictions
• Red-teaming: Mandatory adversarial testing must cover at least 12 risk categories, including bioweapons, disinformation, and critical infrastructure attacks

What Japan's New AI Safety Framework Requires

The regulatory framework introduces a 3-tier evaluation system that categorizes foundation models based on their capability level, parameter count, and intended deployment scope. Tier 1 covers models with 10 billion to 100 billion parameters. Tier 2 addresses models exceeding 100 billion parameters. Tier 3 applies to any model demonstrating 'frontier capabilities' — a classification that mirrors terminology used by the UK's AI Safety Institute.

Each tier carries progressively stricter requirements. Tier 1 models must pass a baseline safety evaluation covering toxicity, bias, and factual accuracy. Tier 2 models face additional scrutiny around dual-use risks and autonomous agent capabilities. Tier 3 models require the most rigorous testing, including government-supervised red-teaming exercises.

The framework also mandates model cards — standardized documentation that must accompany every foundation model released in Japan. These cards must include training data provenance, known limitations, benchmark performance, and a risk assessment summary.

How Japan's Approach Compares to EU and US Regulations

Japan's mandate draws clear inspiration from the EU AI Act, which was formally adopted in 2024 and begins phased enforcement through 2025 and 2026. However, several key differences set Japan's framework apart.

The EU AI Act classifies AI systems by use case and risk level, applying the strictest rules to 'high-risk' applications like healthcare and law enforcement. Japan's framework, by contrast, focuses squarely on the model layer itself — regulating the foundation model regardless of how it is ultimately deployed. This model-centric approach is arguably more comprehensive, as it catches risks at the source rather than at the application level.

Compared to the United States, Japan's stance represents a dramatic departure. The US has largely relied on voluntary commitments from leading AI companies, such as the White House's July 2023 agreement with 7 major labs and the subsequent October 2023 executive order from President Biden. With no comprehensive federal AI legislation passed as of mid-2025, America continues to depend on a patchwork of state-level proposals and industry self-regulation.

• EU AI Act: Risk-based, application-focused; fines up to €35 million or 7% of global revenue
• US approach: Voluntary commitments, executive orders, no binding federal law for foundation models
• Japan's mandate: Model-centric, parameter-based tiers; fines up to $3.3 million per violation
• UK's framework: Pro-innovation, relies on existing regulators; AI Safety Institute conducts voluntary evaluations
• China's regulations: Requires algorithmic registration, content review, and security assessments for generative AI services

Domestic AI Industry Faces Compliance Pressure

Japan's homegrown AI sector faces significant adjustment. Preferred Networks (PFN), one of Japan's most prominent AI companies, has been developing large language models tailored for Japanese-language tasks and enterprise applications. Under the new rules, PFN must submit its models for government-supervised evaluation before any commercial release.

NEC Corporation recently unveiled its own family of LLMs, including models specifically designed for government and defense use cases. These models will now fall under Tier 2 or Tier 3 classification, subjecting them to the most intensive testing requirements.

Fujitsu, which has partnered with organizations like RIKEN to develop supercomputer-powered AI systems, must also comply. The company's Kozuchi AI platform, which serves enterprise customers across Asia, will need to integrate the mandated safety documentation and evaluation processes.

Smaller Japanese AI startups have expressed concern about the compliance burden. Industry group Japan Deep Learning Association (JDLA) estimates that safety testing could add $200,000 to $500,000 in costs per model evaluation cycle — a figure that could be prohibitive for early-stage companies. METI has indicated it will explore subsidies and shared testing infrastructure to offset costs for smaller firms.

International AI Companies Must Adapt or Exit

The mandate's extraterritorial provisions have drawn the most attention from the global AI industry. Any company deploying a foundation model accessible to Japanese users — whether through APIs, consumer products, or enterprise platforms — must demonstrate compliance.

This means OpenAI must ensure that GPT-4o and any successor models meet Japan's 12-category red-teaming requirements. Google DeepMind faces the same obligation for Gemini models. Meta's Llama series, despite being open-source, falls under the rules if Meta or any downstream deployer offers Llama-based services in the Japanese market.

Anthropic, maker of the Claude model family, may find itself better positioned than competitors. The company has long emphasized its Responsible Scaling Policy and constitutional AI approach, which already includes many of the safety evaluation practices Japan now requires. Still, formal compliance documentation and government reporting will be new obligations.

Industry analysts at Goldman Sachs estimate that Japan's AI market is worth approximately $12 billion annually and is projected to grow at 25% CAGR through 2028. Exiting the market is not a viable option for major Western AI companies, making compliance effectively mandatory.

What This Means for Developers and Businesses

For developers building on top of foundation models, the practical impact depends on which models they use. If an upstream model provider achieves compliance, downstream application developers generally inherit that compliance status — though they may still face separate obligations under Japan's existing data protection and sector-specific regulations.

For businesses deploying AI in Japan, the mandate creates both challenges and opportunities:

• Companies can use compliance as a competitive differentiator, signaling trustworthiness to Japanese enterprise clients
• Procurement processes will likely begin requiring proof of foundation model compliance
• Businesses relying on non-compliant open-source models may need to switch providers or conduct their own evaluations
• Insurance and liability frameworks around AI deployment in Japan will likely reference the new standards

For global AI governance, Japan's move adds momentum to the emerging international consensus that foundation models require dedicated oversight. The G7's Hiroshima AI Process, which Japan championed during its 2023 presidency, laid the groundwork for this kind of national implementation.

Looking Ahead: A Template for Asia-Pacific Regulation?

Japan's framework could become a template for other Asia-Pacific nations considering AI regulation. South Korea is already drafting its own AI Basic Act, and Singapore has been developing model governance frameworks through its AI Verify initiative. Australia released a voluntary AI safety standard in 2024 and may move toward mandatory requirements.

The timeline ahead is critical. METI plans to publish detailed technical guidelines by September 2025, giving companies roughly 6 months to prepare before interim reporting requirements kick in. Full compliance enforcement begins in Q1 2026.

Japan is also investing in its own AI Safety Institute (AISI), modeled after the UK's institution, to serve as the primary evaluation body. The institute is expected to receive an annual budget of ¥10 billion ($66 million) and will collaborate with international counterparts on shared testing methodologies.

Whether Japan's approach proves effective will depend on execution — particularly on how the government handles the tension between promoting domestic AI innovation and enforcing rigorous safety standards. For now, the mandate sends an unmistakable signal: the era of self-regulation for foundation models is ending, one jurisdiction at a time.