What is the G7 Hiroshima AI Process?
Global AI regulation
The G7 Hiroshima AI Process is the G7's voluntary governance track for advanced AI systems, launched in 2023 under Japan's G7 presidency. It is not a treaty, regulation or domestic AI statute. Its core documents are international guiding principles and a code of conduct for organisations developing advanced AI systems, especially advanced foundation models and generative AI. It now also has an OECD-run reporting framework that lets organisations publicly explain their AI governance, risk, security and transparency practices.
What this means
The Hiroshima AI Process was created because generative AI was moving faster than governments could agree on one global law. The G7 therefore built a soft-law track: shared principles, a voluntary code for organisations developing advanced AI systems, and a mechanism to encourage more consistent practices across borders.
That makes it different from an AI statute or treaty. It does not create direct legal duties in the way a domestic regulator or court can. Instead, it gives governments and organisations a common reference point for advanced AI governance, and in 2025 and 2026 it moved from political agreement into public reporting through the OECD.
As of 4 June 2026, the reporting layer is active in Version 2.0, with rolling submissions and a published timetable for the next OECD review. That means the Process is no longer only a set of high-level texts. It is also a live transparency mechanism.
Why it matters
The Hiroshima AI Process matters because many organisations now build, fine-tune, provide or deploy advanced AI in more than one market, but face a patchwork of laws, guidance, buyer demands and board expectations. The G7 process creates a shared governance vocabulary for topics such as risk assessment, testing, incident handling, security, provenance and public transparency.
Its practical force does not come from direct legal penalties. It comes from interoperability, public disclosure and soft pressure. A published HAIP report can help show how an organisation thinks about advanced AI governance. That can support board oversight, procurement dialogue, partner diligence and cross-border policy engagement.
It also matters because it sits in the space between principle and proof. The code tells organisations what kinds of practices the G7 wants to see. The OECD reporting framework creates a structured way to evidence those practices in public. For leaders, that makes the Process relevant even where domestic law has not yet crystallised, while still leaving domestic legal compliance as a separate task.
How it works
Where the process came from
The G7 Hiroshima Leaders' Communique in May 2023 called for international discussion on AI governance and interoperability, and tasked ministers to establish the Hiroshima AI Process with the OECD and GPAI. Later that year, on 30 October 2023, G7 leaders welcomed two central texts: the Hiroshima Process International Guiding Principles and the Hiroshima Process International Code of Conduct. They also said those texts should be reviewed and updated as needed, through ongoing multistakeholder consultation.
That is an important point of legal status. The documents were designed as living, voluntary governance instruments for a fast-moving technology, not as fixed treaty text.
What sits inside the process
In practical terms, the Hiroshima track has three layers that matter most to organisations.
First, there is the political layer: G7 leaders and ministers use the Process to express a shared direction of travel on advanced AI governance. Second, there are the substantive texts: the guiding principles and the code of conduct. Third, there is the operational layer: the OECD-hosted Hiroshima AI Reporting Framework, which turns those texts into public governance disclosures.
The Process is therefore best understood as a soft-law package. It is more concrete than a general values statement, but less coercive than legislation. It is meant to guide behaviour while governments continue to develop more durable domestic legal and regulatory regimes.
What the code asks organisations to do
The code is aimed at organisations developing advanced AI systems, including the most advanced foundation models and generative AI systems. It is expressly voluntary and risk-based. It asks organisations to work across the full AI lifecycle, from design and development through deployment and use.
Substantively, the code groups the G7's expectations around a recognisable governance pattern. Organisations are expected to identify, evaluate and mitigate risks before and after deployment, including through testing and red-teaming. They are expected to publish meaningful transparency information on capabilities, limitations and appropriate use. They are expected to share relevant safety and incident information responsibly, build governance and risk management policies, invest in security controls, develop provenance or content-authentication measures where technically feasible, support safety research, advance international technical standards and put in place data measures that respect privacy and intellectual property.
For operators and governance leads, the key point is that the code is not framed as abstract ethics alone. It points toward documented processes, internal accountability, public reporting and evidence of mitigation work.
How the OECD reporting layer works
The reporting layer exists because the G7 wanted a way to monitor voluntary uptake of the code. Under the Italian G7 presidency in 2024, ministers said the G7 should identify and introduce tools and mechanisms for monitoring organisations' application of the code on a voluntary basis, with OECD support. The OECD then developed and tested a reporting framework and launched the operational version in February 2025.
As of 4 June 2026, the OECD says Version 2.0 is live. It is open to organisations across the advanced AI value chain, including developers, deployers and providers. The OECD overview says the first round resulted in 25 reports and that submissions received by 1 September 2026 will feed the next analytical review.
Mechanically, the framework is a structured questionnaire. Organisations submit a report through the OECD platform and attest that the information is accurate to the best of their knowledge at the time of submission. Reports are published in full on OECD.AI. The Secretariat may ask for additional non-public supporting material, but it does not assess or verify the substance of the claims. It checks more limited points such as eligibility, whether questions are answered and whether supporting links are accessible.
This is why the reporting framework is best treated as a transparency and governance mechanism, not as a certification regime. The OECD's own FAQ says HAIP Brand listing is not an endorsement of an organisation's practices and is not a certification of conformity with the code. There is, however, a mild accountability mechanism: organisations can be delisted if they fail to keep reports current, fail to respond to follow-up requests, are found to have submitted inaccurate information, or act in a way that is not in line with what they reported.
How it relates to law, standards and cross-border governance
The Hiroshima AI Process sits alongside, not above, domestic law. Its own texts say different jurisdictions may implement the principles and actions in different ways, while governments develop more enduring and detailed governance and regulatory approaches. So the Process is not a substitute for product safety law, data protection law, consumer law, intellectual property law, sector regulation or procurement rules.
It also builds on the OECD AI Principles rather than replacing them. The guiding principles and the code explicitly say they build on the OECD AI Principles, but they are narrower and more operational for advanced AI systems. In practice, that makes the Hiroshima track useful as a bridge between broad intergovernmental principles and the concrete governance evidence that buyers, boards and policymakers increasingly expect.
There is one terminology wrinkle worth noting. Some later official pages describe the principles as being "for all AI actors". The original October 2023 attached text is titled for organisations developing advanced AI systems, while also saying the principles should apply to all AI actors when and as applicable. The safest reading is that the Process started with a focus on advanced AI developers, but was drafted to influence the wider AI ecosystem where relevant.
Examples
In 2024, the OECD ran a pilot reporting exercise to test how this kind of voluntary monitoring could work in practice. The pilot ran from 19 July to 6 September 2024 and involved 20 organisations across 10 countries. Their responses were kept confidential during the pilot so that participants could give candid feedback. That feedback then informed the public operational version.
Once the operational framework went live, the Process moved from broad guidance to public disclosure. The OECD now says the first reporting round resulted in 25 public reports, and those reports are published on OECD.AI for outside review. That is a concrete example of how a soft-law process can still create public governance evidence.
A current 2026 workflow is now visible as well. An organisation that wants to participate must complete the framework, answer all questions, attest that its submission is accurate, and accept full publication of the report. The OECD may ask for additional non-public material, but it does not validate the substance of the response. That means the value of the exercise depends on the organisation's underlying governance discipline and evidence base, not on a third-party audit badge.
Common misunderstandings
It is not a global AI law. The Hiroshima AI Process is voluntary soft law, backed by G7 political commitments and OECD transparency infrastructure, not by direct legal sanctions.
It is not the same thing as the OECD AI Principles. It builds on them, but is more specifically focused on advanced AI governance and, through the reporting layer, on public disclosure of organisational practice.
It is not only for governments. Governments launched it, but the code is addressed to organisations developing advanced AI systems, and the current reporting framework also accepts participation from deployers and providers across the advanced AI value chain.
It is not a certification scheme. The OECD explicitly says HAIP Brand listing is neither an endorsement nor a certification of conformity with the code.
It is not a complete compliance programme by itself. It can help structure governance and transparency, but it does not replace domestic legal analysis, sector controls or formal assurance work.
Risks and boundaries
The biggest boundary is legal force. The Hiroshima AI Process can shape expectations, but it does not itself create treaty obligations or directly enforceable statutory duties on private organisations. Its practical effect therefore varies with market pressure, public visibility, procurement practice and how far national authorities choose to reference it.
A second boundary is evidential strength. Public reports under the OECD framework can be valuable, but the Secretariat does not verify the substance of submissions. A report is therefore evidence of what an organisation says about its governance, not independent proof that controls are effective in practice.
A third boundary is scope. The code was written for advanced AI systems, particularly the most advanced foundation models and generative AI. It should not be treated as a one-size-fits-all rulebook for every low-risk automation feature or ordinary software tool.
There is also some live uncertainty because this is a fast-dating process. The documents are expressly living texts, the reporting framework is now in Version 2.0, and the next OECD analytical review will use submissions received by 1 September 2026. If you rely on the Process in policy, sales or governance work, check the official OECD and G7 materials at the point you act.
Finally, the Process is often misapplied when teams use it as a proxy for complete legal compliance. That is the wrong use. It is best seen as a cross-border governance baseline and transparency tool that must be read together with domestic law and sector-specific supervision.
What to do next
Start by deciding whether your organisation really sits in the Hiroshima Process zone. If you develop, fine-tune, provide or deploy advanced AI systems, the Process is likely relevant. If you only buy ordinary AI-enabled software, it may be useful background but not your primary governance framework.
Next, map your existing controls to the Hiroshima themes: risk identification, testing, incident handling, transparency, governance, security, provenance and data handling. The aim is not to create a second parallel programme. It is to see whether your current controls can already be explained against this cross-border baseline.
Then identify your evidence owners. A credible HAIP position usually requires legal, security, safety, policy, product and communications teams to align on what can be said publicly, what must stay confidential and what internal records support each public claim.
After that, decide whether public reporting serves a real purpose for your organisation. For some teams, HAIP reporting will be a useful trust and interoperability signal. For others, an internal gap analysis against the code may be the better first step. In either case, keep domestic legal compliance separate and explicit.
Finally, monitor the live timetable. As of 4 June 2026, Version 2.0 accepts rolling submissions and the next OECD review will draw on reports received by 1 September 2026. If you plan to participate, that date is operationally relevant.
FAQs
Is the G7 Hiroshima AI Process legally binding?
No. It is a voluntary G7 governance process. Its code and guiding principles are soft-law instruments, not treaty text or domestic legislation.
Who is the main audience for it?
The core code was written for organisations developing advanced AI systems, especially advanced foundation models and generative AI. The current OECD reporting framework also accepts participation from deployers and providers across the advanced AI value chain.
What are the central documents?
The central documents are the Hiroshima Process International Guiding Principles, the Hiroshima Process International Code of Conduct, and the OECD-hosted reporting framework that operationalises public disclosure against the code.
Does participation mean an organisation has been certified by the OECD?
No. The OECD says HAIP Brand listing is not an endorsement and not a certification of conformity with the code.
Does the OECD verify whether a submission is true?
Only in a limited procedural sense. The Secretariat checks eligibility, completeness and accessible supporting links, and it may ask for additional non-public material, but it does not validate the substance of the organisation's claims.
How does it relate to domestic AI law?
It sits alongside domestic law, not instead of it. Teams should use it as a governance and transparency baseline while separately checking binding requirements in each relevant jurisdiction.
Is the Process still active in 2026?
Yes. As of 4 June 2026, the OECD says Version 2.0 of the reporting framework is active, submissions are accepted on a rolling basis, and reports received by 1 September 2026 will feed the next review.