JAPAN Law and Practice Contributed by: Hiromi Hayashi, Daisuke Tsuta, Masaki Yukawa and Keiichi Bando, Mori Hamada & Matsumoto
parts of the plan may be omitted if the provider is registered with the ISMAP steering committee. Financial service operators Financial service operators – such as banks, insurance companies and financial instrument business operators – are required by the super - visory guidelines issued by the FSA to take out - sourcing management measures. Since the use of cloud services provided by a third-party ser - vice provider is a form of outsourcing, financial service operators must implement outsourcing management measures such as conducting a due diligence check of the service provider, entering into a service agreement that satis - fies the supervisory guidelines, and auditing the service provider. More specifically to cloud, the financial service sector often refers to the guide to cloud implementation and operation of financial institutions published by the Centre for Financial Industry Information Systems (FISC). Healthcare information The healthcare industry (eg, hospitals, clinics, dentists and pharmacies) is subject to the Secu - rity Guidelines for Medical Information issued by the Ministry of Health, Labour and Welfare. Providers of cloud services to the healthcare industry are subject to the Security Guidelines for Information Service Providers for Medical Information issued by METI and MIC. These guidelines include both mandatory requirements as well as government-recommended actions. 3. Artificial Intelligence 3.1 Liability, Data Protection, IP and Fundamental Rights Interim Report Regarding AI Legislation The AI Institutional Study Group, established by the Cabinet Office, released a “Draft Interim
Report” on 26 December 2024. This report sum - marises the results of hearings involving those in AI-related businesses and discussions on the ideal framework for AI systems. In particular, this report proposes that, while excessive gov - ernment regulations could hamper innovation, it would be appropriate to prepare a legal sys - tem that allows the government to request that domestic and foreign businesses co-operate and provide information to ensure the effective - ness of governmental actions such as investi - gating the cause and providing guidance and advice, for example, when a serious problem occurs. The government plans to submit a bill on AI to the Diet in 2025. Product Liability and General Tort Liability Under the Product Liability Act (PL Act), a pro - ducer of manufactured or processed movable goods is liable for damages to human life or body, or property, caused by a defect in the goods, whether or not the producer is negligent. Since big data, machine learning and artificial intelligence (AI) are not movable goods, produc - ers of big data, machine learning or AI them - selves will not be subject to the PL Act. Rather, it is the producers of movable goods into which big data, machine learning or AI is installed which will be liable for the damages caused by a defect in those movable goods, including a defect in the installed big data, machine learn - ing or AI. However, producers of big data, machine learn - ing or AI may be subject to general tort liability under the Civil Code. General tort liability is not a strict liability, unlike liability under the PL Act, and the plaintiff must prove intentional act or
173 CHAMBERS.COM
Powered by FlippingBook