Proceso de Hiroshima del G7 sobre IA
Resumen ejecutivo
Why the Hiroshima Process exists
The Hiroshima Process is the first international framework designed specifically for the developers of frontier AI. That distinction is what makes it operationally important. The OECD Principles, the UNESCO Recommendation, and the Council of Europe Convention all address AI actors in general — anyone who develops, deploys, or uses AI systems. The Hiroshima Process narrows the addressee to the small group of organizations actually building the most advanced AI systems, and asks specific operational commitments of them.
The dominant narrative reads the Hiroshima Process as the G7’s response to ChatGPT — a high-level political document produced quickly under Japanese presidency to demonstrate international coordination on generative AI. The reading is true and incomplete. The Hiroshima Process is also an attempt to solve a problem the broader instruments cannot: how do you create accountability for the small group of organizations whose decisions about training, evaluation, and deployment of frontier models will shape the AI risk surface for everyone else.
What the Hiroshima Process actually does, then, is not regulate AI at the population level. It establishes a norm-setting and reporting regime aimed at the frontier. The Eleven Guiding Principles articulate what frontier developers should do across the lifecycle. The Code of Conduct gives operational shape to those commitments. The Reporting Framework, operational since February 2025 and operated by the OECD on behalf of the G7, allows organizations to submit structured reports describing how they implement each commitment. The submitted reports become public, comparable, and available for scrutiny by governments, civil society, researchers, and the broader AI community.
This design choice matters in three structural ways. First, it creates a public reputational mechanism for frontier developers that no other instrument provides. Submitting a report and disclosing implementation details is voluntary, but non-submission becomes itself a signal to governments and counterparties. Second, it aligns frontier governance with the OECD ecosystem rather than building parallel infrastructure. The OECD already runs the AI Policy Observatory, the AI Incidents Monitor, and the broader OECD.AI ecosystem; placing the Hiroshima reporting under OECD operationalizes the connection between principles and practice. Third, it operates at G7 scale rather than at universal scale. The G7 represents the substantial majority of frontier AI capability — the foundation model labs in the United States, the United Kingdom, Canada, Japan, the European Union — which is the population the Process needs to reach for the framework to be operationally meaningful.
The Hiroshima Process is voluntary. It has no enforcement teeth, no inspection power, no verification mechanism. Critics, including the AI Certs commentary referenced in our sources, note that the OECD cannot verify the claims that organizations submit. This is correct and is the structural compromise that allowed major frontier developers to engage with the framework. The alternative — a binding international regime for frontier AI — does not currently exist anywhere in the world. The Hiroshima Process is the most operationalized international regime that does.
—
Subjective and material scope
Who it addresses. The Hiroshima Process addresses organizations developing advanced AI systems. The framework is conceptually narrower than the OECD Principles or UNESCO Recommendation in two ways. First, it focuses on developers rather than deployers or users. Second, it focuses on advanced AI systems — frontier models, foundation models, the most capable systems — rather than AI systems in general.
The practical addressees include foundation model providers (OpenAI, Anthropic, Google DeepMind, Meta, Microsoft, Mistral, Cohere, AI21, others), large industrial laboratories developing frontier capabilities, and entities producing AI systems with capability comparable to current frontier models. The boundary is intentionally fuzzy because frontier capability evolves; what counted as advanced in 2023 will be commodity by 2027.
Governments, civil society organizations, and academic institutions are addressed indirectly as the audience for the reports submitted by organizations.
What it covers. The Eleven Guiding Principles cover the AI lifecycle from design through deployment to monitoring and decommissioning, with specific attention to risk management, vulnerability handling, transparency, governance, content authentication, security, and contribution to international AI standards.
The Code of Conduct elaborates the same eleven principles into more concrete operational commitments. The Reporting Framework structures how organizations describe their implementation of each commitment.
Notably, the framework explicitly aligns with international business and human rights standards — the UN Guiding Principles on Business and Human Rights (UNGPs) and the OECD Guidelines for Multinational Enterprises (revised June 2023). This alignment positions the Hiroshima Process within the broader corporate accountability infrastructure for technology, not as a standalone AI document.
—
The Eleven Guiding Principles
The Principles are the substantive backbone. They apply to all actors in the lifecycle of advanced AI systems — design, development, deployment, provision, and use. The eleven principles are:
- Take appropriate measures to identify, evaluate, and mitigate risks prior to and throughout deployment, including red-teaming and adversarial evaluation of frontier capabilities.
- Identify and mitigate vulnerabilities, incidents, and patterns of misuse after deployment, including post-deployment monitoring and incident response procedures.
- Publicly report capabilities, limitations, and domains of appropriate and inappropriate use for transparency and accountability. This is the Hiroshima equivalent of model cards and system cards.
- Work towards responsible information sharing and reporting of incidents across organizations, including through industry forums and structured information-sharing arrangements.
- Develop, implement, and disclose AI governance and risk management policies, including privacy policies and risk mitigation measures, with reference to the lifecycle of the system.
- Invest in and implement robust security controls including physical security, cybersecurity, and insider threat safeguards across the AI system lifecycle.
- Develop and deploy reliable content authentication and provenance mechanisms including watermarks for AI-generated content where technically feasible.
- Prioritize research to mitigate societal, safety, and security risks and prioritize investment in effective mitigation measures.
- Prioritize the development of advanced AI systems to address the world’s greatest challenges, including climate change, global health, and education, and support digital literacy.
- Advance the development of and adoption of international technical standards, including by participating in standards-development organizations.
- Implement appropriate data input measures and protections for personal data and intellectual property, including transparency about the data used for training and respect for applicable IP and privacy law.
The Code of Conduct provides more detailed operational commitments corresponding to each principle. Organizations submitting reports describe implementation against each commitment.
—
The Reporting Framework — what makes Hiroshima operational
The Reporting Framework is the operational distinguishing feature of the Hiroshima Process. The framework was developed by the OECD at the G7’s request, in line with the Trento Declaration adopted under Italian G7 Presidency in 2024, and launched on 7 February 2025.
The framework operates through structured submission. Organizations developing advanced AI systems voluntarily submit reports describing how they implement each of the eleven Code of Conduct commitments. The reports follow a common template, which means they can be compared across organizations on the same dimensions. The OECD hosts the submitted reports on its public infrastructure, making them available to governments, researchers, civil society, and the broader AI community.
The template addresses each principle with specific questions: what risk identification methodology does the organization use; how does it red-team frontier capabilities; what incident reporting arrangements are in place; what content authentication mechanisms are deployed; what data governance applies to training data; what security controls protect frontier model weights and training infrastructure; what governance structures own AI risk decisions; what investment is committed to societal benefit.
From the OECD’s perspective, the framework is monitoring infrastructure rather than enforcement infrastructure. The OECD does not verify the claims submitted; it hosts and aggregates them. The intended effect operates through transparency and comparability. An organization whose submitted report is conspicuously thin on red-teaming or vulnerability handling reveals something about its risk management posture. An organization whose report is detailed and credible signals capability and discipline. Over time, the comparison effects shape practice.
For frontier developers, participation is now part of the operational expectation set by major customers, governments, and procurement processes. Organizations that engage with the framework and submit credible reports gain reputational positioning that those who do not engage cannot match.
—
Governance and lifecycle
The Hiroshima Process is governed through the G7 itself, supplemented by the OECD’s operational infrastructure. The annual G7 presidency rotates among the seven members; substantive AI work has accumulated under successive presidencies:
- Japan (2023) — initiated the process, adopted the Comprehensive Policy Framework, released the Eleven Principles and Code of Conduct.
- Italy (2024) — operationalized the Reporting Framework, adopted the Trento Declaration, and tasked the OECD with hosting the monitoring infrastructure.
- Canada (2025) — supported expansion of the framework, integration with the broader G7 AI work programme, and engagement with non-G7 frontier AI organizations.
- France (2026) — current presidency. Continues the AI work programme, with attention to integration with binding regimes (EU AI Act, Council of Europe Convention) and to the evolution of frontier AI capability and risk.
The OECD provides the operational infrastructure — hosting the Reporting Framework, integrating Hiroshima outputs with the broader OECD.AI ecosystem (Policy Observatory, AI Incidents Monitor, Indicator work), and providing the analytical capacity that supports successive G7 presidencies. The Global Partnership on AI (GPAI), which integrated under the OECD brand, provides additional technical capacity.
The framework is iterative by design. The principles and Code of Conduct were not intended to be static; the Reporting Framework explicitly anticipates revision as advanced AI capability and risk evolve. Frontier developers are expected to update their reports as their systems and practices change.
—
Intersections with other instruments
The Hiroshima Process operates at the intersection of several other regimes. Five intersections shape its operational role.
OECD AI Principles. Direct lineage. The Hiroshima Process is structurally the operational extension of the OECD framework for the frontier AI subset. The OECD’s report «Towards a G7 Common Understanding on Generative AI» provided the analytical foundation for the Eleven Principles. The OECD operates the Reporting Framework. The institutional integration is explicit.
UN Guiding Principles on Business and Human Rights (UNGPs) and OECD Guidelines for Multinational Enterprises. The Hiroshima Code of Conduct explicitly aligns with both. This positions frontier AI development within the broader corporate human rights due diligence regime — one of the most operationally significant choices in the framework. Organizations submitting Hiroshima reports are expected to be conducting human rights due diligence on AI risk in line with the UNGPs and the OECD Guidelines (revised June 2023).
EU AI Act. Compatible. The General-Purpose AI obligations in the AI Act overlap substantially with Hiroshima Code of Conduct commitments — risk management, transparency, content authentication, post-deployment monitoring. EU-based frontier developers can use Hiroshima reporting as evidence of substantive compliance with relevant AI Act obligations and vice versa. The frameworks are not redundant — the AI Act is binding and the Hiroshima Process is voluntary — but they reinforce each other.
Council of Europe Framework Convention on AI. Conceptually compatible. Both reflect rights-based concerns; both target AI lifecycle obligations. The Hiroshima Process is operational and frontier-focused; the Convention is binding and broader. They occupy different layers of the same architecture.
National frameworks for frontier AI safety. The UK AI Safety Institute (now AISI), the US AI Safety Institute, the Japan AISI, and the broader AI Safety Institute international network that emerged from the Bletchley and Seoul Safety Summits and continues through subsequent meetings provide the technical capacity for frontier safety evaluation that supports Hiroshima implementation. The Hiroshima Reporting Framework and the AISI evaluation work are complementary — Hiroshima produces public reports about practice; AISIs produce technical evaluations of capability.
—
## ⚖️ How Zertia operates within the G7 Hiroshima Process
Built around the G7 Hiroshima Code of Conduct
Accreditations and memberships: 🎖️ ANAB-accredited (US) · 🎖️ UKAS process (UK) · 🎖️ ENAC process (EU) · 🏛️ IAPP member · 🏛️ INCITS member · 🏛️ UKAI member · 📜 EU AI Pact signatory
Zertia is an ANAB-accredited AI management system certification body. The Hiroshima Process does not produce direct certification engagements — it is a voluntary reporting framework addressed to frontier developers — but it shapes how we approach engagements with AI-native vendors and frontier-adjacent clients.
Certification — ISO/IEC 42001, AIUC-1, ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 22301. For frontier AI vendors and AI-native organizations submitting Hiroshima reports, AIUC-1 certification provides the agent-level technical evidence that supports Hiroshima Code of Conduct commitments on red-teaming, vulnerability handling, and content authentication. ISO/IEC 42001 provides the management system structure aligning with Code of Conduct commitments on AI governance and risk management policies. The two together produce assurance artifacts that organizations can reference in their public Hiroshima submissions.
Regulatory frameworks — EU AI Act Conformity Assessment, NIST AI RMF Attestation, ISO/IEC 23894 Risk Assessment, Algorithmic Impact Assessment, Pre-Certification Assessment. Algorithmic Impact Assessments and risk evaluations align with Hiroshima commitments on risk identification, evaluation, and mitigation across the lifecycle. For organizations operating across G7 jurisdictions, our regulatory frameworks team integrates Hiroshima vocabulary into compliance documentation alongside binding-regime evidence.
Audit — AI Management System audits, High-Risk AI System audits, AI Model audits, EU AI Act audits, NIST AI risk audits. Independent audits structured to produce the evidentiary record that supports both binding compliance regimes and voluntary Hiroshima reporting.
Training — AI Governance, Data Governance, Privacy Governance through Zertia Academy. Programmes treat the Hiroshima framework explicitly for frontier AI clients and AI-native vendors, including the alignment with UNGPs and OECD Guidelines for Multinational Enterprises that distinguishes Hiroshima from other AI governance instruments.
Zertia operates from Boston, Madrid, and London, with ANAB accreditation in the United States and active accreditation processes with UKAS (United Kingdom) and ENAC (Spain/EU). Member of IAPP, INCITS, and UKAI. Signatory to the EU AI Pact.
🎯 Take action
🔍 Diagnose your alignment 📊 Operationalise the Code Pre-Certification Assessment → ISO/IEC 42001 Certification → Independent diagnosis of frontier AI development and deployment practices against the 11 actions of the Hiroshima Code of Conduct. The accredited management system standard that operationalises Code commitments into auditable governance across G7-aligned markets. Discuss Hiroshima-aligned reporting and assurance positioning →
—
Regulación que entiendes es regulación que puedes convertir en ventaja competitiva.
¿No estás seguro de si este marco aplica a tu organización? Hablemos.
