As AI becomes increasingly intertwined with economic security, questions of governance have moved to the forefront of policy debates. This three-part series explores why AI governance matters, how competing international frameworks are shaping the global landscape, and how Japan is navigating the policy choices that follow.
Key Points
- AI’s dual-use nature makes it an economic security issue. The same capabilities that drive productivity and innovation can also enable cyberattacks, information manipulation, and geopolitical competition.
- Effective AI governance extends beyond regulating AI capabilities to securing the infrastructure that powers them. Governments increasingly treat chips, data centers, and cloud networks as strategic assets, making control over AI infrastructure a central economic-security concern.
- Governments are pursuing sharply different approaches to AI governance, from binding regulation to voluntary cooperation. These differences create fragmentation and coordination challenges for a technology whose development and impact transcend national borders.
In September 2025, the artificial-intelligence (AI) company Anthropic detected and disrupted what it described as the first documented large-scale cyber espionage campaign largely executed by AI. A Chinese state-sponsored group had manipulated Claude Code into targeting roughly 30 organizations across the technology, finance, chemical manufacturing, and government sectors, with the AI carrying out an estimated 80–90% of tactical operations. Around the same time, Japanese firms from SoftBank to Hitachi were quietly restricting the use of external AI, concerned that employees handling confidential business information might feed it into external AI with uncertain data retention and access controls. One story concerns state-sponsored cyber operations. The other concerns corporate risk management. Yet they are fundamentally the same story. Together, they illustrate why AI governance has moved from a niche regulatory issue to a central concern of economic security policy.
From Productivity Tool to Strategic Asset
The same AI capabilities developed for civilian productivity—logistics optimization, drug discovery, code generation, translation—are the capabilities that power offensive cyber operations, autonomous targeting systems, and large-scale disinformation. This is not a design flaw; it is a recurring feature of powerful general-purpose technologies. The same dynamic has long been evident in fields such as nuclear science, semiconductors, and biotechnology, where innovations developed for civilian purposes can also serve military or security objectives. What distinguishes AI is the speed and ease with which capabilities can be repurposed. Once a capable model exists, it can often be adapted to new uses at relatively low cost, allowing both beneficial and harmful applications to scale rapidly. A language model trained to generate legal text can be redirected to craft phishing emails. A model trained to analyze satellite imagery for agricultural planning can assess it for military targeting. This is a structural feature that governance must manage. It raises the central question this series examines: what kind of governance, built by whom, and enforced to what degree?
Three Risks Businesses and Governments Cannot Ignore
Three categories of risk have moved from theoretical concern to operational reality. They are not entirely separate. Rather, they interact and reinforce one another, creating challenges that cannot be addressed in isolation.
The first is data leakage and questions of legal control over data. When a company’s employees use an external AI, where does that data go? Who stores it, under whose legal jurisdiction does it fall? Can it be used to improve the underlying model? The risks became concrete in 2023 when Samsung engineers reportedly entered proprietary source code and confidential meeting transcripts into ChatGPT within days of the company allowing its use—data that, once entered, could not be retrieved. Samsung consequently banned ChatGPT and other AI-powered chatbots for its employees. In Japan, the pattern has been similar: SoftBank and Hitachi moved to restrict external AI for internal operations involving confidential information, and Japan’s Personal Information Protection Commission issued a formal warning to OpenAI not to collect sensitive data without explicit user permission. Italy temporarily banned ChatGPT in 2023 over data protection and transparency concerns. The U.S. Department of Defense and several federal agencies have issued guidance or internal rules limiting the use of AI for sensitive work. Despite differing national responses, the underlying concern is the same: information entered into a foreign-operated AI may be retained, accessed by third parties, or used in ways the original user cannot observe or contest.
The second risk is related: algorithmic bias and information control. AI models reflect the values, incentives, legal constraints, and political environments of those who develop and deploy them. This has observable consequences. Studies comparing Chinese-origin and other AI models have found that Chinese models exhibit substantially higher refusal rates and more inaccurate responses on sensitive topics such as Taiwan’s political status, Xinjiang, and contested historical events. A separate study found that AI models from different regions responded differently to controversial topics—including immigration, social welfare, and political parties—with answers varying by language, training data, and regional development context. The stakes go beyond any individual query. As AI is woven into the tools people use daily for reading news, conducting research, or making business decisions, these built-in variations in what AI models will and will not say subtly shape the information on which governments, companies, and individuals act.
The third risk is AI-enabled offensive capabilities. The Anthropic case illustrates an important shift: AI is no longer merely assisting human attackers but can now carry out complex tasks with limited human intervention. The 2025 Microsoft Digital Defense Report documents how nation-state actors from Russia, China, Iran, and North Korea have incorporated AI into cyberattacks, using it to gather information about targets, trick people into clicking malicious links, and plan complex operations. The same report notes that AI-generated phishing emails achieved click-through rates 4.5 times higher than conventional phishing attempts (54% versus 12%). The information domain has been reshaped as well. Two days before Slovakia’s 2023 parliamentary election, an AI-generated audio recording spread online, pretending to capture a leading politician discussing how to rig the election. The recording circulated during the legally mandated pre-election blackout period, when candidates are not allowed to campaign or publicly respond to new claims. This timing meant voters could see the fake recording, while the targeted politician had little opportunity to rebut it before the election.
These three risks tend to reinforce one another. Data leakage can indirectly improve or fine-tune AI models that shape information environments. Those information-shaping capabilities can in turn enable cognitive warfare operations. And AI capable of autonomous action can execute all of the above at machine speed. Because these risks are interconnected rather than separate problems with separate solutions, addressing any one of them in isolation is insufficient. That interconnection is what makes governance so difficult to get right.
Addressing these risks requires more than rules governing how AI is used. It also depends on who controls the physical and digital infrastructure on which AI relies. As concerns about AI’s economic and security implications have grown, policymakers have shifted their focus from AI models themselves to the infrastructure that enables them. The AI risks discussed above are therefore not purely digital phenomena. They depend on physical infrastructure: the chips that power AI, the data centers that process and store information, and the cloud networks that connect them.
AI Infrastructure as Economic Security
Governments now treat AI infrastructure as a strategic asset, one capable of enabling or constraining AI development and therefore directly relevant to economic security.
Semiconductor supply chains are where this shift has played out most concretely. The United States has imposed export controls on advanced chips and chip-making equipment to China, aiming to slow China’s progress in AI and supercomputing that could fuel military modernization and undermine U.S. strategic technology leadership. Japan has similarly restricted exports of certain semiconductor manufacturing equipment, while making major domestic investments to strengthen its own chip industry. To that end, the government has committed over one trillion yen in subsidies to attract Taiwan Semiconductor Manufacturing Company, or TSMC, the world’s pre-eminent chipmaker, to build fabrication plants in Kumamoto Prefecture. The planned second Kumamoto facility, expected to support advanced semiconductor production relevant to AI, robotics, and autonomous vehicles, has been described by Japanese Prime Minister Takaichi Sanae as important to Japan’s economic security.
Data centers are another layer of AI infrastructure that states have moved to treat strategically. Beyond who manufactures the chips, there is the question of where AI actually runs and under whose legal authority. China has pursued this through the “Eastern Data, Western Computing” initiative, a state-led effort to distribute data-center capacity across the country, shift computing workloads from the coast to energy-rich western regions, and build a nationally coordinated computing network to support AI development. The underlying logic is strategic control: domestically managed infrastructure keeps AI operations and the data they generate under state authority.
Japan is grappling with the same question from a different angle. When government agencies or companies operating critical services rely on AI hosted on servers abroad, they fall under foreign legal jurisdiction—meaning another government may have legal grounds to access that data. The LDP AI White Paper 2.0 (April 2026) responds to this directly, arguing that electricity, computing power, and data should be treated as essential national infrastructure in the age of AI and calling for greater domestic investment in data centers and computing capacity. This reflects a broader trajectory in Japanese policy: just as semiconductors and certain cloud services have come to be seen as matters of economic security requiring government oversight under Japan’s Economic Security Promotion Act, the infrastructure that powers AI is now being viewed through the same lens. These developments raise a broader question: how should governments govern AI and the infrastructure that supports it?
What Is AI Governance—and Why It Is Hard
AI governance refers to the rules, institutions, and norms that shape who controls AI development and deployment, how that control is exercised, and to what extent. It is not a binary choice between regulating and not regulating. It exists on a spectrum, ranging from voluntary principles and soft-law codes of conduct, through mandatory transparency requirements and third-party audits, to licensing regimes and outright prohibitions on specific applications. Where a government positions itself on that spectrum has real consequences for innovation, security, and international competitiveness.
Different actors are making different choices, and those choices reflect not just different risk assessments but different political systems and economic priorities. The EU AI Act adopts a risk-based framework, with the strictest obligations reserved for high-risk applications. The United States has relied primarily on voluntary standards, guidance, and executive action, rather than a single overarching federal AI law. Its closest approximation to a shared national baseline is the National Institute of Standards and Technology’s AI Risk Management Framework, a voluntary set of guidelines for identifying and managing AI-related risks. China has taken a more interventionist approach, requiring certain generative AI with public-opinion or social-mobilization functions to undergo security assessment and algorithm filing with the authorities. Japan’s 2025 AI Promotion Act takes an innovation-first stance, favoring cooperation, guidance, and voluntary compliance over hard legal requirements. These differences are not simply questions of regulatory design. They reflect fundamentally different answers to what AI governance is for, and for whom. Underlying all of them, however, is a tension no government has fully resolved: the same openness that drives innovation creates vulnerability, and the same restrictions that reduce risk can damage competitiveness.
These trade-offs do not stop at national borders. Because AI, data, and supply chains span multiple jurisdictions, differences in how countries govern AI create gaps, inconsistencies, and coordination problems that no single government can resolve alone. Japan’s position in this international landscape is shaped by a particular combination of factors: deep integration into global technology supply chains, strengths in semiconductor materials and manufacturing equipment, close technology ties with the United States, and a location in a region where the military and strategic implications of AI are acutely felt. That combination gives Japan both a strong stake in how AI governance develops internationally and real constraints on how far it can act unilaterally. The LDP AI White Paper 2.0 reflects Japan’s attempt to navigate that tension, framing Japan’s goal as “open, networked AI sovereignty”—strategic autonomy built not through self-sufficiency, but through domestic capability, international cooperation, and the flexibility to diversify partners and providers. Whether Japan’s current governance architecture can deliver on that ambition remains to be seen.
What Comes Next
AI governance is being shaped in many places at once: in national legislatures and regulatory agencies, in multilateral forums, in technical standards bodies, and in bilateral negotiations between states. No single country or institution controls that process, and how the rules emerging from these overlapping arenas fit together—or fail to—will significantly influence who can develop AI, on what terms, and with what safeguards.
Japan has a significant stake in that outcome—and some capacity to shape it. Its AI Promotion Act and its track record in international AI norm-setting—most notably through the Hiroshima AI Process—give Japan a degree of credibility in multilateral discussions. Whether that credibility translates into meaningful influence over the rules that matter most is a harder question. The next installment examines where global AI governance is actually being negotiated, which actors and institutions are shaping the agenda, and what is at stake for Japan in a fragmented international landscape.
(c) Alamy /amanaimages
