Generative AI-Driven Business Revolution: Four Keys to Success for Producing Outstanding Results Part 2: Addressing AI Governance Demanded by Updated Laws and Regulations

Insight
Jun 25, 2025
  • Technology Transformation
  • Cloud
  • AI
1131544547

Generative AI is being increasingly used at many companies for business purposes. The implementation of Retrieved-Augmented-Generation (RAG), which generates responses from internal documents fed into a large language model (LLM), has become the norm. Meanwhile, since 2025, companies have begun to consider the deployment of AI agents, with OpenAI’s release of deep research making waves. Despite the latest AI technologies now being user-friendly, they also come with risks. For example, there have been incidents where confidential company documents have been uploaded to a generative AI tool, or where chatbots built with generative AI have recommended illegal actions.
With the use of AI becoming more concrete, discussions about AI regulations are ripe all over the world. The EU, which outlined AI regulations ahead of the rest of the world, enacted the European Artificial Intelligence Act (AI Act) on August 1, 2024. Even companies that are not located within the EU, if they provide AI systems within the EU then they must abide by this act. If a company violates the AI Act, it is subject to a substantial financial penalty capped at the higher of either up to 35 million euros or 7% of the said company's worldwide annual sales.
The G7 plans to introduce a framework for generative AI development companies to report AI risks and so on from February 2025. Reports are required on seven items including risk management of AI vulnerabilities, security measures, safety improvements, risk mitigation research, and details of investments. The contents of reports and the names of the respondent companies are published on the OECD website.
Elsewhere, the AI Basic Act was enacted in Korea in December 2024.
In Japan, the Ministry of Economy, Trade and Industry (METI) and the Ministry of Internal Affairs and Communications (MIC) published the “AI Guidelines for Business” in April 2024. This has continued to be updated with the publishing of Ver1.0. in March 2025. As of March 2025, based on the findings of the Cabinet Office’s AI Strategy Council and AI Institutional Research Group, considerations are being given to enacting the “Bill on the Promotion of Research, Development and Utilization of Artificial Intelligence-Related Technologies.” After a Cabinet meeting decision is made, it is to be submitted to an ordinary session of the Diet. Considerations are being given to incorporating initiatives such as setting up a central coordinating body within the government, formalizing the duties of companies to cooperate with and provide information in surveys, and publishing the names of offending business operators.
The widespread adoption of generative AI has increased the watchful eyes of not only regulatory bodies but also the general public. In October 2024, a number of Japanese voice actors launched a campaign called “No More Unauthorized Generative AI.” It sort to highlight the issue of generative AI being trained on the voices of voice actors without their consent to produce AI-generated content.
As such, there is high interest from authorities in each country and their societies in the appropriate use of AI. Because not only AI development companies but also companies that use AI are being pressured into addressing apparent risks, achieving AI governance has become a pressing issue.

  • 三須 啓太

    Keita Misu

    Manager
  • 中村 剛

    Ko Nakamura

    Senior Consultant

Contents

Risks of using generative AI

Generative AI contains new social risks that were not present in conventional AI technologies, such as violating intellectual property and generating and sharing false or incorrect information. The challenges that should be addressed differ for each stakeholder. Here we will look at challenges from four perspectives: the perspective of leadership, business departments, digital/IT departments, and legal departments.

  1. Leadership
    Companies must consider the consistency of AI governance with corporate and governance strategies, as well as build a framework and communicate to understand the impact that using generative AI has on society and to ensure that data leakage and incorrect decision-making do not occur. Ascertaining the domestic and overseas trends of AI governance and the ethical validity of using generative AI, as well as formulating a company AI policy could be challenging. Companies must stipulate the leadership and departments in charge of AI governance, including for group companies, and establish a framework that can take action together with group companies in the event of an emergency.

  2. Business departments
    Support to help employees use generative AI correctly and improve the efficiency of business operations, as well as formulating AI usage rules, development guidelines, and checklists as mechanisms to ensure the correct verification of generative AI outputs are challenges. Employee training on topics such as understanding hallucinations* and copyright infringements, as well as ensuring employees master skills to use ever-updating new generative AI models are also challenges.
    *A response generated by AI that presents false or misleading information as fact.

  3. Digital/IT departments
    Ensuring the effectiveness of AI governance measures from the perspectives of security and safety (safety, ethics, accountability) is a challenge. We recommend gaining a comprehensive understanding by conducting centralized management to ensure that AI is being used as intended in the field and organizing an internal registry of AI models and services. Measures against prompt injections* and the like are also needed. Decisions on whether or not deployment is possible based on the characteristics of ever-updating new generative AI tools, and giving clear explanations to departments when deploying it are possible challenges.
    *A type of malicious attack on machine learning models and, in particular, LLMs.

  4. Legal departments
    It is important to reduce legal risks by properly managing whether generative AI usage complies with the various laws and regulations (Data Protection Act, Copyright Act, Act on the Protection of Personal Information, etc.) and managing any agreements (licensing agreements, data sharing agreements, etc.) that arise out of deploying generative AI. Possible challenges are making hands-on users of AI aware of the risks and building and popularizing a framework to check the risks.

AI governance required by companies

Formulating AI policies and rules for using AI effectively while controlling generative AI risks appropriately, and establishing an organizational structure to achieve this will be essential. The “AI Guidelines for Business” published by the METI and the MIC also recommends agile governance that is updated in continuous cycles to adapt to changes in society, rather than AI governance with fixed rules and procedures.
To achieve agile AI governance, ABeam Consulting helps to define the three phases of assessment, strategy formulation, and implementation, and provides support to enhance AI governance frameworks under the four perspectives of the organization, personnel, systems, and business operations in the implementation phase.

Figure 1: Service map for building AI governance

  1. Assessment phase
    We carry out an assessment, including of the implementation state, to accurately understand the current state of AI governance in an organization. If generative AI is already deployed within an organization, we identify what kind of use cases it is used for and what issues and risks are known.
    As the level of AI governance required by companies changes according to factors such as the AI systems used by your company, the data and contract types used, and the system users, it is vital to get an accurate picture of the actual state of affairs.

  2. Strategy formulation phase
    Based on the current state of affairs ascertained in the assessment phase, we conduct surveys (research trends, laws and regulations, case studies of other companies) needed to formulate an AI governance strategy, and formulate an AI code of ethics, conduct an ethical risk analysis, and draw up an AI governance strategy (roadmap, return on investment). With regard to generative AI, in particular, it is important to formulate ethical guidelines, consider how to disclose information to stakeholders, and develop a strategy that aligns with the SDGs and other business strategies.

  3. Implementation phase
    In the implementation phase, we establish AI governance at the organization under the four perspectives of the organization, personnel, systems, and business operations, based on the strategy formulated in the strategy formulation phase. To achieve governance for generative AI, in particular, it is important to perform continuous monitoring and updating of the organizational structure because outputs cannot be predicted.

    • A)

      Organization-based perspective
      We define organizational diagrams and the division of duties, and update organizational structures to be able to carry out proper AI governance.
      At companies that provide services to external customers using generative AI or AI agents, it is especially important to design an organization that manages risks comprehensively. That is, managing risks across the legal department and IT department rather than just the business departments. This is because controlling what is output by generative AI or an AI agent is difficult compared with conventional AI technology.

    • B)

      Talent-based perspective
      We define the skill sets of personnel to comply with AI governance, quantify the current skills, and define the requirements of ideal personnel. We define a personnel development model, design training content, and formulate a system to continuously train personnel.
      In particular, it is a good idea to conduct employee training on the handling of personal information and intellectual property in AI systems, based on the latest trends of legal interpretation.

    • C)

      System-based perspective
      We define the requirements of AI systems, select vendors to deploy systems, and deploy tools. We also educate end users who use AI systems.
      Based on the characteristics of your company’s AI systems, we examine what risks need to be considered and what optimal AI governance solutions look like for managing these risks.

    • D)

      Business-based perspective

      We carry out support to standardize AI projects, create AI usage checklists, and support the implementation of AI projects (risk analysis, model construction, and model operation).
      As AI systems face problems like a drop in output quality or attacks carried out using new methods, considering governance not only when deploying AI systems but also forming an approach that considers governance on a continuous basis is key to establishing effective AI governance.

In the three phases of assessment, strategy formulation, and implementation, we aim to achieve agile governance that is updated according to the social environment by building a comprehensive AI governance framework for the organization and establishing AI governance rules and implementation cycles.
AI agents (AI that can execute tasks autonomously) are also expected to become widely adopted by companies in addition to generative AI. It is, therefore, necessary to undertake risk management for not only information entered into AI and information produced by AI but also tasks (automated linking with decision-making and external environments, etc.) that are executed by AI itself.

A future with AI governance

By implementing these measures, companies can ascertain generative AI-related risks and the organizations, rules, and systems necessary to tackle said risks. Examining whether the risks are permissible for your company and taking preemptive risk countermeasures will enable you to maximize the benefits of using generative AI while managing the risks at an appropriate level. Ultimately, we believe addressing AI governance will help mitigate future risks and improve your brand value, driving profits without being a cost for the company. The establishment of AI governance should surely be positioned as a strategic agenda that should be developed in tandem with AI usage.

Insights

Related Services

AI

Cloud

Technology Transformation

    Related Information

    Consulting Service for AI Governance (Japanese)

    Consulting Service for AI Personnel Training (Japanese)

    Services for Supporting Operational Efficiency Improvement for Internal Inquiry Response with AI (Japanese)

    Data Utilization Consulting Services Using Large Language Models

    Large Language Model-Enabled New Operational Value/Customer Experience Generation Support Program (Japanese)

    Generative AI-enabled knowledge management enhancement support service - ABeam Knowledge CoE solution

    Use case creation support to improve business efficiency and value through Generative AI Starter App

    Internal Knowledge Search System-Enabled Large Language Model Implementation Support Service (Japanese)

    Data-Driven Management Service (Japanese)

    Data Analytics Advisory Services

    Services for Supporting Well-Being Management with Sleep Tech (Japanese)

    Social Impact Generation-Oriented Business Promotion Service (Japanese)

    Customer Experience-Focused Service Design and Growth Support Service (Japanese)

    ABeam BI Analytics Service

    XAI (Explainable AI) Implementation Support Service (Japanese)

    AI/Data Utilization Strategy Formulation for DX Promotion Service (Japanese)

      Contact

      Click here for inquiries and consultations