On 30 October, the G7 countries (Canada, France, Germany, Italy, Japan, UK, US and the EU) reached an agreement on the International Guiding Principles on Artificial Intelligence (AI) and on a Code of Conduct for AI developers. The 11 Principles aim to promote the safety and trustworthiness of AI systems and provide guidance to organizations developing and using AI systems. The Code of Conduct provides guidance to organizations developing advanced AI systems on how to implement the 11 Guiding Principles.

The G7 AI Principles and Code of Conduct (AIP&CoC) represent a significant next step in an ongoing process by governments to establish a coordinated global framework to promote the responsible and safe development and use of AI systems. While the AIP&CoC are voluntary, governments of the G7 will endorse them and encourage businesses and other organizations to commit to them. 

The G7 ‘Hiroshima Process’ that produced the AIP&CoC is part of a growing set of international efforts to establish frameworks for the governance of AI. They build on the 2019 OECD AI Principles, that were also adopted by the G20, and is meant to provide a common reference point for current developments such as the US Executive Order on Safe, Secure and Trustworthy AI , Canada Bill C-27 AI & Data Act, as well as feeding into global efforts such as the UK hosted AI Safety Summit, the Council of Europe Convention on AI, Human Rights, Democracy and the Rule of Law and the UN Global Digital Compact. For the EU, the G7 AIP&CoC will complement the legally binding rules that are currently being negotiated under the EU AI Act. 

Of note in the AIP&CoC is that they establish a firm commitment by the G7 to a set of key aspects of AI governance. These include a risk-based approach that is applied throughout the AI lifecycle, starting with precautionary pre-deployment risk assessments and mitigation. They also recognize the need for continuous ongoing monitoring, reporting and mitigation of misuse and incidents. Among the precautionary measures, the AIP&CoC call out the need for AI developers and deployers to have in place risk management policies and procedures, and robust security controls that should include internal adversarial ‘red teaming’ exercises. 

Beyond addressing concerns over potential risk arising from advanced AI systems, the G7 AIP&CoC also identify priority areas of AI research and development around content authentication, measures to protect data rights, mitigation of societal, safety and security risks, the use of AI to address global challenges (e.g., climate change) and development of technical standards.

Going forward, the G7 countries have committed to developing the principles and code of conduct further as part of the comprehensive policy framework, with input from other nations, the OECD, Global Partnership on AI (GPAI), and a wider set of stakeholders in academia, business, and civil society.

Among the elements that will be addressed in subsequent work, are the need to clarify key concepts such as the definitions of terminology (e.g., ‘advanced AI systems’), categorization of incidents, measurement standards and benchmarks for levels of risk and guidance for consistency of reporting. There will also be a need to establish mechanisms for secure information-sharing about AI system vulnerability. Other elements that have yet to be addressed include the role of public reporting on liability considerations and mechanisms to ensure the quality of communications along the value chain between developers, users, and all stakeholders in between.

As countries move toward incorporating the G7 AIP&CoC in their national policy frameworks, some of the issues to watch for include the means by which they choose to drive the adoption of those frameworks by AI developers and deployers, be it by legislative or regulatory mandates (e.g., the EU’s proposed AI Act), through government procurement rules (e.g., pursuant to the 30 October 2023 Executive Order in the US), or recommended guidelines (e.g., Japan’s new AI guidelines being finalized by the government’s AI Strategy Council). It will also be interesting to see to what extent the AIP&CoC get adopted beyond the G7 countries, including among OECD members, G20 member countries (outside of the G7), and nations that are not traditionally aligned with the G7.

The G7’s 11 Guiding Principles: Summary

1. Take appropriate measures throughout the development of advanced AI systems, including prior to and throughout their deployment and placement on the market, to identify, evaluate, and mitigate risks across the AI lifecycle.
2. Identify, report, and mitigate patterns of misuse after deployment, including placement on the market.
3. Publicly report advanced AI systems’ capabilities, limitations, and domains of appropriate and inappropriate use in order to help ensure sufficient and ongoing transparency, and thereby contribute to increased accountability.
4. Work towards responsible information-sharing and reporting of incidents among organizations developing advanced AI systems, including industry, governments, civil society, and academia.
5. Develop, implement, and disclose AI governance and risk management policies, grounded in a risk-based approach – including privacy policies and mitigation measures, in particular for organizations developing advanced AI systems.
6. Invest in and implement robust security controls, including physical security, cybersecurity, and insider-threat safeguards across the AI lifecycle.
7. Develop and deploy reliable content authentication and provenance mechanisms, where technically feasible, including watermarking or other techniques to enable users to identify AI-generated content.
8. Prioritize research to mitigate societal, safety, and security risks and prioritize investment in effective mitigation measures.
9. Prioritize the development of advanced AI systems to address the world’s greatest challenges, such as the climate crisis, global health, and education.
10. Advance the development and adoption of international technical standards.
11. Implement appropriate data input measures and protections for personal data and intellectual property.

Other recent EY publications on AI policy developments include:

• Key takeaways from the Biden administration executive order on AI
• How to navigate global trends in Artificial Intelligence regulation
• Eight AI-related US policy issues for boards and management to consider