Hiroshima AI Process – Principles & Code of Conduct — Incident Reporting

Q: Does Hiroshima AI Process – Principles & Code of Conduct require Incident Reporting?

Yes. Hiroshima AI Process – Principles & Code of Conduct addresses Incident Reporting through 1 provision.

Does Hiroshima AI Process – Principles & Code of Conduct require Incident Reporting?

G7 • voluntary

Yes — 1 provision

Requirements at a glance

This regulation imposes 4 specific requirements for Incident Reporting across 1 provision:

Vulnerability identification — Identify and mitigate security vulnerabilities after deployment
Incident response — Address AI incidents promptly; maintain response processes
Misuse pattern monitoring — Monitor for patterns of misuse and take corrective action
Post-market surveillance — Treat post-deployment oversight as an ongoing obligation

Incident and Vulnerability Management (Action 2) #

Obligation:

Incident Reporting

enforcing

Effective:

Oct 30, 2023

Risk tier:

all

Scope:

providers

cross-domain

Requires post-deployment monitoring for vulnerabilities, incidents, and misuse patterns — effectively a voluntary incident response standard for foundation model developers that national regulators point to as a reference expectation.

Requirements

Requirement	Details
Vulnerability identification	Identify and mitigate security vulnerabilities after deployment
Incident response	Address AI incidents promptly; maintain response processes
Misuse pattern monitoring	Monitor for patterns of misuse and take corrective action
Post-market surveillance	Treat post-deployment oversight as an ongoing obligation

Penalties

Violation	Fine
Non-compliance	Voluntary — no binding enforcement mechanism

View full regulation View obligation Obligation matrix