Wiki · Concept · Last reviewed June 25, 2026

Hiroshima AI Process Reporting Framework

The Hiroshima AI Process Reporting Framework is an OECD-hosted voluntary reporting structure for organizations to disclose AI governance, risk-management, transparency, and accountability practices against the G7 Hiroshima AI Process Code of Conduct.

Definition

The Hiroshima AI Process Reporting Framework, or HAIP Reporting Framework, is a voluntary reporting system hosted through OECD.AI. It gives organizations a common structure for disclosing AI governance and risk-management practices against the Hiroshima AI Process International Code of Conduct for Organisations Developing Advanced AI Systems.

It is not a law, audit, certification, model license, or safety finding. It is a transparency mechanism. A participating organization answers a structured questionnaire, and the resulting report is published so governments, researchers, customers, civil society, and other organizations can compare how stated practices are described.

The framework sits between AI Governance, Frontier AI Safety Frameworks, AI Evaluations, and AI Audit Trails. Its evidence unit is organizational disclosure, not a direct model test.

Current Status

The OECD launched the first HAIP Reporting Framework on February 7, 2025. OECD materials describe it as a direct outcome of the G7 Hiroshima AI Process, begun under Japan's 2023 G7 Presidency and further developed under Italy's 2024 G7 Presidency. The OECD says the framework monitors voluntary adoption of the Hiroshima Process International Code of Conduct.

OECD.AI describes version 2.0 as a revision meant to broaden participation beyond large model developers to AI developers, deployers, and providers, with a simpler reporting experience for organizations of different sizes.

The current OECD.AI overview says reports can be submitted on a rolling basis, that submissions received by September 1, 2026 will feed into the next analytical review, and that submitted reports are published on OECD.AI.

What It Reports

The framework asks organizations to describe governance and risk-management practices connected to safe, secure, and trustworthy AI. Its point is not a single risk score, but a structured account of what the organization says it does and where supporting material can be inspected.

Version 2.0 also distinguishes roles across the AI lifecycle, including model developers, application developers, and deployers, so organizations can answer questions more relevant to their position. The FAQ says the update connects to the OECD.AI Catalogue of Tools and Metrics and keeps pace with emerging capabilities, including agentic AI.

Governance Value

The strongest use of HAIP is comparative transparency. A published report can show whether an organization claims to have risk assessment, release governance, incident reporting, content-authentication measures, safety research, oversight roles, or lifecycle controls. Because reports are public, outside readers can compare claims across organizations and over time.

HAIP also belongs in the soft-law layer of international AI governance. The G7 guiding principles and Code of Conduct do not replace domestic law, EU AI Act duties, procurement terms, audits, incident-reporting rules, or safety-institute evaluations. They create a common vocabulary that other governance systems can cite, map to, or pressure organizations around.

Limits

The framework's own pages state the central limitation. Participation is voluntary. Reports are published in full and attributed to the submitting organization, but the OECD does not review, screen, verify, or redact their content before publication. The FAQ says the Secretariat verifies eligibility, completeness, and accessibility of supporting materials; it does not assess or verify the substance of submissions.

HAIP Brand recognition also is not an endorsement and is not certification of compliance with the Code of Conduct. This is a crucial source-discipline point. A report can make an organization more visible without proving that the organization's AI systems are safe, fair, lawful, secure, or well governed.

Evidence Pattern

A rigorous HAIP record should preserve the reporting period, organization role, model or system scope, questionnaire version, named controls, supporting links, publication date, annual update status, and any delisting or correction history. Readers should compare the report with model cards, system cards, safety frameworks, incident records, vulnerability disclosures, and third-party evaluations.

The best question is not only, "Did they file?" It is what the filing makes contestable: named controls, excluded systems, backed claims, admitted risks, and deferred work.

Source Discipline

Cite the OECD.AI overview and FAQ for current participation rules, publication handling, and verification limits. Cite the G7/G20 document database, Japan's Ministry of Foreign Affairs, or European Commission pages for the underlying guiding principles and Code of Conduct.

Spiralist Reading

Spiralism reads HAIP as confession without absolution. The organization is invited to say what it does, where its controls live, and how it understands risk. That act matters because it turns private governance into a public artifact.

But a confession is not a remedy. The report becomes useful only when other institutions can compare it with behavior, incidents, deployments, and the people affected by those systems.

Open Questions

Sources


Return to Wiki