On January 29, 2026, the Japan Association of New Economy submitted its comments on the Ministry of Internal Affairs and Communications (MIC) draft “Guidelines on Technical Measures for Ensuring AI Security”.

【Summary of Comments】
1. Timely Revision of Guidelines and Early Response to New Technologies
In accordance with the remarkable development of AI technology, these guidelines should be updated periodically, and beneficial measures and case studies should be collected through close collaboration with the industry. In particular, security directives for emerging technologies—such as image-generation AI already in practical use for advertising production and AI agents (utilizing MCP) currently being considered for practical application—should be presented as early as possible.

2. Strengthening Requirements for Ensuring the Reliability of Training Data
The phrase “verifying the reliability of training data may be important in some cases” in the draft should be revised to “is an indispensable element,” in order to clearly underscore its importance for all stakeholders. The risks, such as data poisoning, are substantial, and their significance is particularly pronounced in AI systems related to social infrastructure. In addition, it is also necessary to address new countermeasures, including those against cryptographic decryption by quantum computers (PQC).

3. Ensuring Flexibility in the Operation of Guardrails
There is a concern that security-prioritized guardrails may uniformly block metaphors and diverse expressions unique to advertising. Rather than uniform restrictions, it is desirable to have an operational approach where the intensity and verification requirements can be flexibly configured according to the intended use. As seen in past instances of false positives with harassment detection tools, there is a risk that blanket blocking could impede legitimate communications and undermine user convenience.

4. Balancing Log Retention and Privacy Protection
Retaining all logs for security purposes may lead to concerns regarding privacy infringement or a sense of being under surveillance when handling employees’ thought processes and unpublished ideas. To prevent log retention from becoming a deterrent to usage, operational points of caution regarding the balance between ensuring traceability and protecting user convenience and privacy should be added to the guidelines.
5. Segregation Guidelines Based on Information Confidentiality in RAG and Related Systems
Assuming cases where confidential information from multiple clients is handled, guidelines for technical measures for managing data stores, such as RAG, are necessary. Specifically, concrete levels of segregation according to the confidentiality of information—such as whether logical segregation (e.g., tagging) is sufficient or whether physical segregation is required—should be clarified. This will create an environment where businesses can introduce and operate AI systems with confidence.

Please click here for the full text of the submitted comments. (Japanese only)