Skip to main content

This page has been translated using TexTra by NICT. Please note that the translation may not be completely accurate.
If you find any mistranslations, we appreciate your feedback on the "Request form for improving the automatic translation ".

Digital Extraordinary Administrative Advisory Committee Working Group Technology-based regulatory reform Promotion Committee (3rd meeting)

Overview

  • Date and Time: Thursday, December 1, 2022 (2022) from 10:00 to 12:00
  • Location: Online
  • Agenda:
    1. Opening
    2. Proceedings
      1. Mechanism for securing Trust in Technology Map (Explanation from the Secretariat)
      2. Explanation from a member of Ogino
        • Introduction and Proposal of New Initiatives for IoT security measure ~ Labeling (Mark System) for Certified Products Has Begun! ~
      3. Explanation from Associate Professor Fuyuki Ishikawa of National Institute of Informatics
        • Introduction to Approaches to AI Quality
      4. Exchange of opinions
    3. Adjournment

Materials

Minutes, etc.

Date and Time

Thursday, December 1, 2022 (2022) from 10:00 a.m. to 12:00 p.m.

Location

Held online

Members present

Chairman

Hiroshi Esaki, Digital Agency Senior Expert (Architecture)

Members

  • OKADA Yūsaku (Professor, Department of Management Engineering, Faculty of Science and Engineering, Keio University)
  • Keiko Ogawa (Certified Public Accountant, Banking Capital Markets Leader LegTech Leader Partner, EY Strategy and Consulting Co., Ltd.)
  • Tsukasa Ogino (Representative Director of the security Council for Important Consumer Products)
  • Yumi Kawabata
  • Taro Shimada (Representative Executive Officer, President and CEO, Toshiba Corporation)
  • Shinji Suzuki (Designated Professor, The University of Tokyo Institute for Future Initiatives, Director of Fukushima Robot testing Field, Fukushima Innovation Coast Initiative Promotion Organization)
  • Keisuke Toyoda (Specially Appointed Professor, Institute of Industrial Science)
  • Takao Nakagaki (Professor, Faculty of Creative Science and Engineering, School of Science and Engineering, Waseda University)
  • Osamu Nakamura (Professor, Faculty of Environmental and Information Science, Keio University)
  • Ayumu Nagai (Representative Director and President of Astamuse Corporation)
  • Katsunori Nemoto (Counselor of the Japan Business Federation)
  • Daiyu Nobori (Director of the Cyber Technology Laboratory, Information-Technology Promotion Agency)

Overview

Counsellor Hitoshi Suga: In Now that it is time, I would like to open the third "Technology-based regulatory reform Promotion Committee."

Again, members are invited to participate online.
In addition, today, in the course of the proceedings, we will explain in the first half and exchange opinions in the second half. Last time, we used Slack and Webex together, but in the end, Webex seemed to be easier to use, so this time, if possible, I would like you to use Webex chat and post any comments during the explanation.
Now, I would like to begin today's agenda.

Please proceed to Chairman Ezaki. Thank you in advance.

Chairman Ezaki: Then, as the third session, we plan to introduce the mechanism for securing Trust in Technology Map, IoT security measure by labeling systems for certified products, and approaches to AI quality.

Finally, I would like to make it a time for all members to speak freely.
First of all, I would like to ask Mr. Hitoshi Suga, Director of the Secretariat, to explain the "Mechanism for Securing Trust in Technology Map."

Counsellor Hitoshi Suga: In .
Last time, you discussed the information that should be included in the Technology Map. This time, among the remaining issues, I don't think one entity can cover all the issues of securing the Trust, so I would like you to discuss what kind of people should be involved and how it is appropriate to do so.

Please refer to the material.

Pages 1 and 2 are a summary of the discussions so far, so I will skip them. On page 4, I will write "A mechanism to ensure the Trust of technologies listed in Technology Map" as the issue this time.

First of all, on page 6, I would like to review the outline of the framework. The Technology Map and Technology Catalog will be created by the ministries and agencies responsible for the regulation, the regulation implementing organizations, and the target companies of the regulation. We hope that they will connect the procurement and the regulation review to make it possible. Therefore, it is naturally necessary to ensure a certain level of authenticity and truth (Trust) in the information posted there.

On the other hand, on the right side, I think it should be assumed that there is always a possibility that erroneous, old, or false information will be reported from companies with technology, including those that apply through public offering. However, I feel that it is unrealistic for the Secretariat to make a complete prior validation for such information, in terms of cost, speed, and expertise.

Amidst this, Technology Map itself will not be useful in the first place unless the latest information is rapidly collected, posted, and updated as technology progresses, so I would like to ask you to discuss how to flexibly secure Trust based on the requests on the right.

As shown on the left side of the next page, last time, as a major premise of the mechanism for securing Trust, I explained that this catalog is reference information. However, we will have a thorough dialogue with the ministries and agencies responsible for regulation and clarify the accuracy and level of compliance that we would like to see achieved by setting as much detail as possible regarding what is an essential requirement for compliance.

In addition to that, regarding various third party certifications, we will make sure that they are appealing to the public. If it is essential for the whole, we will decide to include it in the procurement requirements. We have proposed as a basic framework that we will secure Trust by accumulating this.

In addition, there are two points I would like you to consider today. First, including the fact that the technology catalog on the top is for reference information, what responsibilities should be shared by the parties directly involved in the use and creation of Technology Map in relation to the use of the information posted?

Second, I would like to discuss whether it is possible to flexibly obtain support for the establishment and operation of such a framework from highly specialized external organizations other than the entities involved in Trust, which directly share the responsibilities mentioned above. This includes referring to various kinds of certification. This is what Mr. Shimada explained about Technology Map and quality assurance last time.

My first question is on the next page. First of all, at least with regard to the fact that we are currently creating the map based on this concept, I believe that it is necessary to make it into language to a certain extent when we officially publish the Technology Map and the catalog, and to make it public in the form of a manual.

As an example of what we will write in this manual, first of all, Digital Agency, which is currently assumed to be the operating entity of Technology Map, will carefully check the formal requirements that can be handled mechanically. For example, in the example introduced last time, technologies and services that have not yet been released or that do not exist at present will be announced after carefully checking them based on public information.

As for the ministries and agencies responsible for regulation, first of all, we would like to ask them to cooperate in refining the regulation items so that it will be clear in advance as much as possible what kind of judgment materials and judgment items they have regarding the status of observance of regulation, including essential performance requirements, and whether they have them in the form of a checklist. Then, as I will explain later, we would like to ask them to review regulation so that the technologies listed here can be adopted as much as possible at the responsibility of the technology users. These two are what we expect from the ministries and agencies responsible for regulation.

The third is the business operators who actually have the technology, propose it, and publish it in the catalog. They are primarily responsible for the information they publish. However, in order to avoid a mismatch with needs, as a point of attention, as in the previous discussion, they are asked to write that they cannot do this or that they cannot use it in this way as much as they can. Also, I would like you to take responsibility for updating the old content.

In addition, with regard to unjust and wrongful acts such as intentionally posting false information, we would like to accept that some kind of measures will be taken ex post facto. I believe there are various possibilities, such as the publication of a message to correct the erroneous information, or the suspension of posting on Technology Map itself, including other technologies, for a certain period of time. I would like to have discussions on these matters.

With regard to regulation target business operators who refer to the map and catalog, first of all, it is necessary to clearly state that the adoption of individual technologies needs to be done at the responsibility of the technology users. Also, I would like to ask for feedback on the fact that it was strange to refer to the map and catalog, and that it was different from what is written elsewhere, and that it was strange to actually use it. This is the current stance of the Secretariat based on the discussions so far, but I would like to ask for your comments later on whether this is different.

This is my second point today. Last time, I explained the maintenance process in four stages for securing Technology Map and technical catalogs in Trust. In each stage, I would like you to be involved in the process as a mechanism to receive reviews and advice from highly specialized external organizations, rather than consulting with them on an ad hoc basis when the Secretariat comes up with the idea.

First of all, on the left side, regarding the phase of technology search for regulation typologies and extracted regulation typologies, I feel that specialized knowledge is essential for the extraction of regions and typologies, such as the fact that a certain level of technology has emerged and been established in this field, and it is about time that it will be used.

Second, regarding performance requirements, of course, we will set them while talking with the authorities, including what we said in the previous course that spoofs would be a problem. As for how to incorporate them into the correct setting of performance requirements, we would like to ensure that the opinions of experts are reflected in the setting of measurement standards based on quality evaluation indicators, standards to be followed, and third party certifications to be acquired.

As the process progresses, if it is determined that a technology validation is necessary, that is, a technology is likely to exist but a performance confirmation is necessary, the process proceeds to a quality validation and evaluation to determine whether the searched technology is sufficiently capable. Regarding this, it is said that each regulation authority is cooperating with STRL and others to confirm each technology. We would like to spread the technology as much as possible and reflect in the map that the same validation can be used in a wide range of areas. We would like to discuss whether there is a possibility that a highly specialized third party will cooperate in this process.

In particular, I would be grateful if someone could objectively confirm whether the system required by the authorities is in accordance with design, whether the initial purpose has been achieved, and whether procurement, the technology users, will be in trouble when the service is released and released to the world.

Finally, if you pass the Technology validation, you will be asked to review the regulation, and the target operators who actually comply with the regulation will be at the stage of procurement the technology. When adopting the technology, you will be asked to refer to a document that summarizes the points to be noted in the use and operation of the technology that will be specifically prepared by an industry organization as a measure to secure the Trust. In some cases, we may have to talk about a new creative regulation. I would like to have a system that can give us advice on this. In this regard, Mr. Ishikawa, who mainly summarizes the QA4AI introduced by Mr. Shimada last time, will introduce the details later.

In addition, I would appreciate if you could make a procurement of the technology by referring to the map, and if you could provide feedback when a specific problem occurs, as well as support for maintenance and operation, including incident response, from someone.

On the next page, I explained some information that should be listed in Technology Map in the table last time, but I added the perspective of securing Trust this time and added a little bit.

As for the parts added in bold, first of all, the essential requirements for regulation compliance will be specified in dialogue with the ministries and agencies responsible for regulation. In addition, feedback will be provided during the operation of the system. I believe that it would be appreciated if external organizations with high expertise could appear here and help set more detailed performance requirements.

In addition, regarding information on restrictions and precautions for use, in the previous proposal, we stopped at the point where we wanted companies with technology to express their points of attention. In addition, it was said that it was quite difficult to do so, so the ministries and agencies responsible for regulation would feedback on how they used it. However, from the perspective of securing Trust, the ministries and agencies responsible for regulation would clearly specify the guidelines issued by themselves as reference materials.

Third, I think that the operating entity of Technology Map, with the support of external organizations, will refer to documents that are useful, deepen understanding, and enable people to understand the characteristics of this technology and use it, and publish explanatory articles as proposed by the members.

Today, the Secretariat would like to consult with you on the above points. After this, we will add additional points in blue based on the previous discussion. Please take a look at them for reference.

That's all.

Chairman Ezaki: . Thank you for your explanation.

Next, I would like to ask Mr. Ogino to explain about "IoT security measure based on the labeling system for certified products".

Ogino Member: My name is Ogino Can you hear me?

Chairman Ezaki: , I'm fine.

Ogino Member: My name is Ogino screen. Now, I would like to take 15 minutes to explain a little.

First of all, I would like to talk a little about "comparison of conditions required for third party certification systems."

ISO15408 is a common criteria, which is often used in copiers.

We have created these four conditions. First, is it easy to understand? Second, is it reliable? Third, is it easy to spread? Can the manufacturer use it properly? Is it low cost? Fourth, is it easy to follow new attacks? We have created these four conditions. Unfortunately, our members and manufacturers say that common criteria is good for expensive products, but it is a little unsuitable for low-cost IoT devices.

On the other hand, there are quite a few types of IoT devices ranging in price from several thousand yen to several million yen, but what kind of standardization is progressing among them? This figure shows the outline of activities in Japan, the United States, and Europe since 2017.

The United States has been actively issuing various guidelines to prevent hijacking of IoT devices as much as possible since around 2020, especially after the outbreak of COVID-19. Recently, in 2021, the ExecutiveOrder (14208) issued an ExecutiveOrder on a quality assurance system in security for consumer devices.

It was finalized as a final draft at NIST IR8425 in 2022. Here, the minimum requirements for IoT devices for consumers are written as "minimum" in Japanese, but they are called "baseline" in English. In April next year, we are promoting a measure to label IoT devices if they pass the requirements of a certain line to some extent. According to an article in the United States, there is a move to attach some kind of mark to IoT devices that meet certain standards, in the form of a system to attach a mark according to the level of energy saving, such as Energy Star.

On the other hand, European countries are centered on regulation, but it was slow at first. Since the introduction of the cybersecurity Certification Framework was proposed in 2017, the United Kingdom has issued 13 security Codes of Conduct for Consumer IoT as best practices, and ETSI has set certain requirements for them as EN303645. ETSI has issued TS103701 as a testing scenario to achieve the requirements.

It was not a regulation. It was shown as a guideline that it would be fine to make a testing with such requirements. Two months ago, the Cyber Resilience Bill came out with a proposal for measures that would prohibit sales in Europe unless certain standards are met. This is the global trend.

In Europe, there are the European Telecommunications Standards Institute (ETSI) and the European Network Information security (ENISA), but the content summarized in ETSI is not equal to ENISA.

In addition, ENISA is promoting certification of IoT devices based on "CybersecurityCertification:CandidateEUCC" and common criteria, but a separate flow has been created with the emergence of the Resiliency Bill. This is the right side.

Therefore, Europe has ETSI and ENISA, and there are two branches of ENISA, and the situation is still chaotic. Although the situation is chaotic, there are moves by Finland and Australia to use the requirements of ETSI for certification.

As I mentioned earlier, the United States has formulated "BaselineSecurityCriteria" based on a presidential decree. As you all know, the criteria for government procurement are originally defined by NIST. Aside from that, there is a movement to create such baseline criteria for IoT devices and attach the mark while calling attention to consumers.

On the right is the Japanese side. In 2017, the IoT Ministry of Internal Affairs and Communications Guidelines were created by the IoT Consortium, which was formed by the ministries and agencies of security and the Ministry of Economy, Trade and Industry. Two months ago, it took 55 years to standardize the IoT Guidelines as ISO27400. This is the policy that IoT devices should follow. I admire all of you who worked hard to standardize the IoT Guidelines.

We finally took off ISO27400 after it was standardized, and in the series, ISO27402 is being considered. This is proposed by the United States, and it seems to be a content that shows the requirements as a specific measure. It seems to be a content that slides the baseline requirements of the United States as it is. This has not been standardized yet.

Although not shown in this figure, a proposal for labeling will also be considered as ISO27404.

The requirements of Europe and the United States described here are almost the same. The contents proposed by Europe, the contents proposed by the United States, and the requirements that we, CCDS, created together with the manufacturers are actually not very different.

We believe that the Japanese proposal should be set optimally for Japanese manufacturers and consumers, but since the requirements do not change much, I believe that it will be almost OK for the Japanese government to set such security requirements as they are discussed on the Technology Map.

However, the point is that Europeans are trying to regulation. The U.S. is moving to just present the requirements and leave it to private sector. What is important is that because security changes over time, freshness is important for requirements and conformance standards. Rather than the flow of creating requirements over time like ISO15408, security's environments change every year, so I think we should create a system that can be flexibly updated.

In the United States, NIST has written that such a certification scheme would be good if it were a flexible system for non-profit organization. Of course, this could be done by the government or by private sector.

It is said that ISO15408, which is standardized, emphasizes process checks, so there are many document checks and the cost of certification is high. When it comes to IoT devices, a light inspection process is important. However, both the content promoted by the United States and the content promoted by Europe are creating important certification processes and conformity standards within their own countries or organization. I think it is important for Japan to create conformity standards in Japan.

Next is social implementation. There are a lot of standardization that is not used even if it is standardized. It is important to have incentives on both sides that make it meaningful to be used, that manufacturers agree to it, and that consumers accept it. As with this technology map, applying authentication schemes to applications and methods that you want to use must be beneficial to both the provider and the user.

Also, regarding the certification scheme, is third party certification important or is it better to make a validation by ourselves? There are various words such as self validation, self certification, and self declaration, but I think it is better if it has meaning when it is used, and if the manufacturer agrees and the consumers accept it.

This is a detailed description of CCDS activities, so I will skip it today due to time, but I have thought about various things according to each field.

This figure is a flow of our social implementation, so I will omit it for a moment, but from 2018 to 2023, we have been engaged in activities while flexibly changing requirements in a timely manner.

We are working in private sector, and we are working on the content of what we think would be a good idea if possible. We believe that minimum manners should be set for devices that can be connected to the Internet. The idea is similar to that of the United States.

On the other hand, I think that various requirements will vary depending on the industry, so the idea is that at least baseline requirements for connecting should be created, but various security requirements should be accumulated for each industry.

The CCDS system is a system in which cyber insurance is automatically added when a device acquires the mark as a device that meets the minimum requirements. It is a system design like automobile liability insurance. Three insurance companies, Sumitomo Mitsui, Tokio Marine, and Sompo Japan Insurance, are combined, and insurance can be applied to all devices that have the certification mark attached.

It is very important to investigate incidents when they occur. It is to conduct tracking when something happens. It is problematic to do this with public funds, and is it possible for individuals to pay for it? It is also difficult for manufacturers to pay for it. It is a system design to cover it with insurance.

This figure shows the "Certification Scheme (CCDS version)." It is the owner of the certification scheme by private sector, and it will be labeled as a support at the time of purchase to consumers and an incentive to manufacturers, such as responding to security that changes over time.

Next, large companies have a Quality Assurance Headquarters, so they conduct self-inspections, and small and medium-sized companies have a mechanism to conduct third party inspections.

We are implementing a certification system for IoT devices ourselves. For reference, there is a program called IPv6ReadyLogo. This certification scheme is being promoted by the private sector for devices connected to IPv6. This is actually being done in private sector, and we are also promoting such a certification scheme for IoT devices in private sector.

As a social implementation, for example, developers of housing such as smart houses, housing equipment manufacturers, financial ATMs, and POS terminals used in convenience stores have used the certification scheme.

This figure shows an example of Sekisui House's Smart House. The entire Smart House uses the mark and certification scheme. The equipment used there is also given a minimum of one star. In addition, the slightly higher requirement is given two stars.

In this way, security has been considered as a cost until now, but it is considered as an investment. In addition, we are promoting a business that treats the acquisition of the mark through this certification scheme as a brand. By attaching the mark, we are showing consumers that smart houses have convenience, but they also have a solid security at least, and they are using it as a branding strategy for smart houses.

In summary, I believe that we can actively contribute to the world by disclosing the best practices of certification schemes for the organization and provision of information on security requirements.

In addition, it is to share the operation experience of the certification scheme. In other words, it is to promote social implementation. After all, it is meaningful to be used. We are promoting a labeling policy in the United States, and I suggest that we promote the posting of the certification and validation mark on the technology map.

For the validation system, it is important to have a mechanism that can flexibly update the requirements and conformity standards because the security changes over time.

In the context of KPI to KGI, it is important for Japan to create technical conformance standards. This is the idea of Minister in charge of Administrative Reform Okada. In addition, in the flow of ZEH (ZeroEnergyHouse) and smart houses, I think that we can use eco-friendly and safe for branding.

In the Technology Map, for example, we can show whether we have acquired ISO27000 certification, ISO9000 certification, or a mark through a certification scheme similar to the one we are using in private sector. I think this is a good indicator for users.

That's all.

Chairman Ezaki: , thank you very much for your explanation.

Regarding the issue that was discussed at the previous committee meeting and became a topic of conversation in relation to product quality assurance, we have invited Professor Jun Ishikawa of National Institute of Informatics as a guest this time.

Next, I would like to ask Professor Jun Ishikawa of National Institute of Informatics to explain his "Introduction to Approaches to AI Quality".

Dr. Ishikawa: . I'm Isikawa from National Institute of Informatics.

I am engaged in software engineering, dependability, and quality-related research such as reliable software. Over the past three to five years, I have received many inquiries from the industry about automated driving and how to improve AI quality. I am engaged in research on this and in writing guidelines with people from the industry.

Today, since it is sudden, there may be some parts that are out of context, but I would like to introduce those stories and use them as materials for discussion. Thank you.

I just listened to you briefly, but in this talk, when AI is a technology, whether it is a medical care or a road, it is necessary to evaluate the technology to see if it can eliminate the regulation that has been dealt with people, or if it can be reviewed, and I think there are two stages, such as evaluating whether the Trust is sufficient, and I think the level of the technology as a whole is sufficient, but it is difficult to do something about each product.

What I am going to talk about today is that the guidelines have been compiled for each AI product and service, so I would like to introduce them. Since this is a story of an individual product, I would like to discuss how to evaluate the technical area in general in the future. Thank you.

In the world of software, governments and IPAs typically summarize the concept of quality. In the end, there are various qualities. In the case of conventional software, there are various kinds of qualities, such as availability (how long it will run), availability (whether there will be a service outage), time performance (how fast a reply will come), response time (how much data can be used), spatial performance (how much data can be used), security (how much data can be accepted), privacy (how much data can be accepted), and so on. The starting point is to properly divide these qualities.

In addition, there is also the question of how important the system we are considering this time is, and in a simple way, it is divided by the magnitude of social impact, but I think there are various ways of dividing it, such as whether it is related to the life or death of people.

With regard to the Guidelines, it would be difficult to make individual decisions on these matters, so I would be happy if the Guidelines could decide on these matters. The Guidelines could decide on how to classify quality and how to classify quality in such a system. In addition, for example, if there is a large social impact, it is possible to decide on a matter that should not stop more than a few minutes per year. This is a typical decision, so I feel that the Guidelines could decide on these matters.

However, depending on the field, in some cases, the required time is as fast as 5 seconds, and in other cases, it is as fast as several microseconds, so as a standard, I can only say that you should decide on that.

Because of this, when evaluating each product, it is decided that this is the system that must be evaluated this time. This is the conventional way of thinking about software. I have not given out much detail, such as what ISO is, or what IPA issues as non-functional required grades, but this way of thinking has been around for a long time.

This is what AI will do. AI uses a technology called machine learning. Until now, there was a specification sheet that said, "How much is the tax rate for eat-in? How much is the tax rate for take-out? So, how much is the total amount?" And then we made a program. But instead, there is data that shows the correct answer. In this example, this is a pedestrian, and in this example, this is a truck. If it is an image, there are 100,000 or 1,000,000 correct answers, and based on that, we can make an identification function. This is the method of machine learning.

Over the past five years, a variety of industrial applications have appeared, and I think this has become a topic of conversation here. It is easy to make, but it is the same story as here, and it is said that it cannot be used unless customers in the manufacturing industry and others properly improve the quality as before. So, what to do? Two guidelines were issued in Japan, quite ahead of the rest of the world.

It is a little complicated, but there are AIQM (Quality Management) and QA (QA4AI).

AIQM is a project of the Ministry of Economy, Trade and Industry. It is made mainly by AIST, but also by companies such as Toyota, Hitachi, and Fujitsu. We are writing to clearly state that this model will probably work in 10 years' time, with a view to setting a standard.

The second QA4AI is based on volunteers, so there are currently about 70 companies. To be honest, it is a little confusing because it is written by people in the field, but the guideline contains quite a few specific examples of what to do. At present, it seems to be divided rather than merged.

However, since they are highly abstract, subguidelines are issued for each application area. In the case of AIQM, it is written that AI that monitors plants and detects corrosion of pipes must be checked for such qualities. In the case of QA4AI, for example, it is written that AI that gives verbal commands, such as smart speakers, should be checked for such qualities. In the case of AI that scans characters at banks, etc., it is written that AI that gives verbal commands should be checked for such qualities.

Since this is a hot topic, there are various things, but when I look at these two, I think there are not so many things that are completely different from each other.

What kind of content is written is very simple. First of all, regarding the first one, AIKI of AIST, quality characteristics are arranged in the form of,,. In the case of AI, it is basically a prediction or estimation, so a story that hits 90% is important as performance. However, in that case, we cannot handle a story that a major accident occurs in the 10% that is excluded, so we should consider what kind of mistakes are bad. This is risk avoidance.

In the case of AI, there is a problem that the results differ depending on gender or race in personnel affairs, loan screening, and so on, so fairness is being raised as an indicator.

With these as goals, the development side checks whether the problems have been solved properly. For example, in automated driving, it is said that we have to consider mountain roads and backlight. So, we are dividing the discussion into whether we have done it properly, whether we are collecting data properly, whether the sensors are broken, whether the AI we created is giving correct answers, whether we are considering that the tendency will change and deteriorate as we use it in operation, and whether the program used for training is appropriate, correct, and free of bugs.

So it's kind of like an actual checklist with a bunch of questions like, have you collected enough data for high-risk cases, for example.

As mentioned earlier, there are levels, and if a person dies, it should be done this much, or if performance is so important, it should be done this much. Since this is the only level that is necessary, the product checks that development organization actually does at the bottom should be done this strictly.

This is an appendix, so if you have any questions.

As for the QA4AI, although it is a little too broad, it is also presented in the form of a checklist.

This is a checklist for data, a checklist for parts that are so-called AI or have predictive functions, and a checklist for the entire system. These three are part of the products from the development organization, or components for making products. In addition, it is checked whether the development organization is appropriate and how much strong expectations are placed on the product in the first place. Therefore, there are five of them, and the four above are the talks of the development organization or the people who send out the products. I am saying that we should analyze the talks of the stakeholders who receive them and compare them four to one.

There is no way to read out the details of the checklist, but in the end, it is the same as before, and we need to check whether the data is correct. If it is automated driving, we need to check whether various data such as mountain roads and backlight are included properly, and whether there is an extreme lack of data only for women and men. We need to check whether we can get correct answers to them, whether there is any bias between men and women, and whether there is any tendency to remove noise just by putting it in. This is the quality of AI, or rather the quality of the prediction parts.

However, the quality of this system is different from that of the entire system. Even if you overlook a pedestrian who is far away on the sidewalk, you will not collide with him. The quality of the entire system and the quality of the parts made by machine learning technology are deeply connected, but they are two steps apart, so let's think about the entire system properly.

For example, in advertising, it is good to be able to answer correctly to the past data, but in the end, will people click on it? That is why I think it is a KPI in advertising, for example. So, it is the quality of the system to consider KPIs for each field and the satisfaction of users.

Basically, in the case of using AI or machine learning, there are so many uncertainties that the situation changes and it doesn't work. As the amount of data increases, it seems that it has changed from what it used to have. So, on the organization side, it is important to keep the documents properly, but it is also important to be able to respond to changes. Is that right for organization? In other words, if there are people working on various things and it takes several months for each thing to be done, AI will never be able to do it, so it includes an indicator to evaluate organization.

In response to the above, we will listen carefully to the high expectations of the users, the orderers who represent the users, and the customers from the company's point of view. We will ask how you are responding to the fact that only 90% of the users are correct and 10% are excluded. There will be some subjective things, but if you expect AI today to be unable to do something, it is necessary to make them think that it cannot do it. Or, it is necessary to consider a mechanism to properly cover the situation when it fails. It is written that we should identify the relevant rules.

There are some in Europe. It is a similar story in Europe, but all the entrances are to human rights and human dignity, so it is ultimately like science fiction, but it also says that there is an emergency stop button.

So, from the perspective of human rights, in the end, we emphasize that it is appropriate, safe, security is appropriate, it can be used with the consent of people, and it is easy to understand that AI is removed when it is removed. So, it may be used as a term such as governance or ethics, but in Europe, it is used in such a way. There is also a checklist, although it is light.

In addition, in Europe, there are particularly difficult areas, and if you make a mistake, it will have a big impact on society. It is very related to human rights, so you need to be very careful about this area, so I recommend you to pay high attention and do your best from various perspectives.

So, what I briefly introduced was that even if it becomes conventional software or AI, it is such an important system after all, and this point is important in this area. First of all, we need to be able to sort out these things, and we will evaluate them accordingly. In the case of AI using machine learning, there are basically three evaluations required: evaluating the data used for training and evaluation, evaluating whether or not the survival is correct, and evaluating whether the system as a whole works well.

So, when I talk about each product, for example, is it a world where such mistakes are troublesome? Even if you make a few mistakes, you can use it for a month and open the lid and it will be fine. To put it in an extreme sense, there are two cases like this. What is required is different when it is used in automated driving or factories than when it is used for advertisement distribution or sales forecasting, so I will sort it out.

If the former is the case, for example, when I think that a mountain road seems to be difficult due to backlight, I have to find out whether there is learning data corresponding to it, or whether it is correct at that time.

In the case of AI, the major premise is that it is fundamentally incomplete and uncertain, so it is not a matter of seeking 100%, but it is an important area to discuss whether humans can create a mechanism that can cover risks based on the premise that there are risks, and if so, it is not necessary to strictly consider AI.

I just heard it briefly, but quality measures for each product are widely used as checklists, so I hope that you will use them as a trigger to ask questions such as whether the entire technology will work well, or, for example, whether it will be impossible to increase the amount of data in the future, even though it is too difficult to collect data in this area.

That's all from Ishikawa. Thank you very much.

Chairman Ezaki: , thank you very much for your explanation.
Now, I would like to enter into a free debate. I would like to hear members' opinions and questions about today's discussion, how to proceed with the proceedings at the Committee in the future, and requests for opportunities for presentations in the future. If you would like to make a statement, I would like to ask you to raise your hand with the show of hands function.

Now, in the chat session, Dr. Nakamura has a question for Professor Jun Ishikawa about how much it would cost to make a checklist in accordance with the QA4AI and AIQM-Guidelines. Professor Jun Ishikawa, could you answer that?

Dr. Ishikawa: .

Depending on the checklist, there is already a checklist in the QA4AI and the AIQM-Guidelines. The checklist is at this level of abstraction. What is an important case depends on whether you are talking about automated driving or a pipe check in a factory. Therefore, when we actually think about it, the checklist in the Guidelines is at a very high level of abstraction, so it is necessary to identify the cases that correspond to this case this time.

For example, in the case of a piping check at a factory, the influence of salt will change if it is far from the sea, so the sub-guidelines already include a question asking if you collect both piping far from the sea and piping at a factory close to the sea. It is not difficult to say that it is not difficult because it is a plus α work to identify such things, but I feel that it is necessary for experts in the field and people who know what kind of data is good in AI or data science to discuss it properly.

Chairman Ezaki: .

Mr. Nakamura, would you like to speak?

NAKAMURA Member: Thank you, Thank you very much. I understand well.
It is necessary for the ordering party to understand AI to some extent, for example, to thoroughly discuss questions about the data set they are using and knowledge of each risk, and to drop them into this checklist.

Dr. Ishikawa: That's right. It is not possible for IT to know what kind of failure is bad, so it may be okay to completely leave it to IT vendors to get a quick response if you press a button on the web. In the case of AI, domain knowledge is quite strong, so I have an image that we need to draw out the expertise of the ordering side.

NAKAMURA Member: Thank you, For example, if the person who actually places the order is a complete amateur, it will be quite difficult. Do you have an image that it is necessary to have someone like an advisor and act as a bridge?

Dr. Ishikawa: That is an ideal. Therefore, it is often said that it is difficult to leave the matter to IT vendors and have them sort out the details of the specifications. In that sense, as you said, ideally, it would be easier if there were people who understand IT and data science to some extent on the ordering side.

NAKAMURA Member: Thank you, .

Chairman Ezaki: Right now, Committee Members Suzuki and Shimada are raising their hands. I think Committee Member Shimada is probably AI, so I would like to move Committee Member Suzuki's order later and ask Committee Member Shimada to start.

SHIMADA Member: Shimada. Can you hear me?

Chairman Ezaki: , I'm fine.

SHIMADA Member: AI, but with regard to security and AI, which you announced today, what can be said in general is that discussions are centered on how to conduct regulation in places where regulation does not yet exist.

Therefore, European countries in particular are focusing on human rights and pointing out various problems from the perspective of how to prevent people from being hurt, and I think it should be noted that there is a slight gap with the purpose of the plenary session, which is to discuss what will happen if regulation is eased.

The issue of security is exactly the same.

Therefore, in my opinion, in the process that Mr. Suga explained at the beginning, when regulation mitigation is implemented, for example, when visual inspection is stopped, I believe that there is no choice but to have the visual inspection side propose technologies that can ensure quality without development.

In addition, I believe that regulation mitigation will probably not progress unless a third party organization is established to verify whether it is safe to implement validation mitigation, and it is quite an advanced work to certify each system, and I believe that it is impossible for the Government of regulation to comprehensively create such a regulation.

Chairman Ezaki: .
It is very difficult to decide where to set up a landing point, but I think you are saying that without this, it is not socially acceptable.

Then, Mr. Suzuki, please.

Suzuki Member: I'm Suzuki.

We were not able to participate last time, so there may be some slippage, but I believe that progress is being made with the aim of mitigating regulation through new technologies. When mapping, it would be very helpful for some people to be able to take a bird' s-eye view of not only completed technologies but also technologies that are currently in development or under research.

We have an indicator called the Technology Readiness Level. This indicator was originally introduced by NASA for Space development, but now I think you will hear it in various places. For example, there are four or five technologies that were developed at the laboratory level, and when they are actually used, they will be close to the final product. If the indicator of the maturity level is not clearly indicated, I feel that it is necessary to map the technology after clarifying whether it is a technology that can be used immediately or a technology that is still under research. This is a general story.

Another issue is how to use drones. As you know, a new system for drones will be introduced next Monday, and a new aircraft certification system will be introduced for aircraft.

In the past, there was no strict system to ensure flight safety. However, a new system will be introduced to ensure flight safety by conducting inspections at a very high risk level by the national government and at a medium risk level by a private sector inspection agency. In terms of ensuring flight safety, I wonder if it is most effective to have everyone take such measures.

On the other hand, for example, there are various types of drones, such as using use cases for inspections, transporting goods, and spraying agricultural chemicals, so I believe that it would be good if each industry could confirm with confidence the performance and the extent to which they can do so.

The Ministry of Land, Infrastructure, Transport, and Tourism (MLIT) provides several products as a guidebook for infrastructure inspections, and the Agriculture, Forestry, and Fisheries Association (JAS) provides guidelines for pesticide spraying. There are differences in various industries, but if a third party organization collects data and publishes it, it will be possible to use it with peace of mind.

I am also the director of the Fukushima Robot testing Field on a part-time basis. In addition to drones, we have a test field where we can evaluate the performance of robots used in the field. If you use such a field, I think you can compare objective data. So, I would like to introduce you.

As for the certification system for aircraft mentioned earlier, there are slight differences between countries. In Europe, the CE mark, which is a mark indicating compliance with European laws, has not yet been launched, so it is not clear whether it is a self-declaration or a certification by a third party organization. However, aircraft that carry such a mark and aircraft that engage in high-risk flights must obtain certification from the national authorities. This is a two pronged system.

In the United States, you can self-declare a small drones with a low risk, but if you fly with a high risk, you must obtain national certification.

In the case of Japan, all flights require aircraft certification from the Ministry of Land, Infrastructure, Transport, and Tourism. In a sense, this is being done in one form, and although there are some differences in the method, I explained that this is the starting point of the drones.

That's all from me.

Chairman Ezaki: .

As an example of what is moving now, you explained what is happening in drones in particular. Thank you very much.

Mr. Nagai, may I ask you a question?

NAGAI, Member: : I also participated in the last meeting from the middle of the previous meeting, so there may be some gaps in the points of discussion. Regarding the mechanism of Trust, I think it is always a tradeoff that new technologies are more difficult for third parties to evaluate the newer they are.

Among them, we often receive requests for evaluation when incorporating new technologies such as start-ups, but basically, the wider it is, the more it costs. When a project itself deals with a very wide range of technologies, the wider the scope and the larger the technology, the more the evaluation costs and the costs of third parties in Trust are required, and I think it is quite difficult. Among the things that can be issued by the person himself and can be confirmed as a third party to some extent, I think there are patents and papers.

Of course, I fully understand that there are places in the AI genre that are extremely difficult to apply, but depending on the technical field, I think there is a wide range of things that the person can submit, such as the fact that the examples in the patent are a kind of security, or that it can be confirmed that some evidence has been obtained through the paper.

Another point is that I think there is a little use of a reference mechanism. For example, I think there is a way to see a certain level of trust in cutting-edge technology by evaluating what kind of person the person is. In addition, I think there is room for consideration of a mechanism in which a third party checks how the person is evaluated by other people in the network, the service and technology themselves, and whether there are comments from reliable people. This is a mechanism that can be applied to the whole while reducing the cost of the Trust to a certain extent.

In the open source world, there are basically various technologies in the reference, so I think that there are places where we can work on them after confirming their accuracy. However, if we try to understand all the technologies themselves and perform regulation and certification, I think that it will not be cost-effective, so I thought that it would be better to consider such a form.

.

Chairman Ezaki: .
In particular, I think you have presented the direction and methodology of new technologies to be developed in the future, so I think it is a discussion on how to refer to it.

Then, Mr. Ogawa, please.

Ogawa member: I'm Ogawa .
I would like to talk about it with a little reference when I say that the current cost is limited. This is really a reference, but I would like to talk about it.

In various fields, we have seen validation where there is a limit to the reliability of validation, where it is always cheating and playing cat and mouse, where there is a cost problem, and where it is quite difficult to actively provide negative information from Issue.

In recent years, in light of this Issue, management's attestation program has become a trend in the compliance field. As I said earlier, amid extremely rapid technological innovation and rapid changes in the external environment, and in light of the fact that the validation of third parties has reached its limit, the framework is one in which management itself takes self-tasking risk assessment that the controls, such as the validation, for achieving the purpose are being developed and operated effectively, and takes external responsibility for their effectiveness.

For example, in our field of expertise, there is a rule called SOX Compliance that requires management to be under oath regarding the effectiveness of controls over the process of preparing financial statement information. Similar frameworks are also being adopted in various compliance fields such as FATCA in taxation and anti-money laundering, and they are becoming a trend.

The third party is a method of reevaluating the effectiveness of control that the management has sworn to from an objective standpoint. In addition to direct validation, I believe that this framework can be used as a reference as a framework for securing Trust.

At the same time, technology providers are expected to participate in venture companies and so on, so it is necessary to carefully consider the balance between benefits and responsibilities.

In addition, I would like to make two comments on the first page of the PowerPoint.

First of all, it is about feedback when questions arise. Rather than actually using the technologies listed in Technology Map suddenly, it is assumed that a POC will be conducted in the form of comparing several technologies and one will be finally selected from them. Each ministry and agency is expected to obtain many suggestions in the course of demonstration experiments.

When we actually use it, I think that various Issue will be clearly seen here for the first time in terms of the suitability for purpose. For example, it would be better if there were a little more technology like this, it would take too much time to operate with the actual amount of data, and it would be impossible to store sufficient records.

From our experience, even if there are no problems in the demonstration validation of each function, in fact, in the demonstration experiments including a certain workflow, End-to-End in the actual data, not only technical problems but also related operations can be seen. Therefore, I think that by effectively returning such information, rather than posting it in Technology Map once and ending it, we can expect more contributions to technological advancement and innovation.

However, on the other hand, I think it is important to publish, accumulate data, and open up such information so that it does not excessively disadvantage technology providers and contributes to future development. That is my first point.

Another point is that I think Mr. Suga talked about the incident a little earlier. I think this is also a point that should be thoroughly discussed. Each member commented earlier that the risk is not zero, and based on this, you said that if an incident occurs after a implementation, it is not a small incident, but an incident with a large social impact, for example, depending on the content, the impact of a system outage for a few seconds or a few minutes can be quite large. I believe that the design of a contingency plan tailored to the magnitude of such an incident is also extremely important.

It is assumed that each ministry and agency already has various contingency plans, but I believe that clarifying the basic policies of a certain contingency plan in relation to the digitalization of administration recommended this time will contribute to a certain extent to accountability and reliability to the people.

The key is how quickly and openly the process is carried out, so I feel that it is important to clarify a certain basic policy from the top down to a certain extent, even if the details are left to each ministry and agency.

That's all. Thank you.

Chairman Ezaki: is a very heavy or difficult Issue, but I believe that you pointed out important points, although it is very difficult to know how to prepare a contingency plan and, in that sense, what kind of landing point to make for the vendors who provide the technology and the people who receive it. Thank you very much.

There is a post from Mr. Okada in the chat. Mr. Okada, would you like to speak?

OKADA Member: Okada. Nice to meet you.

As you have just mentioned, in terms of my experience in SIP civil engineering, as I mentioned earlier, especially when AI is used to fix the visual inspection, the teacher data used is very special.

However, people who use it think that it is common. For example, in a photograph, what is originally white becomes gray or blackish depending on the degree of light. In the end, if you use it as teacher data, the judgment will be much worse or better. In the demonstration, it is done in the same way, so it works well, but when it comes to the fact that it is actually taken to a different place, there were many cases where it could not be used well.

In the end, when I want to do it again, I have to start again from the teacher data. As you just said, I was actually in the middle of it, but in the end, after I thoroughly understand that AI is incomplete, and after I see what kind of teacher data I used and how I did it, I actually, as I just said, can use new data and grow together. It will work quite well, but people think that they can use what they buy right away. As I wrote in a chat, in various places, if AI is used, everything will be done or nothing will be done. Literacy is very different from what you are talking about.

Therefore, I would like to explain the essence of this matter. Even if I say Trust or something, it is true that many people in the field think that AI will do everything for them rather than taking risks. Therefore, I feel that it will be bad if we do not take into account the basic common sense of AI of people in the field, including this matter.

As was the case with Dr. Suzuki's drones earlier, drones is also a good place. For example, when it comes to bridge piers, if you go under the bridge, the wind is turbulent, so they fall down. Even if you say in the experiment that you are flying at a wind velocity of how many meters, you are flying in a certain amount of wind, so if it becomes turbulent or something like that, you don't know how far you can fly until you go there. In addition, if you go under the bridge, the GPS doesn't fly, so you end up losing your position. Therefore, unless you conduct experiments in various fields, even if there is a demonstration that the data is gathered and taken properly, and even if there is third party authentication, it is impossible to see in which state the authentication is made. To be honest, I thought in various fields that the people at the site were too scared to use it.

I think this discussion is very important, but it is necessary to determine the extent to which robustness is shown, and I think it is very important to consider how to spread the common sense of AI, including the fact that robustness must be understood, the limitations of AI, and what Mr. Shimada has been saying.

Chairman Ezaki: .

In that sense, for example, we need to make everyone fully aware of the concept of "understanding" in AI, and then move the framework of Trust. This is quite difficult.

OKADA Member: For example, they say that there are many old photos, so please use them. But to be frank, it is realistic that there was nothing we could do with old photos. In the end, some of the data on bridges were all recollected around 2016, so I thought that there were a lot of things that could not be used even if they said that they would provide the data because they actually had it. I thought that it was very important to correct the gap between the common sense of experts and the common sense of the field in various ways.

Chairman Ezaki: must be careful to describe such points as precautions when creating guidelines to be created by ministries and agencies or private sector.

OKADA Member: That's right. In particular, rather than saying that it is okay to ask the ministries and agencies, in the field of civil engineering, it is okay to say that the Ministry of Land, Infrastructure, Transport and Tourism said that the opinions of people in local cities and prefectures would not be raised in the true sense, as you can see from Mr. Nitta of the Ministry of Land, Infrastructure, Transport and Tourism, it is probably a realistic answer that the Ministry of Land, Infrastructure, Transport and Tourism cannot guarantee to that extent.

Chairman Ezaki: .

In relation to this, Mr. Nakamura mentioned that it is necessary to have an incentive to conduct POC before actual introduction. Mr. Nakamura, would you like to talk about this?

NAKAMURA Member: Thank you, .

I have been a member of the Evaluation Committee of disaster risk management for 10 years in the framework of the national SIP, and I have just finished it. When we want to create a system that has never existed before, we have set a budget of several billion yen, and we have actually conducted a demonstration experiments as a POC, including each ministry and agency, the Cabinet Office, local local government, and municipalities. The people in the field have realized that this is possible, and at the same time, the people in the ministries and agencies in charge have recognized that this can be realized. Then, the evaluation results and outputs will be made public, and I think they will be available for use elsewhere.

What I want to say is that POC is very expensive and time-consuming. How can we create incentives to change existing systems used by ministries and agencies from analog to digital and actually do POC? How can we support it?

There is Technology Map, and everyone thinks that this technology can be used, so we need to think about how to do it, and do a POC. As Dr. Ogawa said, this POC is very important, and we need to think about how to create a mechanism to share the results with everyone.

This time, I am talking about Technology Map, so as Dr. Ogawa said earlier, I thought it is very important to include the results of the POC and the knowledge obtained there in a way that can be shared across all concerned parties and ministries and agencies.

Chairman Ezaki: .

Do you have any other comments? If you have not yet made a statement, I would appreciate it if you could make a statement.

Committee Members Nakagaki, Nemoto, Noboru, Kawabata, Toyoda, and Ogino, if you have any, please raise your hands.
Then, Mr. Toyoda, please.

Member: We will create a kind of There is not much I can provide in this topic, but to provide a topic, if I share it now, it is based on another material, so I don't think you need to look at the details. For example, in the smart cities development, there are no US medium-sized companies, European types, or Japanese types yet, but if I were to divide the trends broadly, I would say that the EU type is leading the construction of a standard regulation that is rule-based and leads social good and eco, as I mentioned earlier.

I think this is very helpful. Recently, in smart cities, not in smart cities, but in the metaverse, which is a buzzword-like neighborhood, all the powerhouses around here, such as Autodesk, AWS, and NVIDIA, have been forming a committee. They are publishing a spreadsheet, and the creators are saying that they should be prepared to mix things up, and that they should work on easing regulation. This is being raised every minute, and we are discussing this on our own in each area, and we are working to increase the centripetal force to be agile, and to be prepared to mix things up and take risks.

Of course, we have been talking about the risks of regulation, but when it comes to the sense of speed in new areas, this kind of approach is important. I think there will be various discussions today on how to use what has been created, and I wonder if a phase-by-phase design is necessary.

When I am involved in the area of architectural cities and the metaverse, the metaverse is a world where there are still no rules in regulation, and construction is one of the oldest occupational fields in the world, so there is a lot of saturation. In this area, if there is something like regulation that has become spaghetti, and there is something like the Aneha Incident, regulation will be applied, and creativity will gradually die. Therefore, I presented it only as a reference that the system of how to make each phase will be very important.

Chairman Ezaki: , I understand that the phase of social implementation of technology is very important. At the same time, with regard to POC, we need to firmly grasp the stage from the technology development part, to the stage where it is actually used, and the stage where it is finally used in society.

Member: We will create a kind of workgroup and do it loosely as a committee for each domain. We will also do free participation as we did earlier. In addition, we will send out the use cases. So, we will create a media like Noboru. I thought that if there were three of them, there would be a possibility that they would work well.

Chairman Ezaki: .
Mr. Nakagaki, may I ask you a question?

Nakagaki Member: , can you hear me?

Chairman Ezaki: , I'm fine.

Nakagaki Member: Since the device is connected from the mobile phone, the voice may be bad. In that case, please understand.

Among the smart promotions we are currently conducting with NITE, for example, we are cataloguing the security management of demand equipment. As an existing technology, we are cataloguing it as smart security, but for those for which the quality of the data up to that point is not yet sufficient, we are cataloguing it in two stages as basic element technology. This is an introduction to the examples we are currently conducting.

In addition, in the past, we have asked NTT Data Institute of Management Consulting to make a survey for the introduction of such technology, for example, where there are psychological barriers for people who are inspected, so I thought it would be good if you could introduce such things next time when you have the opportunity.

What I have personally observed is that, for example, the chief electricity engineer, who is in charge of the inspection of demand facilities, is required to submit the safety regulations. The supervisory department is the Industrial Safety and Inspection Department of the Ministry of Economy, Trade and Industry. If a new technology is introduced and the number of inspections is changed, the safety regulations must be submitted to the Industrial Safety and Inspection Department, and the change must be confirmed by the Industrial Safety and Inspection Department. For example, it will take six months or so from the prior consultation to the acceptance. It is impolite to say that it is troublesome, but I think that the current situation is acceptable if the new technology is implemented.

In the past, new technologies and new equipment that were introduced at the same time were likely to be listed in the smart security catalog, but it seems that there has been little progress in applying them to existing equipment that is several years old or quite old.

With regard to the relaxation of regulation procedures, there were various talks about new patents for data to be explained, and I thought that if regulation did not study this at the same time, it would not lead to an understanding of such matters.

That's all.

Chairman Ezaki: .
I believe that what you have in common is that the regulation authorities must be fully aware of which stage the country is at. Thank you very much.

Do you have any other comments?

If you don't mind, Suga san, would you like to give us a little response so far?

Counsellor Hitoshi Suga: In . Regarding what I wanted to ask you today, first of all, I believe that we have come to the conclusion that we should rely on third parties, including everyone who made a presentation. Therefore, one of the things I would like to do is to firmly determine what specific processes should be entrusted to design.

Also, Mr. Ogawa and Mr. Nakamura talked about POC. To that end, Digital Agency and Digital Rincho are working to acquire the budget for Technology validation. I would like you to consider it at the next review meeting, but we also feel that money alone is not enough as an incentive, and I think the point is to spread the validation results horizontally, provide various teacher data, including regulation and local government, and conduct more useful POC. I would like you to discuss this next time.

Also, thank you for giving us some ideas for future presentations.

Chairman Ezaki: .
There are members who have not yet made statements, and of course some members have already made statements, but I would like to ask you to make your statements. What do you think?

Mr. Ogino made a presentation. What do you think of it?

Ogino Member: My name is Ogino .
I also thought that Mr. Suzuki's opinion was very good. The point is, of course, maturity. New technology is quite difficult to assess. However, I think it is certainly better to show an index of how mature it is.

Similarly, for incidents and security, it would be better for the provider to provide an indicator of this level to the user. In that sense, I think the labeling system promoted by the United States is quite a good system, and I think it would be more beneficial for the user to present the content of this report with an indicator of the maturity of the technology and the level of achievement in security.

That's all.

Chairman Ezaki: should clearly present how mature it is, what it is doing, and how it will develop in the future. Thank you very much.
Also, Mr. Nemoto, Mr. Noboru, and Mr. Kawabata, could you please make a statement?

Then, Mr. Kawabata, please.

Kawabata Member: Today, I am not close to my field, so I learned a lot. In particular, quality assurance in the AI field, because I write about technology mainly in automobiles, I think the hurdles are very high when introducing this kind of thing in an industry where very strict quality assurance is required. I heard today that it will be an answer to what I usually think, or rather, it will be a direction, and I understood it, so I learned a lot.

In addition, as Committee Member Toyoda said, it is very important to take agile while taking some risks, and to divide the work with formality like a subcommittee. In particular, I think there are three things that need to be done in both ways. If I talk about two of them, they are new and very related to other discussions, but the maturity of technology is low, but there are some things in the market that are important to talk about or share.

You talked about the mixture of cobblestones, but it is not rotten, but there are places where people talk about things in various states, even if they are less mature, and implementation is spread to things that are mature to a certain extent and seem to be able to be used as regulation in society. I don't think these two steps can be done together, and I don't think I can talk about them at the same place. I think these two can be markets, and I think it is important to properly structure two markets if we think of it as a marketplace where technology is distributed.

In addition, at the stage of creating these things to a certain extent, the number of participants will not increase unless there is a function to communicate these things to the people who will participate and use them. Therefore, I think that creating an ecosystem is the next important thing. I think that this will be a little later in the discussion, but what kind of people should participate? I think that releasing new technologies while taking risks may be done by private sector companies or startups, even if they are small. I think that the number of participants will not increase unless there is an incentive to participate in such places or to communicate them. I think that we should increase the number of participants.

In addition, although it is a technology that has a risk, depending on the situation, it may be used in a large way or in an industrial field. This is a new technology, but it is arbitrarily interesting or seems to be used in an industrial field. In some cases, consultation is not effective for new technology, so I asked if it would be good to spend a budget to commercialize new technology, for example, by using subsidies or creating a budget in the form of POC, and consider whether such a business can be conducted in a framework.

I'm sorry to be a little distracted and like my impression, but I will tell you those two points.

Chairman Ezaki: .

You also pointed out that we need to devise how to provide incentives such as POC.
Then, Mr. Nemoto, please.

Nemoto Constituent: Thank you, .

I thought it would be enough to make a comment, so I refrained from making a comment. However, when the word "categorization of regulation" first appeared in the power point that Mr. Suga talked about, I suddenly stopped. I was relieved that I received an explanation of the detailed setting of performance requirements in the subsequent explanation. I thought that part was extremely important, so I would like to thank you for including it.

However, it may be a problem of my Japanese ability to interpret the detailed setting by the word "typology," but it is quite strict, and there was one point that I would be happy if you could devise something else.

The other point is, as I believe it was mentioned in the previous discussion, I was a little concerned about where the element technology part was. I refrained from making a statement because I did not have an idea of what I wanted to do, but I believe that there was a talk about what should be done with the element technology that will be the foundation, and how much and in what form should be included in the catalog.

In addition, if performance requirements are set in detail, there is a possibility that some companies do not want to disclose their technologies, so what should they do? I am a little worried that there is a possibility that such technologies cannot be used for regulation response. This will be discussed later, so it may not be at the current stage, but I would like to discuss it in the back of my mind.

These are the 3 points.

Chairman Ezaki: .
Okay, Mr. Suga, please.

Counsellor Hitoshi Suga: In .
First of all, regarding the categorization of regulation, only the characters that can be inserted into the icon are included, but based on the purpose you mentioned, I would like to ask you if you can consider the wording.

Also, regarding elemental technologies, as I asked you to explain the content of the information to be posted last time, I just omitted it from the agenda this time, and I would like to continue posting it, and I understand that it will be recognized as a category and a domain as a group of technology search.

As for the last point, the Secretariat is aware of this as an issue, and I believe that it may be necessary to consider whether it is good to disclose everything and show that Japan has this kind of technology in this field and is mature in this way, based on the context of the Minister in charge of Administrative Reform Okada. First of all, I recognize that it is an issue that we need to consider a little in the second half of the meeting, how much we will disclose while making it as detailed as possible. Thank you very much.

Chairman Ezaki: Information Disclosure will be close to the future specific operation of how much to write from the point of Minister in charge of Administrative Reform Okada and intellectual property rights, but there is that point.

Then, Mr. Noboru, if you have any, please.

Member: I think it is important to create an atmosphere in which the accuracy of the technical content to be posted and the problem of how to correct biased information when it is posted are monitored by many people's eyes.

In the open source community, it was like a mailing list in the past, and later it was like a bulletin board. Recently, for example, it is like GitHub. In terms of technical articles, there are some in Japan, such as Qiita.

When someone posts information, or when someone changes or commits information, many people are watching whether it is strange, wrong, or biased, whether it is in the interests of the poster or the disadvantage of others, or whether it is intentionally trying to make a bad thing by putting something that is vulnerable.

However, what is important when you assign a watch is that if you make it very easy for the people who are watching to post their opinions, on the contrary, there will be a lot of irresponsible opinions. On the other hand, if you make it impossible to post without taking strict procedures such as identity confirmation, it will be troublesome, and many experts have other jobs, so there is a problem that they will not be willing to post.

In view of this, with the GitHub posting function mentioned earlier, for example, if you write about an issue, you can discuss it, but this is a quite exquisite posting standard, and there is a mechanism for user registration and reputation for each user, which is necessary for posting. If this contributor is another person who is making contributions, or is not only actually saying, but also writing other articles, he or she will be given a star and reputation. In this way, I thought that it would be possible to maintain a good balance without requiring a full real name, and on the other hand, without anyone being able to write irresponsibly like 2channel.

I thought it would be necessary to add a function to allow such discussions as part of the articles published in Technology Map.

That is all.

Chairman Ezaki: .
It is a very difficult issue. It will be a matter of where to land, but I think it will be difficult to receive opinions from all of you responsibly while ensuring that the ministries and agencies do not close down.

Mr. Suga, do you have any comments?

Counsellor Hitoshi Suga: In You mentioned earlier that high-quality reference is extremely valuable, and this leads to that. I would like to make efforts so that the Government of Japan can have such a function while consulting with the members, including technical ones.

Chairman Ezaki: That's right. As for the committee, it is not a matter of the government creating such standards in one direction, but it is a matter of the industry and experts giving their opinions in both directions. We need to make sure that these standards are created.

Are there any other opinions from the committee members?

Counsellor Hitoshi Suga: In , if you don't mind, may I ask you a question?

Chairman Ezaki: , please.

Counsellor Hitoshi Suga: In , and you said that the fact that new technologies can already be used can only be realized on a proposal basis.

In terms of who we would like to receive such proposals from, could you please tell us in more detail if possible whether it is necessary to expand the system and create a system in which companies with technology can freely make proposals regardless of the field, or whether it is better to adopt such a system and receive proposals from companies that comply with the law?

Chairman Ezaki: , please.

SHIMADA Member: .

Actually, I was raising my hand a little, but I would like to comment first on what Mr. Noboru said earlier. I certainly think such a mechanism is good. On the other hand, if we use the infrastructure that we are paying for, which seems interesting, critical accidents such as the death of people will occur, and that is why it is a grave reality that even in visual inspection, extremely severe regulation is being imposed.

Therefore, I believe that it is necessary to consider a mechanism that would not actually lead to serious or critical accidents. I believe that this is regulation itself.

In regard to Mr. Suga's question earlier, for example, from the perspective of companies with various proposals and technologies, I think it is possible to think that regulation will be replaced by this. Naturally, I think venture companies are also possible.

When there is such a thing, the person who receives it has a regulation. Furthermore, whether it is really OK or how to secure it is usually stuck. If technical information is posted somewhere and someone has done it, it will be extremely difficult for a company that has to compensate hundreds of billions of yen when something happens in the regulation industry to take a step forward.

Therefore, in order for regulation mitigation to really progress and be improved by technology, it is necessary to make a thorough validation of the two way issues from a quality control perspective. However, I believe that the regulation side will probably not be able to provide the opportunity for this.

What the regulation side is looking at is just to ensure that the visual inspection is carried out safely, and I believe that the same can be ensured by such means. By the way, please exclude the validation. Only after such a proposal is made, then, let's carry out the validation. A third party organization will look at it, and I think it will be fine. Only after the validation is carried out in the place where the regulation is actually carried out, and the reservation is made with the data used in that place, will the relaxation of the reservation in the true sense proceed.

Counsellor Hitoshi Suga: In . I understand very well.

Chairman Ezaki: : Basically, proposals from the industry and companies are the basis. It is quite difficult for the regulation authorities to ease regulation. However, as all of the 4,000 to 8,000 laws are being reviewed, is it necessary to create a path for companies and the industry to properly come up with such measures?

SHIMADA Member: I think that's right. I think that the fact that there is such a sign is considered to be an opportunity for the company side, so I think that it is extremely significant that the government side announces it.

I said the company side, but I don't mind if it is academic. I think it is necessary to have proposals from people with technologies, ideas, and knowledge, not from anywhere. There are extremely excellent people with various knowledge among the users, and I think it is naturally possible for us to propose them ourselves.

Chairman Ezaki: , we, or the Government of Japan, have to send a message that we are inviting proposals from the public and that they are very welcome.

SHIMADA Member: Yes, that's right.

Chairman Ezaki: : That is a very powerful message that will cheer you up, so it is a recommendation or suggestion that we must send that message very energetically and well.

SHIMADA Member: That's right. People gather in interesting places, so if it becomes interesting, I think the number of people who make proposals will increase.

Chairman Ezaki: In that sense, I would like to see some examples. We must create successful cases.

SHIMADA Member: That's right.

Chairman Ezaki: .

Are there any other members? No one seems to have raised their hands. Is that all right?

Counsellor Hitoshi Suga: In . As a member of the Working Group, it seems that Mr. Ochiai is raising his hand.

Chairman Ezaki: , please.

Dr. Ochiai: Thank you very much, . The Working Group was also considering it, but I was listening to it because I thought the Committee's consideration would be of interest.

When I heard your talk this time, I was aware that there is a possibility that a certain level of quality will be secured by thorough disclosure of the process and information. In fact, I think it is difficult for Digital Agency and public office to summarize without such a design, partly because of resources, so I thought it was a very wonderful direction in terms of collecting knowledge from various people on the private sector side.

One thing that I was concerned about was that you said that there might be some invisible parts to be created in economic security and so on. I was just discussing it at the Working Group, and I thought that there might be some parts that could be organized in common with the contents of the Working Group.

From the perspective of privacy, we talked about how much information can be viewed online. Basically, we discussed the direction of making it look the same as in the case of analog, but we also talked about not disclosing such information in the first place.

On the other hand, as a technical control, I think there are several patterns of disclosure, such as log management and ID management, so that only those who have been certified can see more detailed information. In this case, it is better to disclose information as much as possible, and I thought that there are parts that lead to governance such as quality assurance. There are parts that need to be hidden, such as being seen only by public office and some participants, but I think it is possible to organize check-and-balance measures so that they can be used from an economic security perspective, as well as in the context of privacy, while disclosing as much as possible. I thought that it would be better to combine these measures and disclose information as much as possible, which would be a good direction for the overall effort, including promotion.

Since I am a member of the working group, I am sorry that it is not the technology itself, but I think that it is a really wonderful initiative as a whole. Thank you very much.

Chairman Ezaki: .

From the members of the Committee, basically, transparency or disclosure is the basic line, and we must properly submit that we will receive the proposal. In that case, disclosure of references, or what kind of references there are, is what granularity we should bring. In addition, I believe that everyone is of the opinion that it is necessary to create a policy on how to disclose information while recognizing that it is impossible to disclose information due to the intention property and security.

Anything else? Will that be all right?

Well, it's about the time you gave us today, so would you like to talk to Mr. Suga about something?

Counsellor Hitoshi Suga: In , I would like to conclude with a business-like report.
We would like to hold the next Committee meeting around the middle of January after the New Year. After this, we will adjust the schedule and the Secretariat will contact you again with the agenda.

We would like to announce today's proceedings on our website after the Secretariat confirms the draft minutes with you at a later date.

If you do not have any particular opinions on today's Committee materials, we would like to disclose them on the Digi-cho website after confirming with the presenters.

Thank you for joining us today.

Chairman Ezaki: .
With that said, I would like to adjourn today's meeting of the Committee. Thank you very much for your participation.