TMT 2024

Last Updated February 22, 2024

Japan

Law and Practice

Authors



Mori Hamada & Matsumoto is a full-service international law firm based in Tokyo, with offices in Fukuoka, Nagoya, Osaka, Takamatsu, Sapporo, Beijing, Shanghai, Singapore, Yangon, Bangkok, Ho Chi Minh City, Hanoi, Jakarta (ATD Law), and New York. The firm has over 700 attorneys and a support staff of approximately 600, including legal assistants, translators and secretaries. It is one of the largest law firms in Japan and is particularly well known in the areas of mergers and acquisitions, finance, telecommunications, broadcasting, and intellectual property, as well as domestic litigation, bankruptcy, restructuring, and multi-jurisdictional litigation and arbitration. The firm regularly advises on some of the largest and most prominent cross-border transactions, representing both Japanese and foreign clients. In particular, the firm has extensive practice in, exposure to and expertise on telecommunications, broadcasting, the internet, information technology, and related areas, and provides legal advice and other legal services regarding the corporate, regulatory, financing and transactional requirements of clients in these areas.

The metaverse has been attracting attention from businesses and government, and there have been considerable developments in related legal discussions and legislation. In November 2022, the government convened a council consisting of businesses, legal experts and government officials, which discussed legal issues related to the metaverse, and released a final report in May 2023. Two laws were amended in 2023 relating to the metaverse. One extends a protection for product design from the real world to the metaverse, and the other introduces a more expedited and simplified state licensing scheme for secondary use of user-generated contents (UGC).

Intellectual Property Rights

Copyright

Reproducing the real world in the metaverse will not infringe copyright in most cases. While architectural works with copyrightable properties are often used as landmarks in the metaverse, that use is permitted by Article 46 of the Copyright Act. Article 46 permits the use of architectural works or works of art that are publicly available (like a statue in a park), but does not apply to signboards or other works that are copyrightable. However, Article 30-2 of the Copyright Act allows a third-party copyrightable work to be incidentally included in another copyrightable work as long as the inclusion is minor and incidental to the principal copyrightable work (eg, where a third party’s copyrighted work was included in a photo). Based on this provision, when a vast space in the real world is reproduced in the metaverse, a signboard with copyrightable material that is also reproduced in the metaverse will be considered to be only a minor inclusion compared to the entire reproduced space so that the inclusion will be allowed under Article 30-2 of the Copyright Act.

In the metaverse, users often engage in creative activities and copyright for their creative works may be granted to them depending on the terms of use of the metaverse. If so granted, a third party who wants a secondary use of such user-generated contents must obtain a licence from the user holding the copyright. To facilitate such secondary use, even if the copyright owner does not timely respond to a licensing request, the Copyright Act was amended in May 2023 to allow a more expedited and simplified state licensing scheme for the secondary use of user-generated contents within three years from May 2023.

Design imitation

Under the current laws, a design owner usually cannot block a third party from replicating a product from the real world to the metaverse even if it is protected by a design right. To protect the design owner’s interest, the Unfair Competition Prevention Act was amended in 2023 to prohibit the provision via telecommunications of data which imitates another’s product, from April 2024.

Trade mark

Virtual goods may be produced with trade marks, as in real-world goods. Since the goods and service classifications between the real world and the metaverse are different, trade marks for real-world goods would not be protected in the metaverse unless they are registered for virtual goods and services. Having said that, since an increasing number of brand-owning companies apply for virtual goods and services, metaverse providers would need to be more careful about using a third-party’s trade marks. In light of the market growth of metaverse, more brand-owning companies are expected to register their trade marks for virtual goods and services.

Publicity rights

An avatar may be generated from an image of a public figure. There is a judicial precedent ruling that a publicity right is granted if the name or image of the public figure has the power to promote the sale of goods and that publicity right is infringed if the name or image is used solely for the purpose of promoting sales (Supreme Court, 2 February 2012). Thus, such an avatar cannot be used to promote sales, but a publicity right would not be infringed if the user generates the avatar only for personal satisfaction or use.

Privacy Law

Users’ actions in the metaverse are collected and recorded by metaverse service providers, which can also collect and use users’ data, such as the users’ profiles, behaviour, interests, and preferences.

Not all users’ information in the metaverse is considered “personal information” under the Act on the Protection of Personal Information (APPI). The APPI defines “personal information” as information relating to a living individual which contains a name, date of birth, or other descriptions through which a specific individual can be identified. Therefore, if, for example, an individual registers only a nickname to use a metaverse service, the information collected by the provider of the metaverse service would not be considered “personal information”. However, if in using the metaverse, an individual’s real name or email address that could identify that individual is registered, then that information is considered personal information under the APPI.

Separately from the APPI, Japanese courts recognise a person’s right to privacy, which is the right for that person’s private life not to be disclosed except for legitimate reasons. Certain information collected in the metaverse can be protected as part of a person’s private life. Therefore, even if a piece of information is not considered personal information under the APPI, it is necessary to examine whether certain users’ data is protected as part of the users’ private lives.

Telecommunications Business Act

The Telecommunication Business Act (TBA), which was amended in 2022, requires large-scale social networking services (SNS) (ie, SNS with at least 10 million users if the service is provided without consideration, and with at least 5 million users if the service is provided with consideration) to file a notification with the Ministry of Internal Affairs and Communications (MIC). Metaverse service providers may also be subject to the TBA if they are large-scale. See 7. Telecommunications for details on TBA.

In Japan, trading practices and consumer protection in the context of digital platforms recently attracted public attention and two pieces of legislation were promulgated in 2020 and 2021. Further legislation for fair competition and user protection is also currently under discussion. 

Transparency and Fairness of Digital Platforms

The Act on Improving Transparency and Fairness of Digital Platforms was enacted in June 2020 and took effect in February 2021. Under the Act, the Ministry of Economy, Trade and Industry (METI) designates providers of regulated digital platforms with a certain size in sales according to the category of the platform:

  • e-commerce marketplace with annual sales of JPY30 billion or more;
  • app store with annual sales of JPY20 billion or more;
  • advertisement media with annual sales of JPY10 billion or more; and
  • digital advertising platforms with annual sales of JPY5 billion or more.

If so designated, such digital platform providers are required to disclose the conditions of accepting business operators, reasons for requesting purchasing services, factors affecting rankings, and other information. Such designated providers are also required to annually report their complaints handling, disputes resolution, disclosure and self assessment to METI.

Consumer Protection of Digital Platforms

The Digital Platform Consumer Protection Act was enacted in May 2021 and took effect in May 2022. The Act applies to platforms on which consumers may purchase goods, services or rights for consideration, without regard to the size of sales. The Act requires platform providers to proactively protect consumers from sellers, which are not platform providers but just merchants in digital platforms. Digital platform providers are required to take measures to enable smooth communication between sellers and consumers, investigate sellers in response to consumer complaints about transactional conditions, and require sellers to provide information on their identity as necessary. Digital platform providers may be requested by the Consumer Affairs Agency to remove certain goods, services or rights if there are any false or misleading descriptions that are not voluntarily remedied. Consumers may require digital platform providers to disclose the names, addresses, phone and facsimile numbers, email addresses, and corporate registration numbers of sellers if they need the information to exercise their rights against sellers.

Fair Competition in the Digital Market

The Digital Market Competition Study Group administered by the Cabinet Secretariat released a report and called for public comments in June 2023. The report proposes to introduce new regulations on large-scale mobile OS providers, app stores, browser providers, and search engines. The proposed regulations include:

  • prohibiting large-scale app stores from forcing in-app payment;
  • obligating large-scale mobile OS providers to allow alternative app stores;
  • obligating large-scale mobile OS providers and browser providers to allow users to easily change default settings;
  • obligating large-scale mobile OS providers to provide an opportunity for users to elect pre-installed apps;
  • obligating large-scale search engines to treat third-party services on a non-discriminatory basis vis-à-vis in-house services;
  • prohibiting large-scale mobile OS providers, app stores, and browser providers from using non-public data for other services;
  • obligating large-scale mobile OS providers, browser providers, and app stores to provide data portability;
  • prohibiting large-scale app stores from forcing social login; and
  • obligating large-scale mobile OS providers to allow third parties to equally access OS functions.

Although the report has generally taken a strict attitude, it also seems to agree that seemingly problematic acts may be justified if necessary for security or privacy. A bill is expected to be submitted to the Diet in 2024.

User Protection of Digital Platforms

The Platform Service Study Group administered by the MIC published their third report in January 2024. The report recommends that the government require providers of large-size digital platforms where unspecified users can distribute contents to take measures to protect defamed people, including having a complaint window, procedure for accepting a complaint, and a staff member familiar with Japanese culture and society, completing the investigation within one week, and notifying the complainant of the results of investigation. The report also recommends that such providers be required to publicly disclose their policies, notify contributors of the ground for banning, and publicly disclose how measures are implemented.

In Japan, there are no laws or regulations which are generally applicable to cloud computing. However, certain services using cloud computing, such as voice communication services and email services, may constitute a telecommunications business under the Telecommunications Business Act (TBA). Please see 7. Telecommunications.

Where personal information is stored in a cloud, the APPI will apply. The Personal Information Protection Commission (PPC), the principal regulatory authority regarding the APPI, has clarified that businesses using cloud services must take security measures to protect personal information stored in a cloud service provided by a third party, but they do not need to supervise the providers of the cloud service or obtain consent from data subjects if the cloud service providers cannot access the stored personal information, regardless of whether the relevant data centre is located in or outside Japan.

Industry-Specific Guidelines on Cloud Computing

Government cloud procurement

The Japanese government operates the Information System Security Management and Assessment Programme (ISMAP), pursuant to which Japanese government organisations may procure cloud services from cloud service providers registered with the ISMAP steering committee. The registration process requires applicants to submit an assessment report prepared by a third-party auditor registered with the committee, as well as other required information, including information regarding the risk of compulsory data access due to the applicability of foreign laws to enable the committee to review those foreign laws.

Cloud use by private-sector essential infrastructure

New legislation titled the Act on the Promotion of National Security through Integrated Economic Measures, which was promulgated in May 2022, imposes an additional requirement on essential infrastructure providers designated by the government from 14 essential infrastructure areas, namely, electric power, gas supply, petroleum, water, railways, motor freight, ocean freight, aviation, airports, telecommunications, broadcasting, postal services, financial services, and credit cards. Designated providers will be required to submit a written plan to the competent government ministry for review before they install certain essential facilities or outsource the maintenance or management of certain essential facilities, which include cloud services. In relation to the plan to use a cloud service, certain parts of the plan may be omitted if the provider is registered with the ISMAP steering committee.

Financial service operators

Financial service operators – such as banks, insurance companies and financial instrument business operators – are required by the supervisory guidelines issued by the Financial Services Agency (FSA) to take outsourcing management measures. Since the use of cloud services provided by a third-party service provider is a form of outsourcing, financial service operators must implement outsourcing management measures such as conducting a due diligence check of the service provider, entering into a service agreement that satisfies the supervisory guidelines and auditing the service provider. More specifically to cloud, the financial service sector often refers to the guide to cloud implementation and operation of financial institutions published by the Centre for Financial Industry Information Systems (FISC).

Healthcare information

The healthcare industry (eg, hospitals, clinics, dentists and pharmacies) is subject to the Security Guidelines for Medical Information issued by the Ministry of Health, Labour and Welfare. Providers of cloud services to the healthcare industry are subject to the Security Guidelines for Information Service Providers for Medical Information issued by METI and MIC. These guidelines include both mandatory requirements as well as government-recommended actions.

Product Liability and General Tort Liability

Under the Product Liability Act (the “PL Act”), a producer of a manufactured or processed movable good is liable for damages to human life or body, or property, caused by a defect in the good, regardless of whether or not the producer is negligent.

Since big data, machine learning and artificial intelligence (AI) are not movable goods, producers of big data, machine learning or AI themselves will not be subject to the PL Act. Rather, it is the producers of movable goods into which big data, machine learning or AI is installed which will be liable for the damages caused by a defect in those movable goods, including a defect in the installed big data, machine learning or AI.

Producers of big data, machine learning or AI may be subject to general tort liability under the Civil Code. General tort liability is not a strict liability, unlike liability under the PL Act, and the plaintiff must prove intentional act or negligence (including simple negligence) on the part of the defendant to successfully claim for damages.

Autonomous Vehicle Accident Liability

Under the Act on Securing Compensation for Automobile Accidents, any person who has control over or operates an automobile for their own benefit (eg, an owner or a driver) – the “responsible person” – is liable for damages for the death or bodily injury of another person arising from the operation of the automobile. The foregoing liability, however, does not apply if the responsible person proves that they and the driver exercised due care in controlling and operating the automobile, that the injured party or a third party other than the driver acted intentionally or negligently (including through simple negligence), and that there was no defect in the structure or functions of the automobile.

One issue is whether this special liability under the present automobile accident compensation framework should be modified to properly address car accidents caused by cars operated by AI, such as holding the car manufacturers liable for damages. The Research Report on Damage Liability regarding Autonomous Vehicles, which the Ministry of Land, Infrastructure and Tourism published in March 2018, concluded that it is appropriate not to modify the existing special liability for automobile accidents during the transition period until 2025 when autonomous vehicles are expected to be widely used. The report recommended that insurance companies that have compensated for damages caused by a defect in any autonomous driving equipment installed in a vehicle should be able to recover the compensation they paid from the car manufacturers that installed the defective artificial intelligence-driving equipment.

Based on the recommendation, the Japanese Road Transport Vehicle Act was amended in May 2019 so that any autonomous driving equipment is required to have recording equipment to provide insurance companies with evidence as to the cause of an automobile accident.

Data Protection Consideration

The APPI has not imposed strict conditions focused only on processing personal information by AI. The APPI requires business operators using a personal information database in their business (“handling operators”) to use personal information only within the scope of the purpose of use notified to data subjects or publicly announced when collecting personal information. Therefore, as a general rule, it is required to notify or publicly announce the purpose of machine learning in order to use personal information for machine learning.

In this regard, the purpose of generating statistical data by aggregating or analysing a large amount of personal information does not have to be notified to data subjects or publicly announced. However, the purpose of profiling, such as user journey analysis for targeted advertisement and credit scoring, must be notified to data subjects or publicly announced.

Further, if handling operators pseudonymously process personal data, they will be allowed to internally use the pseudonymously processed information beyond the original purpose of use that was notified to data subjects or publicly announced when collecting the original data. Thus, handling operators may use personal data for machine learning even where the machine learning is not included in the purpose of use notified to the data subjects when the personal data was collected.

In June 2023, PPC issued guidance to users and providers of generative AI. Users were advised not to input personal data to generative AI unless the use of AI is within the purposes of use notified to data subjects and there is assurance that the input data will not be used for machine learning. The guidance suggested that providers not collect sensitive data, which collection requires data subjects’ consent, and disclose purposes of use to data subjects. 

Copyrights Consideration

In the process of machine learning, copyrighted works may be copied or adapted, which may cause an infringement of copyrights. To promote AI developments, the Copyright Act grants an exemption allowing the use of copyrighted works to the necessary extent without permission from the copyright owner where the use (i) does not aim to let the user or others enjoy thoughts or sentiments expressed in the work, and (ii) does not unjustifiably harm the copyright owner’s interests, taking into consideration the type and purpose of the work and the manner in which the work is used.

This exemption covers the use of copyrighted works for extracting informative elements from a large amount of copyrighted or other works and analysis. The Copyright Act was amended in 2019 to clarify that this exemption covers not only statistical analysis but also deep learning, and not only copying but also transmission for grid computing.

In light of the recent increased use of generative AI, copyright holders have concerns about free riding, and the Agency for Cultural Affairs is expected to issue new guidelines regarding AI and copyrights in 2024. The guidelines are expected to clarify cases which will not allow the use of copyrighted works for AI. AI developers should pay attention to this development.

Protection of “Shared Data with Limited Access”

To promote data sharing between businesses so that big data will be more widely used, the amendment to the Unfair Competition Prevention Act introduced the protection of “shared data with limited access” which is defined as any technical or business information:

  • that is accumulated in a reasonable amount by electronic means;
  • that is provided to specified persons as a business; and
  • the access of which is controlled by electronic means.

Information controlled as a secret was previously excluded from protection even if the foregoing conditions were met, but under a 2023 amendment, from April 2024, that information will also be protected as long as it is not protected as a trade secret. Most typically, where data such as location of smartphones or cars is collected by a business operator (the “data holder”) and sold to third-party business operators for a fee (or shared among business operators in a consortium without charge) under the condition that the data can be used only for a certain purpose such as internal marketing analysis and cannot be redistributed or used for unauthorised purposes, the data would be protected as shared data with limited access. If shared data with limited access is wrongfully acquired, redistributed to third parties or used for unauthorised purposes, the data holder may seek an injunction and damage compensation under the Act.

Under the Radio Waves Act (RWA), in principle, users of radio equipment – including internet of things (IoT) devices using radio waves such as Bluetooth or Wi-Fi – must obtain a radio station licence from MIC. However, certain smaller-scale radio stations, including Wi-Fi and Bluetooth devices, are exempted from such licence requirement if the device conforms to the technical requirements established by MIC and bears a certification mark indicating such conformity (an R-mark). For users to comply with the foregoing requirements, manufacturers, importers or sellers of those devices apply for the certificate of conformity and put the certification mark on their products.

Radio equipment that has undergone technical conformity certifications conducted by foreign certification bodies based on mutual recognition agreements between Japan and certain foreign countries (currently, the USA, the EU, the UK and Singapore) is deemed to conform to the technical standards established by MIC in Japan and may bear an R-mark without a separate certification in Japan.

There is an exemption to the certification requirement that is available for devices which conform to technical specifications designated by MIC such as IEEE802.11b/11a/11g/11n/11ac/11ad and Bluetooth Core Specification Version 2.1 or later, if solely used for testing purposes. To rely on this exemption, a notification must be filed with MIC stating the start and close of the testing period. The testing period must be 180 days or shorter. Before filing the start notification, one must ensure that the device complies with at least one of the technical specifications designated by MIC.

Internet Connection

Under the TBA, any telecommunications device which is connected to a telecommunications circuit facility, such as an internet connection provided by a telecommunications business operator, must satisfy certain technical requirements, be certified by a registered certification body, and bear a “T-mark”. However, the guidelines issued by MIC on 22 April 2019 clarified that a Bluetooth device is exempt from the TBA certification requirement if it:

  • can be used by connecting to a smartphone;
  • does not have other functions that directly connect to telecommunications circuit facilities; and
  • is certified as complying with the Bluetooth specifications.

A similar exemption applies to a Wi-Fi device if:

  • the Wi-Fi device cannot be directly connected to the internet provided by a telecommunications business operator and is connected to the internet only through a certified router which bears a T-mark; and
  • there is a statement in the manual that the device cannot be directly connected to the internet. 

Data Protection Consideration

If an IoT device collects personal information, such as a person’s appearance recorded by a camera or a voice recording enabling the specification of a certain person, the service provider which collects the personal information through that IoT device would generally need to comply with the requirements under the APPI.

Licence for Broadcasting Business

As described in 7. Telecommunications, a telecommunications business under the TBA does not include broadcasting businesses, which are separately regulated under the Broadcasting Act. Note that the key regulator of both the telecommunications business and the broadcasting business is MIC. 

The Broadcasting Act requires a licence prior to offering broadcasting services in Japan, which include:

  • terrestrial-based television broadcasting;
  • satellite-based television broadcasting; and
  • cable television broadcasting.

The Broadcasting Act does not apply to companies with video-sharing platform services. In fact, there is no specific law which regulates video-sharing platform services.

The Broadcast Act restricts foreign investments in the broadcasting business. The following entities or parties are not eligible to hold a broadcasting licence:

  • a person who is not a Japanese national;
  • a foreign government or its representative;
  • a foreign entity; and
  • a company or entity in which any of the aforementioned entities or persons is the executive director, or holds 20% or more of the voting rights.

Licence for Radio Station

As described in 5.1 Machine-to-Machine Communications, Communications Secrecy and Data Protection, users of radio equipment must obtain a radio station licence pursuant to the RWA, with certain exceptions. Thus, if a provider of broadcasting services uses radio equipment for the services, it must obtain a licence not only under the Broadcast Act but under the RWA as well.

As described in 7. Telecommunications, the RWA restricts foreign investments regarding licences to use radio equipment. While there are exceptions to such restriction, those exceptions are not available for the use of radio equipment for a broadcasting business.

Licence for Telecommunications Business

Under the TBA, “telecommunications” means sending, delivering or receiving codes, sounds or pictures by wire, wireless means, or any other electromagnetic means which includes the internet. A broadcasting business is excluded from the definition of telecommunications business.

The TBA requires a licence prior to offering telecommunications services in Japan. There are basically two types of such licences under the TBA, namely:

  • a registration (toroku); and
  • a notification (todokede).

If a provider of a telecommunications business installs or owns (including in the form of an “indefeasible right of use” or IRU) telecom circuits (eg, optic fibres or coaxial cables) at certain levels, it must be a registration carrier. Other providers who do not install such circuits (eg, ISPs) are basically required to only notify MIC prior to offering telecommunications services.

A party seeking to provide a telecommunications service must submit application documents to MIC. In the case of a registration, it must also appoint a general manager for the telecommunication facilities (denki tsushin setsubi toukatsu kanri sha) or a chief telecommunications engineer (denki tsushin shunin gijutsu sha). A notification is a relatively straightforward procedure which would take only several days if all the necessary documents are complete. The filing fee for registration is JPY150,000, but no fee is necessary for filing a notification. There is no licence term or annual fee for either registration or notification. It is advisable to unofficially consult with MIC before filing an official application.

Licence for Radio Stations

As described in 5.1 Machine-to-Machine Communications, Communications Secrecy and Data Protection, a user of a radio equipment must obtain a radio station licence pursuant to the RWA, with certain exceptions. Thus, if a provider of telecommunications services uses radio equipment for the services, it must obtain a licence not only under the TBA but also under the RWA.

The RWA restricts foreign investments in relation to obtaining a licence to use radio equipment. The following entities or parties are not eligible to hold the licence:

  • a person who is not a Japanese national;
  • a foreign government or its representative;
  • a foreign entity; and
  • a company or entity in which any of the aforementioned entities or persons is the executive director, or holds ⅓ or more of the voting rights.

However, there are exceptions to the foregoing restriction. For instance, if the purpose of the radio equipment is to operate a telecommunications business, the foregoing restriction does not apply.

The term of the licence is five years. There is also an annual fee for the use of radio frequencies. The amount of the licence application fee and the annual fee to use radio frequencies varies depending on the type of radio frequencies and the power of the antenna of the radio equipment.

IT Service Agreements

There are no specific laws or regulations that apply to IT service agreements. In addition, there are no laws that strictly regulate the location of data storage or a data centre, data-localisation, or price revision. However, the general contract law based on the will of the contracting parties applies to IT service agreements.

Parties should remember the following when incorporating a liability limitation clause into a contract:

  • in a contract between a company and a consumer, a liability limitation clause may be invalidated under the Consumer Contract Act (CCA); and
  • while the CCA does not apply to contracts between companies, a provision that exempts one contracting party from liability in the case of intentional or gross negligence may be invalidated under case law.

Data Localisation

There are no data localisation regulations. However, for some sectors, such as the medical sector, there are guidelines recommending storing data in locations where Japanese law applies, that is, Japan. These guidelines are not strictly required to be observed, but are usually complied with by the relevant sectors as a matter of practice.

Economic Security

Under the Act on the Promotion of National Security through Integrated Economic Measures, essential infrastructure businesses must file a plan with the government before introducing or entrusting management of certain important equipment. The government will review the plan and may issue a recommendation or order entities to modify or discontinue the plan if the government finds security issues. The essential infrastructure providers were designated in November 2023 and the requirements are expected to be implemented in May 2024. After the implementation, when contracting with designated essential infrastructure providers in Japan, this Act should be taken into consideration. Contractual risk management measures, including those related to cybersecurity, will be required.

Electronic Signatures

Japan does not have an equivalent to electronic identification and trust services (eIDAS) regulations to regulate trust services comprehensively, but the Act on Electronic Signatures and Certification Business (the “Electronic Signatures Act”) grants an “electronic signature” the same legal status as wet-ink signatures. An “electronic signature” refers to a measure taken with respect to information recorded electronically and which meets both of the following requirements (Article 2):

  • a measure to indicate that the relevant electronic information was created by the person who has taken that measure; and
  • a measure to confirm that the relevant information has not been altered.

Although government authorisation is not mandatory, nine electronic signature service providers received confirmation that they satisfy the requirements of enabling “electronic signatures” from the Digital Agency in accordance with Article 4, paragraph 1 of the Electronic Signatures Act.

The Legal Affairs Bureau, which operates the real property and company registration systems, does not accept all electronic signatures. Although electronic filing is permitted under laws and regulations, only electronic signatures designated by the Minister of Justice are accepted. Thus, there are still many applicants who apply for registration using physical documents, in which case, the originally signed documents may need to be submitted, depending on the type of registration they are applying for.

Time Stamp

There are no laws that require time stamps on documents, except when documents on national tax are electronically stored. The Electronic Book Preservation Act requires scanned data of paper-based documents on national tax and originally electronically produced documents on national tax to be accompanied by time stamps before they are electronically stored, except where substitute measures designated by the ordinance of the Electronic Book Preservation Act are taken. Providers of the time stamps must enable proof of non-tampering for the term of the statutorily required storage period and a batch verification for a certain taxable period. Although an authorisation is not required to issue time stamps, the time stamp in compliance with the Electronic Book Preservation Act must be provided by service providers that obtain an accreditation from MIC. To obtain the accreditation, the time stamps must meet certain requirements under the Public Notice issued by MIC. The Japan Data Communications Association, a private association, investigates whether or not the requirements are met. As of August 2023, three time stamp service providers were accredited by MIC.

Electronic Seal

In June 2023, the Cabinet approved the “Strategic Plan for Realising Digital Society”. According to the plan, the government will promote standards to evaluate the credibility and conformity of services which provide electronic seals. MIC established a study group to discuss how to promote electronic seals in line with the plan and called for public comments on the draft of its final report in March 2024. The draft proposes that MIC accredit providers of electronic seals that meet certain requirements, which is similar to accreditation given to providers of time stamps.

Japanese Public Key Infrastructure (JPKI)

For the purposes of tax and social welfare, a unique identification number is assigned to each individual residing in Japan, regardless of nationality. That unique identification number can be used only for the purposes of tax, social welfare or other statutorily defined purposes, and the collection and use of such unique number is strictly restricted in the private sector. However, each unique identification number card issued by the government is installed with a digital certificate, which the private sector can use to establish the identity of users online (called the Japanese Public Key Infrastructure or JPKI). From May 2023, the certificate can also be embedded into Android smartphones. A business may verify that digital certificate through the use of the revocation list or Online Certificate Status Protocol (OCSP) service provided by the Japan Agency for Local Authority Information Systems (J-LIS), provided that it obtains authorisation from the Minister of MIC or outsources the verification to an authorised service provider.

A considerable number of financial service providers use the JPKI for the purpose of complying with the Know Your Customer (KYC) requirement. Compared to traditional KYC measures, reliance on JPKI is efficient in time and cost. Driver’s licenses are also installed with an IC chip which can also be used for KYC purposes. In June 2023, the government issued a policy plan to abandon KYC using drivers’ licences or other identification and only allow KYC by JPKI in the future.

eKYC in the Financial Sector (other than JPKI)

In the context of KYC, separately from relying on the digital data stored in ID cards, another measure used by financial institutions to establish users’ identity online is to require a user to take a selfie (with a random pose) and a digital image of a government-issued ID card by installing and using a smartphone application provided by the financial institution and to send both the selfie and the ID card image to the financial institution. The financial institution will compare the photo printed on the government-issued ID card and the selfie photo sent by the user. The comparison can be automatically processed provided that the false acceptance rate (FAR) is lower than a certain level determined by the government (note that the number is not publicly disclosed). This KYC measure is used by an increasing number of financial service providers.

Mori Hamada & Matsumoto

16th Floor,
Marunouchi Park Building
2-6-1 Marunouchi
Chiyoda-ku
Tokyo 100-8222
Japan

+81 3 6212 8330

+81 3 6212 8230

mhm_info@mhm-global.com www.mhmjapan.com
Author Business Card

Trends and Developments


Authors



Nagashima Ohno & Tsunematsu is the first integrated full-service law firm in Japan and one of the foremost providers of international and commercial legal services based in Tokyo. The firm’s overseas network includes offices in New York, Singapore, Bangkok, Ho Chi Minh City, Hanoi and Shanghai, and collaborative relationships with prominent local law firms throughout Asia and other regions. The firm’s TMT practice group is comprised of around 50 lawyers and legal professionals and represents Japanese major telecoms carriers, key TV networks, and many domestic and international internet, social media and gaming companies, not only in transactions but also in disputes, regulatory matters and general corporate matters. Its TMT practice group is well positioned to consistently meet requests from clients to provide advice on business strategies, daily compliance and corporate matters.

Ride-Hailing

In Japan, due to the shortage of taxis, discussions on the use of private cars and ordinary drivers are rapidly advancing. In December 2023, the Japanese government announced that it would allow taxi companies to provide transportation services in areas where there is a shortage of taxis from April 2024, by using an app to dispatch local private cars and ordinary drivers and collect fares. Until now, there has been significant debate about releasing ride-hailing services using private cars, and to date, in Japan it has only been allowed in very limited cases. Therefore, this new service is attracting attention as a potential sign of broader implementation of ride-hailing services in Japan.

However, this new service may only be offered by taxi companies. In this regard, in parallel with the development of this new service, the Japanese government announced that it would proceed with discussions on the establishment of a new legal system allowing non-taxi companies to operate ride-hailing businesses. The result of discussion will be made public around June 2024. Those who are interested in the ride-hailing business in Japan should pay attention to the Japanese government’s actions in 2024.

AI

Government trends concerning AI

“AI White Paper”

In April 2023, the Liberal Democratic Party, the ruling party in Japan, announced the “AI White Paper”. This paper notes that Japanese society has not adequately responded to the advancements of AI that may have a major social impact, including the emergence of large-scale language models such as Chat GPT, and makes several recommendations. The essence of these recommendations can be classified into the following four categories.

  • Fostering and strengthening the foundations for domestic AI development – strengthening support for the accumulation of domestic knowledge on AI and for human resource development in the AI area.
  • Promotion of usage of AI in public administration – utilisation of government-owned data and support for smart cities.
  • Policies to encourage and support the utilisation of AI in the private sector – measures to encourage private businesses to take on the challenge of AI, including formulation of guidelines, etc.
  • New approach to AI control – given the possibility of the risk posed by the misuse of AI with regard to important social values such as human rights, security, and democracy, moving from the soft law-centred regulation to implementation of the necessary hard law.

Hiroshima AI Process

Following the G7 summit held in Hiroshima in May 2023, the Hiroshima AI Process was launched also in May 2023, with the participation of G7-member countries and relevant international organisations to discuss the opportunities and risks of the technology, including generative AI, that has been developing rapidly in recent years. The study lasted for six months and at the G7 Digital & Tech Ministers’ Meeting in December 2023, “the Hiroshima AI Process Comprehensive Policy Framework” consisting of the following four elements was announced as the first international framework aiming at promoting the safe, secure and trustworthy advancement of AI systems.

  • The “OECD’s Report” towards a G7 Common Understanding on Generative AI – as far as high-priority challenges and risks are shared by the G7 countries, this report raises issues of lack of transparency, misinformation/disinformation, intellectual property rights, protection of privacy and personal information, fairness, security and safeguards. On the other hand, as far as opportunities for AI technologies are concerned, the report highlights the drive for productivity gains, innovation, healthcare improvement, helping to solve the climate crisis, and support for progress toward achieving the Sustainable Development Goals (SDGs).
  • International guiding principles – specifically, the “Hiroshima Process International Guiding Principles for Organizations Developing Advanced AI Systems” and the “Hiroshima AI Process International Guiding Principles for All AI Actors” were formulated.
  • International code of conduct – based on the aforementioned “Hiroshima Process International Guiding Principles for Organizations Developing Advanced AI Systems”, the “Hiroshima Process International Code of Conduct for Organizations Developing Advanced AI Systems” was formulated. This code of conduct lists specific actions and recommendations in response to the recent developments in advanced AI systems.
  • Project-based co-operation on AI – the meeting declared the importance of project-based co-operation, including projects on generative AI which will contribute to supporting the implementation of the Hiroshima AI Process.

Artificial Intelligence Strategy Council

Following the Hiroshima AI Summit in May 2023, the Cabinet Office took the lead in launching the Artificial Intelligence Strategy Council, an advisory council to discuss policies on AI. The purpose of the council is to “maximize the potential and address risks”; this means the promotion of usage of AI and improvements in industrial competitiveness, and formulating necessary regulations to mitigate risks. In carrying out the above purposes, the council has announced proposals on the directionality of AI-related measures and a summary of the issues on generative AI.

AI guidelines for business operators

The Artificial Intelligence Strategy Council decided to develop guidelines for business operators that are more uniform and easy to understand. These guidelines are based on the preliminary summary of issues discussed by the council and compile existing guidelines on AI (“Governance Guidelines for Implementation of AI Principles”, “AI R&D guidelines for international discussions”, and “AI Utilization Guidelines”). An outline of the proposed guidelines was discussed in September 2023 and a draft was published in December 2023, following a review by experts. These guidelines aim to promote the safe use of AI by providing uniform guidelines for Japanese AI governance.

The guidelines are not legally binding. Business operators involved in AI are expected to voluntarily promote specific initiatives, such as establishing appropriate AI governance. In addition, the Liberal Democratic Party has declared it will move toward enacting legislation in order to ensure compliance with the guidelines.

The guidelines (including an appendix) total approximately 200 pages. An outline of the guidelines is as follows.

  • The entities covered by the guidelines are broadly classified into three categories: “AI Developer” (including entities that study AI), “AI Supplier” (entities that provide services incorporating AI), and “AI User” (entities that use AI systems or AI services).
  • The guidelines present ten principles that are common to the target entities, and points of emphasis in AI activities are specified by category of the target entities. In addition, the above-mentioned International Guiding Principles introduced through the Hiroshima AI Process (“Hiroshima Process International Guiding Principles for Organizations Developing Advanced AI Systems” and the “Hiroshima AI Process International Guiding Principles for All AI Actors”) are incorporated into the guidelines as the policies that should be complied with, and the requirements for the developers of advanced AI systems (referring to the most sophisticated AI systems, including state-of-the-art infrastructure models and generative AI systems).
  • The ten principles are: (i) human-centric, (ii) safety, (iii) fairness, (iv) protection of privacy, (v) security, (vi) transparency, (vii) accountability, (viii) education and literacy, (ix) fair competition, and (x) innovation. Principles (viii) to (x) are expected to be addressed by each entity in co-operation with society.
  • Examples of specific guidelines are as follows.
    1. In relation to “safety” (principle (ii)), AI developers should set the scope of safe use of AI in order to prevent issues. Also, AI suppliers should remind AI users about the possibility of inappropriate learning by AI models, and AI users should use AI systems/services keeping in mind the precautions set forth by AI suppliers and within the scope of use anticipated by the AI supplier.
    2. In relation to “fairness” (principle (iii)), AI developers should be aware of the fact that bias cannot be completely eliminated from AI models, and they should develop AI by implementing a variety of methods to mitigate bias. AI suppliers should monitor bias in AI models and encourage AI developers to improve the AI model as necessary. AI users should use AI output responsibly, keeping in mind that AI prompts may be biased.
  • The appendix to the guidelines includes the following:
    1. examples of AI services (including relationships among entities);
    2. AI benefits and possibilities, specific examples of risks;
    3. practical points for developing AI governance and practical examples;
    4. commentaries based on the three categories (AI developer, AI supplier, and AI user), examples of specific methods for implementing the guidelines, and easy-to-understand references; and
    5. checklist for business operators for compliance with the guidelines.
  • The guidelines were published for public comment in January 2024. A finalised version will be announced in March 2024. It will be amended as necessary, such as to reflect the latest trends, going forward.

Examining key legal issues related to generative AI

The Japanese government, led by the Agency for Cultural Affairs and the Cabinet Office, is facilitating discussions on issues related to intellectual property rights, particularly copyright, in the development and use of generative AI. In terms of copyright, discussions are taking place separately for the two phases of generative AI: (i) the learning and development phase; and (ii) the generation and use phase. Although Japan’s Copyright Act does not have a general provision on fair use, the Act provides that copyrighted works may be used without the consent of the copyright holder in the following cases (among other cases).

  • Non-enjoyment use – use of existing copyrighted works that is not intended for the enjoyment of the thoughts or sentiments expressed in the works (Article 30-4 of the Copyright Act).
  • Minor use – minor use of existing copyrighted works that is incidental to computerised data processing or the provision of the results thereof, or preparatory acts for such minor use (Article 47-5 of the Copyright Act).

At the learning and development phase, the use of existing copyrighted works as training data for generative AI is generally considered to fall under non-enjoyment use or minor use and may be conducted without the consent of the copyright holder. However, given the growing concern from creators and performers about the unlimited use of their works in AI learning and development, active discussions are underway about the scope of non-enjoyment use by which copyrighted works can be used without the copyright holder’s consent.

At the use phase, the issues being discussed include the following.

  • Whether the input of existing copyrighted work as a prompt to a generative AI constitutes copyright infringement.
  • The requirements for AI-generated materials to be copyrighted works.
  • Whether AI-generated materials that are similar to existing copyrighted works constitute copyright infringement.

The Agency for Cultural Affairs’ position on these issues is as follows.

  • The requirements for the private replication or non-enjoyment use can be met in many cases of existing works being used as a prompt, in which case it is possible to use existing copyrighted works.
  • If the generated materials are not autonomously created by the generative AI but the user of the generative AI creatively contributes to the final material, it may become the user’s copyrighted work.
  • The general rule is that if the creative expression of the generated material is the same as or similar to an existing copyrighted work, infringement will be found if the generation relies on that existing work. Such reliance will be found if the user is aware of the existing work. Further discussion is needed as to whether reliance will be found even if the user is not aware of the existing works but the generative AI’s training data includes the existing copyrighted work.

Web3 and the Metaverse

Web3

The Japanese government has been looking to “web3” and “start-ups” as engines of growth of the Japanese economy. The Japanese government began to promote various government policies in 2022. In 2022, the Project Team within the Headquarters for the Promotion of a Digital Society of the Liberal Democratic Party, the ruling party in Japan, announced the “NFT White Paper: Japan’s NFT Strategy for the Web3.0 Era” illustrating the challenges and presenting proposals regarding NFTs. The Project Team has continued to have various discussions, and in April 2023, announced “The web3 White Paper: Towards an era of mass adoption of Digital Assets” (the “web3 White Paper”). 

The web3 White Paper details challenges and provides recommendations for the following two issues:

  • issues to be addressed immediately for promoting web3; and
  • issues that should be further explored for the further development of web3.

Issue 1 – “Issues to be addressed immediately for promoting web3” refers to the following topics:

  • Japan’s contribution to the establishment of international rules;
  • tax reform;
  • ensuring opportunities for accounting audits of crypto-asset issuing companies and others;
  • establishment of special laws for LLC-type DAOs;
  • screening, issuance, and trading of various tokens;
  • measures against unlicensed NFTs and consumer protection;
  • clarification of criteria for financial institutions’ entry into web3 business and appropriate operations of regulations;
  • NFT business; and
  • diversification of investment vehicle schemes for blockchain-related businesses.

Issue 2 – “Issues that should be further explored for the further development of web3” refers to the following topics:

  • clarification of the treatment of digital asset transactions under private law;
  • supporting the overseas expansion of Japan’s content industry using web3;
  • licensing of web3 businesses;
  • safe and secure use environment;
  • clarification of issues related to the use of unhosted wallets;
  • utilisation of web3 in revitalising local communities;
  • further promotion of measures against money laundering and terrorist financing in collaboration with the international community;
  • establishment of a legal framework for investment DAOs; and
  • organising the issues on utilising the metaverse for diversifying workforce participation.

In December 2023, the Liberal Democratic Party announced that, in 2024 tax reform, the taxation on crypto-assets would be changed in response to the web3 White Paper. Also, discussion about establishment of special laws for DAOs has been continued. As seen above, the Japanese government will promote various government policies in response to the web3 White Paper. In addition, it is expected in 2024 that issuance of stable coins under the Payment Services Act will be issued. Close attention should be paid to the Japanese market of web3 business.

Metaverse

The metaverse is also mentioned under Issue 2 of the web3 White Paper. The Japanese government has continued to discuss legal issues in relation to the metaverse as well as web3. In November 2022, the Public-Private Co-operative Council for New Legal Issues Concerning Contents in the metaverse was established in the Intellectual Property Strategy Headquarters of the Japanese government and various legal issues have been discussed by the Council. In May 2023, the Intellectual Property Strategy Headquarters published the “Summary of Arguments for Responding to New Legal Issues Concerning Contents, etc, in Metaverse” (the “Summary of Arguments”) as a result of the discussions in the Public-Private Co-operative Council.

The topics of the Summary of Arguments are divided into the following four categories:

  • use and protection of intellectual property rights;
  • rights of publicity of avatars;
  • regulation on user behaviour in the metaverse; and
  • international jurisdiction and governing law.

In each category, legal issues and interpretation of the existing laws are introduced. The Summary of Arguments covers various topics, which are highly important for those considering launching a metaverse business in Japan. 

Although the Summary of Arguments does not provide a new interpretation of laws, there are some discussions of amendments to laws. Close attention should be paid to future discussion of amendments. Separately from the discussion in the Summary of Arguments, the Unfair Competition Prevention Law was amended in June 2023, to include imitations in the metaverse. It is an important amendment for relevant players in the metaverse to enable them to make claims for imitation in the metaverse. In addition, the Summary of Arguments contains a suggestion that the Summary of Arguments itself be reorganised for each stakeholder. Attention should be paid on the process of such reorganisation.

Start-Ups

In the TMT area, start-ups play an important role in accelerating innovation. In addition, collaboration between start-ups and major companies will be vital to realise innovation and DX. The amount of funds raised by start-ups is increasing year by year, and in 2022, the amount raised by domestic start-ups, which was JPY87.7 billion in 2012, was JPY877.4 billion, roughly ten times higher.

As seen above, the Japanese government has been looking to start-ups as well as web3 as engines of growth of the Japanese economy. At the end of 2022, the Japanese government formulated the “Start-up Development Five-Year Plan”, which aims to further increase investment in start-ups by a factor of ten (at a scale of JPY10 trillion) and create 100 unicorn companies and 100,000 new start-ups. Continuing from last year, the Japanese government’s “Basic Policy" for 2023 confirmed its existing policies for promoting start-ups. In addition, the Outline of the 2024 Tax Reform Proposals contains a proposal where the special tax system for angel investors would cover a convertible equity in order to promote start-up investment. In this way, the Japanese government is actively working to expand start-up investment and expand the market.

The Japanese government initiative on expanding start-ups also covers legal issues. Regarding collaboration between big companies and start-ups, there were concerns that start-ups had to conclude disadvantageous contracts due to their relatively weak bargaining power. In this regard, the Ministry of Economy, Trade and Industry and the Japan Fair Trade Commission (JFTC) jointly published the “Guidelines on Business Partnership Contracts with Startups” in 2021 and, as an amendment, the “Guidelines on Business Partnership Contracts with Startups and Investment in Startups” (the “Guidelines”) in 2022. The Guidelines are intended to protect start-ups from requests by business partners or investors which would violate competition law.

The Guidelines can be divided into two parts: (i) issues regarding business partnership contracts with start-ups; and (ii) issues regarding investment in start-ups. The discussion of issues regarding business partnership contracts illustrates potential issues in the following agreements:

  • NDA (eg, forcing disclosure of trade secrets);
  • PoC agreements (eg, additional work free of charge);
  • joint research agreements (eg, unfair transfer of intellectual property rights);
  • licence agreements (eg, grant of licences free of charge); and
  • other contractual clauses (eg, restrictions on selecting suppliers).

The discussion of issues regarding investments illustrates potential issues in various clauses of investment agreements. For example:

  • disclosure of trade secrets;
  • appraisal rights (significantly high price, founder’s obligation to purchase); and
  • most favoured nation clause.

After the publication of the Guidelines, the JFTC has conducted a survey on the status of compliance with the Guidelines and warned some companies that they may be in violation of competition law. When co-operating with or investing in start-ups in Japan, these Guidelines and Japanese practice must be taken into consideration.

Legal Tech

In Japan, legal tech services are being developed in various fields including contract and project management, contract drafting, due diligence, and legal research. In 2022, there was some uncertainty about the legality of AI contract review services in particular. This was highlighted when the Ministry of Justice responded to inquiries from legal tech service providers about the legality of such services, suggesting that their contemplated services may constitute the unauthorised practice of law. However, in August 2023, the Ministry of Justice issued guidelines clarifying that the following types of contract drafting, review and management services do not constitute the unauthorised practice of law.

  • Services that assist in the drafting of contracts and review of legal issues in the ordinary course of business regarding corporate legal matters that do not involve litigation or disputes.
  • Services in which, if the language or clauses of the contracts being reviewed are the same as or similar to those pre-registered in the system, such as contract templates or checklists, the said same or similar language or clauses are displayed without individual modification (as opposed to the services that involve the legal processing of the content of the contract based on the specific factual background or instructions regarding the content and the generation of detailed, case-specific drafting or modification of the contract accordingly).
  • Services used by lawyers who individually review the material generated by the AI and make necessary changes themselves.

The guidelines have made it clear that the scope of legality for AI contract review services is quite broad. As a result, competition has accelerated among legal tech service providers to develop services, and services using LLM models, such as GPT, are also beginning to be offered.

Nagashima Ohno & Tsunematsu

JP Tower
2-7-2 Marunouchi
Chiyoda-ku
Tokyo 100-7036
Japan

+81 3 6889 7000

+81 3 6889 8000

info@noandt.com www.noandt.com/en/
Author Business Card

Law and Practice

Authors



Mori Hamada & Matsumoto is a full-service international law firm based in Tokyo, with offices in Fukuoka, Nagoya, Osaka, Takamatsu, Sapporo, Beijing, Shanghai, Singapore, Yangon, Bangkok, Ho Chi Minh City, Hanoi, Jakarta (ATD Law), and New York. The firm has over 700 attorneys and a support staff of approximately 600, including legal assistants, translators and secretaries. It is one of the largest law firms in Japan and is particularly well known in the areas of mergers and acquisitions, finance, telecommunications, broadcasting, and intellectual property, as well as domestic litigation, bankruptcy, restructuring, and multi-jurisdictional litigation and arbitration. The firm regularly advises on some of the largest and most prominent cross-border transactions, representing both Japanese and foreign clients. In particular, the firm has extensive practice in, exposure to and expertise on telecommunications, broadcasting, the internet, information technology, and related areas, and provides legal advice and other legal services regarding the corporate, regulatory, financing and transactional requirements of clients in these areas.

Trends and Developments

Authors



Nagashima Ohno & Tsunematsu is the first integrated full-service law firm in Japan and one of the foremost providers of international and commercial legal services based in Tokyo. The firm’s overseas network includes offices in New York, Singapore, Bangkok, Ho Chi Minh City, Hanoi and Shanghai, and collaborative relationships with prominent local law firms throughout Asia and other regions. The firm’s TMT practice group is comprised of around 50 lawyers and legal professionals and represents Japanese major telecoms carriers, key TV networks, and many domestic and international internet, social media and gaming companies, not only in transactions but also in disputes, regulatory matters and general corporate matters. Its TMT practice group is well positioned to consistently meet requests from clients to provide advice on business strategies, daily compliance and corporate matters.

Compare law and practice by selecting locations and topic(s)

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.