The key regulations regarding the digital economy in Japan are the Act on Improving the Transparency and Fairness of Digital Platforms (as follows) and the Digital Platform Consumer Protection Act (see 1.4 Consumer Protection).

Transparency and Fairness of Digital Platforms

The Act on Improving the Transparency and Fairness of Digital Platforms was enacted in June 2020 and took effect in February 2021. Under the Act, the Ministry of Economy, Trade and Industry (METI) will designate specific digital platform providers with a business scale based on certain sales sizes for certain platform categories, such as:

• an e-commerce marketplace with annual sales of JPY30 billion or more;
• app store with annual sales of JPY20 billion or more;
• advertisement media with annual sales of JPY10 billion or more; and
• digital advertising platforms with annual sales of JPY5 billion or more.

The designated digital platform providers are required to disclose their conditions for accepting business operators, reasons for requesting the purchasing of certain services, factors affecting rankings, and other essential information. They are also required to annually report to METI on their handling of complaints, dispute resolution, disclosure and self-assessment.

User Protection of Digital Platforms

The Platform Service Study Group administered by the Ministry of Internal Affairs and Communications (MIC) published its third report in January 2024. The report recommends that the government requires providers of large digital platforms, where unspecified users can distribute content:

• to take measures to protect people from defamation, including having a complaint window, a procedure to accept complaints, and a staff member familiar with Japanese culture and society;
• to complete the investigation within one week; and
• to notify the complainant of the results of the investigation.

The report also recommends that such providers be required to publicly disclose their policies, notify contributors of the grounds for banning, and publicly disclose how measures are implemented. Based on this report, the “Act on Dealing with the Infringement of Rights Caused by Information Distribution via Specified Telecommunications” was enacted in 2024. For more details, see 10.1 Laws and Regulations for Social Media.

Income Tax (Individual Income Tax and Corporate Tax)

General rules

If a business operator is a resident individual or domestic corporation for Japanese income tax purposes, its worldwide income is subject to individual income tax or corporate tax. If it is a non-resident individual or foreign corporation for Japanese income tax purposes, only income categorised as domestic source income, including income attributable to its permanent establishment in Japan, is subject to individual income tax or corporate tax.

No digital services tax

Japan does not have a digital services tax. However, foreign business operators providing electronic services to Japanese customers should be aware of the treatment of consumption tax, as outlined in 1.3 Taxation of Digital Advertising.

Licensing of the sale of software

When a Japanese company is licensed by a foreign producer or provider to sell software to Japanese customers, there is an issue as to whether payments by the Japanese company to the foreign producer or provider may be treated as domestic source income and is subject to withholding tax in Japan.

If Japanese customers download software from a server or via a cloud service located outside Japan, and the Japanese company is merely facilitating the sale of the software, payments made by the Japanese company are treated as compensation for its marketing services and are not subject to withholding tax in Japan.

However, if the Japanese company is granted reproduction or modification rights for the software, it may be considered to be selling the software that it has reproduced or modified under those rights. Consequently, payments made by the Japanese company would be treated as a licence fee for the copyright and would be subject to withholding tax in Japan.

Consumption Tax (Value Added Tax)

General rules

Sales or leases of goods located in Japan are generally subject to consumption tax, and the sellers or lessors are required to file a consumption tax return and pay consumption tax. Sales or leases of goods located outside Japan are not subject to consumption tax.

In general, services provided inside Japan are generally subject to consumption tax, and the service providers are required to file a consumption tax return and pay consumption tax. In general, services provided outside Japan are generally not subject to consumption tax. However, services treated as “provision of electronic services” are subject to special rules (discussed below).

The provision of electronic services

Services provided via electronic and telecommunication networks, such as the internet, are treated as “provision of electronic services” and whether they are subject to consumption tax is determined by the location of the recipients of the electronic services, rather than the place where the services are provided. The provision of electronic services to recipients in Japan is generally subject to consumption tax, while the provision of electronic services to recipients outside Japan is not subject to consumption tax.

The provision of electronic services includes, but are not limited to, services that:

• provide e-books, digital newspapers, music, videos, and software (including various applications such as games) via the internet;
• allow customers to use software and databases in the cloud;
• provide customers with storage space to save their electronic data in the cloud;
• distribute advertisements via the internet;
• allow customers to access shopping and auction sites on the internet (eg, charges for posting goods for sale);
• allow customers to access a site to sell game software and other products on the internet;
• provide, via the internet, a reservation website for accommodation and restaurants (eg, charges to the businesses that operate the accommodation and restaurants for posting on the website); and
• provide English lessons via the internet.

On the contrary, when services provided via telecommunication networks are ancillary to the transfer of assets, those services are not treated as the provision of electronic services. Examples of those services are:

• services which merely mediate information transmission among subscribers (so-called telecommunications), such as telephone, fax, telegraph, data transmission, and access to the internet;
• software development;
• administrating and managing assets outside Japan (including internet banking services);
• requesting foreign businesses to collect and analyse information; and
• foreign legal professionals pursuing litigation outside Japan.

Classifications of the provision of electronic services

The applicable taxation scheme is based on whether the service provided is classified as the “provision of B2B electronic services” or the “provision of B2C electronic services”. If the provision of electronic services by foreign business operators is normally limited to business operators, considering the nature of the services, or the terms and conditions for providing the services, it is classified as the provision of B2B electronic services. On the contrary, if provision of electronic services by foreign business operators is not limited to business operators, it is classified as the provision of B2C electronic services, which include services received by both individual customers and business operators, as well as those received only by customers.

The provision of B2B electronic services (reverse charge mechanism)

When a foreign business operator provides B2B electronic services to business operators in Japan, the recipient business operators are generally required to file a consumption tax return and pay consumption tax. This taxation scheme, which places the burden of filing for and paying consumption tax on the business operators in Japan, is called the reverse charge mechanism. In this regard, a foreign business operator providing B2B electronic services is required to indicate beforehand that the service recipient will be responsible for filing for and paying any consumption tax that the transaction is subject to.

The provision of B2C electronic services (platform taxation/filing and payment by each foreign business operator)

The reverse charge mechanism does not apply to a foreign business operator providing B2C electronic services, and the foreign service provider is generally required to file a consumption tax return and pay the consumption tax.

However, from 1 April 2025, if a foreign business operator provides B2C electronic services via a digital platform and receives compensation therefor via “a specified platform business operator”, that specified platform business operator is required to file a consumption tax return and pay the consumption tax in respect of the electronic services provided by the foreign business operator. This taxation scheme, which transfers the burden of filing for and paying the consumption tax, is called platform taxation.

A digital platform operator that receives more than JPY5 billion in a taxable year for the provision of B2C electronic services, must submit a designation notification to the Commissioner of the National Tax Agency by the submission deadline for filing a tax return of the taxation period. The National Tax Agency discloses a list of specified platform business operators, which as of 6 December 2024, includes the following:

• iTunes K.K., operating “App Store”, “Apple Books”, and “Apple Podcasts”;
• Amazon Web Services Japan G.K., operating “AWS Marketplace”;
• Google Asia Pacific Pte. Ltd, operating “Google Play”; and
• Nintendo Co., Ltd., operating “Nintendo eShop”.

Income Tax (Individual Income Tax and Corporate Tax)

See 1.2 Digital Economy Taxation.

Consumption Tax (Value Added Tax)

The distribution of advertisements on the internet is a provision of electronic services, and whether it is subject to consumption tax is determined by the location of the recipients of the distribution services.

When a Japanese company or individual pays compensation for the distribution of advertisements by a foreign business operator, that compensation is subject to consumption tax. The distribution of advertisements by a foreign business operator is classified as the “provision of B2B electronic services”, for considering the nature of the services.

Under the reverse charge mechanism, business operators in Japan are generally required to file a consumption tax return and pay consumption tax for the distribution of advertisements. Thus, a foreign business operator distributing advertisements for a Japanese business operator is required to indicate beforehand that the service recipient will be responsible for filing a consumption tax return and paying the consumption tax that the transaction is subject to. Conversely, when a foreign company or individual pays compensation for the distribution of advertisements by a Japanese business operator, such compensation is not subject to consumption tax.

For more details of consumption tax, see 1.2. Digital Economy Taxation.

Overview

While there are several laws on consumer protection such as the Consumer Contract Act and the Act on Specified Commercial Transactions, the key legislation in terms of consumer protection for digital goods and services is the Digital Platform Consumer Protection Act. The principal regulatory authority of those laws is the Consumer Affairs Agency.

Consumer Protection of Digital Platforms

The Digital Platform Consumer Protection Act was enacted in May 2021 and took effect in May 2022. The Act applies to platforms on which consumers may purchase goods, services or rights for a consideration, without regard to the size of sales. The Act requires platform providers to proactively protect consumers from sellers, which are not platform providers but just merchants in the digital platforms. Digital platform providers are required to take measures to enable smooth communication between sellers and consumers, investigate sellers in response to consumer complaints regarding transactional conditions, and require sellers to provide information on their identity as necessary. Digital platform providers may be requested by the Consumer Affairs Agency to remove certain goods, services or rights if there are false or misleading descriptions that are not voluntarily remedied. Consumers may require digital platform providers to disclose the names, addresses, phone and facsimile numbers, email addresses, and corporate registration numbers of sellers if they need the information to exercise their rights against sellers.

Overview

Blockchain technology is broadly used in Japan. The use of blockchain technology itself is not regulated, but certain tokens are regulated as crypto assets, stablecoins or security tokens.

Crypto Assets

Exchange services of crypto assets such as bitcoin have been subject to regulations under the Payment Services Act since 2017. To engage in such exchange services, one must be registered with the Financial Services Agency (FSA), and registered exchange service providers must comply with AML requirements, client assets segregation, and other obligations. Separately from the Payment Services Act, the margin trading of crypto assets has been regulated by the Financial Instrument and Exchange Act since 2020.

Crypto assets are defined as (i) electronically recorded financial value which can be used for payment to, and can be purchased from and sold to, unspecified persons and are electronically transferrable, or (ii) other financial values which can be exchanged with financial value described in the preceding clause (i) between unspecified persons, but not including assets denominated in fiat currency.

In the game industry, one must pay attention to whether in-game currencies, items and rewards are regulated. The FSA’s administrative guidelines provide certain clarifications on this issue.

Stablecoins

As seen in the definition of crypto assets, stablecoins that are linked to, or exchangeable [only] for, a certain fiat currency are not regulated as crypto assets. Such stablecoins have been regulated separately from crypto assets since 2023. Under the regulatory framework introduced in 2023, stablecoins can only be issued by licensed banks, trust companies or funds transfer service providers. Moreover, intermediaries of stablecoins are also regulated.

Security Tokens

In 2020, new regulations regarding security tokens were introduced. Because even low-liquidity investment interests such as trust or partnership interests can easily be distributed and transferred to investors by tokenisation, such investment interests were subjected to more stringent disclosure and licensing requirements to protect investors.

In Japan, there are no laws or regulations that generally apply to cloud computing. However, certain services using cloud computing, such as voice communication services and email services, may constitute a telecommunications business under the Telecommunications Business Act (TBA). See 6. Telecommunications.

Where personal information is stored in a cloud, the Act on the Protection of Personal Information (APPI) will apply. The Personal Information Protection Commission (PPC), the principal regulator for the APPI, has clarified that businesses using cloud services must take security measures to protect personal information stored in a cloud service provided by a third party, but they do not need to supervise the providers of the cloud service or obtain consent from data subjects if the cloud service providers cannot access the stored personal information, regardless of whether the relevant data centre is located inside or outside Japan.

Industry-Specific Guidelines on Cloud Computing

Government cloud procurement

The Japanese government operates the Information System Security Management and Assessment Programme (ISMAP), pursuant to which Japanese government organisations may procure cloud services from cloud service providers registered with the ISMAP steering committee. The registration process requires applicants to submit an assessment report prepared by a third-party auditor registered with the committee, as well as other required information, including information regarding the risk of compulsory data access under foreign laws to enable the committee to review those foreign laws.

Cloud use by private-sector essential infrastructure

The Act on the Promotion of National Security through Integrated Economic Measures, which was promulgated in May 2022, imposes an additional requirement on essential infrastructure providers designated by the government from 14 essential infrastructure areas, namely, electric power, gas supply, petroleum, water, railways, motor freight, ocean freight, aviation, airports, telecommunications, broadcasting, postal services, financial services, and credit cards. Further, the Act was amended in 2024 to include port transport services, which will take effect by mid-November 2025. Designated providers are required to submit a written plan to the competent government ministry for review before they install certain essential facilities or outsource the maintenance or management of certain essential facilities, which include cloud services. In relation to the plan to use a cloud service, certain parts of the plan may be omitted if the provider is registered with the ISMAP steering committee.

Financial service operators

Financial service operators – such as banks, insurance companies and financial instrument business operators – are required by the supervisory guidelines issued by the FSA to take outsourcing management measures. Since the use of cloud services provided by a third-party service provider is a form of outsourcing, financial service operators must implement outsourcing management measures such as conducting a due diligence check of the service provider, entering into a service agreement that satisfies the supervisory guidelines, and auditing the service provider. More specifically to cloud, the financial service sector often refers to the guide to cloud implementation and operation of financial institutions published by the Centre for Financial Industry Information Systems (FISC).

Healthcare information

The healthcare industry (eg, hospitals, clinics, dentists and pharmacies) is subject to the Security Guidelines for Medical Information issued by the Ministry of Health, Labour and Welfare. Providers of cloud services to the healthcare industry are subject to the Security Guidelines for Information Service Providers for Medical Information issued by METI and MIC. These guidelines include both mandatory requirements as well as government-recommended actions.

Interim Report Regarding AI Legislation

The AI Institutional Study Group, established by the Cabinet Office, released a “Draft Interim Report” on 26 December 2024. This report summarises the results of hearings involving those in AI-related businesses and discussions on the ideal framework for AI systems. In particular, this report proposes that, while excessive government regulations could hamper innovation, it would be appropriate to prepare a legal system that allows the government to request that domestic and foreign businesses co-operate and provide information to ensure the effectiveness of governmental actions such as investigating the cause and providing guidance and advice, for example, when a serious problem occurs.

The government plans to submit a bill on AI to the Diet in 2025.

Product Liability and General Tort Liability

Under the Product Liability Act (PL Act), a producer of manufactured or processed movable goods is liable for damages to human life or body, or property, caused by a defect in the goods, whether or not the producer is negligent.

Since big data, machine learning and artificial intelligence (AI) are not movable goods, producers of big data, machine learning or AI themselves will not be subject to the PL Act. Rather, it is the producers of movable goods into which big data, machine learning or AI is installed which will be liable for the damages caused by a defect in those movable goods, including a defect in the installed big data, machine learning or AI.

However, producers of big data, machine learning or AI may be subject to general tort liability under the Civil Code. General tort liability is not a strict liability, unlike liability under the PL Act, and the plaintiff must prove intentional act or negligence (including simple negligence) by the defendant to successfully claim for damages.

Autonomous Vehicle Accident Liability

Under the Act on Securing Compensation for Automobile Accidents, any person who has control over or operates an automobile for their own benefit (eg, an owner or a driver) – the “responsible person” – is liable for damages for the death or bodily injury of another person arising from the operation of the automobile. The foregoing liability, however, does not apply if the responsible person proves that they and the driver exercised due care in controlling and operating the automobile, that the injured party or a third party other than the driver acted intentionally or negligently (including through simple negligence), and that there was no defect in the structure or functions of the automobile.

One issue is whether this special liability under the present automobile accident compensation framework should be modified to properly address car accidents caused by cars operated by AI, such as holding the car manufacturers liable for damages. The Research Report on Damage Liability regarding Autonomous Vehicles, which the Ministry of Land, Infrastructure and Tourism published in March 2018, concluded that it is appropriate not to modify the existing special liability for automobile accidents during the transition period until 2025 when autonomous vehicles are expected to be widely used. The report recommended that insurance companies that have compensated for damages caused by a defect in any autonomous driving equipment installed in a vehicle should be able to recover the compensation from the car manufacturers that installed the defective artificial intelligence-driving equipment.

Based on the recommendation, the Japanese Road Transport Vehicle Act was amended in May 2019 so that any autonomous driving equipment is required to have recording equipment to provide insurance companies with evidence as to the cause of an automobile accident.

Data Protection Consideration

The APPI has not imposed strict conditions focused only on processing personal information by AI. The APPI requires business operators using a personal information database in their business (handling operators) to use personal information only within the scope of the purpose of use notified to data subjects or publicly announced when collecting personal information. Therefore, as a general rule, they must notify or publicly announce the purpose of machine learning in order to use personal information for machine learning.

Generally, the purpose of generating statistical data by aggregating or analysing a large amount of personal information does not have to be notified to data subjects or publicly announced. However, the purpose of profiling, such as user journey analysis for targeted advertisement and credit scoring, must be notified to data subjects or publicly announced.

Further, if handling operators pseudonymously process personal data, they will be allowed to internally use the pseudonymously processed information beyond the original purpose of use that was notified to data subjects or publicly announced when collecting the original data. Thus, handling operators may use pseudonymously processed information for machine learning even where the machine learning is not included in the purpose of use notified to the data subjects when the personal data was collected.

In June 2023, the PPC issued a guidance to users and providers of generative AI. Users were advised to not input personal data to generative AI unless the use of AI is within the purposes of use notified to them and there is assurance that the input data will not be used for machine learning. The guidance suggested that providers not collect sensitive data, with such collection requiring data subjects’ consent, and disclose the purposes of use to data subjects.

Copyrights Consideration

In the process of machine learning, copyrighted works may be copied or adapted, which may cause copyright infringements. To promote AI developments, the Copyright Act grants an exemption allowing the use of copyrighted works to the necessary extent without permission from the copyright owner where the use (i) does not aim to let the user or others enjoy thoughts or sentiments expressed in the work, and (ii) does not unjustifiably harm the copyright owner’s interests, taking into consideration the type and purpose of the work and the manner in which the work is used (Copyright Act, Article 30-4).

The exemption covers the use of copyrighted works for extracting informative elements from a large amount of copyrighted or other works and analysis. The Copyright Act was amended in 2019 to clarify that the exemption covers not only statistical analysis but also deep learning, and not only copying but also transmission for grid computing.

In light of the recent increased use of generative AI, copyright holders have concerns about free riding. To responding such concerns, in July 2024, the Agency for Cultural Affairs issued a report called “General Understanding of AI and Copyright in Japan”. It examines, among others, whether using copyrighted works in each phase of (a) AI development and learning and (b) generating content by AI and utilisation of AI-generated content may cause copyright infringements. For example, if AI learning is conducted for the purpose of generating a content which is similar to copyrighted works learned by AI, it would not meet requirement (i) of the foregoing exemption and thus such using would constitute an infringement. The report also states that the Agency for Cultural Affairs will continue to collect new information such as further development of AI technology and evolving situations in other jurisdictions and may update the report.

Protection of “Shared Data with Limited Access”

To promote data sharing between businesses so that big data will be more widely used, the amendment to the Unfair Competition Prevention Act introduced the protection of “shared data with limited access” which is defined as any technical or business information:

• that is accumulated in a reasonable amount by electronic means;
• that is provided to specified persons as a business; and
• the access of which is controlled by electronic means.

Information controlled as a secret was previously excluded from protection even if the foregoing conditions were met, but under a 2023 amendment, from April 2024, that information also became protected as long as it is not protected as a trade secret. Most typically, where data such as location of smartphones or cars is collected by a business operator (data holder) and sold to third-party business operators for a fee (or shared among business operators in a consortium without charge) under the condition that the data can be used only for a certain purpose such as internal marketing analysis and cannot be redistributed or used for unauthorised purposes, the data would be protected as shared data with limited access. If shared data with limited access is wrongfully acquired, redistributed to third parties or used for unauthorised purposes, the data holder may seek an injunction and damage compensation under the Act.

Internet of Things (IoT) Devices

Under the Radio Waves Act (RWA), in principle, users of radio equipment – including IoT devices using radio waves such as Bluetooth or Wi-Fi – must obtain a radio station licence from MIC. However, certain smaller-scale radio stations, including Wi-Fi and Bluetooth devices, are exempted from such licence requirement if the device conforms to the technical requirements established by MIC and bears a certification mark indicating such conformity (an R-mark). For users to comply with the foregoing requirements, manufacturers, importers or sellers of those devices apply for the certificate of conformity and place the certification mark on their products.

Radio equipment that has undergone technical conformity certifications conducted by foreign certification bodies based on mutual recognition agreements between Japan and certain foreign countries (currently, the USA, the EU, the UK and Singapore) is deemed to conform to the technical standards established by MIC in Japan and may bear an R-mark without a separate certification in Japan.

There is an exemption to the certification requirement that is available for devices which conform to technical specifications designated by MIC such as IEEE802.11b/11a/11g/11n/11ac/11ad and Bluetooth Core Specification Version 2.1 or later, if solely used for testing purposes. To rely on this exemption, a notification must be filed with MIC stating the start and close of the testing period. The testing period must be 180 days or shorter. Before filing the start notification, one must ensure that the device complies with at least one of the technical specifications designated by MIC.

Under the Telecommunications Business Act (TBA), any telecommunications device which is connected to a telecommunications circuit facility, such as an internet connection provided by a telecommunications business operator, must satisfy certain technical requirements, be certified by a registered certification body, and bear a “T-mark”. However, the guidelines issued by MIC on 22 April 2019 clarified that a Bluetooth device is exempt from the TBA certification requirement if it:

• can be used by connecting to a smartphone;
• does not have other functions that directly connect to telecommunications circuit facilities; and
• is certified as complying with the Bluetooth specifications.

A similar exemption applies to a Wi-Fi device if:

• the Wi-Fi device cannot be directly connected to the internet provided by a telecommunications business operator and is connected to the internet only through a certified router which bears a T-mark; and
• there is a statement in the manual that the device cannot be directly connected to the internet.

Secrecy of Communications

The TBA stipulates that the secrecy of communications must be protected. “Infringement” of the “secrecy of communications” without obtaining the “consent” of the parties violates the TBA.

The “secrecy of communications” includes (i) the content of the individual communication and (ii) all of the following matters in connection with the individual communication, the knowledge of which enables inference of the content of the communication:

• the date and time of communication;
• the location of communication;
• the name, address, and whereabouts of the communicating parties;
• codes for identifying the communicating parties, such as telephone numbers; and
• the frequency of communication.

The TBA does not have an exemption for machine-to-machine communications.

JC-STAR

On 30 September 2024, the Information-Technology Promotion Agency (IPA) published the “Labeling Scheme based on Japan Cyber-Security Technical Assessment Requirements (JC-STAR)”. This is not legally binding. The primary purpose of JC-STAR is to enable procurers to easily select IoT products that meet their required security standards and to promote the widespread adoption of IoT products with appropriate security measures.

The main objectives of this scheme are as follows.

• To evaluate and visualise the security functions of products procured by government agencies and companies using a common standard.
• To ensure that only IoT products with sufficient security measures are adopted in specific fields.
• To reduce the burden on vendors exporting IoT products by achieving mutual recognition with overseas systems.

There are no specific regulations for deploying IoT solutions, although one must examine whether providing IoT solutions falls under a telecommunication business that requires a licence (see 6.1 Scope of Regulation and Pre-Marketing Requirements) and whether using devices included in IoT solutions falls under operating a radio station that requires a licence (see 4.1 Machine-to-Machine Communications, Communications Secrecy and Data Protection).

Further, in the case of IoT solutions deployed by essential infrastructure providers under the Act on the Promotion of National Security, such providers may be required to submit a written plan to the regulator for review before such deployment. For more details, see 2.1 Highly Regulated Industries and Data Protection.

If an IoT device collects personal information, such as appearance recorded by a camera or a voice recording enabling the identification of a person, the service provider which collects the personal information through that IoT device would generally need to comply with the APPI.

On 26 December 2024, the Cabinet Secretariat held a “Data Utilization Framework and System Study Group” to discuss the expansion of data utilisation, including personal data, in a wide range of fields such as medical care, finance, education, and industrial data, in light of the digitalisation of society. The Study Group aims to improve the convenience of society by building a system that takes into account the protection of personal information and consumer protection, and to facilitate medical treatment, reform working practices, and provide high-quality services. It also aims to form a basic policy on the ideal form of a data utilisation system which is scheduled to be formulated by the summer of 2025.

Licences for Broadcasting Businesses

As described in 6. Telecommunications, a telecommunications business under the TBA does not include broadcasting businesses, which are separately regulated under the Broadcasting Act. Note that the key regulator of both the telecommunications business and the broadcasting business is MIC.

The Broadcasting Act requires a licence prior to offering broadcasting services in Japan, which include:

• terrestrial-based television broadcasting;
• satellite-based television broadcasting; and
• cable television broadcasting.

The Broadcasting Act does not apply to companies with video-sharing platform services and streaming platforms. In fact, there is no specific law which regulates video-sharing platform services. The Broadcasting Act restricts foreign investments in the broadcasting business. The following entities or parties are not eligible to hold a broadcasting licence:

• a person who is not a Japanese national;
• a foreign government or its representative;
• a foreign entity; and
• a company or entity in which any of the aforementioned entities or persons is the executive director, or holds 20% or more of the voting rights.

Licences for Radio Stations

As described in 4.1 Machine-to-Machine Communications, Communications Secrecy and Data Protection, users of radio equipment must obtain a radio station licence under the RWA, with certain exceptions. Thus, if a provider of broadcasting services uses radio equipment for the services, it must obtain a licence not only under the Broadcast Act but under the RWA as well.

As described in 6. Telecommunications, the RWA restricts foreign investments regarding licences to use radio equipment. While there are exceptions to such restriction, those exceptions are not available for the use of radio equipment for a broadcasting business.

Licences for Telecommunications Businesses

Under the TBA, “telecommunications” means sending, delivering or receiving codes, sounds or pictures by wire, wireless means, or any other electromagnetic means which includes the internet. A broadcasting business, however, is excluded from the definition of telecommunications business.

The TBA requires a licence prior to offering telecommunications services in Japan. There are basically two types of such licences under the TBA, namely:

• a registration (toroku); and
• a notification (todokede).

If a provider of a telecommunications business installs or owns (including in the form of an “indefeasible right of use” or IRU) telecom circuits (eg, fibre-optic cables or coaxial cables) at certain levels, it must be a registration carrier. Other providers who do not install such circuits (eg, ISPs) are basically required to only notify MIC prior to offering telecommunications services.

A party seeking to provide a telecommunications service must submit application documents to MIC. In the case of a registration, it must also appoint a general manager for the telecommunication facilities (denki tsushin setsubi toukatsu kanri sha) or a chief telecommunications engineer (denki tsushin shunin gijutsu sha). A notification is a relatively straightforward procedure which would take only several days if all the necessary documents are complete. The filing fee for registration is JPY150,000, but no fee is necessary for filing a notification. There is no licence term or annual fee for either registration or notification. It is advisable to unofficially consult with MIC before filing an official application.

Licences for Radio Stations

As described in 4.1 Machine-to-Machine Communications, Communications Secrecy and Data Protection, a user of radio equipment must obtain a radio station licence under the RWA, with certain exceptions. Thus, if a provider of telecommunications services uses radio equipment for the services, it must obtain a licence not only under the TBA but also under the RWA.

The RWA restricts foreign investments in relation to obtaining a licence to use radio equipment. The following entities or parties are not eligible to hold the licence:

• a person who is not a Japanese national;
• a foreign government or its representative;
• a foreign entity; and
• a company or entity in which any of the aforementioned entities or persons is the executive director, or holds ⅓ or more of the voting rights.

However, there are exceptions to the foregoing restriction. For instance, if the purpose of the radio equipment is to operate a telecommunications business, the foregoing restriction does not apply.

The term of the licence is five years. There is also an annual fee for the use of radio frequencies. The amount of the licence application fee and the annual fee to use radio frequencies varies depending on the type of radio frequencies and the power of the antenna of the radio equipment.

There are no rules that specifically ensure network neutrality. However, MIC released an Interim Report regarding network neutrality in April 2019. The Interim Report pointed out the importance of setting rules as to whether bandwidth control, priority control and zero-rating services would be allowed, from the perspective that users must have fair access to the network. In that regard, a council composed of five associations (namely, the Japan Internet Providers Association, the Telecommunications Carriers Association, the Telecom Services Association, IPoE Council and the Japan Cable and Telecommunications Association) revised their guidelines on packet-shaping in December 2019 in accordance with the Interim Report. The revised guidelines provide that, generally speaking, packet-shaping is in violation of the TBA, as it violates the secrecy of communications, which is protected under the TBA; however, it may be permitted in exceptional situations, such as when general users are having difficulty in accessing a network due to heavy users’ traffic, or if a specific application is excessively occupying the network. The revised guidelines also state that telecommunications operators should let users know, in the terms and conditions of service, of the possibility of packet-shaping and how and when it would occur.

Further, the MIC published guidelines regarding zero-rating services in March 2020. These guidelines provide examples of instances when zero-rating services would violate the TBA in terms of differentiating users without good reason, or the secrecy of communications, so that providers of zero-rating services may avoid possible violations.

While those guidelines are not legally binding, the working group established by the MIC continuously monitors whether telecommunication service providers are handling packet-shaping and zero-rating services in accordance with those guidelines.

While the businesses in the TMT sector must comply with the laws that existed before the new technologies emerged (such as the RWA in terms of hardware and the TBA in terms of telecom services), they also need to watch new regulations and guidelines prepared by various regulators from time to time. Those new regulations or guidelines are often closely related to or inspired by regulations in other jurisdictions. For example, JC-STAR (see 4.1 Machine-to-Machine Communications, Communications Secrecy and Data Protection) was introduced in the wake of the Cyber Resilience Act in the EU. Since an emerging technology usually gives rise to new regulations and discussions in various jurisdictions, the legal framework surrounding the TMT sector will be constantly changing.

Technology Agreements

There are no specific laws or regulations that apply to technology agreements, or that strictly regulate the location of data storage or data centre, data-localisation, or price revision. However, the general contract law based on the will of the contracting parties applies to IT service agreements.

Parties should remember the following when incorporating a liability limitation clause into a contract.

• In a contract between a company and a consumer, a liability limitation clause may be invalidated under the Consumer Contract Act (CCA).
• While the CCA does not apply to contracts between companies, a provision that exempts one contracting party from liability in the case of intentional or gross negligence may be invalidated under case law.

Data Localisation

There are no data localisation regulations. However, for some sectors, such as the medical sector, there are guidelines recommending storing data in locations where Japanese law applies, that is, Japan. These guidelines are not strictly required to be observed, but are usually complied with by the relevant sectors as a matter of practice.

Economic Security

Under the Act on the Promotion of National Security through Integrated Economic Measures, essential infrastructure businesses must file a plan with the government before introducing or contracting out the management of certain important equipment. The government will review the plan and may issue a recommendation or order entities to modify or discontinue the plan if the government finds security issues. When contracting with designated essential infrastructure providers in Japan, this Act should be taken into consideration. Contractual risk management measures, including those related to cybersecurity, will be required.

In March 2024, the Cabinet Office published a draft of reference contractual provisions as a reference document.

The specific elements to be included in telecommunications service agreements depend on the type of telecommunication service being provided. There are no universally mandated components.

Businesses are required to adhere to the terms and conditions set forth by major cloud service providers. It is frequently challenging to negotiate special provisions within these terms and conditions.

Telecommunications carriers are obligated to comply with interconnection requests and cannot refuse them (TBA, Article 32). Telecommunications carriers who install Type I designated telecommunications facilities must obtain MIC’s approval for their interconnection agreements and must also make these agreements public. Similarly, telecommunication carriers who install Type II designated telecommunications facilities must submit their interconnection agreements to the MIC and make them public.

However, telecommunications carriers installing Type I designated telecommunications facilities are limited to NTT West and NTT East, while those installing Type II designated telecommunications facilities are primarily mobile service providers.

Electronic Signatures

Japan does not have an equivalent to electronic identification and trust services (eIDAS) regulations to regulate trust services comprehensively, but the Act on Electronic Signatures and Certification Business (Electronic Signatures Act) grants an “electronic signature” the same legal status as wet-ink signatures. An “electronic signature” refers to a measure taken with respect to information recorded electronically and which meets both of the following requirements (Article 2):

• having a measure to indicate that the relevant electronic information was created by the person who has taken that measure; and
• having a measure to confirm that the relevant information has not been altered.

Although government authorisation is not mandatory, nine electronic signature service providers received confirmation that they satisfy the requirements of enabling “electronic signatures” from the Digital Agency under Article 4, paragraph 1 of the Electronic Signatures Act.

The Legal Affairs Bureau, which operates the real property and company registration systems, does not accept all electronic signatures. Although electronic filing is permitted under laws and regulations, only electronic signatures designated by the Minister of Justice are accepted. Thus, there are still many applicants who apply for registration using physical documents, in which case, the originally signed documents may need to be submitted, depending on the type of registration they are applying for.

Time Stamp

There are no laws that require time stamps on documents, except when documents on national tax are electronically stored. The Electronic Book Preservation Act requires scanned data of paper-based documents on national tax and originally electronically produced documents on national tax to be accompanied by time stamps before they are electronically stored, except where substitute measures designated by the ordinance of the Electronic Book Preservation Act are taken. Providers of the time stamps must enable proof of non-tampering for the term of the statutorily required storage period and a batch verification for a certain taxable period. Although an authorisation is not required to issue time stamps, the time stamp in compliance with the Electronic Book Preservation Act must be provided by service providers are accredited by MIC. To obtain the accreditation, the time stamps must meet certain requirements under the Public Notice issued by MIC. The Japan Data Communications Association, a private association, investigates whether or not the requirements are met. As of March 2024, four-time stamp service providers were accredited by MIC.

Electronic Seal

MIC recommends private sector organisations to use electronic seal to certify authenticity and prevent frauds. For this purpose, a framework in which MIC will accredit certain electronic seal services is expected to be implemented in 2025 in line with the final report and principles published by a study group convened by MIC in April 2024.

Japanese Public Key Infrastructure (JPKI)

For tax and social welfare purposes, a unique identification number is assigned to each individual residing in Japan, regardless of nationality. That unique identification number can be used only for the purposes of tax, social welfare or other statutorily defined purposes, and the collection and use of such unique number is strictly restricted in the private sector. However, each unique identification number card issued by the government is installed with a digital certificate, which the private sector can use to establish the identity of users online (called the Japanese Public Key Infrastructure or JPKI). From May 2023, the certificate can also be embedded into Android smartphones. A business may verify that digital certificate through the use of the revocation list or Online Certificate Status Protocol (OCSP) service provided by the Japan Agency for Local Authority Information Systems (J-LIS), provided that it obtains authorisation from the Minister of MIC or outsources the verification to an authorised service provider.

A considerable number of financial service providers use the JPKI for the purpose of complying with the Know Your Customer (KYC) requirement. Compared to traditional KYC measures, reliance on JPKI is time and cost efficient. Drivers’ licences are also installed with an IC chip which can be used for KYC purposes. In June 2023, the government issued a policy plan to abandon KYC using drivers’ licences or other identification and only allow KYC by JPKI in the future.

eKYC in the Financial Sector (Other Than JPKI)

In the context of KYC, separately from relying on the digital data stored in ID cards, another measure used by financial institutions to establish users’ identity online is to require a user to take a selfie (with a random pose) and a digital image of a government-issued ID card by installing and using a smartphone application provided by the financial institution and to send both the selfie and the ID card image to the financial institution. The financial institution will compare the photo printed on the government-issued ID card and the selfie photo sent by the user. The comparison can be automatically processed provided that the false acceptance rate (FAR) is lower than a certain level determined by the government (note that the number is not publicly disclosed). This KYC measure is used by an increasing number of financial service providers.

Overview

There is no comprehensive law regulating the game industry, but there are certain regulations which game developers should pay attention to.

Prohibition of Gambling

The Penal Code prohibits gambling, which is construed as competing for gain or loss of property or financial benefits based on the outcome of chance events. For example, if non-fungible tokens are randomly granted in exchange for charging by players in a game, it must be designed so that tokens valuing the same as or more than the charged amount will be granted to any players and no players lose by charging. The Guidelines on Blockchain Games jointly issued by three game industry associations provide certain guidance on this issue.

Prohibition of Multi-Tier Loot Box

In many mobile games, in-game items are randomly granted in exchange for charging. Not all of this loot box feature is prohibited, but the Consumer Affairs Bureau issued a statement that “multi-tier loot box” is prohibited under the Act against Unjustifiable Premiums and Misleading Representations in 2012. Before the prohibition, many games had a feature which granted additional items when a player collects a certain set of items to motivate drawing many loot boxes, but this feature is now prohibited. Under the current regulation, an item can be randomly granted when drawing a loot box, but additional items cannot be granted based on what items players collected.

Payment Services Regulations

If in-game currencies or items are purchased and do not expire for a period exceeding six months, such currencies or items can be regulated as prepaid payment instruments under the Payment Services Act. If the purchased but unused amount exceeds JPY10 million on 30 September or 31 March of any year, a filing with the FSA and a security deposit of 50% of the unused amount with the government are required. To void such regulations, in-game currencies and items should be designed to be used within six months from purchase.

Crypto Assets Regulations

If tokens are earned in games, attention should be paid to whether such tokens are regulated as crypto assets. The administrative guidelines issued by the FSA requires that (i) the terms of use prohibit using such tokens for payment and (ii) the minimum unit value be sufficiently high or the maximum number of fractions be sufficiently limited.

Prohibition of Gambling

The prohibition on gambling under the Penal Code is primarily enforced by the National Police Agency. Gambling is penalised by a criminal fine of up to JPY500,000 but gambling on a continuous basis is penalised by imprisonment of up to three years. In usual cases, since online gambling websites are generally operated from outside Japan, players of overseas gambling and payment service providers, not operators, are charged with gambling or aiding thereof.

Prohibition of Multi-Tier Loot Box

The Consumer Affairs Bureau enforces the Act against Unjustifiable Premiums and Misleading Representations. Multi-tier loot box is not directly penalised, but the Bureau may issue a corrective order for breaches. See 9.1 Regulations for further details on the multi-tier loot box.

Payment Services and Crypto Assets Regulations

The FSA enforces the Payment Services Act. A failure to file with the FSA for issuing payment instrument is penalised by imprisonment of up to six months or a criminal fine of up to JPY500,000. A failure to register with the FSA to transact crypto assets is penalised by imprisonment of up to three years or a criminal fine of up to JPY3 million.

User Generated Contents

Game players may engage in creative activities and copyright for their creative works may be granted to them depending on the terms of use. If so granted, a third party who wants a secondary use of such user-generated contents must obtain a licence from the player holding the copyright. To facilitate such secondary use even if the copyright owner does not timely respond to a licensing request, the Copyright Act was amended in May 2023 to allow a more expedited and simplified state licensing scheme for the secondary use of user-generated contents within three years from May 2023.

Design Imitation

To protect the design owner’s interest, the Unfair Competition Prevention Act was amended in 2023 to prohibit the provision via telecommunications of data which imitate another’s product from April 2024.

Trade Mark

Since the goods and service classifications between the real world and a virtual environment are different, trade marks for real-world goods would not be protected in a virtual environment unless they are registered for virtual goods and services. Having said that, since an increasing number of brand-owning companies apply for virtual goods and services, game developers need to be more careful about using a third-party’s trade marks.

Publicity Rights

An avatar may be generated from an image of a public figure. There is a judicial precedent ruling that a publicity right is granted if the name or image of the public figure has the power to promote the sale of goods and that publicity right is infringed if the name or image is used solely for the purpose of promoting sales (Supreme Court, 2 February 2012). Thus, such an avatar cannot be used to promote sales, but a publicity right would not be infringed if the user generates the avatar only for personal satisfaction or use.

Telecommunication Business Act

Certain social networking services (SNS) are subject to the TBA. For instance, SNS platforms that offer direct messaging functionalities are required to file a notification based on the TBA.

Additionally, even if an SNS does not have direct messaging capabilities, some service providers offering SNS services with over 10 million users (“equivalent to intermediary telecommunications services”) have been designated by MIC as being required to file a notification under the TBA. For further details on the notification process, see 6.1 Scope of Regulation and Pre-Marketing Requirements.

Information Distribution Platform Act

In 2024, the “Act on Dealing with Infringement of Rights Caused by Information Distribution via Specified Telecommunications” (Information Distribution Platform Act) was enacted to amend the “Act on the Limitation of Liability for Damages of Specified Telecommunications Service Providers and the Right to Demand Disclosure of Identification Information of the Senders” (Provider Liability Limitation Act).

To address the spread of illegal and harmful information (eg, slander and libel) online, the new law stipulates the obligations of platform operators above a certain size to:

• establish and publicise a method for individuals alleging that their rights have been infringed by the distribution of information to request the removal of the postings (Article 22);
• investigate the infringement of rights upon receipt of a request, make a decision within 14 days of such request, and duly notify the requestor of the outcome (Articles 23 and 25); and
• establish and publicise the criteria for deleting posts (Article 26).

The proposed name change of the law is due to the broadening of its scope beyond the disclosure of sender identification, which was a key provision in the original law.

Countermeasures Against Disinformation and Misinformation

On 10 September 2024, the MIC published its “Study Group on Ensuring the Soundness of Information Distribution in Digital Spaces” (Summary), which highlights the risks and challenges associated with disinformation and misinformation in digital environments and suggests measures to promote reliable information distribution. Although the Summary is not legally binding, it may influence future legislative amendments. The Summary delineates the responsibilities and roles of various stakeholders in managing the risks and challenges related to information distribution, presenting these as “basic principles”.

See 1.1 Key Challenges, 6.1 Scope of Regulation and Pre-Marketing Requirements and 10.1 Laws and Regulations for Social Media.

Social media operators are often classified as telecommunications business carriers under the TBA, and as such the MIC frequently assumes regulatory responsibility in this context. The MIC has the authority to issue guidance to service providers that fail to comply with the TBA. If such guidance is not followed, the MIC also has the power to issue business improvement orders.

In recent years, there have been instances where the MIC has taken enforcement actions against social media service providers. For example, in cases where unauthorised access resulted in the leakage of user information, including the confidentiality of communications, the MIC has demanded that the service providers ensure the protection of communication confidentiality and strengthen cybersecurity measures.