Japan's digital regulatory environment has shifted materially. Revised legislation governing digital services entered into force in early 2025, with phased compliance obligations extending through the end of the year. International technology companies that provide digital services to Japanese users – or process Japanese user data – face binding new duties. Companies that miss the compliance window risk enforcement by Japan's digital oversight authorities and potential suspension of service operations in the market.
Japan's updated digital services legislation imposes transparency, algorithmic accountability, and software liability obligations on technology companies operating in or targeting the Japanese market. Companies meeting defined user-volume or revenue thresholds must complete compliance documentation and internal process adjustments by the applicable deadline under the revised regulatory regime. International operators are subject to these rules on the same basis as domestic providers where their services are directed at Japanese users.
This alert sets out what changed, which business categories are affected, and the immediate actions your organisation should take now.
What changed – and when it takes effect
Japan's legislature amended its core digital services legislation in 2024. The reforms came into force on January 1, 2025. A transitional period applies to certain obligations, with full compliance required by December 31, 2025.
The central changes address three areas. First, the revised rules expand algorithmic accountability requirements. Operators of recommendation systems, content-ranking tools, and automated decision-making features must now document how those systems function and must disclose that information to users on request.
Second, software liability provisions have been strengthened. Technology licensing agreements that transfer software to Japanese business users must include specific provisions on defect disclosure and remediation timelines. Operators who distribute software without those provisions face civil liability exposure under Japan's commercial and technology legislation.
Third, the rules introduce a structured complaints and redress mechanism. Digital service providers must designate a Japan-based or Japan-accessible contact point and respond to user complaints within defined timeframes. Failure to maintain a functional complaints channel is an independent compliance breach.
The Digital Agency (Japan's central digital regulatory authority) and the Sōmushō (Ministry of Internal Affairs and Communications) share oversight responsibility. Enforcement under the revised rules began on April 1, 2025.
Companies with existing technology licensing arrangements in Japan should audit those agreements against the new software liability standards immediately. Contracts signed before January 1, 2025 are not automatically grandfathered. Where agreements are silent on the required provisions, regulators treat this as a gap requiring correction.
For companies also assessing AI Act compliance obligations in other markets alongside Japan, parallel review is advisable. Japan's domestic rules on AI-driven services draw on international regulatory thinking but operate as an independent legislative regime. Compliance with the EU AI Act does not satisfy Japan's requirements.
Which companies are affected – and the threshold criteria
The new obligations apply to operators of digital services in Japan. The legislation uses a broad definition. A company is in scope if it provides an information intermediary service, a content platform, a software distribution platform, or an AI-enabled service to users located in Japan.
Threshold criteria determine the intensity of obligations:
- Operators with a large number of monthly active users in Japan (above the statutory user-volume threshold) face the full suite of obligations, including algorithmic accountability reporting and public disclosure duties.
- Mid-tier operators – below the large-platform threshold but above a lower user-count baseline – must comply with the complaints mechanism and software liability provisions, but face reduced disclosure requirements.
- Small operators and individual developers below the lower baseline are exempt from most provisions, though software liability duties under general commercial legislation still apply.
- Business-to-business software providers are partially in scope. Where software is licensed to Japanese business users for deployment to end consumers, the licensing chain triggers liability provisions.
Geographic reach is determined by where users are located, not where the provider is incorporated. A company incorporated in Europe, the United States, or Southeast Asia is in scope if its service is directed at Japanese users – through a Japanese-language interface, Japan-targeted advertising, or a Japanese payment option.
Companies providing technology licensing arrangements to Japanese partners should verify whether those partners qualify as business users under the legislation. If they do, the upstream licensor's agreements must meet the new software liability content requirements.
For a detailed review of how these obligations interact with intellectual property protection in Japan, including software copyright and trade secret rules, our separate analysis addresses those intersections.
To receive an expert assessment of your company's exposure under Japan's revised digital services rules, contact us at info@ferrazwhitmore.com.
Immediate actions for international companies
The following steps should be initiated before the December 31, 2025 compliance deadline. Earlier action reduces enforcement risk and avoids last-minute bottlenecks as the deadline approaches.
- Map your Japanese user base. Determine whether your monthly active user count in Japan reaches the large-platform or mid-tier threshold. This assessment drives which obligations apply and at what level of intensity.
- Audit algorithmic systems. Identify every recommendation, ranking, or automated decision-making feature deployed to Japanese users. For each, prepare a plain-language description suitable for user disclosure. The description must be accurate, current, and accessible within your service interface.
- Review technology licensing agreements. All software licence agreements with Japanese business users should be reviewed against the software liability provisions of the revised legislation. Agreements lacking required defect-disclosure and remediation terms must be amended or supplemented before enforcement begins.
- Establish a complaints channel. Designate a Japan-accessible contact point. Define internal response workflows that meet the statutory response timeframes. Document the process for regulator inspection.
- Register or notify where required. Certain large-platform operators must notify the Digital Agency of their service and algorithmic systems. Confirm whether notification obligations apply to your organisation and file within the prescribed period.
Companies operating across multiple Asian markets should note that Japan's digital services rules are stricter in several respects than comparable regimes in the region. For a comparison of how Japan's obligations align with digital services requirements elsewhere in the region, see our alert on digital services regulation in the UAE.
Engaging a lawyer in Japan with cross-border technology experience is advisable for companies at or near the large-platform threshold. The documentation, disclosure, and licensing obligations involve judgment calls that carry material enforcement risk if resolved incorrectly.
For a tailored strategy on digital services compliance in Japan, reach out to info@ferrazwhitmore.com.
About Ferraz & Whitmore
Ferraz & Whitmore is an international law firm in Japan advisory practice, advising technology companies, investors, and institutional clients across 46 jurisdictions. Our team combines Portuguese civil law expertise with English common law tradition to deliver cross-border legal solutions in AI and technology regulation, digital services compliance, and technology licensing. Our AI and technology law practice covers requirements across Asia-Pacific, European, and Middle Eastern regulatory regimes, supported by a network of local counsel. We advise international operators on meeting algorithmic accountability, software liability, and digital services obligations in high-growth markets including Japan. To discuss how Japan's revised digital services legislation affects your business, contact us at info@ferrazwhitmore.com.
Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. Ferraz & Whitmore assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@ferrazwhitmore.com.