We are pleased to present the May 2025 issue (Vol.15) of our Tech, IP and Telecoms Law Newsletter, a collection of the latest information about Japanese technology, intellectual property, and telecommunications law. We hope that you will find it useful to your business.

On May 28, 2025, a new law entitled “Act on the Promotion of Research, Development, and Utilization of Artificial Intelligence Technologies” (the “AI Act”) was passed by the National Diet and officially enacted.

Japan has not previously enacted comprehensive legislation regulating AI. Legal issues related to AI have been addressed primarily through non-binding measures, such as the government’s AI Guidelines for Businesses. As enacted, the AI Act is the first comprehensive law in Japan specifically addressing AI.

The AI Act sets forth fundamental principles for the research, development, and utilization of AI technologies. It also assigns national and local governments the responsibility to implement related measures in accordance with those principles. Under the AI Act, a new “Artificial Intelligence Strategy Headquarters” would be established within the Cabinet. This body would be tasked with formulating an AI Fundamental Plan, which outlines the government’s policy framework to promote AI development and utilization. As such, many of the provisions take the form of a basic law, setting out fundamental principles and directions for the government to follow.

With respect to the obligations of private sector, the act requires AI utilization businesses to cooperate with AI-related initiatives led by the national and local governments. However, compared to the EU’s AI Act - which imposes broad obligations and significant penalties on private entities - the obligations in Japan’s AI Act are relatively limited. That said, the act empowers the government to provide guidance, advice, and information to AI utilization businesses and to take necessary actions when needed. This suggests that the government may issue guidance to AI utilization businesses in cases of serious misconduct or noncompliance. Notably, the act does not contain any penal provisions for violations.

A supplementary resolution passed alongside the act calls for further consideration of measures to address so-called sexually explicit deepfakes and consideration of how to respond to businesses that refuse to comply with government guidance. The AI Act is expected to serve as the cornerstone of Japan’s AI regulatory framework, with market participants benefiting from closely monitoring the developments of AI initiatives based on the act, including the forthcoming AI Fundamental Plan to be developed by the Artificial Intelligence Strategy Headquarters and to be published by the prime minister.

On April 7, 2025, Japan’s Consumer Affairs Agency (“CAA”) released a research discussion paper titled Survey of Transactions Related to the “Dark Patterns,” alongside an English-language summary and a visual guide illustrating common examples.

The paper presents findings from an investigation into 102 websites selected based on factors such as consumer consultation data and sales volume - i.e., sites that are considered to be frequently used by Japanese consumers. The survey examined user interfaces and design elements that may qualify as dark patterns. The most frequently observed types included:

・Preselection (default settings that reflect the business’s preferred choices),
・False hierarchy (visually emphasizing the business-favored option),
・Testimonials (potentially misleading or deceptive customer reviews), and
・Forced registration (scenarios in which users are either required or led to believe they are required to register for an account).

The study also highlights the frequent use of multiple dark patterns in combination, which may significantly amplify their influence on consumer behavior.

The accompanying illustration set visually explains 15 representative types of dark patterns, including the widely scrutinized “No.1 claims” (promotional statements emphasizing superiority or advantageous conditions, such as being “Ranked No.1”), which have been subject to a series of enforcement actions by the CAA in 2023 and 2024. (A separate report focusing on these claims was released by the agency in September 2024.)

This report reflects the CAA’s increasing focus on dark patterns, and further attention by the CAA is expected on policy efforts and enforcement trends aimed at curbing such practices.

The Ministry of Economy, Trade and Industry (METI) released an updated version of the “Guidelines for the Management of Trade Secrets” on March 31, 2025. These guidelines outline the minimum standards necessary to protect “trade secrets” as defined by the Unfair Competition Prevention Act. This update is the first revision since January 23, 2019, nearly six years ago.

The revision reflects changes in the environment surrounding trade secret usage, such as the rise in remote work at many companies, which has increased opportunities to access trade secrets from home or other locations. It also considers shifts in information management practices within companies, including the adoption of cloud technology and environments. Specifically, the guidelines now address the level of security measures required when storing or managing trade secrets using external cloud services. Additionally, they clarify that even if confidential information is used as training data for generative AI and subsequently generated or output as AI-generated content, the confidentiality of such information may still be maintained under certain circumstances.

Please note that regarding the protection of so-called “limited-use data,” the “Guidelines on Limited-Use Data” were also revised in February 2024 in accordance with amendments to the Unfair Competition Prevention Act. We recommend referring to these guidelines alongside this document for a comprehensive understanding of this area.

The Ministry of Economy, Trade and Industry and the Ministry of Internal Affairs and Communications, released the “Safety Management Guideline for Providers of Information Systems and Services Handling Medical Information, Version 2.0” (the “Guideline”) on March 28, 2025. The original version, 1.0, was introduced in August 2020 to establish requirements for providers managing medical information systems and services. In July 2023, the Guideline was updated to version 1.1 to align it with the “Guideline for the Safety Management of Medical Information Systems (Version 6.0)” set by the Ministry of Health, Labour and Welfare, thereby improving convenience for providers.

In recent years, the increasing complexity and variety of cyberattacks on medical information systems have highlighted the critical need for robust security measures and agreements between medical institutions and information system providers. This situation prompted a review of the Guideline. As a result, in October 2024, a public consultation was held on a draft of the Guideline, which draft incorporated insights from an expert committee.

While Version 2.0 of the Guideline does not differ significantly from Version 1.1, some changes were made based on feedback from the public consultation. These changes include clarifying which providers are covered and detailing the content of agreements that should be established between providers and medical institutions. In addition to the update to Version 2.0 of the Guideline, the “Service Specification Compliance Disclosure Document and Service Level Agreement (SLA) Reference Example” and the “FAQ on Safety Management Guideline for Providers of Information Systems and Services Handling Medical Information” were also updated.

The Japan Patent Office announced on April 7, 2025, that it had registered the first trademark under the Trademark Law’s consent system. The consent system was introduced in a 2023 amendment to the Trademark Law (effective April 1, 2024) in response to growing demands for its introduction in Japan, given the globalization of commerce and the need for international harmonization of systems in circumstances where similar systems have already been introduced in other countries and regions.

Under the Trademark Law, a trademark that is identical with or similar to a prior registered trademark cannot be registered as a trademark for the designated goods or services of the prior registered trademark or for goods or services similar to those designated (Trademark Law Article 4, Paragraph 1, Item 11). However, even if a trademark is identical or similar to a prior registered trademark, the consent system allows registration of the trademark if (i) the prior registered trademark holder consents, and (ii) there is no likelihood of confusion (Trademark Law Article 4, Paragraph 4). When applying the consent system, the applicant must submit a consent letter from the owner of the prior registered trademark to evidence the satisfaction of requirement (i), and an agreement between the parties to evidence the satisfaction of requirement (ii). The Japan Patent Office has published templates for these consent letters and agreements.

In the first trademark registration applying the consent system, the trademark “Hari” was registered with the applicant being Shata Shuzo Co., Ltd. and the designated goods being “sake, shochu” (Class 33). “Hari” was already trademarked in respect of retail and wholesale alcoholic goods sales (Class 35) by a different business. According to the application documents, as evidence that there is no likelihood of confusion (being requirement (ii)), materials regarding the business operations of both companies (copies of their websites) were submitted, indicating the difference in their business types.

Source: First Trademark Registration Made under the Consent System

The introduction of the consent system is expected to support new businesses utilizing intellectual property, particularly small and medium-sized enterprises and startups, by expanding the range of brand options available for new ventures. Having said that, the success of this system will turn on a close monitoring of actual case reviews regarding requirement (ii)’s criteria of there being “no likelihood of confusion.” The consent system’s actual implementation and utilization in practice, going forward, will determine the success of this new system.

On May 16, 2025, legislation on active cyber defense (the Japanese version of Active Cyber Defense, or ACD) was enacted. Specifically, the following two pieces of legislation were promulgated on May 23, 2025 and enacted:
- Act on the prevention of damage caused by unauthorized acts against important computers (Act No. 42 of 2025)
- Act on the revision of related laws in connection of the act on the prevention of damage caused by unauthorized acts against important computers (Act No. 43 of 2025)

The content of these acts is wide-ranging, and can be broadly divided into four categories: (1) public-private collaboration, (2) use of communication information, (3) access and neutralization, and (4) cross-cutting issues. For an overview, please refer to Volume 14 of this Newsletter (March 2025).

The legislative review process in the National Diet saw certain additions of principles and aspiration-like provisions stating, for example, that the secrecy of communications or the rights and freedoms of citizens guaranteed by the Constitution must not be improperly restricted, no substantial revisions to the operative parts of the law were made.