Is your AI & sourcing stack illegal in Japan?

As of June 1, 2025 — the most recent published MHLW aggregate — 1,283 entities had filed as 特定募集情報等提供事業者 (Specified Recruitment Information Providers) in Japan. Among them, 1,642 distinct services were registered. The four legal categories are not evenly populated. One of them is almost empty.

第1号 — job postings at employer request — has 1,502 services. 第3号 — candidate information at candidate request — has 623. 第4号 — candidate information collected without request — has 6.

MHLW status report — as of June 1, 2025, published March 2026. A single entity can file in multiple categories. Total services exceed total entities for that reason.

Thousands of AI sourcing platforms describe themselves in language that, under Japanese law, sits squarely in the #4 category. Six services are filed there. Make of that what you will.

02Two laws, not one.

Compliance discussions about AI recruiting in Japan often collapse into a single conversation about "data privacy." The actual legal picture is two parallel regimes, each with its own regulator, registration, penalty structure, and audit cadence. A platform can comply with one and remain unlawful under the other.

APPI (個人情報保護法) governs the data — every record about an identifiable Japan-resident individual, regardless of where the operator is incorporated or where the server sits. Regulator: PPC (個人情報保護委員会). No registration required. Extraterritorial reach (Art. 171). Max corporate fine: ¥100M.

Employment Security Act (職業安定法) governs the act of providing candidate information to employers — which is what every AI sourcing platform does at the moment it returns a ranked candidate list to a paying client. Regulator: MHLW (厚生労働省). 届出 required (4 categories). Reaches Japan-resident candidates. Penalty: 6 months / ¥300K (Art. 65(7)).

Both laws apply at the same time. A platform incorporated in California, scraping LinkedIn data, processing on US-based AI infrastructure, and selling subscriptions to Tokyo recruiters needs to satisfy both regimes. There is no single-law shortcut.

If a platform’s compliance story addresses only one law, the platform has not done compliance.

03What changed in October 2022.

Before October 1, 2022, the 職業安定法 covered services that acted on a direct request from a job seeker or an employer. Platforms that crawled public web data to build candidate databases — without any per-candidate sign-up — operated in a regulatory gray zone. The 2022 amendment closed that zone.

1. The definition expanded.

   募集情報等提供 was redrawn to include crawler-type platforms collecting candidate data without per-candidate request — creating the 第4号 category that many AI sourcing tools, regardless of where they were built, now sit inside.

2. A registration system was created.

   Any operator that collects candidate information for provision to employers must file 届出 (notification) with MHLW before beginning operation. Operating without filing is a criminal offense — up to 6 months’ imprisonment or a ¥300,000 fine under Article 65(7), with parallel penalties applying to the corporate entity under Article 67 (両罰規定).

3. New ongoing obligations attached.

   Filed providers must file an annual 概況報告書 (status report); maintain 的確な表示 (accurate display) of recruiting information; respond to candidate complaints; protect personal information separately from APPI obligations; and disclose the principal factors used to rank search results — a direct nod to AI scoring platforms.

The principal factors used in ranking are public-disclosure items. The underlying algorithm code and the calculation procedure that uses those factors are not. AI is not exempted.

04The APPI compliance stack.

APPI is not a single compliance test. It is a stack of obligations that apply at distinct points in the data lifecycle. An AI sourcing platform meets the stack only if every layer holds.

Acquisition (Art. 20) — Lawful means (適正な取得). Cannot acquire by methods that violate the source’s terms. Purpose (Art. 17, 18, 21) — Specify purpose of use as concretely as possible; publicly disclose; do not exceed scope. Security (Art. 23) — Organizational, personnel, physical, technical safeguards. External-environment awareness for overseas processing. Third-party provision (Art. 27) — Consent, opt-out filing, or 委託 (entrustment) framing for each provision to a client. Cross-border transfer (Art. 28) — If data is processed in a foreign country, additional consent and disclosure obligations apply. Data subject rights (Art. 32–35) — Disclosure, correction, deletion, cessation of use — accessible to the candidate.

Layer 1, Article 20, is where most foreign platforms break first. APPI requires data to be acquired by "fair means." Public visibility on the source site does not by itself make the means fair. If the source platform’s terms expressly prohibit automated collection, scraping is not within the "fair means" that Article 20 contemplates — regardless of whether the data is technically reachable to a logged-out browser.

The foreign-processor problem.

A common defense from foreign AI platforms is that data sits on AWS Tokyo, or on Japanese servers — therefore APPI cross-border rules don’t apply. The PPC has answered that defense directly.

PPC Q&A — verbatim translation: "When a domestic operator entrusts the handling of personal data to a foreign third party, the operator must implement security measures based on an understanding of the personal-information-protection regime in the foreign country. This obligation applies even where the personal data itself is stored on servers located within Japan." (PPC General Guidelines Q&A Q10-25.)

The implication: if your model runs on US-based OpenAI, Anthropic, or Google infrastructure, the operator is processing personal data through a foreign entity even if the storage layer is in Japan. The 外的環境の把握 (external-environment understanding) obligation under Article 23 attaches. So does Article 28 cross-border transfer analysis.

Under Japan’s adequacy framework, only the EU and the UK are recognized as equivalent to Japan’s regime. The United States is not. A platform sending Japan-sourced candidate data to US infrastructure cannot rely on adequacy.

"Our servers are in Japan" is not the answer when inference happens in Virginia.

05Where popular platforms fail.

Many of the AI sourcing platforms now actively sold into the Japan market — most of them built in the United States, marketed in English, and not built around either of the two laws above — share a recognizable pattern of compliance gaps. The pattern is not random; it follows from the way these platforms were architected.

1. The data supply chain begins with scraping.

   Most of the "tens of millions of profiles" databases marketed by foreign AI sourcing platforms are sourced, directly or indirectly, from LinkedIn. LinkedIn’s User Agreement (Section 8.2) prohibits using software, scripts, robots, crawlers, or browser plugins to scrape or copy profile data. Under APPI Article 20, data acquired in violation of the source’s terms is unlikely to qualify as "fair means" (適正な取得). Japanese law applies a different test from US CFAA precedent, and Japanese law is what governs Japan-resident data subjects.

2. No 特定募集情報等提供事業 filing.

   The MHLW filing is required before commencement of business. Almost no foreign-incorporated AI sourcing platforms have filed. Operating without filing is a criminal offense under Article 65(7) of the Employment Security Act. The dual-penalty provision in Article 67 means the corporate entity faces parallel liability alongside any responsible individuals.

3. Cross-border AI processing without Article 23 / 28 compliance.

   The defense that "we’re a US company, APPI doesn’t apply" fails on Article 171 (extraterritorial application). The defense that "data is stored in Japan" fails on PPC Q10-25. What is left is the actual obligation: external-environment understanding, documented security measures, and — for genuine third-party transfer — Article 28 consent or an adequacy-equivalent framework. The US is not on the adequacy list.

4. The cold-email model violates the Anti-Spam Act.

   Japan’s 特定電子メール法 requires prior opt-in consent before commercial email is sent — the inverse of the US CAN-SPAM regime, which permits unsolicited email with an opt-out path. Platforms that supply email addresses for cold outreach to Japan-resident candidates create direct exposure for every send. The recipient’s location, not the sender’s, is what triggers application.

The opt-out shortcut that doesn’t work.

Some platforms attempt to characterize their candidate-data provision to clients under the APPI Article 27(2) opt-out mechanism. The 2022 APPI amendment closed this path for any data that was itself acquired through opt-out or through improper means. The chain breaks at the second link.

Read together with the Article 20 "fair means" requirement, the practical consequence is sharp. If the upstream data was scraped from a site whose terms prohibit scraping, the data was arguably acquired through improper means. Once that determination is on the table, the opt-out provision path is unavailable downstream — for the original scraper, for any reseller, and for any AI platform that built its database on the resold data. There is no clean lane to occupy.

APPI Article 171 (formerly Article 75) applies extraterritorially to any operator handling personal information about persons in Japan in connection with providing goods or services to Japan. The data subject’s residency is what matters, not the operator’s.

Distance is not cover. The PPC’s reach follows the data subject, not the server.

06The Rikunabi precedent.

リクナビDMPフォロー remains Japan’s most consequential recruiting-data enforcement action. The PPC issued a corrective recommendation (勧告) against Recruit Career in August 2019, and a second one in December 2019 against both Recruit Career and its parent operating company Recruit Co., Ltd. MHLW issued a parallel administrative guidance under the 職業安定法. The case directly accelerated the 2020 APPI amendment.

The Rikunavi platform built a model to predict 内定辞退率 — the probability a student would decline an offer. Predictions were sold to 35 enterprise clients (Toyota, Mitsubishi, Denso, Honda’s research arm, others) for follow-up prioritization. Some 7,983 students initially — later expanded to 26,060 — had not given valid consent for third-party provision. Recruit’s Cookie-hash workaround was rejected: the PPC found Recruit could still re-identify, and the recipients could re-identify on their end.

Three principles flowed out of the case, and they apply directly to any AI recruiting platform operating in Japan today. One. AI prediction or scoring of candidate data is a use that must be specifically disclosed to the data subject — generic "to improve our services" language does not cover it. Two. Providing AI-generated predictions about candidates to employer clients is third-party provision of personal data, even when the predictions are derived rather than copied. Article 27 applies. Three. Hashing or pseudonymization fails when the receiving party can re-identify. The PPC rejected the argument as 極めて不適切 — "extremely inappropriate."

07The 2026 amendment.

On April 7, 2026, the Japanese Cabinet approved an APPI amendment bill and submitted it to the Diet. The bill is, in substance, a recalibration: it loosens consent requirements for some statistical and AI-training uses while sharply tightening enforcement on serious violations. Effective date is expected within 2 years of promulgation.

1. Administrative surcharges (課徴金). The bill introduces a surcharge regime for serious violations where the operator obtained economic benefit from the unlawful handling. The amount is calculated from the financial benefit obtained, not from turnover — closer to disgorgement than to GDPR’s percentage-of-revenue framework. Three eligibility conditions apply cumulatively: the violation must affect more than 1,000 individuals, the operator must have failed to exercise reasonable care, and there must be concrete rights or interest harm.

2. Heavier criminal penalties for unlawful provision. The bill raises the statutory penalty for unlawful provision of a personal-information database (currently 1 year’s imprisonment or a ¥500,000 fine under Art. 179) and extends the offense to provision carried out for the purpose of causing harm, in addition to the existing offense of provision for unlawful profit. The bill also creates a new offense for unlawful acquisition by deception or unauthorized access.

3. The processor (処理者) concept formalized. Clearer statutory treatment for data-processor relationships — the legal layer currently handled by 委託 framing for OpenAI, Google, AWS, and similar overseas infrastructure. Favorable for compliant AI operators; harder for non-compliant operators to hand-wave the cross-border processing question.

The 2022 ESA amendment criminalized unfiled crawler-type platforms. The 2026 APPI amendment adds disgorgement-style surcharges on top. Quieter than the EU’s framework — but real.

08What compliant operation looks like.

There is no certification body that can stamp a platform "compliant." What exists is a defensible posture — a set of design choices, registrations, and disclosures that, taken together, satisfy both regulatory regimes. The ten items below are what compliance counsel will look for.

1. Lawful data sources.

   Data acquired from licensed providers or candidate submissions, with documented provenance per record. No scraping of TOS-protected sites. (APPI Art. 20)

2. MHLW filing.

   Filed as 特定募集情報等提供事業者 under the correct 号 classification, before commencement of business. (ESA Art. 43-2)

3. Purpose disclosure.

   Specific, public, covering AI scoring, candidate matching, presentation to clients, scout-mail generation. (APPI Art. 17, 21)

4. Article 27 compliance.

   Each provision to a client characterized cleanly as consent, opt-out, or 委託 — and the chosen path actually working. (APPI Art. 27)

5. Article 23 / 28 compliance.

   External-environment understanding for overseas processors, documented security measures, US-jurisdiction assessment. (APPI Art. 23, 28)

6. Candidate rights.

   Accessible disclosure, correction, deletion, and cessation-of-use mechanisms for any data subject. (APPI Art. 32–35)

7. Ranking factor disclosure.

   Principal scoring factors public; algorithm code and weights can remain proprietary as 営業秘密. (ESA Art. 43-6)

8. Data accuracy measures.

   Regular synchronization with upstream data providers; documented correction process. (ESA Art. 5-4 + 43-3)

9. Complaints handling.

   Accessible complaints window with a documented response procedure and a designated owner. (ESA Art. 43-7)

10. Annual reporting.

    概況報告書 submitted to MHLW each August for the prior June 1 status. (ESA Art. 43-5)

Reading the ten items together is more useful than reading any one of them. A platform with strong purpose disclosure and weak data sourcing is not partially compliant; it is exposed at the upstream layer. A platform with clean acquisition but no MHLW filing has criminal exposure regardless of how well-drafted its privacy policy reads. The items are gates, not points to be averaged.

Above the floor: audited certification.

Beyond the basic 届出 filing, MHLW commissions a voluntary audited certification — the 優良募集情報等提供事業者認定制度. The audit covers seven categories: legal compliance, accurate display, personal-information handling, information disclosure, advertiser-side vetting (審査), complaints handling, and other governance items. The certification is the closest thing Japan has to a publicly visible compliance benchmark for recruiting platforms.

The numbers are worth pausing on. There are 6 services filed in the 第4号 category. Of those, 1 is currently 優良-certified. For HR procurement teams, the certification is one of the few signals available that does not depend on the vendor’s own marketing claims.

Compliance is a configuration. Either every gate is open in the right direction, or the configuration is broken — regardless of how nice the privacy policy reads.

09The customer’s liability.

APPI does not stop at the platform. When a Japanese employer or recruiting firm receives personal data from a third-party provider, the receiving party has its own confirmation duty under Article 30. The duty is straightforward: confirm the identity of the provider, confirm how the provider acquired the data, and confirm that the provider has a lawful basis for the provision. The duty is on the recipient, not the provider.

A Japanese enterprise — particularly a TSE-listed one — that buys candidate data from a non-compliant foreign platform inherits a piece of the compliance problem. If the upstream platform cannot demonstrate lawful acquisition, the recipient cannot satisfy Article 30. The data may still be useful to recruiters, but the company has signed up for direct APPI exposure if the matter ever surfaces — through a candidate complaint to the PPC, a competitor disclosure, or a regulatory inquiry.

This is not theoretical. Compliance-conscious Japanese enterprises are increasingly asking the question explicitly during procurement. The expected answer is documentation: a copy of the upstream platform’s 届出 filing, a written description of data sources, and confirmation of Article 23 / 28 / 27 posture. Vendors who cannot produce these documents are increasingly being filtered out at the procurement stage, before they reach a pilot.

The non-compliant vendor sells you data. The non-compliant vendor also sells you their compliance problem. Article 30 is the receipt.

10A self-audit you can run today.

Use these questions during your next vendor evaluation. Score one point per "yes" supported by a document the vendor will email you within 48 hours. Anything else is a "no."

1. Is the vendor filed as a 特定募集情報等提供事業者 with MHLW?

   Provide the 届出受理通知 number and the 号 classification.

2. For each candidate record, can the vendor produce the data source and acquisition path?

   Was the source’s terms-of-service consulted, and is automated collection permitted there?

3. Does the vendor’s privacy policy specifically disclose AI scoring, candidate matching, presentation to clients, and scout-mail generation as purposes of use?

   Is the disclosure in Japanese as well as English?

4. For overseas AI processing, has the vendor performed 外的環境の把握 on the relevant foreign jurisdictions (United States in particular), and is the assessment documented?
5. Are the principal ranking factors publicly disclosed in compliance with ESA Article 43-6?
6. Is there a candidate-side mechanism for disclosure, correction, deletion, and cessation-of-use requests, with a published response timeline?
7. For email outreach functionality, does the vendor obtain opt-in consent from each candidate before commercial messaging — as required by 特定電子メール法?

Score interpretation. 6–7 yes: vendor has done the compliance work; conduct the technical evaluation on its merits. 4–5 yes: material gaps; conditional engagement only, with documentation as a contractual closing condition. 2–3 yes: compliance posture is incomplete; procurement risk is high; legal review required before any pilot. 0–1 yes: vendor has not done the work. Buying their data buys their problem.

11Headhunt.AI, against the framework.

The remainder of this briefing is general. This section is not. It walks the operator behind Headhunt.AI — ExecutiveSearch.AI K.K. — through each item in Sections 8 and 10, in the same order any other operator should be able to walk through them. Some items are confirmed today; some are forward-looking and explicitly framed that way. The exercise is included for transparency, not as a compliance certificate.

ITEM 01 · MHLW filing. Status: filed; 受理番号 pending issuance (届出済・受理番号発行待ち). ExecutiveSearch.AI K.K. has completed its 第4号 特定募集情報等提供事業 filing with the 厚生労働大臣 under 職業安定法 第43条の2第1項. The filing will appear on the 人材サービス総合サイト upon issuance of the 届出受理番号.

ITEM 02 · Lawful data sources. Status: confirmed. Headhunt.AI does not directly scrape personal data from the open internet. The candidate database underlying the service is sourced through commercial licensing arrangements with established global data providers, governed by formal license agreements that authorize ExecutiveSearch.AI’s use of the data and the production of derived analytical outputs (such as candidate match scores) for delivery to enterprise users. The underlying agreements are maintained on file as a matter of contractual record. Provider data is collected from publicly available sources in compliance with applicable data-protection law in the jurisdictions of collection.

ITEM 03 · Purpose-of-use disclosure. Status: in current Privacy Policy. ExecutiveSearch.AI’s Privacy Policy enumerates the purposes for which personal information is processed within Headhunt.AI: AI-based candidate scoring and relevance assessment; matching candidate profiles against client-specified job requirements; presentation of candidate information to authorized client users; and generation of personalized outreach communications for use by client users. Each purpose is disclosed in advance of data being used for it, in accordance with 個人情報保護法 第17条 and 第21条.

ITEM 04 · 外的環境の把握 disclosure. Status: in current Privacy Policy. Headhunt.AI’s processing infrastructure includes United-States-based vendors for cloud and AI inference. The Privacy Policy includes a 外的環境の把握 disclosure identifying these foreign jurisdictions and the relevant legal regimes (notably US federal and state privacy law, including the California Consumer Privacy Act). Data Processing Agreements with each foreign vendor obligate the vendor to safeguards including no use of ExecutiveSearch.AI data for vendor model training, minimum-necessary transmission, short retention periods, and incident notification.

ITEM 05 · Ranking factor disclosure. Status: published on this page. The candidate ranking surfaced as the ESAI Score is generated by an AI model evaluating candidate profiles against client-specified job requirements. The principal factors considered (work-history relevance, educational background, skill alignment, language proficiency fit, industry experience) are publicly disclosed on this page, in keeping with the transparency framework contemplated by 職業安定法 第43条の6 and the relevant ministerial guidelines. Specific algorithmic weights and proprietary scoring logic are not disclosed; these are treated as the company’s 営業秘密.

ITEM 06 · Complaint and inquiry channel. Status: monitored business-day inbox with named owner. ExecutiveSearch.AI maintains a dedicated complaint and inquiry channel for privacy and personal-data matters at privacy-complaints@executivesearch.ai. The channel is monitored on business days by a designated internal owner, and is referenced in both this page and the Privacy Policy. It serves as the primary intake point for the complaint-handling system maintained under 職業安定法 第43条の7.

ITEM 07 · 優良認定 forward-looking. Status: aspirational, not committed. ExecutiveSearch.AI’s compliance approach is structured to align with the operational and governance standards associated with the 優良募集情報等提供事業者認定 framework. The company intends to consider applying for 優良認定 in a future certification cycle, once the operational track record required to support such an application has been established. This is a forward-looking intention rather than a commitment, and ExecutiveSearch.AI makes no representation about the timing or outcome of any future application.

12The honest take.

The Japan AI recruiting market is in the early innings of a regulatory consolidation that, in retrospect, will look obvious. The 2022 amendment criminalized operating without filing. The 2026 amendment adds disgorgement-style surcharges. The PPC has reach, the MHLW has a public registry, and Japanese enterprise procurement teams are increasingly asking the right questions before they sign.

The platforms that did the compliance work early — registered, disclosed, structured their data supply chain — will compound their position through this period. The platforms that operated on the assumption that "Japan won’t enforce" or that "the data is public" will discover, in stages, that the assumption was wrong. Some will adjust. Some will lose their Japan footprint when the first orders are issued and the first clients perform Article 30 due diligence.

For HR directors and procurement leads inside Japanese enterprises, the practical implication is simpler than the legal text suggests. The compliance question is no longer "can we get away with using this platform." It is "does the platform’s legal posture survive a one-page procurement memo."

The audit is not elaborate. Pull every AI candidate-sourcing tool currently in use across your company — the ones procurement signed off on, and the ones an enterprising recruiter put on a corporate card or personal expenses. Run the seven questions in Section 10 against each. Headhunt.AI was built to clear that bar; its operator’s posture is documented item-by-item in Section 11. Most foreign tools sold into Japan today were not built that way, and cannot.

Doing nothing is a decision, the same as any other. It just looks more like the present.