AI sourcing compliance in Japan: APPI, the Employment Security Act, and what your procurement team needs to verify.

Why this is a procurement question, not a legal-department question

For most of the period from 2018 through about 2023, the conversation about AI sourcing platforms in Japan inside enterprise procurement teams went something like this: the recruiter wanted to try a new tool; the procurement team asked legal whether it was OK; legal said "make sure the data is GDPR-equivalent"; procurement signed something. The conversation stopped there because the law itself was unsettled — the October 2022 ESA amendment was new, the 第4号 category had almost no filings yet, and the PPC had not issued Q&A on the foreign-processor question.

That conversation has changed. The amendment is now three and a half years old, the 第4号 registry has stable numbers, the PPC has issued the Q&A that closes the "our servers are in Japan" defense, the Rikunabi precedent has matured into a body of operating principles for any AI scoring platform, and the 2026 amendment has been formally introduced. Compliance counsel inside Japanese enterprises now has all the source material needed to take a position. What that means inside procurement is that "make sure the data is GDPR-equivalent" no longer answers the question — because GDPR-equivalence is the wrong test under Japanese law for Japan-resident candidates.

The actual procurement test now sits in two places. The first is APPI Article 30, which places a confirmation duty on the recipient of personal data from a third-party provider — meaning the company buying candidate data from a non-compliant upstream platform inherits part of the upstream compliance problem if the matter ever surfaces through a candidate complaint to the PPC, a competitor disclosure, or a regulatory inquiry. The second is the operational reality that compliance-conscious Japanese enterprises — particularly TSE-listed ones — are increasingly asking the question explicitly during procurement, and expecting documentation as the answer. Vendors that cannot produce a 届出受理通知 number, a written description of data sources, and confirmation of Article 23 / 28 / 27 posture within a few business days are increasingly being filtered out at procurement before they reach a pilot.

The legal text is published. The procurement memo that flows from it is the new battleground. The rest of this article is the procurement memo.

The two laws, in one paragraph each

APPI — Act on the Protection of Personal Information / 個人情報保護法. Governs personal data — every record about an identifiable Japan-resident individual, regardless of where the operator is incorporated or where the server sits. Regulator: PPC (個人情報保護委員会). No registration is required, but six categories of substantive obligation attach: lawful acquisition (Article 20), purpose specification and disclosure (Articles 17, 18, 21), security and external-environment understanding (Article 23), third-party provision rules (Article 27), cross-border transfer rules (Article 28), and data-subject rights (Articles 32–35). APPI Article 171 (formerly Article 75) gives the law extraterritorial reach over any operator handling personal information about persons in Japan in connection with providing goods or services to Japan. Maximum corporate fine under the current regime: ¥100 million.

Employment Security Act — 職業安定法. Governs the act of providing candidate information to employers — which is what every AI sourcing platform does at the moment it returns a ranked candidate list to a paying client. Regulator: MHLW (厚生労働省, the Ministry of Health, Labour and Welfare). 届出 (notification filing) is required before commencement of business under Article 43-2, with operators classified into four 号 categories. Operating without filing is a criminal offense under Article 65(7) — up to 6 months’ imprisonment or a ¥300,000 fine — with parallel corporate liability under Article 67 (両罰規定). Filed providers carry ongoing obligations: annual 概況報告書 (status report) submission per Article 43-5, accurate display per general MHLW guidance, complaints handling per Article 43-7, ranking-factor disclosure per Article 43-6, and data-accuracy measures per Article 5-4 read together with Article 43-3.

Both laws apply at the same time. A platform incorporated in California, sourcing from public LinkedIn data, processing on US-based AI infrastructure, and selling subscriptions to Tokyo recruiters needs to satisfy both regimes. There is no single-law shortcut. If a platform’s compliance story addresses only one of the two, the platform has not done compliance.

What changed in October 2022 — and why your existing US-built tool may now be illegal

Before October 1, 2022, the 職業安定法 covered services that acted on a direct request from a job seeker or an employer. Platforms that crawled public web data to build candidate databases — without any per-candidate sign-up — operated in a regulatory gray zone. The 2022 amendment closed that zone. Three changes mattered for AI sourcing.

One. The definition expanded. 募集情報等提供 was redrawn to include crawler-type platforms collecting candidate data without per-candidate request — creating the 第4号 category that many AI sourcing tools, regardless of where they were built, now sit inside. The architectural pattern of "scrape the public web at scale, build a database, score candidates against employer queries, return a ranked list" maps cleanly onto the 第4号 definition. Where a platform was incorporated does not change the analysis.

Two. A registration system was created. Any operator that collects candidate information for provision to employers must file 届出 (notification) with MHLW before beginning operation, per ESA Article 43-2. Operating without filing is a criminal offense — up to 6 months’ imprisonment or a ¥300,000 fine under Article 65(7), with parallel penalties applying to the corporate entity under Article 67 (両罰規定). The phrase "before beginning operation" is doing real work in this provision; it means there is no retroactive cure. A platform that has been operating in Japan since 2020 without filing is in violation today and was in violation yesterday.

Three. New ongoing obligations attached. Filed providers must submit an annual 概況報告書 (status report) per Article 43-5; maintain 的確な表示 (accurate display) of recruiting information; respond to candidate complaints under a documented procedure (Article 43-7); protect personal information separately from APPI obligations; and disclose the principal factors used to rank search results (Article 43-6). The ranking-disclosure rule is a direct nod to AI scoring platforms — MHLW’s Q&A on the amendment is explicit that the principal factors used in ranking are public-disclosure items, while the underlying algorithm code and the calculation procedure that uses those factors are not. AI is not exempted. AI scoring platforms must disclose what their score is built from, even if the model itself remains proprietary as 営業秘密.

Four structural gaps in foreign AI sourcing platforms

Many of the AI sourcing platforms now actively sold into the Japan market — most of them built in the United States, marketed in English, and not built around either of the two laws above — share a recognizable pattern of compliance gaps. The pattern is not random; it follows from the way these platforms were architected. Four gaps recur.

Gap 1 — The data supply chain begins with scraping. Most of the "tens of millions of profiles" databases marketed by foreign AI sourcing platforms are sourced, directly or indirectly, from LinkedIn. LinkedIn’s User Agreement (Section 8.2) prohibits using software, scripts, robots, crawlers, or browser plugins to scrape or copy profile data. Under APPI Article 20, data acquired in violation of the source’s terms is unlikely to qualify as "fair means" (適正な取得). A US court may take a different view on whether scraping public data violates the Computer Fraud and Abuse Act — that is a US statutory question. Japanese law applies a different test, and Japanese law is what governs Japan-resident data subjects.

Gap 2 — No 特定募集情報等提供事業 filing. The MHLW filing is required before commencement of business. Almost no foreign-incorporated AI sourcing platforms have filed. Operating without filing is a criminal offense under Article 65(7) of the Employment Security Act. The dual-penalty provision in Article 67 means the corporate entity faces parallel liability alongside any responsible individuals — which is why this is not a "we’ll fix it later" item for any platform that intends to keep selling into Japan.

Gap 3 — Cross-border AI processing without Article 23 / 28 compliance. The defense that "we’re a US company, APPI doesn’t apply" fails on Article 171 (extraterritorial application). The defense that "data is stored in Japan" fails on PPC Q10-25 (the foreign-processor rule, addressed below). What is left is the actual obligation: external-environment understanding, documented security measures, and — for genuine third-party transfer — Article 28 consent or an adequacy-equivalent framework. Under Japan’s adequacy framework, only the EU and the UK are recognized as equivalent to Japan’s regime. The United States is not.

Gap 4 — The cold-email model violates the Anti-Spam Act. Japan’s 特定電子メール法 requires prior opt-in consent before commercial email is sent — the inverse of the US CAN-SPAM regime, which permits unsolicited email with an opt-out path. Platforms that supply email addresses for cold outreach to Japan-resident candidates create direct exposure for every send. The recipient’s location, not the sender’s, is what triggers application. A US platform that hands a Tokyo recruiter a list of 5,000 Japan-resident email addresses and a "send" button has supplied a 5,000-violation pipeline.

The “our servers are in Japan” defense — closed by PPC Q10-25

A common defense from foreign AI platforms is that data sits on AWS Tokyo, or on Japanese servers — therefore APPI cross-border rules don’t apply. The PPC has answered that defense directly, in PPC General Guidelines Q&A Q10-25: when a domestic operator entrusts the handling of personal data to a foreign third party, the operator must implement security measures based on an understanding of the personal-information-protection regime in the foreign country. The obligation applies even where the personal data itself is stored on servers located within Japan. The test is where processing happens, not where storage sits.

The implication for AI recruiting platforms is direct. If the model runs on US-based OpenAI, Anthropic, or Google infrastructure, the operator is processing personal data through a foreign entity even if the storage layer is in AWS Tokyo. The 外的環境の把握 (external-environment understanding) obligation under Article 23 attaches. So does Article 28 cross-border transfer analysis, depending on the legal characterization (entrustment vs third-party provision) of the processor relationship. "Our servers are in Japan" is not the answer when inference happens in Virginia.

The Rikunabi precedent — what it locked in for AI scoring

リクナビDMPフォロー remains Japan’s most consequential recruiting-data enforcement action. The PPC issued a corrective recommendation (勧告) against Recruit Career in August 2019, and a second recommendation in December 2019 against both Recruit Career and its parent operating company Recruit Co., Ltd. MHLW issued parallel administrative guidance under the 職業安定法. The case directly accelerated the 2020 APPI amendment.

The platform built a model to predict 内定辞退率 — the probability a student would decline an offer. Predictions were sold to 35 enterprise clients (Toyota, Mitsubishi, Denso, Honda’s research arm, others) for follow-up prioritization. Some 7,983 students initially — later expanded to 26,060 — had not given valid consent for third-party provision. Recruit’s Cookie-hash workaround was rejected: the PPC found Recruit could still re-identify, and the recipients could re-identify on their end. The PPC characterized the construct as 極めて不適切 — extremely inappropriate.

Three principles flowed out of the case, and they apply directly to any AI recruiting platform operating in Japan today.

One. AI prediction or scoring of candidate data is a use that must be specifically disclosed to the data subject. Generic "to improve our services" language does not cover it. The Privacy Policy needs to enumerate AI scoring, candidate matching, presentation to clients, and scout-mail generation as distinct purposes of use.

Two. Providing AI-generated predictions about candidates to employer clients is third-party provision of personal data, even when the predictions are derived rather than copied. Article 27 applies. The provider needs a clean Article 27 lane (consent, opt-out filing, or 委託 entrustment), and the chosen lane has to actually work — which the next section unpacks for the opt-out specifically.

Three. Hashing or pseudonymization fails when the receiving party can re-identify. The PPC rejected the Recruit Cookie-hash construct as 極めて不適切. Any AI sourcing platform that relies on a "we don’t directly hold the personal data, we hold a hashed identifier" architecture should treat this principle as load-bearing — the test is what the receiving party can do with the hashed identifier in the recipient’s own system, not what the providing party can prove on its own infrastructure.

The opt-out shortcut that doesn’t work

Some platforms attempt to characterize their candidate-data provision to clients under the APPI Article 27(2) opt-out mechanism — file with the PPC, publicly disclose, maintain an accessible opt-out, and provide without per-candidate consent. The 2022 APPI amendment closed this path for any data that was itself acquired through opt-out or through improper means. The chain breaks at the second link. Read together with the Article 20 "fair means" requirement, the practical consequence is sharp: if the upstream data was scraped from a site whose terms prohibit scraping, the data was arguably acquired through improper means. Once that determination is on the table, the opt-out provision path is unavailable downstream — for the original scraper, for any reseller, and for any AI platform that built its database on the resold data. There is no clean lane to occupy.

The 2026 amendment — surcharges enter the picture

On April 7, 2026, the Japanese Cabinet approved an APPI amendment bill and submitted it to the Diet. The bill is, in substance, a recalibration: it loosens consent requirements for some statistical and AI-training uses while sharply tightening enforcement on serious violations. Effective date is expected within two years of promulgation. Three changes matter for AI sourcing.

One. Administrative surcharges (課徴金). The bill introduces a surcharge regime for serious violations where the operator obtained economic benefit from the unlawful handling. The amount is calculated from the financial benefit obtained, not from turnover — closer to disgorgement than to GDPR’s percentage-of-revenue framework. Three eligibility conditions apply cumulatively: the violation must affect more than 1,000 individuals, the operator must have failed to exercise reasonable care, and there must be concrete rights or interest harm. The five surcharge-eligible offense types are enumerated and limited (improper use; improper acquisition followed by use; unconsented third-party provision; provision to a third party expected to use the data unlawfully; and breach of the new statistical-creation special-rule conditions). Surcharges do not apply to ordinary security-measure failures or accidental leaks.

Two. Heavier criminal penalties for unlawful provision. The bill raises the statutory penalty for unlawful provision of a personal-information database (currently 1 year’s imprisonment or a ¥500,000 fine under Article 179) and extends the offense to provision carried out for the purpose of causing harm, in addition to the existing offense of provision for unlawful profit. The bill also creates a new offense for unlawful acquisition by deception or unauthorized access.

Three. The processor (処理者) concept formalized. Clearer statutory treatment for data-processor relationships — the legal layer currently handled by 委託 framing for OpenAI, Google, AWS, and similar overseas infrastructure. Favorable for compliant AI operators; harder for non-compliant operators to hand-wave the cross-border processing question.

The combined picture matters. The 2022 ESA amendment criminalized unfiled crawler-type platforms. The 2026 APPI amendment adds disgorgement-style surcharges on top. Quieter than the EU’s framework — but real, and the financial-benefit-based calculation makes the math more serious for any platform whose business model depends on unlawful data handling at scale.

The customer’s liability under Article 30

APPI does not stop at the platform. When a Japanese employer or recruiting firm receives personal data from a third-party provider, the receiving party has its own confirmation duty under Article 30. The duty is straightforward: confirm the identity of the provider, confirm how the provider acquired the data, and confirm that the provider has a lawful basis for the provision. The duty is on the recipient, not the provider.

A Japanese enterprise — particularly a TSE-listed one — that buys candidate data from a non-compliant foreign platform inherits a piece of the compliance problem. If the upstream platform cannot demonstrate lawful acquisition, the recipient cannot satisfy Article 30. The data may still be useful to recruiters, but the company has signed up for direct APPI exposure if the matter ever surfaces — through a candidate complaint to the PPC, a competitor disclosure, or a regulatory inquiry.

This is not theoretical. Compliance-conscious Japanese enterprises are increasingly asking the question explicitly during procurement. The expected answer is documentation: a copy of the upstream platform’s 届出受理通知, a written description of data sources, and confirmation of Article 23 / 28 / 27 posture. Vendors who cannot produce these documents are increasingly being filtered out at the procurement stage, before they reach a pilot.

A seven-question self-audit you can run today

The audit below is what we use ourselves when we evaluate other recruiting tools, and it is what we expect to be asked when a client evaluates us. Score one point per "yes" supported by a document the vendor will email you within 48 hours. Anything else is a "no."

How Headhunt.AI sits on the framework

The remainder of this article is general. This section is not. It walks the operator behind Headhunt.AI — ExecutiveSearch.AI K.K. — through each item in the seven-question audit and the underlying ten-item compliance framework, in the same order any other operator should be able to walk through them. Some items are confirmed today; some are forward-looking and explicitly framed that way. The exercise is included for transparency, not as a compliance certificate.

For deeper, longer-form treatment of each item — including verbatim PPC Q&A excerpts, fuller discussion of the Rikunabi precedent, and the underlying APPI / ESA articles — see our compliance briefing, available as a downloadable A4 PDF in English and Japanese.

What honest limits look like

An honest read of where this article and the framework it describes don’t go far enough. Two limits, written from the desk that runs the platform daily.

Frequently asked questions

Sources

Primary sources cited in this article: 個人情報保護法 (e-Gov 法令検索); 職業安定法 (e-Gov 法令検索); 個人情報保護委員会 General Guidelines Q&A (notably Q10-25 on the foreign-processor question); 厚生労働省 「特定募集情報等提供事業概況報告書」集計結果 (令和7年6月1日時点・令和8年3月公表); 優良募集情報等提供事業者認定制度 public certification list (yuryonintei.com, MHLW 委託事業 site, accessed April 2026); MHLW 改正法 Q&A on the October 2022 ESA amendment; the April 7, 2026 Cabinet bill on APPI amendment; and the public PPC corrective recommendations on the Rikunabi DMP follow case (August 2019, December 2019). For deeper, longer-form treatment of each item, see our compliance briefing (Briefing 07 in our Insights series), available as a downloadable A4 PDF in English and Japanese. Methodology and editorial standards: see our methodology page · /about/editorial-standards.html. This article is reviewed and refreshed within fourteen days of any material legal or regulatory change per the editorial-standards refresh cadence.