Telecommunications Business Notification in Japan for SaaS Companies
The Telecommunications Business Act (電気通信事業法, Denki Tsūshin Jigyō Hō) is Japan's primary law governing entities that provide telecommunications services—and its reach extends far beyond traditional phone companies and internet service providers. Under the Act, any business that "mediates communications between other persons" is classified as a telecommunications business operator, which means a large number of SaaS companies operating in Japan must file a notification (届出, todokede) with the Ministry of Internal Affairs and Communications (MIC) before commencing operations. With Japan's SaaS market valued at approximately ¥1.8 trillion (USD 12.2 billion) in 2025 and growing at a compound annual growth rate of over 13%, thousands of foreign software companies are entering a market where telecommunications compliance catches many operators off guard.
Key Takeaways
- Any SaaS platform that mediates communications between users—including messaging, chat, video conferencing, email, matching, or social features—qualifies as a telecommunications business under the Act and must file a notification with MIC before operating in Japan.
- The 2021 amendment extended the Act's extraterritorial reach to foreign companies—overseas SaaS operators serving Japanese users must comply with notification requirements and designate a domestic representative domiciled in Japan.
- The 2023 amendment introduced External Transmission Rules (外部送信規律)—Japan's cookie regulation—requiring notified telecom operators to disclose third-party data transmissions from user terminals.
- Penalties for non-compliance include fines up to ¥500,000 and imprisonment up to six months for notification violations, and fines up to ¥2,000,000 with three years imprisonment for registration violations.
- The notification filing is straightforward—typically processed within one to two weeks—but ongoing compliance obligations including External Transmission Rules and APPI requirements demand sustained attention.
Why SaaS Companies Fall Under the Telecommunications Business Act
The Telecommunications Business Act, enacted in 1984, defines "telecommunications" broadly as the transmission, switching, or reception of codes, sounds, or images by wire, radio, or other electromagnetic means. The critical legal test is whether a platform mediates communications between other persons (他人の通信を媒介する). According to the official English translation of the Act, it applies to any entity providing telecommunications services to the public. The MIC has clarified that services intermediating communications between users—including email, direct messaging, and closed online meeting services—fall within scope, meaning a SaaS platform does not need to operate physical network infrastructure to be classified as a telecommunications business operator.
Japan's telecommunications industry generated approximately ¥15.2 trillion in annual revenue in fiscal year 2023. Notification-filing operators represent the vast majority of businesses in this ecosystem, numbering in the tens of thousands. The barrier to filing is low, but the legal obligation to do so is absolute.
Registration vs. Notification: Two Tiers
The Act establishes two tiers of regulatory entry depending on whether the operator owns circuit-switching facilities (回線設備). For a broader explanation of how Japan's notification and permission tiers work across all industries, see our licensing system guide.
| Criteria | Registration (登録) | Notification (届出) |
|---|---|---|
| Who it applies to | Operators who install circuit-switching facilities | All other telecommunications business operators |
| Legal basis | Article 9 of the Act | Article 16 of the Act |
| Typical operators | ISPs with own infrastructure, mobile carriers, cable operators | SaaS with messaging, email services, VoIP, matching platforms |
| Government scrutiny | MIC reviews and approves the application | MIC receives the filing; does not approve or reject |
| Processing time | Several weeks to months | Typically 1–2 weeks |
| Penalty for non-compliance | Up to 3 years imprisonment / ¥2,000,000 fine | Up to 6 months imprisonment / ¥500,000 fine |
| Ongoing obligations | Secrecy of communications, user protection, annual reporting | Secrecy of communications, user protection, External Transmission Rules |
| Foreign operator requirement | Must appoint domestic representative in Japan | Must appoint domestic representative in Japan |
The vast majority of SaaS companies fall into the notification tier. Registration is reserved for operators that own or manage the physical telecommunications circuits—NTT, KDDI, SoftBank, and regional ISPs operating fiber or wireless infrastructure. If your company builds software running on AWS, Azure, or GCP, you are almost certainly in the notification category.
Which SaaS Companies Must File—and Which Are Exempt
The decisive question is whether your SaaS product mediates communications between users. The MIC applies this test broadly:
| SaaS Category | Examples | Notification Required? |
|---|---|---|
| Messaging / Chat platforms | Slack, Teams, Discord-type services | Yes—directly mediates user-to-user communications |
| Email services | Gmail, Outlook, ProtonMail-type services | Yes—transmits messages between identified parties |
| Web conferencing / Video calls | Zoom, Google Meet, Webex-type services | Yes—mediates real-time audio/video communications |
| Marketplaces / Matching platforms | Job boards, freelancer platforms, B2B procurement | Yes—enables communication between matched parties |
| Cloud telephony / VoIP | Twilio, RingCentral, cloud PBX services | Yes—provides voice communication infrastructure |
| Social networking features | Community platforms, forums with DMs | Yes—mediates exchanges between users |
| SaaS with embedded messaging | Project management tools with chat, CRM with client messaging | Yes—any in-app messaging connecting users triggers obligation |
| Pure data storage / processing | Cloud storage, data warehousing, ETL tools | No—no user-to-user communication mediated |
| Single-user analytics / BI tools | Dashboards, reporting platforms, data visualization | No—data is processed for individual operator use |
| CRM / ERP without messaging | Record management systems, accounting software | No—users manage records without communicating through the platform |
Important: Even if your core product is not a communications tool, a single messaging feature—such as in-app chat between users or a buyer-seller messaging function—can bring your entire platform within scope. The exemption boundary is narrow: if a CRM adds live chat or an analytics tool adds user-to-user collaboration, the platform crosses into telecommunications territory. Reassess your obligation each time you add communication features.
The 2021 Amendment: Extraterritorial Reach to Foreign Companies
The Act Partially Amending the Telecommunications Business Act (Act No. 30 of 2020), effective April 1, 2021, was a watershed moment for foreign SaaS companies. Prior to this amendment, foreign operators without a subsidiary or branch in Japan were not effectively subject to the Act. The 2021 amendment closed this gap by explicitly extending the Act's application to foreign operators providing telecommunications services to users in Japan. Under the amended framework, foreign operators must file a notification with MIC in the same manner as domestic operators, appoint a domestic representative or agent (国内における代表者又は代理人) domiciled in Japan, comply with all substantive obligations including protection of secrecy of communications (通信の秘密), and submit all filings in Japanese.
MIC guidelines clarify that foreign operators serving 10 million or more Japanese users in certain categories face enhanced obligations. However, the basic notification requirement applies regardless of user count—a foreign SaaS company with even a small number of Japanese users is within scope if its service mediates communications.
The 2023 Amendment: External Transmission Rules
Effective June 16, 2023, the External Transmission Rules (外部送信規律)—Japan's cookie regulation—require telecommunications business operators to inform users when information stored on their terminals is transmitted to third parties. This amendment, analyzed by Morrison Foerster's 2023 impact assessment, imposes three disclosure obligations: (1) a description of information transmitted (cookies, advertising IDs, browsing history), (2) the identity of receiving entities (e.g., Google Analytics, advertising networks), and (3) the purpose of use for each transmission.
Compliance can be achieved through public disclosure on the operator's website, individual user notification, opt-in consent, or opt-out mechanisms. According to the International Association of Privacy Professionals (IAPP), the rules explicitly discourage "default-on" consent mechanisms, requiring that consent be concrete and voluntary. Virtually every SaaS product using third-party analytics or advertising scripts is affected.
Notification Filing Process with MIC
The notification is submitted to the MIC's Telecommunications Bureau (総務省 総合通信基盤局). The filing is free of charge—unlike many other business licenses in Japan that carry application fees. For companies with an established Japanese entity, the end-to-end process typically takes three to four weeks. See our step-by-step licensing guide for the general process applicable across all license types.
| Step | Action | Details | Timeline |
|---|---|---|---|
| 1 | Appoint domestic representative | Designate a person domiciled in Japan for regulatory communications | Varies |
| 2 | Prepare notification documents | Complete MIC templates: application form, service description, network diagram (if applicable) | 1–2 weeks |
| 3 | Translate and review | All documents must be in Japanese; engage a gyosei shoshi or legal counsel | 1–2 weeks |
| 4 | Submit notification to MIC | File with the Telecommunications Bureau; MIC receives but does not approve or reject | 1–2 weeks processing |
| 5 | Receive notification number | MIC issues a telecommunications business notification number confirming the filing | Included in processing |
| 6 | Implement ongoing compliance | Secrecy of communications, External Transmission Rules, annual reporting | Ongoing |
When classification is ambiguous, the MIC's Telecommunications Bureau accepts informal consultation inquiries. Pre-filing consultation is recommended for SaaS companies whose products sit near the boundary between communications and non-communications functionality.
Penalties for Non-Compliance
The Act imposes criminal penalties on operators who fail to file. Operating without notification carries up to 6 months imprisonment and a fine of up to ¥500,000. Operating without required registration carries up to 3 years imprisonment and a fine of up to ¥2,000,000. Violating the secrecy of communications carries up to 2 years imprisonment and a fine of up to ¥1,000,000. MIC can also issue business improvement orders (業務改善命令) and service suspension orders.
For foreign companies, non-compliance creates cascading risks: visa complications for Japan-based personnel, difficulties with bank account maintenance, and reputational damage with Japanese enterprise clients. According to the DLA Piper telecoms enforcement overview, Japan's enforcement posture has strengthened considerably since the 2021 amendments brought foreign operators within the regulatory framework.
Related Obligations: APPI, Privacy Mark, and ISMS
SaaS companies in Japan frequently encounter three additional compliance frameworks that are often confused with telecommunications licensing. The Act on the Protection of Personal Information (APPI), amended most recently in April 2022, applies to any business handling personal information of individuals in Japan and is a separate legal obligation from the telecommunications notification. The 2023 External Transmission Rules function as a sector-specific supplement to APPI's general framework, meaning telecom operators face overlapping data protection duties. Privacy Mark (Pマーク), administered by JIPDEC, is a voluntary certification held by approximately 17,000 Japanese companies—many enterprise procurement processes treat it as a de facto vendor prerequisite. ISMS Certification (ISO/IEC 27001) is similarly voluntary, held by approximately 7,000 organizations in Japan, and increasingly required by enterprise clients for SaaS vendors handling sensitive data.
Common misconception: Privacy Mark or ISMS certification does not substitute for telecommunications business notification. The notification is a legal obligation under the Telecommunications Business Act; Privacy Mark and ISMS are voluntary certifications addressing information security management. A SaaS company mediating user communications needs all applicable frameworks.
Frequently Asked Questions
Does a SaaS company need to incorporate in Japan to file a telecommunications business notification?
No. The 2021 amendment explicitly allows foreign companies without a Japanese entity to file. However, the operator must appoint a domestic representative domiciled in Japan. Most foreign SaaS companies establish a local KK or GK for broader commercial reasons and file the notification through that entity.
If my SaaS product only has a small number of Japanese users, do I still need to file?
Yes. The Act does not set a minimum user threshold for the basic notification obligation. The enhanced obligations for operators with 10 million or more users apply to additional disclosure requirements, but the fundamental notification applies to any operator providing telecommunications services to users in Japan, regardless of scale.
What is the difference between the telecommunications notification and APPI compliance?
The telecommunications notification is a regulatory filing with MIC confirming that your company operates a telecommunications service. APPI is a separate data protection law administered by the Personal Information Protection Commission (PPC) governing how all businesses collect, use, and transfer personal information. SaaS companies mediating communications must comply with both frameworks.
How do the External Transmission Rules affect SaaS companies using analytics tools?
If your SaaS company has filed a telecommunications business notification, the 2023 External Transmission Rules require you to inform users that third-party scripts like Google Analytics, advertising pixels, and performance monitoring tools are transmitting data from their devices to external servers. You must disclose what information is transmitted, to whom, and for what purpose. Failure to comply may result in MIC business improvement orders.
Japan's telecommunications regulatory framework is expanding, and SaaS companies that once operated outside its boundaries are finding themselves within scope. AQ Partners provides end-to-end regulatory compliance support for SaaS companies entering Japan, from telecommunications notification filing through ongoing data protection and corporate compliance. Contact us at hello@aqpartners.jp to assess your notification obligations and build a compliant operational framework.
Yuga Koda is a founding Director at AQ Partners, supporting foreign companies, funds, and families operating in Japan. His experience operating companies in both Japan and international markets gives him a practical understanding of back office operations from both sides.