Clifford Chance

A new ex-ante regulation in Japan, the Act on Promotion of Competition for Specified Smartphone Software (Act), prohibits the prevention of alternative app stores, alternative in-app payment systems, anti-steering arrangements, and alternative browser engines. The Act is similar to the EU's Digital Markets Act, and a major milestone in building the digital future and strategy of Japan, aiming to develop a competitive environment for mobile software. Designated mobile software providers are allowed to take necessary exceptional measures for the purpose of protecting security and privacy, the details of which are expected to be covered in upcoming guidelines.

Key Takeaways (TL;DR)

• A new ex-ante regulation in Japan, the Act on Promotion of Competition for Specified Smartphone Software, prohibits the prevention of alternative app stores, alternative in-app payment systems, anti-steering arrangements, and alternative browser engines.
• Under the new Act, the JFTC will designate certain providers of mobile OS, app stores, browsers and search engines, which will be subject to the obligations under the Act.
• Designated mobile OS providers should allow third-party app stores on their OS.
• Designated app store providers may not prevent developers from using third-party in-app payment systems, may not prevent app developers from providing products and services through websites outside of their apps, and may not prevent app developers from using third-party browser engines.
• When implementing these obligations, designated providers may take certain exceptional measures to protect security, privacy and young people.
• ·The JFTC will enforce the Act and prepare guidelines with details of the obligations applicable to designated operators.
• The Act is scheduled to come into force by December 2025.

Background

Japan has been evaluating competition policy in digital markets for more than five years.

In December 2018, the Japanese government published fundamental principles for the improvement of rules relating to the rise of digital platform businesses. In accordance with these principles, the Japanese government established the Headquarters for Digital Market Competition (HDMC) in September 2019, with the aim of promoting competition and innovation in digital markets.

The HDMC has since addressed many competition policy issues relating to app stores, e-commerce and digital advertising, among others. In April 2022, the HDMC published an interim report on the competition assessment of mobile ecosystems (Interim Report), indicating that (i) there is an oligopoly by platform providers (e.g., Google and Apple) in mobile ecosystems and (ii) platform providers are strengthening and securing their influence within mobile ecosystems by effectively determining various rules in each layer of the mobile ecosystem. The Interim Report identified issues relating to 27 types of conduct within mobile ecosystems (e.g., prohibition of alternative app stores by Apple, direct downloading restrictions, and obligations related to in-app payment systems). For many of these issues, the HDMC suggested ex-ante regulations.

After gathering public opinions and comments on the Interim Report, the HDMC published a final report on its analysis of competition in the mobile ecosystem in June 2023 (Final Report). It suggested ex-ante regulations to address issues surrounding mobile ecosystems, for instance, an app store provider (i) may not require app developers to use the app store providers' own in-app payment system and (ii) must allow app developers to provide information regarding alternative purchase channels and to offer digital products outside the app to users, without any payment to the app store provider. The Final Report also indicated that mobile operating system (OS) providers should be required to allow third parties who offer sufficient security and privacy protection to distribute apps.

In parallel, the Japan Fair Trade Commission (JFTC) conducted a market survey and published a market study report on mobile OS and mobile app distribution in February 2023, identifying similar issues to those addressed in the HDMC's reports.

Based on the findings by the above reports and public comments received on the HDMC's Final Report, the HDMC and the JFTC prepared the Act on Promotion of Competition for Specified Smartphone Software, which the Japanese Diet adopted on 12 June 2024.

Scope of Act

The Act covers specific software used for smartphones, namely mobile OS, app stores, browsers and search engines. The regulations in the Act apply to providers of such software whom the JFTC designates based on the scale of their business, for each software. Details of the criteria for designation will be included in the implementing regulations of the Act. However, it is expected that Apple and Google as the leading providers of mobile ecosystem software and services will be designated.

The Act applies to designated providers' conduct in Japan regarding the mobile software designated for each provider. The Act focuses on software for mobile phones, while software for tablets, PCs and IoTs (e.g., TVs) falls outside the scope of the Act.

Key Obligations

Alternative app stores

Designated mobile OS providers may not prevent other companies from providing alternative app stores through their mobile OS, or prevent smartphone users from using alternative app stores through their mobile OS (Article 7.1). If designated, Apple may therefore not prohibit the distribution of alternative app stores on iOS.

However, the Act does not require designated mobile OS providers to allow direct downloading.

Also, designated mobile OS providers may take necessary exceptional measures to protect security, privacy and young people, that override the obligation to allow unfettered access to alternative app stores, if it is difficult to achieve these purposes by alternative measures.

The supplementary resolution of the Act by the Japanese National Diet specifically states that the JFTC's guidelines should clarify its approach to the prohibition on preventing alternative app stores access to designated mobile OS and ensure that designated providers do not effectively restrict entry into the market in relation to app stores, for instance, by charging unreasonably high fees.

Alternative in-app payment systems

Designated app store providers may not require as a condition for the distribution of apps through their app stores that app developers use the designated provider's own in-app payment systems. Designated app store providers also may not prevent app developers from (i) using third parties' in-app payment systems and (ii) allowing users to make payments without using in-app payment systems (Art. 8.1).

At the same time, designated app store providers are allowed to take necessary exceptional measures to protect security, privacy and young people without breaching this obligation.

Anti-steering

Designated app store providers should allow app developers to display, during the use of the app, the price of products and services on channels outside of an app, and may not prevent app developers from providing products and services through external websites (Article 8.2). This obligation is expected to cover in-app links which steer users to websites outside of the app.

By way of exception, designated app store providers may implement necessary measures to protect security, privacy and young people.

Alternative browser engines

Designated app store providers may not prevent app developers from using third-party browser engines (Article 8.3).

In implementing this obligation, designated app store providers are permitted to take necessary exceptional measures to protect security, privacy and young people.

Choice screen and default settings

Designated providers of mobile OS and browsers must enable users to change default settings easily, and must offer choice screens with similar services for browsers and search services (and others which may be specified in the implementing regulations of the Act) (Articles 12-1 and 12-2).

No self-preferential treatment by search engines

Designated search engine providers may not favour their own products or services over competitors' products or services in the search results of their own search engines, without any reasonable justification (Article 9).

No unfair use of data

Designated providers may not use the data obtained through their own mobile OS, app stores and browsers for the purpose of providing products or services competing with other app developers (Article 5).

No unfair treatment, no restriction of access

Designated mobile OS and app store providers are prohibited from treating app developers in a discriminatory manner or unfairly (Article 6).

Designated mobile OS providers may not prevent other app developers from using features controlled by the mobile OS with the same level of performance 

as used by the designated mobile OS providers themselves (Article 7-2). In this context as well, an exception exists to allow designated mobile OS providers to take necessary exceptional measures to protect security, privacy and young people.

Other provisions

Designated providers must disclose conditions for use of data they obtain from mobile OS, app stores and browsers (Article 10), implement data portability measures to transfer the data at the request of users (Article 11), and disclose changes in the specifications or terms and conditions of mobile OS, app store and browsers with sufficient notice (Article 13).

Designated providers are required to report their compliance status regarding the Act to the JFTC annually (Article 14).

Exceptional measures to protet security, privacy, and young people 

As indicated above, the Act foresees that designated providers may take exceptional measures if those measures are necessary to protect security, privacy and young people and it is difficult to achieve these purposes by alternative measures. Although the Act does not make clear what "alternative measures" mean, the supplementary resolution of the Act by the Japanese National Diet indicated that, when designated providers conduct exceptional measures, the relevant government officials must prevent excessive measures from being taken on the grounds of security, privacy, and protection of young people. Also, the English summary of the Act prepared by the JFTC uses the term "less competition-restricting measures" instead of simply saying "alternative measures".

The guidelines that the JFTC will prepare will likely include further details of permitted exceptional measures. Also, purposes other than security, privacy and protection of young people may be added in the implementing regulations relating to the Act.

Prohibition of circumvention 

The Final Report indicated that rules to prohibit circumvention of the Act are needed to make sure that digital platform providers' conduct does not harm competition even where the legislation does not prohibit specific anticompetitive conduct. For example, the Final Report indicated that Apple and Google imposed on app developers obligations to pay 26% or 27% fees in South Korea and the Netherlands for access to third-party billing systems, and that these fees precluded other payment or billing systems from being fully utilized, and that various restrictions imposed on links to external websites hinder the smooth use of those links.

The Act does not include an express anti-circumvention obligation. However, in order to address these circumvention concerns, certain prohibitions under the Act, for instance relating to alternative app stores, alternative in-app payment systems, anti-steering and alternative browser engines, require that designated operators "shall not prevent" certain actions of alternative service providers. Such broad wording could capture circumvention attempts by designated providers – the JFTC could consider a diverse array of measures as "preventing" alternative services.

The supplementary resolution of the Act by the Japanese National Diet stated that the meaning of "prohibition of circumvention" should be clarified in the guidelines and implementation of the Act. Hence, the JFTC's upcoming guidelines are expected to provide further details regarding the Act's anti-circumvention prohibition.

Penalties 

If designated providers breach the obligations under the Act, the JFTC may issue a cease-and-desist order, which may include an injunction and partial divestment of business (Article 18). The JFTC can also impose fines, but only for violations of Articles 7, 8-1 and 8-2 of the Act, of up to 20% of the turnover in sales of goods or services connected to the infringement supplied by the designated provider (including its group companies) during the infringement period (Article 19). Moreover, for a repeated infringement within a period of ten years, the maximum fine can be increased from 20% to 30% (Article 20). In addition to the above, criminal penalties are stipulated for certain breaches such as the breach of a cease-and-desist order.

The level of fines is high, compared to existing antitrust law in Japan. For example, the fine for cartel activities is 10% of the turnover from sales of goods or services supplied by the company during the period of infringement (which may be increased to 15% in case of repeated infringement). This illustrates that the Japanese government considers the breach of the Act to be very serious and the obligations under the Act are of fundamental importance to the Japanese digital economy.

In addition, the Act foresees a third-party complaint system. Any person may complain to the JFTC and request that appropriate measures be taken if such person believes that there has been an infringement of the Act (Article 15.1). The Act stipulates that designated providers may not treat such person disadvantageously based on the fact that they have complained (Article 15.2) and if designated providers breach this obligation, the JFTC may issue cease and desist recommendations and orders (Article 30). In this regard, the supplementary resolution of the Act by the Japanese National Diet stated that in order to protect those who have reported violations of this Act and requested measures to the JFTC, appropriate implementation of necessary measures such as recommendations and orders against designated operators pursuant to Article 30 of this Act should be done.

Comparison with other jurisdictions

EU

The Act is similar to the EU Digital Markets Act (DMA) but there are some important differences. For example, the DMA applies to a broader range of online "core platform services", regardless of the type of platform on which they are used, while the Act only applies to software and services specifically necessary for the use of mobile phones, i.e., mobile OS, app stores, browsers and search engines.

Many of the Act's obligations seem to have been inspired by the DMA. However, not all of the DMA's obligations are featured in the Act or they have a different scope. For example, unlike the DMA's direct downloading obligation – (DMA Article 6(4)) – the Act does not require designated operators to allow direct downloading. In relation to steering, while the DMA (Article 5(4)) explicitly stipulates that gatekeepers are in principle required to allow developers using their app store to promote offers to end users "free of charge" (with a potential narrow exception of remuneration for "initial acquisition" of a user), the Act does not oblige designated providers to allow app developers to steer users to their own website "free of charge". Instead, the Act requires designated providers not to prevent app developers from providing products and services through websites outside of the app store. Designated providers would likely only breach the prohibition if any fee imposed by designated providers effectively prevented app developers from offering products or services on their own (or third-party) websites.

Like the DMA (Article 6(5)), the Act prohibits self-preferencing in search results. However, the Act (Article 9) seems to be a bit more nuanced, as it allows, unlike the DMA, designated operators to provide a justification for self-preferencing. The EU DMA (Article 6(12)) requires gatekeepers to provide fair, reasonable and non-discriminatory (FRAND) general conditions of access to their app stores, online search engines and online social networks; the Act seems to go further though, as it prohibits unfair or discriminatory treatment of app developers regarding the use of mobile OS and app stores (Article 6 of the Act).

The scale of penalties imposed for non-compliance also differs. The DMA empowers the European Commission to impose a fine of up to 10% of the gatekeeper's total worldwide turnover in the preceding fiscal year with an increase to 20% in the case of a second non-compliance decision within eight years concerning the same infringement of a DMA obligation. The fines under the Act are limited to up to 20% (or 30%, for repeated infringements) of sales of the relevant products and services during the infringement period in Japan.

For more details of the EU DMA, see our briefing: The digital markets act: a new era for the digital sector in the EU.

UK

The Digital Markets Competition and Consumers Act 2024 (DMCC Act) has introduced, among other things, an ex-ante regulatory regime for businesses that are active in the digital economy and have "Strategic Market Status" (SMS), to be enforced by the Competition and Markets Authority (CMA). The UK approach is distinct from the approach taken in the EU DMA and the Act insofar as it provides for greater flexibility for the CMA to determine whether a business has SMS and which obligations to impose through tailored codes of conduct.

Unlike in Japan, the CMA may only designate an undertaking as having SMS after an investigation, which may take up to nine months (or twelve if there are special reasons). Moreover, the designation is subject to various consultation and transparency requirements.

Another key difference between the DMCC Act and the DMA and Act is that the CMA decides on the obligations to be imposed on the company designated as having SMS. The DMCC Act sets out only high-level objectives (e.g., fair-dealing, open choices, trust and transparency) and principles that guide the behaviour expected of designated businesses, and the CMA has the power to impose conduct requirements which are specific for each designated company in relation to these high-level objectives, while the EU's DMA and the Act apply the same list of statutory obligations to all designated providers.

The level of fines under the DMCC Act is similar to the EU's DMA. Breaches of the imposed conduct requirements can result in fines of up to 10% of the group's worldwide turnover.

In addition, special merger filing requirements apply to businesses that are active in the digital sector and have SMS, which is unique to the UK's DMCC Act, as the merger filing requirements in the EU and Japan do not differentiate between such designated providers and others.

For more details of the DMCC Act, see our briefing The digital markets, competition and consumers Act: a new uk digital markets regulatory regime and reforms to the competition and consumer Protection enforcement regimes

US

The US Department of Commerce's National Telecommunications and Information Administration (NTIA) published a report on "Competition in the Mobile App Ecosystem" in February 2023 (NTIA Report). It indicated that the existing mobile app store model is harmful to consumers and app developers, and recommended several changes to improve the mobile app ecosystem for users, including (i) allowing the use of alternative mobile app stores and the deletion of pre-installed apps, (ii) prohibiting self-preferencing by app store providers, (iii) allowing direct downloading, alternative app stores and web apps subject to appropriate measures for privacy and security safeguards, and (iv) allowing app developers to choose not to use app store providers' in-app payment systems.

The recommendations above are broadly in line with the EU's DMA and the Act.

Similarly, a 2021 report from the US House Antitrust Subcommittee entitled "Investigation of Competition in Digital Markets" previously identified that Apple and Google exerted monopoly influence in the Apple App Store and Google Play Store, respectively, and strongly recommended strengthening the enforcement powers of the US antitrust agencies on top of making similar remedial recommendations as the NTIA Report. However, there is unlikely to be federal legislation in the near future that would implement the recommendations from these reports.

There have been state government and private challenges in this space. For example, in 2021, a consortium of state attorneys general sued Google for unlawfully monopolizing the markets for Android App Distribution and In-App Payment Processing (Utah v. Google). Google reached a settlement with the states in December 2023 for approximately $700 million and agreed to loosen its restrictions on the Google Play Store and Google Play Billing.

Next Steps

The Act will become effective within 18 months of its promulgation (i.e., by December 2025).

The Act leaves further details of the obligations of designated providers to the yet to be drafted implementing regulations and guidelines. It is expected that there will be public consultation process for such draft implementing regulations and guidelines.

Furthermore, the JFTC indicated that external security experts will draft guidelines on how app store operators conduct their app store review.

The timing of the designation of providers is not clear at present. However, it can take place only after the implementing regulations relating to the Act are published, as the implementing regulations will include the designation criteria.

The Act is a significant milestone towards developing a competitive environment for mobile software in Japan. It is expected that the Act will significantly increase the JFTC's enforcement activity and workload and that the JFTC will increase its headcount to enforce the Act.