Japan and South Korea, long considered at the forefront of Asian technological innovation, are now crafting intricate strategies to balance digital progress with regulatory oversight.
- Japan and Korea crafting distinct tech regulation strategies
- Asian tech policies potentially influencing global regulatory trends
- Companies need to balance innovation with complex compliance challenges
In Asia’s original tech powerhouses Tokyo and Seoul, a new chapter in technological governance is unfolding. As both nations stride into a new era of tech governance, they face the challenge of fostering innovation while addressing the complex issues that arise from rapid technological advancement.
Conversations between ambitious entrepreneurs and cautious policymakers reflect broader national dialogues, including ongoing efforts to harmonise technological growth with societal values and regulatory requirements.
Japan and South Korea are taking distinct yet parallel paths in areas such as data privacy, artificial intelligence, and platform governance. Despite their unique approaches, both countries are moving towards more structured regulatory frameworks, particularly in data and AI governance. As they navigate this complex terrain, their decisions are poised to have far-reaching implications for the global tech industry, potentially influencing regulatory trends worldwide.
REGULATORY LANDSCAPE
Japan and South Korea have established comprehensive regulatory frameworks, each with its distinct characteristics.
Japan’s Act on the Protection of Personal Information (APPI) and the Telecommunications Business Act (TBA), which can be generally applied to data privacy issues regardless of industry sector, are the main laws that govern technology companies. The Act on Prohibition of Private Monopolisation and Maintenance of Fair Trade; and the Anti-Monopoly Act (AMA) govern antitrust tech issues.
South Korea's structure comprises The Personal Information Protection Act (PIPA), renowned for its stringent privacy protections, The Network Act, overseeing online content and cybersecurity, and The Telecommunications Business Act, regulating telecommunications services.
In the realm of artificial intelligence, both nations have adopted cautious approaches. Japan has implemented a soft law approach based on non-enforceable guidelines and encourages businesses to take voluntary measures to deal with the risks that will or may arise through or as a result of AI use.
However, the Japanese government may be changing this approach slightly, says Noriya Ishikawa, a partner at Nishimura & Asahi. “It is considering regulating providers of generative AI that are or reach a certain scale, via hard law, in order to solve certain problems that may arise due to the use of generative AI, for example, the dissemination of false information and misinformation,” Ishikawa says.
A first meeting of a newly constituted AI governance panel, led by then-Prime Minister Fumio Kishida, in August called for the study of legal restrictions based on four basic principles: ensuring both the security and competitiveness of AI; creating a system flexible enough to respond to technological changes; complying with international guidelines; and proper procurement and use of AI by the government.
“The targets will be decided in consultation with companies and industry associations. The prior reporting list is intended to cover advanced equipment and materials that can be used for civilian purposes but can also be converted to military use, and which other countries are interested in acquiring.”
- Takashi Nakazaki, Anderson Mori & Tomotsune.
Japan is also currently proposing new regulations that will subject some advanced technologies, in which the country has a high market share and which are not currently regulated, to prior reporting.
“The targets will be decided in consultation with companies and industry associations. The prior reporting list is intended to cover advanced equipment and materials that can be used for civilian purposes but can also be converted to military use, and which other countries are interested in acquiring,” explains Takashi Nakazaki, special counsel at Anderson Mori & Tomotsune.
Adds Ishikawa: “These regulations primarily are intended to prevent transfers of technology for military use, and do not appear to have a significant impact on all overseas tech companies.”
South Korea's Ministry of Science and ICT is developing the Framework Act on Artificial Intelligence, focusing on high-risk AI applications. The Personal Information Protection Commission (PIPC) has also issued AI-related guidelines to address privacy issues in AI deployment.
“Future regulations may enhance data portability, interoperability, and fair competition,” says Doil Son, the head of intellectual property and technology practice at South Korean Big Six firm Yulchon. “The Korean government is also likely to increase collaboration with international regulatory bodies to address global tech challenges, indicating a proactive yet cautious approach to tech regulation,” Son adds.
GLOBAL CONTEXT
As the global tech landscape evolves, Japan and South Korea find themselves at a crossroads, particularly when compared to the European Union's comprehensive Digital Markets Act (DMA).
The EU employs a centralised enforcement approach through the European Commission, which can levy hefty fines and mandate structural changes. The DMA specifically targets "gatekeeper" platforms, whereas Japan and South Korea's regulations encompass a wider range of digital activities.
“Japan has no laws or regulations equivalent to the DMA. If there is a violation of existing laws and regulations, such as the APPI or the TBA, the authorities take individual enforcement actions,” Ishikawa says.
“The APPI and the TBA do not provide for administrative fines. Instead, the authorities take corrective action through administrative guidance and corrective recommendations,” he adds.
Japan has introduced the "Act on Promotion of Competition for Specified Smartphone Software," a targeted piece of legislation focusing on key digital platforms such as smartphone operating systems, app stores, browsers, and search engines.
Like the DMA, the Smartphone Act is applicable to designated businesses that meet a certain threshold to be set by a Cabinet order, explains Takashi Nakazaki, special counsel at Anderson Mori & Tomotsune.
South Korea, home to several tech giants, has opted for a broader regulatory approach, with the Korea Fair Trade Commission (KFTC) and Korea Communications Commission (KCC) playing pivotal roles in monitoring compliance and enforcing regulations across the digital sector.
South Korea's tech regulations and the DMA share similarities in their scope and intent to regulate large tech platforms but differ in enforcement mechanisms and specific impacts.
“The platform market situations differ: Korea has strong local platforms, while the EU is dominated by U.S. tech giants,” Son explains.
The DMA's specific focus on "gatekeepers" and stringent obligations on data sharing, interoperability, and anti-self-preferencing could conflict with South Korean companies' operations if similar stringent rules are not simultaneously enforced in Korea, Son explains.
“This discrepancy might lead to regulatory arbitrage, where companies exploit differences between jurisdictions to minimise compliance burdens,” he says.
INDUSTRY CHALLENGES
Tech companies in Japan and South Korea face a complex regulatory environment. In Japan, industry leaders often form collaborative groups to engage with regulatory bodies. In South Korea, large tech conglomerates, known as chaebols, leverage their significant influence in regulatory discussions.
Both nations' tech sectors face similar challenges, including compliance with stringent data protection laws, adapting to rapidly changing regulatory landscapes and balancing innovation with regulatory requirements.
“The current preference in Japan is not to avoid market intervention as much as possible, as in the U.S., but to introduce necessary regulations steadily, albeit gradually, while referring to foreign laws and regulations in the EU and other countries,” Ishikawa says.
With Japan’s prior reporting list in the works adding compliance burdens on larger companies, affected technology companies are currently seeking to limit its impact on their businesses by asking the government, in consultation, to minimise and clarify the scope of technology transfers subject to prior reporting, explains Nakazaki.
Navigating South Korea's regulatory landscape poses several challenges for technology companies explains Son.
First, compliance with the stringent PIPA demands robust data protection measures, including securing user consent and ensuring data minimisation and anonymisation. Second, the Network Act requires vigilant content monitoring and cybersecurity practices, necessitating substantial investment in technology and manpower.
The Telecommunications Business Act's focus on fair competition may challenge dominant market players to reassess their business strategies. Another critical consideration is the growing scrutiny of digital monopolies by regulators like the KFTC and KCC, which could lead to increased legal and compliance costs.
“Moreover, international tech companies must navigate cultural and linguistic differences, understanding local consumer behaviours and regulatory expectations. Effective stakeholder engagement, including with regulators, industry associations, and consumers, is crucial for navigating these complexities and ensuring regulatory compliance,” Son adds.