Hello, this is Hamamoto from TIMEWELL. The Act on the Protection of Personal Information is built to be reviewed once every three years. That may sound like dry procedural housekeeping, but this round of the review has a slightly different flavor from the ones before it. How do you handle the data you feed an AI to train it? How do you make a company that broke the rules disgorge the profit it made? Whose consent do you rely on when handling a child's data? These are exactly the questions that many companies are wrestling with in practice right now, and they have walked straight into the text of the statute.
The more a company has started using generative AI internally, the less this amendment is somebody else's problem. Is it acceptable to paste customer information into a prompt? Is it safe to have internal documents used for training? The law is trying to give shape to precisely those anxieties on the ground. In this piece, I'll trace the primary sources published by the Personal Information Protection Commission (PPC) and walk through, in order, what changed in the 2026 amendment. Writing from the position of a company that provides the enterprise AI ZEROCK, I've tried to put together material that a data-governance lead entrusted with in-house AI can start acting on tomorrow morning.
Background and history of the triennial review
The APPI contains a mechanism known as the "so-called triennial review," under which the system is examined once every three years in light of how things have developed since the law took effect. Technology and society change quite a bit in three years, so the idea is not to freeze the law in place but to update it on a regular cadence. In this round, the Personal Information Protection Commission (PPC) published its "Policy for System Amendment" on January 9, 2026 (Reiwa 8)[^1]. That document is the starting point for the entire chain of amendments.
This policy did not appear half-baked out of nowhere. Over the course of the deliberations, hearings with experts were held repeatedly: on May 10, 2024, "Various Issues Concerning the Introduction of a Surcharge Regime" was taken up, and on April 3 of the same year, "AI and the Protection of Personal Information" was discussed[^2]. In other words, two themes—strengthening sanctions through a surcharge, and data use in the age of AI—were consciously treated as the two wheels of the reform from an early stage. People often frame "tightening regulation" and "making things easier to use" as opposing axes, but a distinctive feature of this review is that it tries to advance both at the same time.
Things moved quickly after the policy was announced. On April 7, 2026, the government approved the "Bill for Partial Amendment of the Act on the Protection of Personal Information and Related Acts" at a Cabinet meeting and submitted it to the 221st session of the Diet[^3]. The PPC's official announcement of that Cabinet decision came with the outline of the bill, a table comparing the old and new provisions, and summary materials attached, and it clearly states that the purpose of the bill is to reconcile consideration for the usefulness of personal information with stronger protection[^4]. Rather than weighing protection against use on a scale, the bill is built to reconcile the two. That framing is stated plainly here as well.
The bill then made its way through Diet deliberations. It passed the House of Representatives on May 26, 2026, and the House of Councillors on June 12, 2026, and was enacted during the 221st Diet session[^5]. This is a point worth nailing down against a primary source, and the course of deliberations can be confirmed in the House of Representatives' bill records. That said, I could not pin down the exact dates of the 221st Diet session itself within the primary sources I checked, so in this piece I will not assert the specific session dates; I will treat only the fact that the bill passed both houses and was enacted as established. I'll come back to the timing of entry into force later on.
Struggling with AI adoption?
We have prepared materials covering ZEROCK case studies and implementation methods.
The pillars of the amendment (four policy directions)
The Policy for System Amendment is broadly organized around four pillars[^6]. Listed in order, they are: promoting appropriate data use; regulation that responds appropriately to risk; preventing improper use and the like; and rules to secure the effectiveness of compliance. The wording is abstract, but as I understand it, boiled down it means this: make the parts that should be easy to use easy to use, bind the dangerous parts firmly, prevent abuse, and strengthen the power to enforce compliance. It makes sense to think of it as offense and defense sorted into four drawers.
The first, "promoting appropriate data use," is the relaxation of AI training data and statistics-creation purposes that I'll go into in detail later. A sense of crisis runs through it: if Japan only hoards data, its industries will be at a disadvantage in the AI race. The second, "regulation that responds appropriately to risk," includes measures for data that can never be recovered once it leaks—such as biometric information—and rules for children, who require particular care. The idea is not to tighten defenses uniformly, but to vary the intensity according to the size of the risk.
The third, "preventing improper use and the like," and the fourth, "securing the effectiveness of compliance," are, so to speak, the enforcement side of the story. There has long been a persistent criticism that under the APPI as it stood, even a violation resulted at most in administrative guidance, a recommendation, or, at worst, an order, so the pain to a company was small. If breaking the rules pays even when there are rules, the companies that dutifully comply end up looking foolish. What was brought in to close this unfairness is the surcharge regime I'll touch on in the following chapters. The four pillars are not independent stories; it is more natural to read them as a single package in which broadening use is precisely why the brakes on abuse are tightened at the same time.
The very way these four pillars are arranged conveys, to me, the message of this amendment. Firming up defenses and enabling use are often talked about as if they conflict, but the policy treats them not as a conflict but as a matter of sequence. The order is that use advances precisely because there is a foundation people can use with confidence. Seen from the position of someone shaping AI-use rules inside a company, that order is right. Nobody drives with confidence on a highway that has no guardrails.
Relaxing data use for AI development and statistics creation
The single most practically consequential change in this amendment is the relaxation of data use for statistics-creation purposes. The amended law introduces a measure that removes the requirement for the individual's consent in cases such as providing personal information to a third party that creates statistics and the like[^7]. Until now, if you wanted to hand the personal data you had collected to another company for analysis, in principle you needed the consent of each individual. The core of the change is that this hurdle of obtaining consent is lowered, limited to the purpose of creating statistics.
Why does this become a story about AI? Because the act of creating statistics is continuous with the work of training a model through machine learning. You extract trends and patterns from large volumes of data, using them not to identify individuals but to grasp the properties of the whole. That structure is nearly identical to AI development. In fact, the scope of the relaxation does not stop at third-party provision without consent. Where it is guaranteed that the data will be used solely to create statistical information and the like, the relaxation also allows the acquisition of publicly available special-care-required personal information[^8]. Special-care-required personal information—medical history, beliefs, and other information that must be handled with particular caution—as a rule required the individual's consent at the time of acquisition. Even there, a path is opened, subject to the double condition of a statistics purpose and publicly available information.
I regard this as a welcome change, but I can't celebrate it unreservedly. The key is the condition that "it is guaranteed that the data will be used solely to create statistics and the like." A guarantee—that is, a mechanism ensuring the data really is not used for anything other than statistics—is required. You need a brake, in both technology and operations, so that the party receiving the data does not quietly use it to identify individuals or divert it to another purpose. Reading it as "since it's been relaxed, I can train on anything" is dangerous. Rather, it should be taken as this: in exchange for the relaxation, you are being asked to have a structure that lets you prove for yourself that you won't use the data beyond its purpose.
For a company operating AI internally, this connects directly to day-to-day prompt operations. When an employee enters customer information into an AI in the course of work, it is hard to tell on the ground whether it is processing with a guaranteed statistics purpose or simply a use of personal data beyond its purpose. That is exactly why you need to sort out in advance which data may go into which AI, and for what purpose. How to translate the relationship between AI and privacy protection into internal guidelines is something I laid out concretely in the article Claude Code and Japan's Privacy Law and AI Guidelines. The relaxation is a tailwind, but to ride a tailwind you need to know how to set your sails.
Surcharges, children's personal information, and contactable personal-related information
On the defensive side, the centerpiece is, without question, the creation of a surcharge (kacho-kin) regime. The amended law introduces a regime under which the Personal Information Protection Commission orders payment of a surcharge where a party has obtained a financial benefit through unlawful handling of personal information and the like[^9]. For Japan's APPI, which until now had almost no monetary sanction, this is a qualitative shift. The idea of making a violator disgorge what it earned by breaking the rules has entered the statutory text for the first time.
The way the amount is calculated is also concrete. The surcharge amount is set as the sum corresponding to the money or other financial benefit that the operator obtained as consideration for the conduct in question or for ceasing it, and a party that has previously received a surcharge payment order faces 1.5 times that amount[^10]. Here there is one point I want to flag. Many people picture a turnover-linked calculation rate or cap—"a certain percentage of annual sales"—like the EU's GDPR overseas. But whether Japan's amended law adopted that kind of turnover-linked calculation method was something I could not determine within the primary sources I checked. What can be said with certainty goes only as far as the skeleton: "an amount corresponding to the financial benefit obtained." I think it is better to avoid casually equating this with the GDPR.
The surcharge is not a regime for hammering every careless slip. It is limited to malicious violations that meet requirements such as being a party that failed to exercise due care, being a large-scale case involving more than 1,000 individuals, and causing a significant degree of harm to individuals' rights and interests[^11]. Turned around, it means that if you handle data on more than a certain scale and neglect your duty of care, you can come within range of a surcharge. The more a company is pouring large volumes of customer data into an in-house AI, the less this figure of "more than 1,000" should feel like someone else's problem.
Measures for children's data are in there too. For children's personal information, where the individual is a person under 16, it is now made explicit that consent, notification, and the like are to be directed at the statutory representative (a person with parental authority and the like), and at the same time a new duty is created for operators to give priority to the best interests of the individual[^12]. The previously vague question of "from whom do you obtain a child's consent" has been given an answer, drawn at the line of under 16. For companies that use AI in education or children's services, the practical impact is not small.
The handling of biometric information is tightened a notch as well. The amended law makes it possible for the individual to request the cessation of use and the like of personal information that contains information relating to a feature of part of the body, even in the absence of unlawful handling[^13]. Biometric information like a face or a fingerprint, unlike a password, cannot be changed. Once it leaks, the individual cannot swap out their own body. So, as I understand the reasoning, the law widened the room for the individual to stop it by their own will, regardless of whether there was any illegality.
That said, this amendment also draws concern from practitioners. Because the bill introduces several new categories at once—"contactable personal-related information," "special-care-required personal information for statistics creation and the like," "specific biometric personal information," and so on—there is a warning that it may be hard to follow in practice and invite confusion[^14]. In particular, "contactable personal-related information" has a broad scope. It is said to potentially include, in addition to a phone number or address itself, information from which an address or phone number can be identified by matching it against other easily cross-referenced information—for example, purchase histories or browsing histories[^15]. Many companies will rack their brains over where to draw the line on which of the data they hold falls into this new category. Relaxation and stricter regulation run at the same time, and new concepts keep piling up on top of that. Making good use of it takes commensurate preparation.
Practical response for companies and in-house AI (ZEROCK)
So, where should a company start? The first thing to keep in mind is the time axis. As a rule, the amended law takes effect on a date to be fixed by Cabinet Order within a period not exceeding two years from the date of promulgation, so if things proceed smoothly, entry into force is expected around 2028[^16]. Because the formal date of promulgation and the fixed date of entry into force cannot be confirmed at present, I won't assert them; but the grace period is roughly two years or so. That may sound long, yet it is by no means long for rebuilding how data is handled inside a company.
At the center of what needs to be done is, in the end, taking stock of your data. What kinds of personal data does your company collect, from where, for what purpose, and into which AI is it fed? Without this map, talking about surcharges or new categories only makes your knees buckle. Conversely, once you have the map, you can answer, one by one, questions like: where is the large-scale data of more than 1,000 individuals; which processing has a statistics-purpose guarantee attached; which data looks like it might fall under contactable personal-related information. Whether you're making the most of the relaxation or steering clear of the regulation, the starting point is this act of making things visible.
The more a company is running generative AI in earnest, the more urgent this stocktaking becomes. If you reach the date of entry into force while leaving employees free to paste customer information into prompts however they like, you may end up setting foot into the requirements for a large-scale case. This is exactly the part our enterprise AI ZEROCK supports. ZEROCK is designed to handle data while keeping it closed within domestic servers on AWS, and to control which knowledge the AI is allowed to reference. It manages who accesses which information and which data is subject to training or reference. The thinking is continuous with the "guarantee that the data won't be used beyond its purpose" that this amendment asks of companies. How to build AI governance in line with Japanese-language guidelines is something I dig into further in the article Enterprise AI Governance in Compliance with Japan's Guidelines.
One more thing that matters, as I feel it, is not leaving this to the legal or IT departments alone. The requirements for a surcharge, children's consent, and where to draw the line on the new categories all ultimately come down to the judgment of the people who touch data day to day on the ground. Rather than handing out rules on paper and calling it done, it is far less confusing for the field if you build the partition between "data that may go in" and "data that must not go in" into the AI tool itself. Rather than scrambling once the regime is in motion, draw the map of your company's data during the two-year grace period and set guardrails on your in-house AI. The APPI's triennial review will continue from here on. This amendment is not the terminus; it is one waypoint in building a structure that uses data well while protecting it.
If you'd like to get your data operations and in-house AI into a shape that can withstand this amendment, please reach out through a personal consultation. Beyond interpreting the provisions, I'd be glad to work through the operational design—which data you entrust to which AI—together.
References
[^1]: The APPI "so-called triennial review" (publication of the Policy for System Amendment) — Personal Information Protection Commission — January 9, 2026 [^2]: The APPI "so-called triennial review" (expert hearing materials: surcharge regime; AI and the protection of personal information) — Personal Information Protection Commission — May 10, 2024 [^3]: On the Cabinet decision on the "Bill for Partial Amendment of the Act on the Protection of Personal Information and Related Acts" — Personal Information Protection Commission — April 7, 2026 [^4]: On the Cabinet decision on the "Bill for Partial Amendment of the Act on the Protection of Personal Information and Related Acts" (bill outline, old-new comparison table, summary materials) — Personal Information Protection Commission — April 7, 2026 [^5]: Cabinet bill, 221st Diet session, No. 54, Bill for Partial Amendment of the Act on the Protection of Personal Information and Related Acts (course of deliberations) — House of Representatives — June 12, 2026 [^6]: Commentary on the "APPI so-called triennial review Policy for System Amendment" (January 9, Reiwa 8) — TMI Associates — January 9, 2026 [^7]: On the Cabinet decision on the "Bill for Partial Amendment of the Act on the Protection of Personal Information and Related Acts" (third-party provision for statistics-creation purposes and the consent-not-required measure) — Personal Information Protection Commission — April 7, 2026 [^8]: [Breaking] Reading the draft 2026 APPI amendment policy — introduction of surcharges and AI data use: what should companies prepare — Optima Solutions Inc. — January 13, 2026 [^9]: On the Cabinet decision on the "Bill for Partial Amendment of the Act on the Protection of Personal Information and Related Acts" (creation of the surcharge regime) — Personal Information Protection Commission — April 7, 2026 [^10]: [Latest 2026] The APPI amendment bill approved by the Cabinet, heading for enactment in the current ordinary Diet session (approach to the surcharge amount; 1.5x aggravation) — Optima Solutions Inc. — April 10, 2026 [^11]: Commentary on the "APPI so-called triennial review Policy for System Amendment" (requirements for the surcharge; more than 1,000 individuals) — TMI Associates — January 9, 2026 [^12]: Commentary on the "APPI so-called triennial review Policy for System Amendment" (personal information of children under 16 and the statutory representative) — TMI Associates — January 9, 2026 [^13]: On the Cabinet decision on the "Bill for Partial Amendment of the Act on the Protection of Personal Information and Related Acts" (request for cessation of use of personal information including biometric information) — Personal Information Protection Commission — April 7, 2026 [^14]: The APPI amendment bill: added complexity from new categories such as "contactable personal-related information" — Nikkei xTECH — April 15, 2026 [^15]: The APPI amendment bill: added complexity from new categories such as "contactable personal-related information" (scope of contactable personal-related information) — Nikkei xTECH — April 15, 2026 [^16]: As of January 2026, the direction of the APPI amendment (entry into force within two years of promulgation; expected around 2028) — Optima Solutions Inc. — April 10, 2026
![Making Sense of Japan's 2026 APPI Amendment | Easier AI Training Data, a New Surcharge Regime, and Children's Personal Information [Hamamoto Explains]](/images/columns/personal-information-protection-law-2026-amendment/cover.png)