Japan’s Mobile Software Competition Act Grows its Guidelines

A year ago, the Japanese Government made the Mobile Software Competition Act (for short, MSCA) into law. The move represented the first ex ante regulation addressing market power in Asia to successfully make it into the books (see here our comment, where we referred to the law as the Smartphone Act). Other similar regulatory efforts, such as those coming from India and South Korea, have partly crumbled due to the impact of the US current trade talks with those countries, since the US administration made stopping them in their tracks a precondition to pave the way for good (trade) intentions.

The regulatory transformation in Japan, however, is unstoppable. During the year, the Japan Fair Trade Commission (JFTC) made the right steps to keep the wheels of the MSCA turning. Following the promulgation of the Cabinet Order and Enforcement Rules in December 2024, in March 2025, the JFTC designated three companies: i) Apple Inc. (for its operating system, app store and browser), iTunes K.K. (Apple’s Japanese subsidiary jointly operating the App Store in Japan) and Google LLC (for its operating system, app store, browser and search engine) as specified software providers under MSCA. The designation makes them subject to the MSCA’s ex ante obligations, which will be fully effective on December 18 of this year.

Whilst preparing for the initial compliance deadline, the JFTC went further than other regulators and issued in July the Guidelines fleshing out the scope of application and content of the substantive obligations presented by the MSCA. This post provides an overview of the Guidelines and their relevance within the broader framework.

The inherent flexibility of the MSCA

As we pointed out in our previous post on the law, the MSCA stands halfway between the institutional design of the EU’s DMA and the UK’s DMCCA. On one side, it applies self-executing (and self-applicable) obligations on designated providers under Articles 5-9 (i.e., prohibited conduct) and 10-13 (i.e., compliance requirements). On the other side, it provides some scope for leeway to the designated providers to prove that compliance with any one of the obligations may be excessively detrimental to their services.

As opposed to the DMA’s free-for-all application to designated gatekeepers of all 23 remedies established in Articles 5-7, the MSCA stresses that some justification may be invoked by designated providers to avoid violations of particular provisions. The MSCA is a bit more flexible than the DMA, but not as much as the DMCAA, to the extent that the provisions are designed to apply to designated providers primarily based on form, without analysing their specific content and the outcomes of such conduct (see Guidelines, p. 2). As a matter of fact, not all services remain equally impacted by every single one of the provisions under the MSCA, as set out in the table below.

As you’ll see from Table 1, most provisions address the three services (basic operating software, app stores and browsers), whereas only Article 9 tackles the concerns around search engines. It appears that the limited scope of Article 9 might reflect the potential for an unduly expansive reach of the self-preferencing prohibition in the mobile ecosystem, if it were to be applied to other specified software services.

On top of the MSCA’s flexibility, one must also acknowledge that Articles 5-13 are quite specific in their content and the mandates they introduce for each tenet of a designated provider’s mobile ecosystem. It is not up to the designated provider to decide how the provision fits the service, but rather the legislator and the JFTC flesh out the specific meaning.

Prohibited conduct, without reasonable grounds

The MSCA imposes prohibitions (under Articles 5-9) and compliance requirements (Articles 10-13) upon the designated providers. The Guidelines clarify the content of both types of provisions in light of a clear structure. The JFTC establishes the mandate’s scope of application (by providing a few illustrative hypothetical scenarios where designated providers must modify their conduct to adapt to the regulatory obligations) and defines the concepts embedded in each one of them. After that, the JFTC walks the reader through the ‘reasonable grounds’ that may result in a provision’s inapplicability, some statutory justifications (under Articles 7, 8(i)-(iii) MSCA), and the ‘legitimate reasons’ under Article 9. Finally, the regulator identifies a couple of desirable steps to take for the regulatory target, bearing in mind the practical and economic complications that may arise from the need to comply with a given provision. The JFTC goes into greater detail for some obligations as opposed to others.

If we take the DMA as the means of comparison to walk through the MSCA’s content, we can identify some similarities in terms of the remedies it intends to implement with regard to digital platforms, as shown in the table below.

Needless to say, these remedies will not touch upon every single digital format that the designated providers run for users. They will only be held to account for those designated services running on smartphones.

In this sense, for instance, Article 5 of the MSCA, imposing a prohibition from using data acquired through the use of the specified software to competitively benefit their own goods or services, does not comprise any type of non-public data generated independently of such use. The Guidelines reflects the content of the Enforcement Rules by providing some examples of the types of data covered, such as data related to the user’s attributes (e.g., place of residence, name, age, or gender), to the device’s identifiers (e.g., account ID, IP address, or advertising ID) or data necessary to make payments (e.g., credit card numbers, or payment service provider account numbers). Data of those types will be held to comply with the prohibition under Article 5 MSCA, to the extent that it is not already publicly available data which a business user can access through a web page, app store, or a market information service (pages 4-7 of the Guidelines).

Building on previous experience where competition authorities have tried to impose data siloing upon undertakings, the JFTC highlights that it is difficult to externally verify whether data subject to the prohibition under Article 5 has been used. Therefore, the regulator directly indicates that the regulatory targets must establish effective internal systems to ensure compliance, and terms it ‘crucial’ to make ends meet in terms of satisfying its expectations (page 10).

Despite the narrower scope of application of the MSCA vis-à-vis the DMA, the Japanese regulation appears to explore broader notions of fairness than those embedded in the European regulation. This is observed particularly in Articles 6, 7, and 8 MSCA.

Article 6 MSCA mirrors the FRAND-like mandate under Article 6(12) to the extent that it regulates various forms of unfair treatment that an individual app provider may suffer in the hands of a designated provider. Typically, those scenarios unfold where the ecosystem holder reviews an app for its inclusion on its own app store, although the MSCA also extend the scope of application to those cases where the designated provider conducts a review for allowing an alternative app store to distribute on the operating system. This provision overlaps particularly with Article 7(i) MSCA, to the extent that it seeks to promote new entries into the alternative app store market and prohibits designated providers from limiting such entries directly or by placing technical specifications, technical constraints, contractual terms, or excessive financial burdens that make it impossible to provide their services on the operating system. The Guidelines indicate that the application of Articles 7 and 8 takes precedence over Article 6, insofar as they stand as specific obligations applicable to app stores, as opposed to a more abstract and general mandate under Article 6 (pages 12-13).

For the prohibition under Article 6 to apply, two cumulative legal requirements must be met. First, the conducting of the review must involve unjust discrimination or otherwise unfair treatment. Both the criteria of the review and the judgment involved in it will be subject to the analysis of whether the conduct is discriminatory or not (page 12). The Guidelines define an unjust discriminatory treatment where a designated provider treats third parties differently without reasonable grounds, either compared to itself (i.e., its own goods or services) or where certain third parties are treated differently from others (page 14). When the designated provider’s actions restrict the business activities of third parties or cause them disadvantages, and the necessity or reasonableness of such treatment is absent, it will generally constitute ‘otherwise unfair treatment’ (pages 16-17). The Guidelines measure the threshold of unfairness against two different benchmarks: that of necessity and that of reasonableness, which allows the provision to be applied broadly, covering reviews carried out in ways that differ from previous instances.

Second, it must be administered without reasonable grounds or in ways inconsistent with the established criteria it formerly communicated to the app developer seeking access to the app store. To determine whether there are reasonable grounds for such treatment, the Guidelines clarify that several factors must be considered, such as the purpose of the treatment, its impact on smartphone users or specified software business, the availability and nature of alternative measures to achieve the same purpose, and the content and degree of disadvantages incurred by the third parties. Pursuing operational rationality via cost reductions is generally not regarded as reasonable grounds (pages 14 and 16).

The JFTC’s Guidelines provide a long list of hypothetical scenarios which would fall under the prohibition (pages 15-19), such as instances where delayed access is provided to alternative app marketplace operators despite the absence of factors justifying such a delay or the ranking of third-party app developers in an inferior position (compared to its own apps) in the app ranking within the designated provider’s app store, despite the former meriting a higher position due to objective metrics such as download counts or review scores. Cases lying closer to the securing of vertical interoperability (Article 6(7) DMA) or to allowing business users to file lawsuits or make reports to courts or other public institutions regarding the designated provider’s unfair actions (Article 6(5) DMA) would, hypothetically, meet the provision’s scrutiny. Similarly, cases where the app store holder imposes parity-like clauses (Article 5(3) DMA) to app developers relating to price would be categorised as being found in violation of the provision.

Interestingly, the Guidelines require the designated provider to stop such unfair treatment on its tracks, but it also encourages it to engage proactively with third parties. Thus, the designated provider is not only expected to check internally that unfair treatment is not administered, but also to provide reasons and evidence to third parties that it is engaging in non-discriminatory and fair treatment. In other words, the designated provider is pressed to proactively engage with the third parties it interacts with by explaining how its conduct is fair.

Furthermore, Article 7(i) MSCA prohibits hindering the alternative distribution of app stores on the designated provider’s operating system in the broadest terms. It captures direct actions a designated provider takes to prohibit alternative distribution (i.e., refusing to license a particular app store) and indirect actions that hinder alternative distribution. To be captured under the prohibition (both in Articles 7(i) and 7(ii) MSCA), such actions do not require impossibility to operate, but rather a high likelihood of making it difficult for other businesses to provide their app stores and for users to use them (pages 20-21). The MSCA is equally preoccupied with the impacts on business users and end users when it opens alternative app distribution on operating systems. Thus, the JFTC will meter infringements with the prohibition to assess whether such a high likelihood of exclusion and harm is given, taking into account the nature of the designated provider’s actions, their duration, and their impact (page 21).

As it does throughout the Guidelines, the JFTC provides hypothetical scenarios where violations of Article 7(i) MSCA may be found (pages 22-25). For instance, an infringement will be found when a designated provider sets requirements related to the business scale or financial status of other businesses as conditions for providing an alternative app store. One cannot but think on Apple’s initial requirements imposed on alternative app distribution as a consequence of the application of Article 6(4) DMA, compelling alternative app marketplace operators to prove that they, for example, were financially stable by providing a standby letter of credit from an A-rated financial institution in the amount of EUR 1,000,000 (see further comment on those restrictions here). The Guidelines include another example where the designated provider makes it difficult for users to use alternative app stores, such as unnecessarily complicating the setup process for downloading and installing alternative app stores. This is one of the main concerns that stakeholders highlighted when engaging with Google on its DMA compliance workshop in 2025, relating to the user journey and experience when they wished to install an alternative app store.

The JFTC also takes issue with conditions where third-party app developers may be hindered from distributing via alternative means due to the imposition of burdensome fees, such as usage fees (pages 21-22). For instance, the Guidelines consider that usage fees imposed on businesses providing or intending to provide alternative app stores on an operating system may surpass the ‘high likelihood’ threshold when the criteria for calculating them differ from those fees imposed on apps. Apple’s Core Technology Fee imposed on developers wishing to provide alternative app stores and sideloading on the iOS format could spell out this type of conduct. Once again, as they did for Article 5 MSCA, the Guidelines push the designated provider to explain the reasonableness to providers of alternative app stores of the financial burdens imposed on them, in relation to the benefits derived by the designated providers from their activities (page 34).

Moreover, the Guidelines flesh out specifically what a justifiable reason would be for a designated provider to put forward to manage to get an exception for a particular provision. The Guidelines provide a closed list of reasons by which the designated provider may prove that it did not engage in a violation of the MSCA, including; i) the protection of cybersecurity; ii) the protection of information relating to the smartphone users; iii) safeguarding minors; iv) ensuring the physical safety of smartphone hardware; and v) the prevention of criminal activities conducted using smartphones (pages 25-29). Aside from these five reasons, the designated providers cannot raise any further justification that would grant an exemption. Even in this case, the designated provider must conduct necessity and proportionality tests to check whether the actions carried out by it for that particular purpose could be achieved via less restrictive means (page 25). For instance, the Guidelines exclude a particular hypothetical scenario from being subject to the exception, namely the systematic issuing of warning messages to smartphone users attempting to download and install alternative app stores, suggesting that they are unsafe. The JFTC points out that the same purpose can be achieved by conducting necessary reviews to ensure the user’s safety.

Furthermore, Article 7(ii) MSCA likens Article 6(7) DMA relating to the vertical interoperability mandate imposed on designated providers. Article 7(i) MSCA prohibits them from preventing other businesses from using operating system functions with equivalent performance for the provision of their apps. The Guidelines mirror the implementation measures that the European Commission imposed on Apple when interpreting Article 6(7) DMA and require equivalence in terms of the functionality available to third parties. That is to say, the designated provider is not compelled to provide access to the same technical means that it uses itself, but rather to provide a comparable level of functionality to its competitors (page 37). As a matter of fact, Apple has already made its opinion clear before the JFTC and has defended that the obligation to provide access to operating system functions should apply only when a third party uses the technology for the same use case as the designated provider. 

The JFTC establishes for Articles 7-8 the same theory to find an infringement (not a theory of harm, since the regulator does not need to prove harm caused to competition to declare the existence of an infringement): designated providers will be found in violation of the MSCA when there is a high likelihood that their conduct hinders the exercise of the rights conferred by the regulation (e.g., providing alternative browser engines, app stores or payment services) and such a conduct cannot be backed with a justifiable reason (page 25).

Self-preferencing (on steroids)

Self-preferencing stands as the backbone of most regulations addressing digital market power. Article 6(5) DMA compels gatekeepers not to provide preferential treatment, in ranking and related indexing and crawling, services and products offered by the gatekeeper itself, over similar services or products of a third party. Although the Google Shopping case automatically comes to mind, the self-preferencing prohibition under the DMA comprises other services that do not necessarily correspond with the search engine environment. The MSCA, however, directly engages with this framework and does not, for instance, prohibit self-preferencing on app stores (despite the fact that such conduct could be, indirectly, captured via Article 6 MSCA), prohibiting discriminatory treatment without reasonable grounds.

Article 9 MSCA differs from Article 6(5) DMA (or, at least, from the few indications we have from the European Commission) to the extent that it does not capture every single instance of self-preferencing. The Guidelines bind the administering of preferential treatment to one’s own services and products with the need for the underlying algorithm to rely on unfair and discriminatory terms (page 74). In turn, when the criteria of the search algorithm itself are unfair and/or discriminatory and set to favour the designated provider’s goods or services, the setting itself may result in a violation of Article 9 MSCA (page 74). In this sense, the JFTC enlarges the scope of application of the provision to comprise all forms of potential discrimination that can crystallise in competing goods and services being ranked in a separate or lower placement than they would have been awarded in fair and non-discriminatory terms. For instance, if only data related to the designated provider is crawled and indexed into the algorithm, then the JFTC may determine that a violation still exists, absent a legitimate reason (page 75).

Due to the opaqueness of search results and their underlying algorithms, the Guidelines recognise that their fairness is not easily verifiable by third parties (page 78). Therefore, the JFTC proposes that the designated provider should disclose, in a manner understandable to website operators, the main parameters used for setting the search algorithm that determines rankings, and the reasons for the different treatment being administered in search results (page 81). In this same vein, the JFTC notes that not only lists these parameters but also explains the differences in importance between them when actually determining the search display order would be desirable for the designated provider to perform (page 80). In other words, the JFTC advocates for transparency in a quasi-full disclosure fashion to accommodate the need to make the search engine market as fair as possible for all economic agents involved (pages 70, 71 and 80). When one glances at the current transformation that the market is undergoing, especially with the advent of AI in the form of summaries being displayed as a response to search queries, the need for transparency seems all the more relevant, despite the low incentives that designated providers have to make such disclosures.

As opposed to Articles 5-8 MSCA, the self-preferencing prohibition under Article 9 MSCA softens the strict legal requirements that go into demonstrating that a legitimate reason applies to exempt the provision’s application. The Guidelines recognise that the improvement of the quality of the search services for smartphone users, including the responsiveness and accuracy that smartphone users expect from search services, may be included within the closed list of justifiable reasons. According to the Guidelines, improvements in quality may be explained in relation to a single change in the method of displaying the search results and in relation to multiple sufficiently related changes (page 77). However, the JFTC adds on to the necessity and proportionality tests a supplementary test where the designated provider must concretely and specifically demonstrate (one would guess, before the regulator) the service’s quality increase. To demonstrate the specificity of those quality improvements, the designated provider cannot simply state those reasons in a sufficiently substantiated manner, but must provide evidence of their impact on users, notably via the conducting of tests with users (pages 77 and 78). Other reasons recognised by the Guidelines include ensuring the safety of smartphone users, where necessary and proportionate, by restricting certain webpages (page 78) or displaying the designated provider’s information more prominently (page 79).

Do’s and don’ts, and everything in between

Articles 5-9 MSCA demonstrate the clear prospective nature of the Japanese regulation, since they require proactive action on the side of the designated operators. Nonetheless, Articles 10-13 MSCA deliver the Japanese legislator’s worldview when it comes to securing fair and open digital markets. Those will not only result from the transformation of the designated provider’s conduct, but also from increasing the awareness of competitors and the available knowledge out there relating to the functioning of the designated provider’s services. This is precisely the reason why most of the provisions under Articles 10-13 seek to enhance the level of transparency to which the designated providers are subject, aside from the explanations (and evidence) that they are encouraged to provide vis-à-vis the economic agents depending on them relating to the fairness and reasonableness of their conduct in digital markets.

As a matter of fact, some of these provisions directly or indirectly complement the prescriptive content of the obligations under Articles 5-9 MSCA. For instance, Article 10(i) MSCA aims to ensure that compliance with the prohibited conduct under Article 5 MSCA regarding the unfair use of acquired data does not go unseen. By requiring designated providers to disclose the conditions by which they acquire and use data, the provision seeks to resolve the difficulty of externally verifying how they use acquired data in line with Article 5 MSCA. Besides requiring such disclosures to happen between the operator and the JFTC, Article 10(ii) expands the obligation to reach consumers.

Such complementarity is also evident under Article 12 MSCA, whereby the designated provider for operating systems and browsers must implement the necessary measures to ensure that default settings related to those services can be changed through simple operations. Those measures include displaying a choice screen for selecting a given browser in the terms presented by the Guidelines, following the general premise of Article 8(iii) MSCA.

To round up those transparency obligations, Article 13 MSCA acts as the cornerstone of the designated provider’s compliance solutions. Aside from the obligation to submit a compliance report to the JFTC, the designated providers must implement necessary measures to ensure that third parties (i.e., business users) can seamlessly respond when changes are made to their business model. They must, for instance, disclose the new specifications (aka terms and conditions) applying to their services, within a reasonable period of time, so that these business users can adapt to their content and establish adequate mechanisms for handling complaints. On top of this general obligation, designated providers must also provide sufficient information when a third party’s services have been entirely or partially suspended by the designated provider.

Key takeaways

Japan’s MSCA marks a milestone in Asia’s regulatory approach to digital markets, introducing the first comprehensive ex ante framework designed to curb the dominance of mobile software operators. Unlike similar initiatives in India and South Korea that were stalled by domestic concerns over their broad scope and external trade pressures from the US, Japan’s effort has gained momentum, with the JFTC designating Apple and Google’s key services (including operating systems, app stores, browsers, and search engines) as subject to the regulation. These operators must comply with MSCA obligations by December 18, setting a firm deadline for systemic changes in how their ecosystems interact with app developers, users, and competitors.

What distinguishes the MSCA from its equivalents is its balance between strict obligations and limited flexibility. The law positions itself between the EU’s DMA and the UK’s DMCCA: while the EU model applies a uniform set of remedies to all gatekeepers, Japan allows exceptions only under narrowly defined circumstances, such as cybersecurity or the protection of minors. The obligations themselves, ranging from prohibitions on data misuse, self-preferencing, and app store discrimination (Articles 5-9) to mandates for transparency, portability, and default-setting (Articles 10-13) are both detailed and proactive. The Guidelines explicitly require designated providers not only to comply with these rules but also to demonstrate and disclose how fairness is embedded in their practices, even to third parties.

The emphasis on proactive engagement and transparency makes the MSCA particularly impactful. Operators should explain ranking algorithms, disclose the conditions of data acquisition, and justify the treatment of app developers or alternative app stores with objective evidence. This goes beyond traditional competition law enforcement by compelling dominant players to build fairness into their systems and prove it to regulators, business partners, and users alike. By demanding both compliance and accountability, the MSCA represents a forward-looking regulatory model that not only restricts harmful conduct but also seeks to reshape digital market dynamics toward greater fairness and openness.

________

* The author wishes to thank Sangyun Lee for his review of the piece and the comments and feedback he provided on the original version in Japanese. All errors remain the author's.