In this article, we will introduce AI agents, which have been gaining popularity since 2025, by explaining (1) what an AI agent is, (2) what Web3 AI agents are, and (3) the legal issues surrounding AI agents.
Because AI agents can take over any job, when considering the relationship between AI agents and the law, it is necessary to consider legal issues for all the jobs they perform. However, since it is difficult to cover all of this in a blog, this article first introduces the basic ideas for considering legal issues related to AI agents, and then discusses their relationship with regulation, focusing on financial regulation in particular.
However, we believe that this approach to financial regulation will also be useful to a certain extent when considering legal issues related to other AI agents.
An AI agent is generally an artificial intelligence system that autonomously performs specific tasks. It is capable of processing data from the environment, learning and making decisions as needed, and carrying out tasks without human instruction.
Generally, an AI agent has the following elements:
| (i) Recognition: Processes the external environment and input data to understand the current situation. (ii) Decision-making: Plans actions to accomplish tasks based on data. (iii) Action: Executes actions that bring about changes in the environment based on the plan. (iv) Feedback: Uses the results of execution to learn and improve actions next time. |
This allows AI agents to perform repetitive tasks and make complex decisions on behalf of humans.
AI agents are currently attracting a great deal of attention as they are expected to transform our lives and how we do business.
For example, AI agents are expected to be used in the following applications:
| Examples of AI Agent Uses: (i) Generative AI Creativity Support: Used in creative fields, such as generating text, images, videos, and music. In the media, advertising, and gaming industries, AI is expected to improve production efficiency and create new value. (ii) Personal Assistant: AI can provide support tailored to individual needs, such as life coaching, educational support, and business assistants. Applications that improve daily life efficiency, such as schedule management and health advice, are gaining attention. (iii) Autonomous Use in Finance: AI agents that support asset management and household finances use data to propose optimal investment strategies and savings methods. Automated trading and asset management are also advancing in decentralized finance (DeFi). (iv) Business Process Automation: Automating repetitive tasks such as human resources, finance, and customer service contributes to improving corporate productivity. Data analysis and decision-making support are also areas where AI agents excel. (v) Healthcare: AI agents are used for health management, telemedicine, and disease prediction. In particular, personalized services such as symptom analysis and mental health support are expected. (vi) Autonomous Systems: AI agents are expected to play an active role in handling physical tasks such as robot automation in warehouse management, logistics, and disaster response, as well as self-driving and drone operation. |
AI agents have the potential to enrich our lives and make businesses more efficient, thanks to their personalization and autonomy, and these applications are areas where further advancements are expected in the future.
The following are some specific examples of AI agent use both in Japan and overseas.
| Service name | Provider | Features |
| Fujitsu Kozuchi AI Agent | Fujitsu Limited | An AI agent that autonomously promotes advanced tasks in cooperation with humans. For example, as a conference agent, AI can participate in meetings to share information and propose measures, or as a field support agent, analyze camera footage at manufacturing and logistics sites, propose improvements, and create work reports. |
| Agentforce | Salesforce, Inc | Autonomous AI assistants. For example, Service Agent, part of Agentforce, replaces traditional chatbots with autonomous AI, enabling accurate and fluent conversations with customers 24/7 without pre-programming scenarios. |
| Operator | OpenAI, Inc | AI operates a web browser on behalf of the user, automating everyday tasks. It uses its own browser to navigate web pages and perform operations such as typing, clicking, and scrolling according to the user’s instructions, allowing it to automate tasks such as making restaurant reservations and online shopping. |
| Pactum AI | Pactum AI, Inc. | Walmart has introduced Pactum AI, an autonomous negotiation AI, to automate negotiations with over 100,000 suppliers. It automatically makes proposals in response to requests from suppliers based on pre-specified budgets and priorities, leading to optimal trading terms for both Walmart and the supplier. |
| Waymo Foundation Model | Waymo LLC | Waymo, which operates self-driving taxis, uses a proprietary AI model called the Waymo Foundation Model to enable advanced decision-making, from understanding the surrounding situation to generating driving plans. |
AI agents are said to be compatible with Web3. The integration of Web3 and AI agents is expected to create new possibilities, such as the following:
| Examples of Web3 AI Agent Use Cases : (i) Integration with Decentralized AI Agents and Smart Contracts: AI agents operate smart contracts on the blockchain and execute transactions autonomously. For example, real estate and financial transactions can be completed without an intermediary. ・Operating as part of a Decentralized Autonomous Organization (DAO): AI agents participate in the decision-making process within the DAO, making proposals and voting. (ii)Strengthening User Sovereignty and Protecting Privacy: AI agents process user data locally and securely store personal information in decentralized storage (e.g., IPFS). ・Self-Sovereign Identity (SSI): AI agents leverage users’ SSI to simplify access and authentication to Web3 services. (iii) Automating the Token Economy and Automating Token Trading: AI agents manage and trade assets on behalf of users on a decentralized exchange (DEX). ・Reward Distribution: AI agents receive and redistribute tokens based on the value they generate on the Web3 platform. (iv) Metaverse and AI Agents: AI agents act as virtual assistants within the metaverse. For example, managing land for users or trading NFTs. (v) Utilizing Zero-Knowledge Proofs (ZKPs): AI agents can use ZKPs to provide trust in Web3 applications while protecting privacy. |
One example of a Web3 AI agent that has attracted global attention is AI16Z (ai16z), a decentralized AI investment fund built on the Solana blockchain that utilizes AI agents to autonomously conduct investment activities.
| Project name: ai16z Platform: Solana Blockchain Features: ・AI collects and analyzes market information and automatically executes token transactions taking into account community consensus. ・Uses decentralized governance that allows investors to participate in project management and decision-making through tokens. ・Blockchain technology ensures the transparency and reliability of investment activities. AI Agent “Eliza”: ・An AI agent responsible for planning and executing investment strategies. ・Released as open source, it can also be deployed by third parties. |
The name ai16z is a play on Andreessen Horowitz (a16z), a well-known Silicon Valley VC, but ai16z and a16z are unrelated.However, on October 27, 2024, Marc Andreessen, one of the founders of a16z, posted “GAUNTLET THROWN” on X (formerly Twitter) and mentioned the T-shirt worn by ai16z’s main avatar, which caused the name of ai16z to spread rapidly1.
Furthermore, in early January 2024, ai16z’s market capitalization temporarily exceeded 300 billion yen, growing more than 100 times in three months. As a result, by early January 2025, the company had become a hot topic worldwide and in the case of a personal injury accident was also a major topic of discussion on AI agents on Japan’s X (formerly Twitter).However, perhaps due to overly high expectations, the price has fallen sharply, with the market capitalization falling to around 50 billion yen, indicating extremely speculative price movements.
| 1 AI Agents and Legal Regulation (Basic Concept) (i) The word “agent” in AI agent translates to “proxy” in Japanese. Even if a service called an AI agent does not strictly qualify as an “agent” in the legal sense, it typically refers to an entity that performs specific tasks “on behalf of” a human. (ii) When considering regulations applicable to AI agents, we first consider (1) what regulations would be imposed if a human were to perform similar actions, (2) whether any regulations would be imposed on the user if the user were to perform such actions using AI, and (3) whether any regulations would be imposed on the business if the business provides the AI to users. (iii) Note that, in cases such as DAOs, if the AI agent can be said to operate completely autonomously and without human involvement, there is room to consider that legal regulations do not apply in the first place. However, since it is often unclear whether there are no operators who would be subject to regulation, careful consideration is required. 2 Relationships between AI Agents and Users, and Relationships between AI Agent Providers and Users (i) When a part of a task is delegated to a human, it can take the form of ① outsourcing (quasi-agency or subcontracting), ② labor dispatch, or ③ employment. However, when a part of a task is delegated to an AI agent, no contractual relationship arises between the AI agent and the user; the human is simply effectively using the AI agent. (ii) The relationship between an AI agent provider and its user is governed by contractual relationships, such as a service agreement (e.g., SaaS) or a system development agreement for the AI agent. 3 AI Agent Errors and Liability (i) Discussion of Holding Providers Liable The relationship between an AI agent provider and its user is governed by contracts and regulations. If an AI agent malfunctions, the service provider providing the AI agent may be held liable for breach of contract or other issues. (ii) Ordering Errors by an AI Agent (Unauthorized Orders or Unauthorized Agency) ①If an AI agent managed by a user places an incorrect order, the effects of the order generally belong to the user. Depending on the instructions given to the AI agent, its behavior, settings, and management status, there is theoretically room for consideration of canceling an order due to error. However, from the perspective of transaction security, such a claim would likely only be accepted in extremely limited cases. ②For AI agents managed by others, the issue is whether the AI agent provider acted without authorization. Regarding apparent agency, for example, if an AI agent is given a password or has order authority and transacts beyond that authority, the other party will have no choice but to consider the transaction legitimate, and apparent agency would essentially be established. ③For example, if an AI agent provided by a financial institution such as a cryptocurrency exchange or securities company malfunctions and places an erroneous order, a user may be able to sue the financial institution for damages or claim cancellation due to error. Therefore, although it would reduce convenience, taking measures such as requiring a human (user) to personally confirm the final order details would be effective in addressing the risk of erroneous orders. (iii) Liability for Damages Caused to Others through the Use of AI Agents For example, if damages are caused to others through the use of an autonomous driving AI agent, who is liable? ① The driver of an autonomous vehicle owned by the user may be liable for damages under the Automobile Liability Act or the Civil Code; ② The automobile manufacturer may be liable for damages under the Product Liability Act (PL Act); and ③ The software provider providing the AI agent may be liable for damages under the Civil Code. 4 Web3 AI Agents and Financial Regulation (i) If an AI agent trades cryptocurrencies or stablecoins on behalf of users on a DEX, it is necessary to consider whether regulations for cryptocurrency exchanges and electronic payment instruments trading businesses apply to the provider of the AI agent. While mere assistance to users is not subject to regulation, if the AI agent is deemed to act as an intermediary, it may become subject to regulation. (ii) Investment advisory and management services for spot trading of cryptocurrencies and stablecoins are currently not subject to regulation under the Financial Instruments and Exchange Act. Therefore, even if an AI agent is conducting such transactions, these regulations are generally not applicable. On the other hand, investment advisory and management services for cryptocurrency and stablecoin “derivative trading” are subject to regulation under the Financial Instruments and Exchange Act. Even when services are provided by AI agents, the provider may be subject to regulations under the Financial Instruments and Exchange Act. (iii) If a GK uses an AI agent to trade spot cryptocurrency or stablecoins when conducting fund management operations, such as in a GK-TK scheme, regulations under the Crypto Asset Exchange Business and Electronic Payment Instruments Business may not apply. On the other hand, if another company receives investment discretion from the GK and uses an AI agent to conduct such operations, regulations under the Crypto Asset Exchange Business and Electronic Payment Instruments Business may apply. 5 Other Laws (i) When an AI agent provides customer service, measures must be taken keeping in mind the warnings regarding AI issued by the Personal Information Protection Commission. In relation to Article 4 of the Consumer Protection Act, measures must be taken to prevent hallucination. |
The “agent” in AI agent is translated as “representative” in Japanese. Services called AI agents usually refer to entities that perform specific tasks “on behalf of” humans, even if they do not fall under the strict legal definition of a “representative.”
When considering regulations that may apply to AI agents, consider the following steps:
(i) Consider what legal issues would arise if a human were to perform a similar act.
(ii) Then, consider whether any regulations would be imposed on users if they were to perform such acts using AI.
(iii) Consider whether any regulations would be imposed on businesses that provide the AI to users.
As mentioned above, AI agents are sometimes translated as “agents,” but since they are neither people nor corporations, under current law, AI agents themselves are not subject to regulation. Instead, the natural persons and corporations that use or provide them are.
In relation to this “natural persons and corporations are subject to regulation,” particularly in the context of DAOs, if an AI agent can be said to operate completely autonomously and without human involvement, the question arises as to whether legal regulations would not apply in the first place. However, since it is often unclear whether there are no operators who are completely subject to regulation, we believe that careful consideration is necessary2.
Currently, there are no laws that generally prohibit the provision or use of AI agents, so whether or not the current regulations that apply to natural persons and legal entities apply to each individual act must be considered.
In relation to point 2 above, even if we translate “agent” as “representative,” AI is neither a natural person nor a legal entity, and AI itself cannot be the subject of rights or obligations.
Therefore, for example, when an AI agent makes a mistake, the AI itself is not liable, but the user or the AI agent provider is.
AI agents are automating a variety of tasks.
First, when a person delegates part of a task to another person, a contract of the following form is concluded.
| Relationships between people (i) Outsourcing (quasi-agency/subcontracting) ● Generally suitable when outsourcing short-term work. ● Contracting (Article 632 of the Civil Code) is used when a specific output or task is required to be completed, and quasi-agency (Article 656 of the same Code) is used when a specific task is required to be performed. ● Main relevant laws and regulations: Subcontracting Act, Antimonopoly Act, Freelance Act, etc. (ii) Worker dispatching ● Generally suitable when temporarily supplementing one’s own staff. ● Workers are employed by the dispatching company and perform work at the dispatched company. ● Main relevant laws and regulations: Worker Dispatch Act, etc. (iii) Employment (Article 623 of the same Code) ● Generally suitable when securing a stable workforce for ongoing work. ● Main relevant laws and regulations: Labor-related laws and regulations such as the Labor Standards Act. |
On the other hand, under current law, the relationship between humans (users) and AI agents is merely that between humans and the software and hardware (that construct the AI agent) and is not a contractual relationship; it is merely a relationship in which humans are effectively using the AI agent.
AI agents are generally developed by companies, and many users either receive ready-made AI agents from those companies or commission the development of AI agents to those companies.
This relationship can be summarized as follows:
| (i) Obtain a license to use the AI agent provided by a service provider such as a SaaS service provider and use it in compliance with the terms of use. (ii) Develop, install, and operate an AI agent system for your company. |
If a user suffers damage due to a malfunction of an AI agent, the following liability claims and defenses may be taken:
| The user’s argument: ・Based on the contents of the SLA (Service Level Agreement), etc., the user may seek compensation for damages (Article 415 of the Civil Code) or terminate the contract (Articles 541 and 542 of the Civil Code). The service provider’s possible arguments: ・There are exemptions and limitations on liability based on the terms of use; ・The service provider is not at fault (Article 415, Paragraph 1, of the same law); ・The user is also negligent (Contributory Negligence, Article 418 of the Civil Code). |
For example, if a person asks another person to purchase Bitcoin and gives them authority to do so, but the agent ends up purchasing Ethereum, this will be considered unauthorized agency, and in principle the effects of the contract will not belong to the principal.
The main legal issues that arise when unauthorized agency occurs are as follows:
| ● Ratification of unauthorized agency (Articles 113 and 116 of the Civil Code) ● Liability of unauthorized agent for performance or damages (Article 117 of the same Code) ● Application of apparent agency (Article 110 of the same Code) ➡ If the counterparty has “legitimate reasons” to believe that the principal has the authority of agency, the effects of the contract may belong to the principal. For example, if the agent has the means to prove the authority of agency (possession of a registered seal or power of attorney, etc.). However, in the following cases, if the counterparty does not conduct an appropriate investigation or confirmation of the existence of the authority of agency, it may be determined that there is no “legitimate reason” and the apparent agency may not be established. ✓ If there are signs of tampering with the power of attorney ✓ If the seal on the power of attorney is a cheap seal ✓ If the transaction is disadvantageous to the principal |
Since AI agents are programs that operate based on user instructions, orders placed by AI agents are generally considered to be an expression of the user’s intention, and the effects of such orders are also considered to belong to the user.
However, there are also cases where an AI agent places an order that differs from the user’s true intention, and in such cases, the question arises as to whether the effects of the order belong to the user.
In this regard, it may be necessary to consider whether the user can revoke the expression of intention as a “mistake” (Article 95 of the Civil Code). There are two cases of mistake:
| 1. Mistake resulting in a lack of intention corresponding to the manifestation of intention (Article 1, Paragraph 1, Item 1) In principle, rescission is possible if the mistake concerns an important matter. 2. Mistake resulting in an untrue understanding of the circumstances that formed the basis of the legal act (Article 1, Paragraph 2) In principle, rescission is possible only if the mistake concerns an important matter and the circumstances were disclosed to the other party. |
(a) When the user’s instructions and the order result match
For example, if a user intends to “purchase cryptocurrency at the discretion of an AI agent” and issues such instructions, resulting in the purchase of an unexpected type and quantity of cryptocurrency, since the user’s intention to “purchase cryptocurrency at the discretion of an AI agent” and the result match, it can be said that there is a user intention corresponding to the expression of intention (the AI agent’s order), and unless the other party is informed that “the user thought the AI agent would operate within the user’s expectations,” it is likely to be difficult to cancel the order due to mistake (paragraph 2 of the same article).
(b) When the user’s instructions and the order result do not match
On the other hand, if the user gives specific instructions specifying the type and quantity, and the AI agent places an order for a different type and quantity, it seems theoretically possible to argue that the cancellation was due to mistake, on the grounds that the user’s intention (the AI agent’s order) does not correspond to the expression of intention.
However, if such cancellations were easily permitted, it would likely seriously undermine the safety of transactions. Therefore, Article 95, Paragraph 3 of the Civil Code stipulates that cancellations cannot be made if the user is “grossly negligent.” For example, if there is a setting error or improper management of the AI agent, the user could be found to be “grossly negligent” and the cancellation could be denied. In the case of orders placed by a company, it may even be considered “gross negligence” if the user does not check the specific order contents themselves after using the AI agent.
(c) Special provisions for electronic consumer contracts
When consumers place orders using AI agents, Article 3 of the Electronic Consumer Contract Act (Act on Special Provisions of the Civil Code Concerning Electronic Consumer Contracts) is likely to apply. This Act, because of the high incidence of ordering errors in internet transactions, allows cancellation in the following cases in principle:
| ① Orders made by mistake (e.g., pressing the “Buy” button by mistake) ② Orders made by incorrect input (e.g., entering the wrong quantity) ③ Orders made differently from your intention due to automatic input or incorrect operation |
Even when using an AI agent, if a consumer conducts a transaction using a computer in accordance with the procedures displayed on a computer screen by a business operator, this will be considered an electronic consumer contract (Article 2, Paragraph 1 of the same Act), and it is considered that this article also applies to transactions using an AI agent.
However, this exception will not apply if a business takes measures to request confirmation of the consumer’s intention, as described below.
| ① When a final confirmation pop-up asking “Do you want to confirm your purchase?” is displayed. ② When a confirmation screen is set up via the cart instead of one-click purchasing. ③ When the intention to purchase is confirmed using a system such as two-factor authentication. |
Furthermore, if a consumer uses an AI agent to conduct a transaction without taking the necessary confirmation measures, this may fall under the provision of the same article, “where the consumer expresses their intention to the business operator that they do not need to take such measures,” and the special provisions may no longer apply. In such cases, cancellation due to mistake is generally not permitted.
If an AI agent provided by another party is used and the AI agent conducts a transaction that the user did not intend, the issue of unauthorized agency by the AI agent provider may arise. When
the AI agent provider is an unauthorized agent, the following particular issues arise regarding the success or failure of apparent agency.
| ●In a typical agency relationship, whether the agent has a registered seal or a power of attorney is the key to determining whether there is “reasonable cause” to believe in the existence of agency authority over the other party. ●In the case of AI agents, transactions are digitalized, and it is common for there to be no use of a registered seal or presentation of a power of attorney. |
Therefore, the question arises as to what constitutes a “legitimate reason” for the trading partner. If the AI agent is given, for example, a password or authority to place an order and uses it to place an order, the other party will basically have no choice but to believe that a legitimate transaction has been made, and it would appear that apparent agency would be established.
Column: Cases of erroneous orders made by AI agents provided by financial institutions such as cryptocurrency exchanges and securities companies and available within their services. |
|
1. When the counterparty is a third party. 2. When the counterparty is the financial institution itself. 3. Implementing User Confirmation as a Risk Avoidance Measure |
If another party suffers damages related to the malfunction of an AI agent, the provider of the AI agent or the user of the AI agent may be liable for damages.This point is particularly noteworthy as an example of the use of AI agents, and autonomous driving is a typical use case in which the use of AI agents could cause harm to others. In autonomous driving, an AI agent will be responsible for driving the car, but legal liability in the event of an accident may differ between when a human is driving and when an AI is driving.
In the event of a personal injury accident, the car owner or other operator (a person who operates a car for themselves) will be held liable under Article 3 of the Automobile Liability Insurance Act (Automobile Liability Insurance Act) in addition to tort (Article 709) of the Civil Code. When claiming damages under Article 3 of the Automobile Liability Insurance Act, the victim does not need to prove the driver’s negligence. Under Article 3 of the Automobile Liability Insurance Act, the operator can be exempt from liability if they meet all of the following three exemption requirements:
| (a) The driver and the victim were careful in operating the vehicle. (b) The victim or a third party other than the driver acted intentionally or negligently. (c) The vehicle had no structural defects or functional impairments. |
Since the Automobile Liability Act does not apply to property damage accidents, victims must file a claim for damages based on tort liability in Article 709 of the Civil Code. In this case, the victim must prove the driver’s intent or negligence.
Even if an accident resulting in injury or death occurs due to the autonomous driving of an AI agent, the Automobile Liability Act is generally considered to apply.3 If there is a malfunction in the system of a fully autonomous driving AI agent, the victim may be entitled to claim damages from the operator under the Automobile Liability Act, as it would not meet requirement (c) of the above exemption requirements.
We believe that operators who have paid compensation and insurance companies who have paid insurance claims due to system failures caused by AI agents will seek compensation from automobile manufacturers, AI system software providers, and others.
In the case of property damage accidents, Article 3 of the Automobile Liability Act does not apply, so claims for damages based on tort liability will be made against the driver, etc. However, with fully autonomous driving, there will be no driver error, etc., so it will be difficult to hold the driver responsible for intent or negligence, and it may be difficult to recognize the driver’s liability for damages.
In this case, if there is a problem with the AI agent system, the victim may seek liability from the automobile manufacturer or software developer that provides it, as follows:
Victims may file a claim for damages against the automobile manufacturer under Article 3 of the Product Liability Act (PL Act).
The PL Act imposes strict liability on manufacturers when a defect in a product causes damage to life, body, or property. However, there are also the following issues:
| ● Software itself is not movable property, so it does not fall under the category of “products” under the Product Liability Act. However, if a vehicle incorporating the software is deemed to have a defect, the automaker may be held liable under the Product Liability Act.4 ● Because AI-based self-driving systems are sophisticated and complex, it may be difficult for victims to prove a “defect” and a “causal relationship.”● Product liability is recognized based on defects that existed at the time of delivery by the manufacturer, etc., so if a defect occurs due to a software update performed remotely after the vehicle is delivered, product liability may not be recognized. |
Victims may seek compensation for damages against software companies that provide AI agents, citing defects in the AI agents. In this case, because software is an intangible object and therefore product liability does not apply, victims may pursue tort liability under Article 709 of the Civil Code.
In this case, the victim will need to prove the software developer’s intent or negligence, so the hurdle for claiming compensation is likely to be higher than in cases where damages are claimed under Article 3 of the Automobile Liability Act or Article 3 of the Product Liability Act.
In this section, we will consider how financial regulations apply to AI agents in Web3, following the ideas in Section III above. Although we will be examining this in the context of Web3, similar ideas also apply to financial AI agents, such as stock investment AI agents.
It is conceivable that AI agents will trade crypto assets and stablecoins on behalf of users on decentralized exchanges (DEXs). Utilizing such a system is expected to bring the following benefits:
| ● Fast trading through real-time market analysis ● Data-driven decision-making that is not influenced by human emotions |
On the other hand, when conducting such transactions, it is necessary to consider whether there are any regulations regarding crypto asset exchange businesses, etc.
When buying and selling cryptocurrencies and stablecoins (which are linked to the value of legal tender and redeemable at face value), it is necessary to consider the application of regulations regarding crypto asset exchange businesses (Article 2, Paragraph 15 of the Payment Services Act) and electronic payment instruments trading businesses (Article 2, Paragraph 10, Item 2 of the same Act).
Under the law, trading crypto assets as a mere investor does not constitute a “business” and is not subject to regulation. 5 On the other hand,
sales to the general public or acting as an agent for sales to the public are subject to regulation.
Even if an AI agent buys and sells cryptocurrencies or stablecoins on behalf of a user, there are no particular regulations for the user if the AI agent is used for the user’s own investment purposes.
Also, even if there is a company that provides an AI agent to place buy and sell orders, there are likely to be no regulations if the agent simply assists users with the administrative procedures for buying and selling.
On the other hand, AI agents could act as intermediaries, for example, to easily connect users to DEXs.6 and is deemed to be managed and operated by a party other than the user, the provider of the AI agent may be subject to regulations on crypto asset exchange businesses and electronic payment instrument trading businesses (intermediary regulations).
In the Web3 field, AI agents can develop investment strategies and provide investment advice and asset management services related to spot trading of crypto assets and stable coins, as well as derivative trading of crypto assets and stable coins.
In this section, we will explain the main legal issues that must be considered when AI agents provide such investment services, comparing them with when provided by humans.
When providing investment advisory and management services, different legal regulations apply.
Investment advisory services refer to the business of providing advice on investment decisions regarding securities and derivative transactions by entering into a contract (investment advisory contract) for providing investment advice and receiving compensation.
The key points of regulation are as follows:
| ●Registration as an investment advisory and agency business is required under the Financial Instruments and Exchange Act (Article 2, Paragraph 8, Item 11, Paragraph 3, Item 1, Articles 28 and 29 of the Financial Instruments and Exchange Act). However, advice provided free of charge is not subject to regulation. ●Advice regarding spot trading of crypto assets and stable coins is not subject to regulation. ●Advice regarding derivative trading of crypto assets and stable coins (which fall under electronic payment methods) is subject to regulation. ●It is necessary to be aware of whether the advice is for spot trading or derivative trading. |
Investment management services are primarily considered to be (a) businesses that invest capital contributions from fund holders primarily in securities and derivative transactions (fund management businesses), and (b) businesses that invest and manage securities and derivative transactions after being entrusted with the authority to make investment decisions and manage assets by customers (discretionary investment businesses).
Key points of the regulations are as follows:
| ●Registration as an investment management business is required (FIEA Article 2, Paragraph 8, Item 12 (b), Article 2, Paragraph 8, Item 15, Article 28, Paragraph 4, and Article 29). Even if the service is provided free of charge, it is subject to regulation if it constitutes a “business.” ●(a) With regard to fund management business, self-offering generally requires registration as a Type II Financial Instruments Business (FIEA Article 2, Paragraph 8, Item 7, and Article 28, Paragraph 2, Item 1). However, there are exceptions, such as Special Business for Qualified Institutional Investors, etc. (FIEA Article 63). ●(b) If customer assets are entrusted to custody through discretionary investment business, registration as a Type I Financial Instruments Business is also required (FIEA Article 28, Paragraphs 5 and 1, Item 5, Article 29, and Article 42-5). ●If the investment target is spot trading of crypto assets or stable coins (in the case of (a) fund management business, if the investment target is “primarily”), it does not constitute an investment management business. On the other hand, if the investment target is derivative trading of crypto assets or stable coins (which constitutes an electronic payment instrument), it is subject to regulation as an investment management business. ●GK-TK Scheme7, all investments made by anonymous partners belong to the assets of the GK (operator) (Article 536, Paragraph 1 of the Commercial Code), and the GK conducts business in its own name. Therefore, (a) if the GK buys and sells spot crypto assets based on its fund management business, it is generally considered to be a transaction for the purpose of self-investment and therefore does not require registration as a crypto asset exchange business.8 In the case where the investment target is a physical stablecoin, it is considered to be a parallel case and would not be considered an electronic payment instruments trading business. ●(b) In the case of a GK-TK scheme, etc., where a GK entrusts investment operations to another company and the other company also buys and sells crypto assets and stablecoins, there is a possibility that it will be subject to regulations for crypto asset exchange businesses and electronic payment instruments trading businesses.9 |
When an AI agent provides investment advisory or management services, the question arises as to whether that business is subject to financial regulations. Generally, it is thought that the application of regulations to those who provide AI agents will be considered.
The key points of regulation are generally the same as when a human does the work, but the following points are particularly important in the case of AI agents.
| ●Even when holding customer funds for discretionary investment management, there is a possibility that registration as a Type I Financial Instruments Business may not be required if the customer funds are held in a smart contract that is not operated by the AI agent provider. ● After the AI agent is provided, it may not be subject to regulation, especially if the AI agent operates completely autonomously as a DAO, without the developer being involved in its operation, and investment management is automatically executed by smart contract. |
AI agents could potentially act as virtual assistants, assisting with sales and answering inquiries. For example, when selling products or services within the metaverse, avatars equipped with AI agents could be expected to automatically provide customer service.
In this section, we will discuss the main legal issues surrounding AI agents providing customer service, comparing them with traditional human services.
When humans handle customer interactions, they must comply with laws and regulations, for example, from the following perspectives:
(a) Handling of personal information
When acquiring and using personal information when dealing with customers, you must comply with the following rules of the Personal Information Protection Act.
| ● Specify the purpose of use as clearly as possible (Article 17, Paragraph 1 of the Personal Information Protection Act) ● Do not use personal information beyond the scope of the specified purpose (Article 18, Paragraph 1 of the same Act) ● Notify or publicize the purpose of use to the individual (Article 21, Paragraph 1 of the same Act) |
(b) Consumer protection regulations
When explaining services or providing information to consumers, you must comply with the following regulations based on Article 4 of the Consumer Contract Act.
| ●Do not give false explanations about important matters. ●Do not provide definitive judgments about uncertain future matters. ●Avoid intentionally or through gross negligence withholding facts that are detrimental to consumers. |
In the event of any of these breaches, the consumer has the right to cancel the contract, so it is important to provide accurate and sufficient information.
(a) Handling of personal information
Even when AI agents deal with customers, they must handle personal information with care.
The Personal Information Protection Commission has issued a warning to OpenAI service providers, including that they must “notify or publicly announce, in Japanese, the purpose of use of personal information of users and other individuals,” and that they must not acquire sensitive personal information without the consent of the individual.10 In addition, the government has issued a warning to businesses that use generative AI to handle personal information, stating that “when a business handling personal information inputs prompts containing personal information into a generative AI service, it must fully confirm that the input is within the scope necessary to achieve the specified purpose of use of the personal information.”11
When handling personal information using AI agents, it is necessary to keep these precautions in mind.
(b)Hallucination by AI agents
From the perspective of complying with Article 4 of the Consumer Contract Act, etc., there is a risk of “hallucination,” where an AI agent provides insufficient information or gives incorrect answers based on insufficient training data or outdated information.
The following measures can be considered to prevent this problem.
| ● Continuously train the AI agent using the latest and most accurate learning data. ● Implement a feedback function that allows consumers to report misinformation. ● Operators should check the AI agent’s responses as appropriate and make corrections as necessary. |
Reservations:
In recent years, quantum computers and other “quantum technologies” have rapidly been attracting attention. Specifically, quantum technology is expected to bring about high computing power and innovations in encryption technology that surpass conventional information technology, and various parties both in Japan and overseas are working on its practical application.
On the other hand, new issues are emerging, such as the risk of existing encryption being broken, and it is expected that there will be an increasing number of situations in which quantum technology will be required in national security, cybersecurity, and contract practice. This article focuses on quantum computers as a representative example of quantum technology, providing an overview of quantum computers and summarizing the main points of contention under current Japanese law.
| [Author Profile] Passed the bar exam in 2010. Professional experience includes system procurement and risk management at the Bank of Japan, with additional roles in the finance and international relations departments. Earned an MBA from INSEAD. Currently engaged in Web3, fintech, and other startup and corporate legal matters at So Sato Law Offices. Participated in the “Q-Quest” human resource development program under the Ministry of Education’s “Light and Quantum Leap Flagship Program,” and received an award in the program’s business contest. Since completion of the program, has been exploring opportunities in quantum business and gaining insights into quantum technology from a business perspective. |
| 1. National Security Legislation ・Foreign Exchange and Foreign Trade Act: With the revision of Cabinet Orders and Ministerial Ordinances in 2024 and 2025, quantum computers and related items will be subject to export and technology transfer permission. The restrictions are currently expanding, and manufacturers and others need to continue to pay attention to the restrictions. ・Economic Security Promotion Act: “Quantum information science” has been designated as a specific important technology and will be subject to research and development support through public-private councils and large-scale subsidies. In addition, quantum technology is not currently subject to the “patent non-disclosure system,” but there is a possibility that this will change in the future. ・Act on the Protection and Utilization of Critical Economic Security Information To be enacted in May 2025. It will establish a mechanism for protecting and utilizing information related to important infrastructure and important material supply chains. In relation to these, quantum technology-related information may also be subject to strict management as “important economic security information” (however, this will only be limited to government-held information). 2. Cybersecurity Legislation: Although the current law does not directly mention quantum technology or Post-Quantum Cryptography, if the threat of the spread of quantum computers increases, measures based on existing laws may be required. Movements have already begun at the guideline level, with the Financial Services Agency’s guidelines to specify attention to quantum computers in October 2024, and a request to major and regional banks to quickly switch to Post-Quantum Cryptography in May 2025. 3. Contractual issues regarding the use of quantum computers It may become necessary to stipulate in contracts the scope of liability and disclaimer clauses (probabilistic results, potential errors, etc.) that differ from those for classical computers in terms of the challenges and characteristics unique to quantum computing. Given the large scale and high cost of actual machines, cloud-based quantum computing is the general method of use, but there is no established standard for quality assurance (error rate, uptime, etc.). Companies are publishing various indicators of quality. |
Quantum computers use quantum properties such as “superposition”, “entanglement”, and “quantum tunneling” to perform calculations, which are expected to enable calculations that are significantly faster than conventional computers (known as classical computers) for certain problems.
| [Terminology] ・Quantum Superposition: Classical computer bits can only be in the “0” or “1” state, but quantum bits can be in the “0 and 1” state at the same time. For example, while a coin is spinning, it is not yet clear whether it will land on heads or tails. This superposition allows a quantum computer to process multiple calculation patterns in parallel with one quantum bit, achieving significantly faster calculations than classical computers in certain tasks. ・Quantum Entanglement: A phenomenon in which multiple quantum bits remain in linked states. For example, when two quantum bits are entangled, measuring one of them instantly determines the state of the other, regardless of distance. It is expected that this property can be used to link bits together to perform complex parallel calculations and realize highly secure quantum cryptography. ・Quantum Tunneling: A phenomenon in which quantum mechanical properties allow the “slip-through” of energy barriers that cannot be overcome in classical physics. In optimization problems, slipping through the “mountains” between the valleys rather than overcoming them makes it easier to reach the optimal solution, enabling efficient search. |
There are two main types of quantum computers: Gate-Based Quantum Computers and Quantum Annealers.
| Method | Basic principles/properties | Main applications | Representative companies |
| Gate-Based Quantum Computer | Using quantum “superposition” and “entanglement,” complex problems can be calculated in parallel for high-speed processing | Versatile quantum algorithms support a wide range of applications (e.g., chemical simulation and machine learning) | Google (superconductivity), Intel (semiconductors), IonQ (ion traps), PsiQuantum (light), QuEra Computing (neutral atoms) |
| Quantum Annealer | Using quantum “quantum tunneling” to explore the lowest energy state | Specializing in optimization problems (logistics route optimization, portfolio optimization, etc.) | D-Wave Systems |
The Gate-Based Quantum Computers are “general-purpose quantum computers” that can execute general-purpose quantum algorithms. Various methods are being researched, including superconductivity, semiconductors, ion traps, light, and neutral atoms. However, mainstream technology has not yet been established, and there are issues such as error correction before it can be put into practical use. In contrast, the Quantum Annealers are specialized for combinatorial optimization problems, and D-Wave Quantum Inc. provides commercial machines. In general, when people say “quantum computer,” they are often referring to the Gate-Based Quantum Computers, but the terms are used differently depending on the application and implementation technology.
| Method | How qubits work | Advantage | Issue | Representative companies, research institutes and universities |
| Superconducting approach | By passing microwaves through a superconducting circuit, two states of electric current or magnetic flux are converted into quantum bits. | High-speed gate operation * – Existing semiconductor manufacturing technology can be applied |
– Noise and errors are likely to occur – Extremely low temperature (close to absolute zero) environment required |
[Internet] Google, IBM, RIgetti [Japan] Fujitsu, NEC, RIKEN, National Institute of Advanced Industrial Science and Technoology |
| Semiconductor approach | Utilizing the state of electrons and spin in semiconductors such as silicon | – High compatibility with CMOS technology, making it easy to achieve large-scale integration in the future | – Quantum bits have a short coherence time, making them difficult to control | [Overseas] Intel, Equal1, Diraq, UNSW University of Sydney [Japan] Hitachi, RIKEN, National Institute of Advanced Industrial Science and Technology, bulueqat |
| Ion trap approach | Ions suspended in a vacuum are manipulated with a laser to turn their internal states into quantum bits | – Long coherence time and high gate accuracy | – The equipment tends to become large, making it difficult to arrange many quantum bits. | [Overseas] IonQ, Quantinuum, AQT, Oxford Ionics, Universal Quantum [Japan] RIKEN, National Institute of Advanced Industrial Science and Technology, Qubitcore |
| Photonic approach | Converting the state of a photon, such as its polarization or path, into a quantum bit | – Operates at room temperature – High compatibility with quantum communication and networks |
– Large-scale integration and error correction technologies are still in development – Photon source and detector are issues |
[Overseas] PsiQuantum, Xanadu [Japan] NTT, RIKEN, University of Tokyo, OptQC |
| Neutral Atom approach | Utilizing the internal state and configuration of neutral atoms cooled and aligned by laser | – It is relatively easy to arrange a large number of quantum bits, making it highly scalable. | – Gate operation is slow – High precision laser control is required |
[Overseas] Computing, Pasqal, Infleqtion, Atom [Japan] National Institute of Advanced Industrial Science and Technology, Institute for Molecular Science, Kyoto University, Yaqumo |
*Gate operation: A basic operation in which a quantum bit is given a certain stimulus (such as a microwave pulse or laser pulse) to change its state, and corresponds to the logical gates (AND/OR/NOT, etc.) of a classical computer. Examples include the X gate (which swaps the quantum bit’s 0 and 1) and the H (Hadamard) gate (which puts the quantum bit into a superposition state). The key to developing quantum hardware is to perform these gate operations quickly and with high precision.
On the other hand, Quantum Annealers are specialized for “combinatorial optimization” and cannot perform general-purpose calculations, but it is more advanced in practical use than Gate-Based Quantum Computers. In addition to the commercial machine provided by D-Wave, a Canadian company, “Quantum-Inspired Annealing” (Fixstars Amplify AE, Fujitsu Digital Annealer, etc.), which reproduces the behavior of classical computers in a pseudo-manner, has also been developed.
In January 2025, NVIDIA CEO Jensen Huang said that it would take about 20 years to realize a practical quantum computer, causing a sharp drop in quantum-related stocks in the United States. This is thought to be a forecast referring mainly to Gate-Based Quantum Computers, and at the time of writing this article (end of May 2025), many experts believe that it will take a considerable amount of time before they can be put to practical use. The main reason is that errors (decoherence due to external noise) that occur in the process of maintaining “superposition” and “entanglement” in Gate-Based Quantum Computers are serious, and advanced “error correction” technology is essential to resolve this. However, it is still thought that a considerable amount of time will be required to establish error correction technology, which is the background to the view that it will take 10 to 20 years.
However, research and development of various Gate-Based Quantum Computer approaches are accelerating around the world, and in Japan, large companies, startups, research institutes, and universities are competing to develop actual machines. In addition, commercial machines for the Quantum Annealers are already in widespread use, and an environment for online use has been established. In this way, quantum technology is not a “Matter of the distant future”, but technology that is currently being implemented in society.
| Field | Examples of usage scenarios |
| Finance and Economics | – Portfolio optimization (instantly calculate optimal allocations from a huge number of combinations) – Accelerating risk evaluation and price simulation |
| Logistics and Supply Chains | – Optimization of vehicle routes and warehouse layouts – Planning optimal transportation and movement routes during disasters and peak demand |
| Energy Smart Grid | – Optimization of power grid supply and demand – Real-time control taking into account fluctuations in renewable energy |
| Material Design and Drug Discovery | – Predict the properties of battery materials and candidate drug molecules with high accuracy using quantum chemical calculations |
| Healthcare Genomics | – Accelerating gene sequence analysis – High-precision prediction of protein structure |
| Weather and Climate Simulation | – High-resolution calculations of atmosphere-ocean models – Scenario evaluation of greenhouse gas reduction measures |
| Machine Learning and AI | – Quantum reinforcement learning to achieve high accuracy even with small data sets and to accelerate generative AI learning |
In the fields mentioned above, there are hopes for the realization of “quantum supremacy,” which would enable calculations that would take years on classical computers to be completed in a short time. However, quantum supremacy does not necessarily come with benefits; it also comes with risks to existing technologies. A typical example is the weakening of encryption technology, and there are concerns that quantum computers may be able to crack conventional public key cryptography.
| Cryptanalysis | If practical-scale quantum computers were to become available, currently widely used public key cryptography such as RSA and elliptic curve cryptography would be decrypted in a short time, threatening to instantly undermine the security of all aspects of society, including Internet communications and electronic payments. |
Current encryption technology is based on mathematical problems that are difficult to decrypt using classical computers, but when quantum computers become practical, they may be decrypted in a short time using techniques such as “Shor’s algorithm.” This puts public key cryptography, which is used in every aspect of business and daily life, at risk, and is also thought to affect blockchain, which is based on tamper resistance. Furthermore, a method known as the “Harvest Now, Decrypt Later attack” has been pointed out as a risk of intercepting and storing data at present, and then decrypting it all at once in the future when quantum computers become practical. For this reason, there is an urgent need to transition to “Post-Quantum Cryptography (PQC),” which is difficult to decrypt even with a quantum computer. In the United States, the National Institute of Standards and Technology (NIST) selected several PQCs as candidates for standardization in August 2024, and has continued to consider them since then. In Japan, CRYPTREC (Cryptographic Technology Evaluation Committee), which evaluates and monitors cryptographic technologies, will publish the “CRYPTREC Cryptographic Technology Guidelines (Post-Quantum Cryptography) 2024 Edition” at the end of March 2025.8, which provides technical explanations, evaluations, and implementation guidance for various PQCs. Since encryption technology is the foundation of all services, each business operator needs to pay close attention to the standardization trends of these PQCs and begin preparations early.
Overseas, major countries are making large-scale investments in quantum technology, and some countries are also focusing on developing legal infrastructure. Japan must also keep a close eye on these trends and strive to balance its international competitiveness with issues such as cybersecurity and national security.
| Country | Trends |
| US | In 2018, the federal government passed the National Quantum Initiative Act, which allows the federal government to work to promote quantum R&D and build a system for developing human resources. |
| EU | The EU has launched a large-scale project worth 1 billion euros called the “Quantum Flagship” and is leading research and development into quantum computers and quantum communications. |
| China | The nation is investing heavily in research and development of quantum communications and quantum computers, with a particular emphasis on applications in the military and security fields. |
In Japan, at the time of writing this article (end of May 2025), there is no specific law targeting quantum technology. Looking at other cutting-edge technology fields, various regulations have already been imposed on blockchain (crypto assets, etc.), and in May 2025, the Act on Promotion of Research, Development and Utilization of AI-Related Technologies was passed with the aim of promoting utilization and reducing risks.12 13 It is possible that a dedicated law for quantum technology will be enacted in the future, but for now, it is necessary to consider the applicability of existing laws for each use case. Specifically, we will review (1) how national security-related laws relate to export control and development support for quantum equipment and technology, and (2) how cybersecurity legislation will handle the impact of quantum technology on existing cryptography. Furthermore, (3) when providing and using quantum services, new issues will arise that need to be considered, such as contractual allocation of responsibility and exemptions, and quality assurance. We will provide an overview of the legal framework regarding these issues.
The United States and China are investing heavily in quantum technology on a national scale, as it is directly linked to national security in terms of invalidating existing encryption technology and making communications difficult to intercept. In the United States, the National Quantum Initiative Act was enacted in 2018 with the aim of maintaining and strengthening both economic competitiveness and national security. A quantum R&D system was established through collaboration between universities, companies, and research institutes and large-scale budget investment. Japan does not have a law specifically related to quantum, but the advanced quantum field may be subject to existing security-related laws (Foreign Exchange and Foreign Trade Act, Economic Security Promotion Act, and Important Economic Security Information Protection and Utilization Act). We will consider how research and development of quantum computing and quantum sensors can be regulated and supported from a security perspective within the framework of these existing laws.
The Foreign Exchange and Foreign Trade Act is a law that controls the overseas provision of goods and technology and investment from abroad from the perspective of national security. Specifically, it stipulates 1) export restrictions (to prevent overseas outflow), 2) restrictions on service transactions (including the provision of intangible technology), and 3) restrictions on inward direct investment (prior notification for investment and acquisition by foreign capital).
Quantum technology is one of the areas in which there is concern about the risk of goods and technology being leaked overseas. For this reason, a revision to the Cabinet Order and Ministerial Ordinance in September 2024 will make quantum computers subject to export controls, and permission will be required for exports to all regions.14 Furthermore, the amendments coming into force on May 28, 2025 will similarly add key technologies and materials essential to practical-scale quantum computers as targets for regulation.15 16 In addition, the transfer of technology regarding quantum computers and related items that are subject to export controls is also subject to regulations.17
| Regulated (as of the end of May 2025) | Official Location |
| Quantum computing | All regions |
| Quantum computer-related items: Cryogenic refrigerators Cryogenic amplifiers Cryogenic wafer probers Isotope separation Silicon/germanium substrates and raw materials |
All regions |
Given that export and technology transfer restrictions under the Foreign Exchange and Foreign Trade Act are currently expanding, quantum-related companies will need to establish a system that allows them to constantly check whether their products and technologies are subject to restrictions.
The Economic Security Promotion Act (“Act on Promoting Security through Integrated Economic Measures”) enacted in 2022 aims to support the technology and materials of domestic companies and research institutions and strengthen national security from an economic perspective. The specific mechanism is based on the following four pillars. These measures18hope to reduce risks through public support and information sharing.
In the third pillar- advanced technology support, “quantum information science” has been designated as a specific important technology.19 Research and development will be promoted and utilized through the provision of financial support, the establishment of a council to provide support through public-private partnerships, and the outsourcing of research and study work.
In addition, the fourth pillar, the patent non-disclosure system, allows for measures such as withholding the disclosure of inventions that pose security risks and prohibiting foreign applications. At the time of writing this article (end of May 2025), quantum computers and quantum cryptography communication have not been designated as “specific technology fields” that are subject to this system. However, given the intent of the law, the assumption can be made that they may be designated in the future, so it is a system that developers should be aware of.
On May 16, 2025, the Act on Protection and Utilization of Important Economic and Security Information came into force. Previously, the Act on the Protection of Specially Designated Secrets was a security clearance system for defense, diplomacy, terrorism, and espionage-related information.20, but this Act aims to expand into economic security, establishing a system for protecting and utilizing information related to important economic infrastructure.
The Act first defines the systems for providing critical infrastructure and the supply chains of important materials as “critical economic infrastructure” (Article 2, Paragraph 3). It then defines four types of information as “critical economic infrastructure protection information,” including measures to protect the critical economic infrastructure, and information on the vulnerabilities of the critical economic infrastructure and innovative technologies related to security (Article 2, Paragraph 4). Furthermore, among the information that falls under the category of critical economic infrastructure protection information, there is a mechanism by which the government may designate information that is not publicly known and meets the requirement of confidentiality as “important economic security information” (Article 3, Paragraph 1).
The purpose of this law is to both “protect” and “utilize” designated important economic and security information. Specifically, to properly handle economic information held by the government that is important for national security, the law stipulates the requirements for businesses that are permitted to provide information designated as important economic and security information, as well as the methods of evaluating the suitability of individuals who handle the information. Note that the designation is strictly limited to government-held information, and technical information independently developed by private companies is not unilaterally designated and its handling is not restricted.
As mentioned in (i), the Act on the Protection and Utilization of Important Economic and Security Information covers four types of information related to the protection of important economic bases (critical infrastructure and supply chains of important materials). Specifically, it includes information directly related to national security, such as measures, plans, and research to protect infrastructure from external threats, infrastructure vulnerabilities, and innovative technologies. The infrastructure and materials covered are to be determined by reference to those stipulated in the Economic Security Promotion Act and the “Action Plan for Cybersecurity of Critical Infrastructure.”21This includes infrastructure such as electricity, gas, water, communications, transportation, logistics, finance, chemicals, and medicine, as well as important supplies such as semiconductors and advanced electronic components.
Quantum technology, such as quantum computers that pose a risk of breaking existing encryption, and quantum cryptography communication that increases security, is highly likely to fall under the category of information relating to the protection of critical economic infrastructure mentioned above, and it is quite possible that it will be designated as important economic and security information in the future. However, to repeat what was stated in (i), only government-held information can actually be designated as important economic and security information, and technologies developed in-house by private companies are not unilaterally designated as such.
In addition to national security, quantum technology is also an issue in Japanese law in relation to cybersecurity. As mentioned in II 3., the development of quantum computers poses the risk that conventional encryption technologies may be decrypted.
In Japan, the Basic Act on Cybersecurity imposes the responsibility to ensure security on the state and businesses, and the Personal Information Protection Act requires the appropriate management of personal data. At the time of writing this article (end of May 2025), these laws do not specifically mention quantum technology or Post-Quantum Cryptography (PQC). However, if the spread of quantum computers compromises existing cryptography and increases security risks, it is possible that necessary measures will be required to be taken based on these laws even if they are not explicitly stated in the articles.
In response to this, quantum technology has already been mentioned at the guideline level. The Financial Services Agency has published the “Guidelines on Cybersecurity in the Financial Sector” for financial institutions.22” (published on October 4, 2024). It clearly states that when collecting and analyzing threat and vulnerability information, “collect information while paying attention to the circumstances surrounding the organization, such as new technologies (AI, quantum computers , etc.), geopolitical trends, disinformation, and industry trends” as “matters that it is desirable to address.”
Furthermore, according to the Nihon Keizai Shimbun (dated May 14, 2025)23, the Financial Services Agency is calling on major and regional banks to immediately begin preparations to transition to PQC. It appears that the agency is calling for an immediate response, as PQC compliance will require years of system modifications and other costs.
When users use quantum computers, the question of how to deal with possible errors and fluctuations in the quantum computing results in a contract may arise. Such questions may arise due to the challenges and characteristics unique to quantum computing.
As mentioned above, errors that occur during calculations are a major issue with Gate-Based Quantum Computers. In addition, some quantum algorithms are run repeatedly to extract the statistically best solution, meaning that the same input does not always produce the same output. The Quantum Annealers may also produce different solutions each time it is executed due to the nature of its principle (probabilistically searching for solutions with low energy), hardware noise, thermal noise, etc. In addition, large-scale calculations that involve quantum supremacy are difficult to reproduce and verify on classical computers.24, meaning one cannot fully guarantee the correctness of the output.
For these reasons, there is a risk that the results of quantum computing will contain errors and fluctuations, which will affect subsequent predictions and simulations. As the number of services using quantum computers increases, it may become necessary to clarify the scope of responsibility for hardware (quantum processors), software (algorithms), user circuits and data, and to introduce clauses that differ from traditional IT contracts, such as disclaimer clauses that assume that results are probabilistic and that there are potential errors.
Because the actual equipment for both the Gate-Based Quantum Computers and the Quantum Annealers are large-scale and expensive, cloud-based quantum computing, in which equipment provided by hardware vendors is used via the cloud, is expected to become the standard method of use for the time being.
In conventional cloud computing, a certain level of uptime is guaranteed under a service level agreement (SLA), but in the case of cloud-based quantum computing, the question of what kind of quality guarantees (error rate, uptime, etc.) should be made can become an issue. For example, IBM Quantum Platform (Gate-Based Quantum Computer), D-Wave Leap (Quantum Annealer), and Amazon Braket (which handles multiple external Gate-Based Quantum Computers and Quantum Annealers via API) each publish various indicators (gate error rate, coherence time, time required to process a job, etc.), but it seems that a standard approach has not yet been established.
Disclaimer
The contents of this document have not been verified by the relevant authorities and are merely a description of arguments that are reasonably considered in accordance with the law. In addition, they represent only our current views and may be subject to change.
This is just a summary for the blog. If you need legal advice for a specific case, please consult a lawyer.
This article describes the structure of and applicable Japanese law to liquid staking, which has been expanding rapidly in recent years, and its most significant protocol, LIDO.
| (1) To analyze liquid staking, it is generally necessary to consider (1) the sales, purchase, and exchange regulations of the Payment Services Act (We call crypto regulation in the Payment Services Act the “Crypto Assets Act” after this), (2) the custody regulations of the Crypto Assets Act, and (3) the fund regulations of the Financial Instruments and Exchange Act, which is a kind of Japanese Security Act (the “FIEA”). (2) For staking, LIDO accepts staking of ETH and issues stETH in exchange for staked ETH. We believe that this conduct is not considered as “sales, purchase, or exchange of crypto asset” in the terms of the Crypto Assets Act. We believe stETH is just issued as proof of staking and not “exchange” under the Japanese Civil Code. (3) If the staking of ETH is considered a custody of crypto assets, the custody regulation of the Crypto Assets Act may apply. However, if the deposit is made against a smart contract and the protocol or node operator is technically incapable of transferring the ETH, etc., the custody regulation does not apply. (4) The most controversial question should be whether the fund regulations of the FIEA would apply to liquid staking. LIDO’s mechanism might be considered as a fund because (i) ETH, etc., is contributed to the protocol by a user of LIDO, (ii) the node operator manages it, (iii) a portion of the staking fee is distributed to the user, (iv) the user seems to bear the penalty risk and thrashing risk of the staking, and (v) this mechanism seems to like a fund. However, we believe that we can argue that the fund regulation will not apply to LIDO because (i) staked ETH itself is not converted to anything, (ii) it is used for just a kind of collateral to compensation to penalty/slashing, and (iii)we can argue this mechanism is entirely different from usual funds. (5) In addition to the above, we can argue that the Japanese financial regulation might not apply to DeFi if there is no “operator” because Japanese law just regulates persons and legal persons. However, this argument needs an actual fact analysis of the relevant liquid staking. Further, this argument cannot apply to a person or legal entity, if any, who intermediate Japanese residents to DeFi. Thus, the arguments from (1) to (4) above are important. |
Liquid staking is a DeFi (decentralized finance) mechanism whereby a person receives a staking fee for a crypto asset while receiving an additional alternative asset (a staking-proof token) and can invest said alternative asset in another DeFi.
Proof of Stake (POS) is the authentication mechanism of the blockchain by a person who has a certain level of involvement (stake) in the crypto asset.
Unlike the Proof of Work (POW) mechanism used in Bitcoin and other cryptocurrencies, authentication can be performed without requiring a large amount of calculations, thus reducing electricity consumption and making it more environmentally friendly.
Ethereum has been structured using POS instead of POW from ETH 2.0. In Ethereum staking, (1) you can become a validator by depositing 32 ETH, (2) the validator authenticates each transaction on Ethereum and thereby receives a certain amount of ETH as a reward, and (3) if the validator intentionally provides false information, he/she will be penalized by forfeiting a part of the deposited ETH (thrashing), (4) a validator is always required to be online, and if they are down, they will also be penalized to a certain extent.
LIDO is the world’s largest protocol for Liquid Staking. At present, it is estimated that more than 30% of the staking volume of Ethereum is done via LIDO. LIDO is supposed to work as follows:25
Prepared by So&Sato Law Offices from published materials
①LIDO allows users to stake ETH without maintaining their staking infrastructure and without economically locking up their assets.
②When a user wants to stake ETH to LIDO, the user should send ETH to LIDO’s smart contract. In response, the user receives a 1:1 token called stETH.
③stETH is a token that represents the deposit of ETH to LIDO for staking, and when a user sends stETH to LIDO to burn stETH, the user will receive ETH. stETH can be freely bought and sold, and if there is another DeFi that accepts stETH, the user can earn double rewards by using stETH on another DeFi (however, DeFi protocols that accept stETH still seem to be limited).
④LIDO will use ETH received through the smart contract to perform staking. LIDO will receive 10% of the reward obtained from staking, which will be distributed to the person in charge of the staking (node operator) and the LIDO DAO. The remaining 90% will be distributed to the users. The distribution to the users is made by adding the number of stETH in the address of stETH, and the number of ETH managed by LIDO is always the same as the number of stETH.
⑤LIDO uses multiple node operators. Node operator candidates apply to LIDO, stating that they wish to become node operators, their experience and technical capabilities, etc., and are then voted on by the DAO, which is composed of LIDO token holders, the LIDO’s governance tokens, to determine whether they are eligible to become node operators.
⑥Note that ETH has thrashing risks and penalties. LIDO hedges against such risks by using a large number of node operators. LIDO also manages some ETH separately and uses it as insurance against thrashing risk.
⑦LIDO is an open-source, peer-to-peer protocol and is not operated by a single operator, etc., as the LIDO DAO makes the decision on its operation.
When offering liquid staking like LIDO, it is necessary to consider whether the trading and custody regulations of the Crypto Assets Act apply and whether the fund regulations of the FIEA apply.
When a user contributes ETH to LIDO, the user will receive stETH, and conversely, when a user sends stETH to LIDO, the user will receive ETH.
The question arises as to whether this action constitutes an exchange of ETH for stETH. If it is considered an exchange of crypto assets, the regulations of the crypto asset exchange services might apply.
StETH, however, is issued to prove the deposit of ETH, and we believe the issuance of such stETH does not constitute a sale or exchange under civil law and thus does not constitute an exchange of crypto assets (and vice versa).
The contribution of ETH to LIDO might be considered a deposit of crypto assets to LIDO and raises the issue of whether the custody regulations of the Crypto Assets Act apply to LIDO.
However, it appears that the contribution to LIDO is a contribution to a smart contract, and LIDO cannot use said ETH except for staking (i.e., it does not control the private key) due to the structure of the smart contract.
Under the Japanese custody regulations, “If a business operator does not possess any of the private keys necessary to transfer the crypto assets of a user, the business operator is not considered to be in a position to proactively transfer the crypto assets of the user. In such case, the business operator is basically not considered to fall under the category of “managing crypto assets for others” as defined in Article 2.7.4 of the Payment Services Act. (Result of Public Comment No. 9 on the Draft Cabinet Order and Cabinet Office Ordinance Concerning Amendment to the Payment Services Act, etc. of 2019). If the smart contracts can technically prevent the free transfer of ETH by people related to LIDO, we believe LIDO is not considered to be subject to the custody regulations under the Crypto Assets Act.
The question arises whether LIDO or liquid staking is considered a fund (collective investment scheme), given the mechanism of receiving ETH contributions, the node operator managing it, distributing a portion of staking fees to users, and users bearing the risk of thrashing and other penalty risks.
The definition of a fund under Japanese law is generally as follows (Article 2, Paragraph 2, Items 5 and 6 of the FIEA). If a fund investor’s right is tokenized, the tokens are considered electronically recorded transferable rights (Article 2, Paragraph 3, Pillar 1 of the same law).
If the issuer itself is offering or private offering the tokens, registration as a Type 2 Financial Instruments Business is required (Article 2, Paragraph 8, Item 7, (g), Article 28, Paragraph 2, Item 1, and Article 29 of the same law, Article 1-9-2, Item 2 of the Order for Enforcement of the FIEA), and if the third party is offering or private offering the tokens, registration as a Type 1 Financial Instruments Business is required (Article 28, Paragraph 1, Item 1 and Article 29 of the FIEA).
| Definition of the Funds under Japanese law (A) (i) partnership contracts, (ii) silent partnership agreements, (iii) limited partnership agreements for investment, (iv) limited liability partnership agreements, (v) membership rights in incorporated associations, and (vi) other rights (excluding those under foreign laws and regulations). (B) The Investor(s) receives the right to receive dividends of income or distribution of properties that arise from a business conducted by using money (including crypto assets) invested or contributed by the investor(s). (C) None of the following (a) the case where all of the investors are involved in the business subject to the investment (in the way specified by a Cabinet Order) (b) the case where the investor(s) shall not receive dividends or principal redemption more than their investment Funds under Foreign Law (D) Rights under foreign laws that are similar to the above rights. |
The concept of “other rights” in (A) above is very broad, and it is said that (i) through (v) are merely an enumeration of examples, regardless of the legal form. It can be argued that tokens issued in fully decentralized finance are not “rights” because they are not considered “rights” in the usual legal interpretation, but there is currently a prevailing view that some rights are recognized for Bitcoin, etc.26, and in relation to this article, we assume that some kind of right is recognized even for smart contracts.
Nor does it fall under any of the exceptions in (C) above.
The main issue is the interpretation of (B) above, which states “dividends of income or distribution of properties that arise from a business conducted by using money” and “invested or contributed.” If we simply take the point that ETH is sent to the smart contract, it is used in the business of the POS, and the award from staking ETH is distributed to users, it would seem to satisfy both the “dividends of income or distribution of properties that arise from a business conducted by using money,” and “invested or contributed” requirement.
However, liquid staking is very different from ordinary funds in the following respects, and, arguably, liquid staking is not a fund to which the FIEA applies.
(1)In the case of a regular fund, the money and other assets contributed are fully owned by the fund operator, and the fund operator can technically use them in various ways, although they are contractually bound. In the case of liquid staking, the ETH contribution is made to the smart contract, and LIDO or node operators are not free to use it; ownership (ownership-like rights) over ETH is always considered to be held by the user,
(2)In the case of a regular fund, the money received is used to purchase shares, fund a business, etc., and changes from money to shares, etc. In LIDO staking, the ETH sent to the smart contract is not specifically changed into anything else but is maintained as it is.
(3)The only reason ETH is locked is to ensure that there is no thrashing in the event of fraudulent reporting in the validation process or penalties if a node goes offline.
(4)Based on (1) through (3) above, if we compare the legal nature of staking to a traditional economic act, it can be thought that the user is merely locking ETH into a smart contract as a kind of collateral to secure default liability and is merely receiving compensation for providing third party collateral. The provision of such collateral and the receipt of compensation do not satisfy the requirements of “dividends of income or distribution of properties that arise from a business conducted by using money” and “invested or contributed,” as referred to in the fund.
In the case of DeFi, it could be argued that the operator does not exist in the first place and is not subject to regulation. Japanese law is a legal system that regulates persons and legal entities, such as operators. A completely decentralized financing scheme would not be subject to regulation. However, we need to carefully consider whether there really is no operator for DeFi. In general, DeFi aims for the operator to be non-existent, but even so, it is unclear whether many DeFi are truly completely operatorless.
Further, if the scheme is subject to financial regulations under the law, assuming there is an operator, the intermediary for the scheme could be subject to regulations even if there is no operator for DeFi itself. It would prevent, for example, an unlicensed Japanese company from sending customers to the DeFi.
Therefore, when examining the legal issues of DeFi, it is necessary to consider two issues: (i) if there is an operator, whether it is subject to legal regulation, and (ii) whether an operator exists.
However, it is unclear from the published documents whether the LIDO DAO is truly decentralized, so this article mainly discusses (i) above.
Disclaimer
The content of this article has not been confirmed by the relevant authorities or organizations mentioned in the article but merely reflects a reasonable interpretation of their statements. The interpretation of the laws and regulations reflects our current understanding and may, therefore, change in the future. This article does not recommend the investment in LIDO or liquid staking. This article provides merely a summary for discussion purposes. If you need legal advice on a specific topic, please feel free to contact us.
Recently, Web3 companies often ask us whether they can issue and sell tokens linked to ownership or value of real world assets (“RWA tokens”) in Japan. The types of linked real assets include artwork, real estate, whiskey, vintage cars, government bonds, securities, gold, etc.
Applicable Japanese regulations to RWA tokens vary depending on the types of tokenized assets and the scheme. We will provide an overview of the applicable regulations to RWA tokens and then substantive legal issues of RWA tokens.
Japanese law differentiates crypto assets, which are regulated, and NFTs, which are not regulated, and most RWA tokens are structured as NFTs.
If RWA tokens fall under the category of crypto assets, selling and purchasing the tokens as a business requires a crypto asset exchange license. For example, Zipang Coins, which are RWA tokens representing gold and issued by a Japanese major trading company group, are structured as crypto assets, and only licensed exchanges can sell them as a business.
On the other hand, most RWA tokens are structured as NFTs. From the legal viewpoint, the difference between crypto assets and NFTs is whether they can be used as a payment method. FSA has submitted a guideline and answers to public comments and stated that if tokens satisfy the following requirements, they are not crypto assets and are not regulated under the Payment Service Act.
| Required Factors to be considered as not regulated Crypto Asset but non-regulated NFTs (i) the use as a means of payment to unspecified persons is prohibited, and (ii-a) the number of issued tokens is less than 1 million, or (ii-b) the transaction price is more than JPY 1,000. |
If RWA tokens are considered securities, to sell and purchase the tokens as a business requires a financial instruments business operator license. If the token holder has the right to receive a dividend or more than 100% principal redemption, they are generally considered securities. The definition of the collective investment scheme (fund) in Japan is as follows. As the definition covers “all rights” that can receive a dividend or more than 100% principal redemption, you should carefully analyze whether the tokens are considered securities when its structure includes a profit distribution element.
| Definition of the Funds under Japanese law (A) (i) partnership contracts, (ii) silent partnership agreements, (iii) limited partnership agreements for investment, (iv) limited liability partnership agreements, (v) membership rights in incorporated associations, and (vi) other rights (excluding those under foreign laws and regulations). (B) The Investor(s) receives the right to receive dividends of income or distribution of properties that arise from a business conducted by using money (including crypto assets) invested or contributed by the investor(s). (C) None of the following (a) the case where all of the investors are involved in the business subject to the investment (in the way specified by a Cabinet Order) (b) the case where the investor(s) shall not receive dividends or principal redemption more than their investment (D) Funds under Foreign Law (rights under foreign laws that are similar to the above rights) |
Another regulation that is related to RWA tokens is the Goods Deposit Transaction regulation. In Japan, there have been some controversial transactions in which (i) a merchant sells some goods to buyers, (ii) the merchant accepts deposits of the sold goods from the buyers for more than 3 months, and (iii) the merchant promises to pay some fee such as a rental fee to the buyers or promises to buy-back the sold products more than the sales price. These kinds of transactions were often used as financial investments without regulation. The Goods Deposit Transaction regulation now regulates these kinds of transactions. The regulation requires an explanation to buyers if the transaction involves the above (ii) and (iii) elements and requires approval from the government if the transaction involves the above (i), (ii), and (iii) elements. Please note that there has been no case the approval was obtained yet, and, thus, no one knows the difficulty of obtaining the approval.
We are often asked the way to give economic benefit to RWA token holders. Simply giving the economic in principle causes the issues of both or either of fund regulations and goods deposit transaction regulation and makes token issuance not feasible.
There are RWA tokens that give a right to acquire products or use products such as hotel rooms, etc. Issuance of tokens linked to the right to acquire or use real assets is, in principle, subject to prepaid payment instrument regulation under the Payment Services Act. Some RWA tokens give those rights to holders and are subject to the regulation. For example, Not A Hotel NFT, which gives a holder to stay in a luxury residence, is subject to the regulation.
There are two types of prepaid payment instruments. The first type is the private-type prepaid payment instrument, which can be used only against the issuer or its closely related persons. The issuer of the private prepaid instrument shall file a notification to the Finance Bureau and deposit half amount of the unused amount, except for the case when the issuer only issues instruments that have less than 6 months’ expiration date or the unused balance at a certain reference date is 10 million yen or less.
The second type is the third-party type prepaid payment instrument, which can be used against other than the issuer or its closely related persons. The issuer of the third-party type prepaid payment instruments shall register with the Finance Bureau, except for the case when the issuer only issues instruments that have less than 6 months’ expiration date.
A business that sells, purchases, or exchanges once-used goods such as used cars, used bags, used jewelry, and published artwork is, in principle, subject to the secondhand goods business regulation. A person who conducts the secondhand goods sales and purchase business shall file a notification to the police agency and shall conduct KYC of its customers. It is conceivable, however, that this regulation would not apply to the division and sale of the right of secondhand goods, and thus RWA tokens, which related to the divided right of real goods, are exempted from the regulation.
In addition to the above, sales, etc., of assets might require consideration of asset-specific regulations. For example, to sell alcohol needs an alcohol sale license, and the seller of RWA tokens UniCask, which relates to a barrel of whiskey, takes the alcohol sale license.
Compared to a simple sale of real world assets, RWA tokens require more careful consideration of what rights will be transferred and how to perfect the transfer. Holding RWA tokens does not necessarily mean having ownership of real assets, and transferring RWA tokens does not necessarily mean automatically transferring the ownership of the real assets.
For example, when you transfer real estate, you need to file a real estate transfer registration, and without it, you cannot insist that you are the owner of the real estate to third parties, and just transferring tokens on a blockchain may not suffice this requirement. To transfer tangible property in Japan might be possible just by transferring tokens, but careful consideration is necessary. The law regarding the transfer and perfection of real assets may vary in different jurisdictions, and generally, the laws in the country where the real asset is located apply.
Disclaimer
The content of this article has not been confirmed by the relevant authorities or organizations mentioned in the article but merely reflects a reasonable interpretation of their statements. The interpretation of the laws and regulations reflects our current understanding and may, therefore, change in the future. This article does not recommend investment in RWA tokens. This article provides merely a summary for discussion purposes. If you need legal advice on a specific topic, please feel free to contact us.