Japan’s Mobile Software Competition Act (MSCA) entered into force on December 18, 2025. The Act requires Apple and Google, as operators of smartphone platforms and ecosystems, to open their systems with the goal of fostering competition. While far from perfect or ideal, we can already see that Japan’s more pragmatic approach to preserving key guardrails in its approach to its Mobile Software Competition Act (MSCA) is far superior to Europe’s failed Digital Markets Act approach.
When NASA has a catastrophic mission failure, they often explain that they learn so much more from a rocket’s failure than its success – in fact an order of magnitude more. Launch failures demonstrate catastrophic structural weaknesses in a design, illuminate process flaws, and can tell leaders exactly what not to do. When launching new digital regulations, policymakers can similarly learn from past design failure and catastrophic structural weaknesses especially when it comes to Europe’s digital market regulation. In this case, before even getting to the launchpad, Japan’s MSCA regulators made a clear decision not to replicate core weaknesses inherent in the DMA’s design or repeat key structural mistakes. Their improvement in design reflects a smarter and more effective approach that will help them avoid some of the most significant harm that is so broadly evident in Europe.
While Japan’s MSCA will still lead to an increase in privacy, safety and security risks, its regulators have nonetheless done a better job of acknowledging and addressing some of the most significant privacy, security and child safety weaknesses inherent in Europe’s approach.
For example, Japan has more explicitly written in a set of more appropriate guardrails which will lead to better solutions for protecting Japan’s consumers and businesses. Japan’s approach helps better protect children and empower parents by ensuring consistent age ratings and protections for children. They’ve helped close an app governance gap by requiring alternative marketplaces to implement guardrails themselves and limited direct app downloads from untrusted websites. They’ve enabled payment choices that put trusted choices side by side with other alternatives. And they’ve enabled interoperability in a much more informed, effective way than Europe’s approach so that Japan’s privacy and security can be more effectively protected.
Nonetheless, there are inherent challenges and problems with the basic approach to opening up the pre-existing app store governance systems that have been designed to protect privacy, safety and security. As Shinji Nakao, an IT Journalist and Writer for Toyo Keizai recently explained about the MSCA’s impact:
“Previously, iPhones and Android devices could only install apps from official app stores, which prevented distribution of illegal, malicious, or fraudulent apps through Apple’s or Google’s vetting processes. But while those closed ecosystems limited competition, they also served a vital protective function.
Risks of Third-Party App Stores. So far, third-party app stores have not proliferated, and most users still download apps from official sources. Building such stores requires secure payment systems and robust infrastructure, which isn’t trivial. For many developers, visibility and trust in official stores remain more practical than running independent distribution platforms.
However, users need to recognize new risks. For instance, phishing or fraud schemes may use fake app stores resembling the official ones to trick people into installing malware. Attackers might pose as legitimate updates or support sites to deliver malicious apps.”
These are very real concerns that will have detrimental effects for consumers, businesses and developers.
We wanted to run through some of the most significant differences between Europe and Japan’s approach – in part because it underscores how far off base Europe has been in its implementation.
Some Key Guardrails Preserved
Child Safety. Japan’s approach helps better protect children and empower parents by ensuring consistent age ratings and protections for children. In Europe, because the DMA treats children as subject to the same rules as adults, this has meant that children now have access to adult, illicit and harmful apps that they didn’t previously. Unlike Europe, Japanese regulators have enabled key guardrails to better protect its kids. For example, Japan explicitly allows companies to take steps “safeguarding youth who use smartphones” — including “measures to establish parental functions in the basic operation software.” This enables Japanese users to take advantage of age ratings even when the app is distributed outside of official app stores, which Europe does not. It also means apps in the app store’s children’s category for users under 13, can’t include transaction links. This protection, not allowed in Europe, means that Japanese children are more protected from scams, and parents have better controls and more information for apps distributed through alternative app marketplaces as compared to Europe. But not all is great when it comes to children’s safety in Japan. Changes made because of the MSCA may still expose children to new risks and harm. For example, apps made available through alternative app marketplaces are no longer reviewed for content like illicit and objectionable content – like pornography. And one of the first alternative app marketplaces now available in Japan – has the dubious reputation of delivering the first ever pornographic app to the iPhone – which is unlikely to be the success that regulators were looking for.
Alternative App Marketplace Responsibilities. Like Europe, apps can now be distributed through alternative app marketplaces instead of the official app marketplaces, and users can set an alternative app marketplace as their default marketplace. However, Japanese regulators took important steps to avoid the vast “governance gap” created by Europe’s DMA by requiring alternative app marketplaces to have governance policies in place to prevent fraud, enable refunds, and to provide customer support (unlike the governance gap we cited in the DMA.) While apps in third party app stores in Japan are subject to a notarization process that checks the app for basic functionality, and ensures the apps don’t contain malware, the notarization process falls short of the rigorous vetting for apps made available in the official app store. Notably the notarization process doesn’t review apps made available through third party app stores for content issues which can introduce new risks like fraud, and potential exposure of children to illicit and objectionable content. Importantly, unlike Europe, Japan does not require direct web distribution of apps from outside of app stores – also known as direct sideloading. This helps eliminate a key vector for security, privacy and safety risks.
However, so far, the competition that the MSCA was designed to enable isn’t from Japanese competitors, but foreign companies. In Europe’s case, analysis showed that the DMA did not lead to app price cuts for consumers. Instead, developers largely kept commission savings for themselves, and 86% of those commission savings went to developers outside of Europe. As Japan looks to alternative app stores to drive competition, it’s already clear that none of the three new app stores enabled by the MSCA (Altstore, Aptoide, and Onside) are from Japan. One is American, and two are European. It suggests that once again, the savings that proponents of ex-ante rules claim will benefit countries are likely to go to foreign companies and be illusive to Japanese consumers.
Side by Side Payment Options. Unlike Europe, Japan’s MSCA enables developers to offer third-party payment options or link to external sites for purchases but does so in a way that puts trusted choices side by side with other alternatives. This gives consumers the ability to choose the approach that best meets their needs. Likewise, unlike Europe, when users choose an alternative system, they are kept informed when they are not transacting with the phone’s built-in payment system and can be warned that the ability to obtain a refund from the phone’s system is no longer available for outside payments. This is a significant improvement to Europe’s DMA approach that specifically prevented privacy and security safeguards from being implemented as a part of the alternative payment link-outs – and required known security vulnerabilities and privacy weaknesses to be built into alternative payment requirements.
Interoperability done more effectively. Japan has also learned key lessons from Europe’s inherently risky interoperability mandates. Under the DMA, companies have requested access to sensitive personal information that even the mobile device maker doesn’t have access to – like WiFi history, or the full contents of a user’s notifications. Instead, Japan’s interoperability rules allow Apple to refuse requests in situations where privacy and security would be compromised. More specifically, the MSCA allows “protecting information related to smartphone users,” including actions that protect “information stored on the smartphone device or information generated in connection with the use of the smartphone.” This key difference allows the mobile device maker to reject interoperability requests that grant other companies access to sensitive user information. It means that users in Japan won’t have the contents of their notifications or their Wi-Fi history exposed to companies trying to collect and monetize their data. And by ensuring that Interoperability requests are “proportionate to the competition related problems at hand,” the issues we’ve seen in Europe delaying key features like live translation, and iPhone mirroring are able to be addressed – helping ensure Japan’s users don’t miss out on, or get delayed access to breakthrough new technologies being rolled out to users around the rest of the globe.
In summary
Japan has taken a more realistic view of our digital world than Europe. It recognizes that the digital world has bad actors, it better understands the critical role that app stores play in reviewing and protecting users, and it listens to experts and chooses not to replicate the most egregious harm caused by Europe’s failed DMA approach. Japan’s approach will still create new challenges for Japanese consumers and businesses, but in launching this new regulatory framework they have once again underscored that the smart regulatory approach is to reject Europe’s troubled DMA framework.