Identity verification in Japan
Japan runs one of the most prescriptive identity-verification regimes in Asia, anchored in the Act on Prevention of Transfer of Criminal Proceeds (犯罪収益移転防止法, "APTCP" or han-shu-hou) and supervised by the Financial Services Agency (FSA) with JAFIC — housed inside the National Police Agency — acting as the Financial Intelligence Unit. The 2018 enforcement-ordinance amendment to Article 6 created Jap
Documents supported
(Government IDs from 220+ countries)
Average verification time
Countries covered
(Government-issued IDs validated)
Market overview
Japan is the world's fourth-largest economy and one of the most mature financial-services markets, with roughly 125 million residents, deep retail banking penetration, and near-universal smartphone use. Despite that maturity, digital identity infrastructure lagged for years: the My Number (マイナンバー) individual-number system only launched in 2016, and the physical My Number Card with its JPKI (Japanese Public Key Infrastructure) electronic-certificate chip took until the mid-2020s to reach majority household penetration. That gap meant Japanese institutions relied heavily on paper-based, in-branch onboarding or on a hybrid "mail a postcard to the address on your ID" verification well into the 2010s. The turning point was the November 30, 2018 amendment to the APTCP Enforcement Ordinance, whic
Supported documents
Didit templates cover national IDs, passports, residence permits and regional documents — plus 14,000+ documents globally for cross-border flows.
Regulators
AML supervisor
Digital Agency (formerly Cabinet Secretariat)
regulated
IC chip reading + facial matching rolling out from mid-January 2026. JPKI authentication.
Municipal offices
restricted
Resident registry network
restricted
National Tax Agency
restricted
Business registry
open
Government & regulated databases
Compliance framework
AML framework
Supervised by JAFIC/Act on Prevention of Transfer of Criminal Proceeds
The Japanese KYC/AML stack is a layered system of primary laws, FSA sector rules, and JAFIC-led intelligence obligations.
Data protection
Supervised by National DPA
The Act on the Protection of Personal Information (APPI) treats ID-document images, biometric templates, and verification logs as personal information (and, where the biometric is used for identification, as personal identification code, a sub-category with stricter handling). Key obligations:
Penalties for non-compliance
- Ongoing FSA administrative actions — the FSA issues multiple public business-improvement orders per year against banks, crypto exchanges, and funds-transfer providers for AML failings; recent action has focused on transaction monitoring, sanctions-screening gaps, and deepfake-related onboarding fr
Use cases
Neobanks, EMIs, payment institutions, lenders, brokerages.
For banks, funds-transfer providers, securities firms, insurers, and consumer lenders, APTCP Article 4 plus the FSA AML/CFT Guidelines set the baseline:
Exchanges, custodians, wallets, on/off-ramps.
Crypto-asset exchange service providers were brought under the PSA in 2017 and have been under APTCP since 2018. The sector is further governed by the Japan Virtual and Crypto Assets Exchange Association (JVCEA, 日本暗号資産取引業協会), a self-regulatory organisation recognised under PSA Article 87. As of 2025
Sports betting, online casinos, age-gated platforms.
Online casinos are illegal in Japan. The Criminal Code (Chapter 23, Articles 185–187) criminalises gambling generally; accessing offshore online casinos from within Japan is prosecutable and has resulted in individual convictions. A new bill strengthening the prohibition and banning online-casino ad
Gig platforms, delivery, creator economy, e-commerce.
Consumer marketplaces fall primarily under the Specified Commercial Transactions Act (特定商取引法) rather than the APTCP, unless they handle funds-transfer or credit extension (in which case PSA plus APTCP apply). The Act requires operator disclosure, seller identity verification for distance selling, an
Biometric liveness
The FSA guidance and APTCP Article 6(1)(1)(ホ) require the selfie component of document-plus-selfie eKYC to be captured through the operator's own application (not submitted as an emailed file), with a randomised challenge (random-number overlay or similar) and liveness signals to defeat photo/video replay. Japanese regulators have not formally adopted ISO/IEC 30107-3 PAD as a statutory standard, but the leading Japanese providers (LIQUID, TRUSTDOCK, Polarify/Daon) advertise PAD Level 2 or equiva
CERTIFICATIONS
Our platform meets the highest international standards for information security, data privacy, and biometric accuracy.
Full EU data protection compliance
Information security management
PAD (liveness + face match)
TRUSTED WORLDWIDE
Join thousands of companies that trust Didit for their verification needs
Didit’s NFC + active biometrics technology blocks the most advanced fraud scenarios, offering a level of security equivalent to or superior to in-person verification.
Spanish Financial Sandbox
CNMV, SEPBLAC & Spanish Treasury — Conclusions Report
Didit is an exceptionally valuable partner, delivering a stable and highly adaptable solution”.
Vuk Adžić
Head of the E-Business Department at Crnogorski Telekom
Didit offered us a robust technology with a simple implementation and adaptability to different markets”.
Fernando Pinto
CEO & CoFounder at TucanPay
Thanks to Didit we have been able to reduce manual processes and improve data extraction accuracy”.
Diana Garcia
Trust & Safety Executive at Shiply
Didit’s integration slashed verification times and costs, freeing resources for other projects”.
Guillem Medina
COO at GBTC Finance
Didit removed KYC costs, enabling faster scaling with high verification standards and less fraud.”
Paul Martin
VP Marketing & Growth at Bondex
Didit’s secure, user-friendly verification boosts customer trust and optimizes our process.”
Cristofer Montenegro
Executive assistant to the CEO at Adelantos
Didit ensures a precise, secure digital onboarding without slowing negotiations or client time.”
Ernesto Betancourth
Gerente de riesgos at CrediDemo
FAQ
Yes. Japan permits remote KYC onboarding under its national AML framework, including document verification, biometric liveness and video identification where required by regulation.
Didit verifies all major national IDs, passports and residence permits issued in Japan, plus 14,000+ document types globally for cross-border flows.
Didit charges $0.30 per verification with 500 free checks per month. No contracts, no minimums. Competitors typically charge $1.00–$2.50+ per verification.
Yes. Didit screens against 1,000+ global watchlists including PEP databases, sanctions lists (EU, UN, OFAC, OFSI), and adverse media — covering all AML obligations in Japan.
Most regulated sectors in Japan require or strongly recommend biometric liveness detection for remote onboarding. Didit provides ISO 30107-3 PAD Level 2 certified liveness.
Yes. Didit supports document verification, liveness, AML screening and ongoing monitoring aligned with Japan’s crypto regulatory framework, including EU Travel Rule compliance where applicable.
Yes. Didit provides document-based age verification and identity confirmation suitable for Japan’s iGaming regulatory requirements.
500 free verifications per month. No contracts, no minimums. $0.30 per verification after the free tier.
