Get prepared for Japan’s Whistleblower Protection Act: What multinational employers need to know
In June 2025, Japan passed amendments to the Whistleblower Protection Act. The changes expanded who is protected, added criminal penalties for retaliation and gave regulators stronger enforcement tools. If you operate in or with Japan, start preparing now by aligning global reporting frameworks with local rules, updating contracts and training, and proving the effectiveness of your whistleblowing process and platform.
Quick context
Japan enacted Act No. 122, the Whistleblower Protection Act (JWPA), on 18 June 2004 to protect whistleblowers, prohibit disadvantageous treatment and set out the measures enterprises and administrative organs should take when handling disclosures. Updates in 2020 and 2022 required companies above certain thresholds to designate responsible personnel and establish internal reporting systems.
In June 2025, a bill was passed to partially amend the JWPA to strengthen protections and enforcement in line with global trends.
What changed
The amendments expand protection, raise enforcement pressure and heighten employer obligations. Here are the headline changes:
- Criminal penalties for retaliation: Corporate fines up to ¥30 million and up to 6 months in prison and/or fines for individual actors.
- Expanded scope of protection: Coverage extends to freelancers and to workers for up to 12 months after the end of engagement.
- Prohibition on identity-seeking: Attempts to identify whistleblowers without legitimate justification are banned; agreements that restrict reporting are void.
- Enhanced powers of the Consumer Affairs Agency (CAA): Authority to issue orders, conduct on-site inspections and penalise non-cooperation.
Japan’s goal is to move from having a system on paper to ensuring that systems function in practice.
5 reasons this matters for multinational employers
1. Stronger legal and compliance exposure
Criminal penalties for retaliation now apply. Companies face fines up to ¥30 million. Individuals can face imprisonment up to 6 months and/or fines. The CAA can issue binding orders, conduct on-site inspections and sanction entities that fail to designate responsible personnel or cooperate with investigations.
2. Expanded scope of protection
Protection covers freelancers and individuals whose contracts ended within one year. You cannot rely on employee-only systems to limit exposure. Local policies and systems must reflect this broader coverage.
3. Interaction with global reporting frameworks
A single global hotline can create conflict with Japan’s requirements if local expectations on confidentiality or identity protection are not met.
Example: an employee in Japan reports through a centrally operated hotline and local HR pressures global compliance to reveal the reporter’s identity. Under the amendments, identity-seeking without legitimate justification breaches the rules. You may need a locally designated whistleblowing lead, clear notifications to employees and explicit protocols for cross-border handling.
4. Documentation, process and culture
It is not enough to have a channel. You must prove the system works. Inform employees, prevent unjustified attempts to identify reporters and ensure the mechanism functions effectively. Update policies, train local managers, track metrics, align communication and document investigations thoroughly.
5. Operational and contractual impacts
Because freelancers and ex-contractors are protected, review service contracts and supplier terms.
Example: a long-term freelance consultant raises a compliance concern about a local government contract. If their engagement is reduced or terminated shortly after, that may be treated as retaliation under the expanded scope.
Stay compliant, stay confident
The JWPA amendments raise the stakes. Discover how Diligent helps you align global frameworks and avoid costly missteps.
See the solutionHow Japan compares to the recent global regulations
Japan is moving toward the EU Whistleblower Directive-style protection but remains less prescriptive in some areas. Here is a side-by-side view:
| Aspect | EU Whistleblower Directive | Japan JWPA Amendments (2025) |
|---|---|---|
| Protection from retaliation | Emphasises protection from retaliation | Adds criminal penalties and expanded coverage |
| Communication channels | Requires robust systems with confidentiality safeguards | Same expectation: robust systems with confidentiality |
| Coverage and scope | Applies broadly to persons reporting EU law breaches | Extends to employees, freelancers and ex-contractors (within 1 year) |
| Enforcement & regulator tools | Enforcement powers vary by member state | Explicit penalties, one-year presumption of retaliation, stronger CAA powers |
| Organisational obligations | Prescriptive on feedback timelines | Evolving toward EU standards but less prescriptive |
Overall trend: Both reflect global convergence toward stronger whistleblower protection norms.
- Protection from retaliation: Both frameworks emphasise protection, but Japan adds criminal penalties and expanded coverage.
- Communication channels: Both expect robust systems with confidentiality safeguards.
- Coverage and scope: EU applies broadly to persons reporting EU law breaches; Japan extends to employees, freelancers and former contractors within one year.
- Enforcement and regulator tools: Japan adds explicit penalties, a one-year presumption of retaliation and stronger CAA powers.
- Organisational obligations: Japan is evolving toward EU standards but is less prescriptive on feedback timelines.
- Timing and maturity: EU adopted its directive in 2019; Japan’s amendments take effect by end of 2026.
- Overall trend: Both reflect global convergence toward stronger whistleblower protection norms.
What to do now: Your action plan
Start preparations early so you can demonstrate compliance and reduce risk.
Run a Japan-specific gap analysis
Check whether your local entity’s system meets new requirements. Confirm designated local personnel, coverage for freelancers within the one-year window, training, documentation and inspection readiness.
Align global architecture with Japan’s rules
Decide whether Japan uses your global hotline or a local channel. Define how cross-border cases are routed, how confidentiality is maintained and how data protection obligations are met.
Update policies and training
Reflect criminal and regulatory risks, the one-year presumption for adverse actions after a report and the prohibition on identity-seeking or obstructive agreements.
Review contracts and supplier terms
Ensure freelance and contractor protections are explicit. Remove language that could be read as restricting reporting, and guard against retaliation risk post-report.
Strengthen governance and monitoring
Track key metrics, perform internal audits, prepare for potential CAA inspections and document investigations and responses thoroughly.
Ready to act?
The 2025 amendments mark a clear shift in Japan’s corporate compliance landscape. By expanding protections, criminalising retaliation and empowering regulators, Japan is moving from formal compliance to demonstrable compliance. Multinational employers should act now to strengthen systems, harmonise cross-border processes, train personnel and mitigate legal, financial, operational and reputational risk.
Compliance isn’t optional — but complexity doesn’t have to slow you down. See how Diligent makes it simple to meet Japan’s whistleblower obligations and strengthen your global program here.
Strengthening compliance in uncertain times
Download Diligent’s expert guide to strengthen compliance, manage risk and lead confidently through regulatory uncertainty.
6 best practices to enhance your corporate compliance training
Corporate compliance training helps employees understand the laws and regulations that govern their activities and gives them actionable ways to further compliance efforts.
Compliance risks: The board perspective
Kristy Grant-Hart discusses the biggest compliance risks facing businesses today, including modern slavery, due diligence, and AI regulations.
