Splat Labs Enterprise customers in Japan can now store and process all geospatial data entirely within Japan. Every Gaussian Splat, point cloud, 3D model, and associated asset — both at rest and in transit — stays within Japanese borders, hosted on AWS infrastructure in the Tokyo and Osaka regions.
This is not partial localization. It is not metadata-in-the-US-with-files-in-Japan. It is complete, end-to-end data localization: upload, processing, storage, delivery, and encryption — all within Japan. For enterprise customers operating under the APPI, working on government infrastructure projects, or managing sensitive geospatial data in the Japanese market, this eliminates the cross-border transfer question entirely.
Why Japan, Why Now
Japan is building one of the most ambitious national 3D digital infrastructures in the world. The government's Project PLATEAU initiative is creating open-access 3D city models across 250+ cities, with a target of 500+ by 2027. The Ministry of Land, Infrastructure, Transport and Tourism (MLIT) has mandated BIM/CIM for all public works from fiscal year 2023. The construction, real estate, and infrastructure industries are generating massive volumes of point cloud and 3D model data — and the regulatory environment expects that data to be managed responsibly, within Japan's legal framework.
At the same time, Japan's data protection regime is tightening. The APPI imposes strict cross-border transfer restrictions. The upcoming 2027 amendments will introduce heavier financial deterrents and stronger enforcement mechanisms. Companies that proactively localize data in Japan are positioning themselves ahead of the regulatory curve — not scrambling to comply after the fact.
Splat Labs is now the only platform purpose-built for Gaussian Splat and 3D model hosting that offers full data localization in Japan. All data at rest and in transit stays within Japanese borders, hosted on AWS infrastructure that Japan's largest enterprises already trust.
Japan's Data Protection Legal Framework
The APPI — Japan's Comprehensive Data Protection Law
Japan's primary data protection statute is the Act on the Protection of Personal Information (APPI) — Act No. 57 of 2003. It is Japan's comprehensive, omnibus data protection law, comparable in scope to the EU's GDPR. The APPI has been amended multiple times (2015, 2020, 2021), with the most significant recent changes taking effect in April 2022.
The key facts that matter for enterprise customers:
- The APPI applies to any business handling personal information of individuals in Japan, regardless of where the business is physically located. Extraterritorial application is codified in Article 171.
- Enforcement is handled by the Personal Information Protection Commission (PPC), an independent regulatory body with direct regulatory power, established under the 2015 amendments.
- Fines reach up to ¥100 million (~$700,000 USD) for businesses and up to ¥1 million (~$7,000 USD) for individuals. Criminal prosecution is possible in severe cases — including imprisonment up to one year for failure to comply with PPC orders.
- The APPI is reviewed every three years by statutory mandate. The next round of amendments is expected to take effect in 2027, with active discussions on administrative monetary penalties, injunctive relief, and substantially stronger enforcement.
Cross-Border Transfer Rules — Why In-Country Storage Wins
The APPI does not contain a blanket data localization mandate. Japan does not technically require that data be stored domestically. However, the cross-border transfer restrictions under Article 28 are strict enough that in-country storage is the path of least resistance for most organizations.
There are three legal bases for transferring personal information outside Japan:
| Legal Basis | Requirement | Practical Burden |
|---|---|---|
| Consent | Data subject's prior consent, plus disclosure of the destination country, its data protection regime, and the recipient's safeguards (since April 2022 amendments) | High — requires individualized consent and detailed disclosures for every data subject |
| Adequacy | The destination country has been designated by the PPC as having equivalent data protection | Very limited — currently only EEA member countries and the UK have adequacy status |
| Equivalent Safeguards | The foreign recipient has implemented protections equivalent to the APPI (contractual agreements, binding corporate rules, or APEC CBPR certification) | Moderate — requires ongoing documentation and compliance verification |
The practical reality is straightforward. Unless you are transferring data to Europe or the UK, you need either individual consent with full disclosure or a documented equivalency framework. Both create administrative burden, legal risk, and friction in enterprise procurement.
By storing data in AWS Tokyo (ap-northeast-1) or AWS Osaka (ap-northeast-3), Splat Labs Enterprise customers eliminate the cross-border transfer question entirely. No consent forms for overseas transfer. No adequacy assessments. No supplementary safeguards. No Article 28 analysis. The data stays in Japan.
Cloud Computing and the "Entrustment" Nuance
Under the APPI, when a company uses a cloud service provider to store personal data, this can be treated as "entrustment" (委託 / itaku) rather than a "provision to a third party" — provided the cloud provider processes data solely according to the customer's instructions and does not independently use the data.
This distinction matters:
- If the relationship qualifies as entrustment, the customer does not need to obtain individual consent for storing data in the cloud. The third-party provision consent requirement is bypassed.
- However, if data is entrusted to a cloud provider in a foreign country, the cross-border transfer restrictions of Article 28 still apply — even under an entrustment arrangement.
By hosting within Japan, Splat Labs eliminates both friction points. Enterprise customers can store geospatial data in Splat Labs' Japanese infrastructure without triggering either the third-party provision rules or the cross-border transfer restrictions. The entrustment relationship stays entirely domestic.
The Telecommunications Business Act
The Telecommunications Business Act (TBA), administered by the Ministry of Internal Affairs and Communications (MIC), was amended in June 2023 to introduce Japan's first direct regulation of cookies and external data transmission — the "External Data Transmission Rule."
When user information — including device identifiers, session data, or location data — is transmitted to external servers, businesses must either notify users, obtain consent, or provide opt-out mechanisms. If Splat Labs' platform handles any user-identifiable information in connection with services offered in Japan, TBA compliance applies.
Storing and processing all data within Japan simplifies TBA compliance by removing the cross-border dimension of data transmission entirely.
What Is Coming: APPI Amendments (2026–2027)
Japan's regulatory trajectory is toward stricter enforcement, not relaxation. The PPC published an Interim Report in June 2024 and is actively considering several significant expansions:
- Administrative monetary penalties — currently only criminal fines exist. The new system would add heavier financial deterrents modeled closer to the GDPR's administrative fine structure.
- Injunctive relief and damage recovery through qualified consumer organizations.
- Strengthened enforcement mechanisms — current enforcement relies primarily on administrative guidance, with formal orders being extremely rare. The amendments aim to give the PPC more direct enforcement tools.
- Biometric data regulation — biometric data is not currently classified as sensitive personal information under the APPI (unlike under GDPR). This gap is under active review.
- Children's data protections — the APPI currently has no explicit provisions for children's data. The PPC is examining dedicated rules.
- Deregulation for statistical and AI processing — allowing use of personal data (including sensitive data) without consent for statistical processing and AI development, within defined safeguards.
The direction is clear. Companies handling sensitive data in Japan — particularly geospatial data with potential personally identifiable information — should be building compliance infrastructure now, not reacting after the amendments take effect.
Japan's Geospatial Data Framework
Japan does not treat geospatial data casually. The government views it as critical national infrastructure, backed by dedicated legislation, a national spatial data authority, and multi-billion-dollar digital twin initiatives.
The Survey Act and GSI
The Survey Act (測量法 / Sokuryō-hō) is Japan's foundational survey and mapping legislation. The Geospatial Information Authority of Japan (GSI), under MLIT, is the principal government agency responsible for:
- Conducting fundamental geodetic surveys nationwide
- Maintaining the national geodetic control network — GEONET, a network of 1,240+ continuous GPS observation stations at 20km intervals across Japan
- Developing and distributing Fundamental Geospatial Data (FGD)
- Licensing surveyors and assistant surveyors
- Setting technical standards for all government and public surveys
The Survey Act ensures accuracy, avoids duplication, and standardizes methodology across all surveys conducted for public purposes in Japan.
The NSDI Act — National Spatial Data Infrastructure
Japan's Basic Act on the Advancement of Utilizing Geospatial Information (2007) — effectively Japan's National Spatial Data Infrastructure (NSDI) law — establishes the legal framework for developing, distributing, and applying geospatial information. The Act declares that geospatial information is "essential infrastructure for the improvement of the quality of the people's living and the sound development of the national economy."
The NSDI Act mandates:
- Development of Fundamental Geospatial Data including geodetic control points, coastlines, administrative boundaries, road edges, railway centrelines, elevation data, and building outlines
- Free public availability of FGD via the internet
- Quality requirements: positional accuracy of ≤2.5m horizontal and ≤1.0m vertical in urban planning areas, or ≤25m horizontal otherwise
- Establishment of the G-Spatial Information Center for open data distribution
Companies handling high-resolution 3D geospatial data in Japan are operating in a regulated, standards-driven environment with explicit government expectations around data quality, management, and accessibility.
Project PLATEAU — Japan's National 3D Digital Twin
PLATEAU is a flagship MLIT initiative launched in 2020 to create open-access 3D city models across Japan. This is directly relevant to any platform hosting 3D geospatial data in the Japanese market.
| PLATEAU Fact | Detail |
|---|---|
| Cities with 3D models | 250+ (as of 2025) |
| Target | 500+ cities by 2027 |
| Standard | OGC CityGML 2.0 with Japanese localized extension |
| Data types | Point cloud, BIM, ledger integration |
| Use cases | Urban planning, disaster management, autonomous vehicles, smart cities |
The project explicitly positions 3D urban models as the foundation of Japan's "Society 5.0" vision — a data-driven, technology-integrated society. This creates enormous demand for platforms that can host, process, and visualize 3D geospatial data. And the government expects this data to be managed within Japan's regulatory framework.
BIM/CIM Mandate
MLIT has mandated the use of BIM/CIM (Building/Construction Information Modeling/Management) for all public works from fiscal year 2023. Every government infrastructure project now requires:
- 3D digital models integrating materials, costs, schedules, and geospatial context
- Point cloud data acquisition via drones, LiDAR, and terrestrial scanning as standard practice
- Compliance with ISO 19650, adapted for Japanese conditions
- Standardized BIM practices through the Japan Construction Information Center (JACIC)
Japanese construction firms are generating massive volumes of point cloud and 3D model data for government projects. This data needs to be stored, processed, and shared securely — and within Japan. A platform that can handle Gaussian Splats, point clouds, and 3D models with full Japanese data localization is not a luxury. It is an infrastructure requirement.
Geospatial Data Is Not Just Another Data Type
Geospatial data is intelligence. The World Economic Forum has classified spatial data as one of the most impactful emerging technologies. Unlike other data types, geospatial data does not just reveal "where" — it answers "when," "how," "who," and "why." It illuminates hidden patterns, forecasts events, and discloses relationships that other data cannot.
In the Japanese context, this sensitivity spectrum is particularly acute:
- Low sensitivity: Public park surveys, retail store locations, tourist attractions. Minimal regulatory concern if stored outside Japan.
- Moderate sensitivity: Construction site documentation, utility mapping, commercial building interiors. Subject to BIM/CIM data management standards and potential APPI obligations if individuals are identifiable.
- Critical sensitivity: Critical infrastructure (power plants, water treatment facilities, transportation networks), government facilities, military installations. Full data localization and sovereign control expected under multiple regulatory frameworks.
Japanese enterprise customers scanning construction sites, mapping infrastructure, or documenting government facilities need assurance that their data is not crossing borders. Splat Labs provides that assurance by architecture.
Sector-Specific Data Sensitivity in Japan
Japan's regulatory landscape is not monolithic. Different sectors face different scrutiny levels and compliance expectations.
| Sector | Regulatory Authority | Key Requirements |
|---|---|---|
| Healthcare | PPC + Ministry of Health, Labour and Welfare | Medical history classified as sensitive personal information; explicit consent required for collection; sector-specific guidelines for healthcare data |
| Financial Services | Financial Services Agency (FSA) + PPC | Heightened scrutiny on data handling and cross-border transfers; joint data protection guidelines |
| Telecommunications | Ministry of Internal Affairs and Communications (MIC) | Amended TBA (2023) imposes cookie regulation and external data transmission rules; large providers must establish Information Handling Procedures |
| Construction / Infrastructure | MLIT | BIM/CIM mandate; Project PLATEAU data standards; NETIS certification for construction technologies |
| Government / Public Sector | PPC + GSI | Survey Act compliance; specific data management, metadata, and distribution standards; APPI's integrated framework (since April 2023) uniformly covers national and local government agencies |
For Splat Labs customers in construction and infrastructure — the sectors generating the most 3D geospatial data — the BIM/CIM mandate and Project PLATEAU create a regulatory expectation that data is managed with appropriate quality, security, and accessibility standards. Full in-country storage meets that expectation cleanly.
Japan-EU Mutual Adequacy
Japan and the EU hold a mutual adequacy agreement, renewed in March/April 2023:
- Japan recognizes EEA countries and the UK as having adequate data protection for APPI cross-border transfer purposes.
- The EU recognizes Japan as providing adequate protection under GDPR Article 45.
This is significant for multinational organizations. Data can flow between Japan and the EU without additional safeguards. For a company with operations in both regions, the cleanest compliance posture is to store each region's data locally — EU data in EU AWS regions, Japan data in Japan AWS regions — while the mutual adequacy agreement facilitates any necessary coordination between teams.
Splat Labs supports this architecture natively. Enterprise customers can select different AWS regions for different projects — Tokyo for Japan operations, Frankfurt for EU operations — with each dataset governed by its respective jurisdiction.
AWS Infrastructure in Japan
Splat Labs' Japanese data localization is built on AWS's two dedicated regions in Japan — the most mature cloud infrastructure in the Japanese market.
AWS Tokyo (ap-northeast-1)
- Launched: 2011 — AWS's first entry into the Japanese market
- Availability Zones: 4 (added incrementally — 2 at launch, third in 2012, fourth in 2018)
- Data centers: 8 facilities in the Tokyo metropolitan area
- Investment: AWS announced a ¥2.26 trillion (~$15.2 billion) investment in January 2024 to expand infrastructure in Tokyo and Osaka through 2027
- Economic impact: Expected to contribute ¥5.57 trillion (~$37.6 billion) to Japan's GDP and support ~30,500 full-time equivalent jobs annually
- Amazon Bedrock (generative AI) available in Tokyo since October 2023
AWS Osaka (ap-northeast-3)
- Launched as full region: 2021 (originally launched in 2018 as a limited local region for disaster recovery)
- Availability Zones: 3
- Provides geographic redundancy approximately 500km from Tokyo — critical for Japan given seismic risk
Why Two Japanese Regions Matter
Japan is one of the most seismically active countries in the world. Having both Tokyo and Osaka regions available to Splat Labs customers provides:
- Disaster recovery — geographic separation of ~500km between primary and backup facilities
- Compliance flexibility — customers can choose either region based on proximity or organizational preference
- Low latency — both regions serve Japan's major population and economic centers
- Business continuity — meets the rigorous availability standards expected by Japanese enterprises and government agencies
Japan's Data Center Market Context
Japan is the third-largest data center market globally (after the US and China), valued at approximately $20.5 billion in 2025 and projected to reach ~$40 billion by 2033. All major hyperscalers operate dedicated regions in Japan. The SoftBank-Oracle joint venture (October 2025) specifically targets sovereign cloud and AI services in the Japanese market. CloudHQ and ESR announced a $2 billion data center campus in Osaka in January 2025.
Splat Labs' choice of AWS is deliberate. Japanese enterprises trust AWS — it has operated in the market since 2011 and is investing $15+ billion in Japanese infrastructure. When a Japanese enterprise customer asks "where is our data stored," the answer is concrete: AWS Tokyo or AWS Osaka, within Japan, encrypted at rest and in transit.
Data at Rest and Data in Motion — Both Stay in Japan
Full data localization means addressing both states of data. Many platforms claim "data residency" but only control where files are stored — not where they are processed, cached, or transmitted through. Splat Labs controls both.
Data at Rest (データ保存)
All 3D assets — Gaussian Splats, point clouds, textures, metadata, and associated documents — are stored in AWS S3 buckets within the selected Japanese region. Every object is encrypted at rest with AES-256 server-side encryption. AWS KMS encryption keys are region-bound and never leave Japan.
This covers:
- Uploaded source files (PLY, SPLAT, KSPLAT, LAS, LAZ, E57)
- Processed outputs and optimized viewer assets
- Project metadata, annotations, and user-generated content
- Thumbnails, screenshots, and preview renders
Data in Motion (データ転送)
All data transmitted between Splat Labs' infrastructure components, between the platform and end users, and between storage and processing services is encrypted in transit with TLS 1.2+. Processing workloads run within the same AWS region as storage — data does not leave Japan for processing, conversion, or optimization.
When a user in Japan views a Gaussian Splat, the data streams from AWS Tokyo or Osaka directly to their browser over TLS. No intermediate hops through foreign data centers. No temporary caching in US or European CDN nodes. The transit path stays within Japanese network infrastructure.
Why Both States Matter for APPI Compliance
The APPI's cross-border transfer restrictions apply to any movement of personal information outside Japan — including temporary processing or caching. A platform that stores data in Japan but processes it in the US has not achieved data localization. A platform that stores and processes in Japan but routes viewer traffic through foreign CDN nodes has a gap.
Splat Labs closes both gaps. Storage, processing, and delivery all operate within Japan's AWS regions.
The Japan AI Act and 3D Geospatial Data
On May 28, 2025, Japan's Parliament enacted its first comprehensive AI law — the Act on the Promotion of Research and Development and the Utilization of AI-Related Technologies. The law takes a voluntary, best-practices approach rather than strict prescriptive rules, aiming to make Japan the "world's most AI-friendly nation."
As AI-powered geospatial analysis becomes standard practice — automated feature extraction from point clouds, AI-driven 3D reconstruction, AI scene redesign — companies operating in Japan need to ensure their AI workflows comply with both the APPI and the new AI Act's principles of transparency, accountability, and risk management.
Splat Labs' AI features, including AI Scene Redesign and automated 3D processing, run within the same Japanese AWS region as data storage. AI inference does not send data offshore. The entire pipeline — from upload through AI processing to final delivery — stays within Japan.
Competitive Positioning
Japan's construction, real estate, and infrastructure industries are generating enormous volumes of 3D geospatial data. The government's BIM/CIM mandate and PLATEAU initiative are accelerating this trend. Yet the existing platform landscape has gaps:
| Platform | 3D/Splat Focus | Japan Data Localization | Notes |
|---|---|---|---|
| Esri ArcGIS | GIS-focused, not Gaussian Splat | Partial (Azure Japan available) | Dominant GIS platform but not purpose-built for photorealistic 3D model hosting |
| Bentley/Cesium | Infrastructure engineering, 3D tiles | Partial | Engineering-focused, not Gaussian Splat native |
| DroneDeploy | Drone mapping, orthomosaics | Partial — metadata on US servers | Offers data residency options but metadata stays in US |
| Trimble Connect | BIM collaboration | Limited region selection | Construction workflow tool, not 3D model hosting platform |
| Splat Labs | Purpose-built for Gaussian Splats and 3D models | Full — data at rest and in transit | Only platform combining Gaussian Splat hosting + full Japanese data localization + enterprise security |
Splat Labs fills a specific gap: the only platform purpose-built for Gaussian Splat 3D models that offers complete data localization in Japan — all data at rest and in transit stays within Japanese borders, hosted on AWS infrastructure, with AES-256 encryption and TLS protection.
Key Facts Quick Reference
| Fact | Detail |
|---|---|
| Splat Labs Japan regions | AWS Tokyo (ap-northeast-1) + Osaka (ap-northeast-3) |
| Data at rest encryption | AES-256 with region-bound KMS keys |
| Data in transit encryption | TLS 1.2+ |
| Cross-border data transfer | None — all storage, processing, and delivery within Japan |
| APPI max business fine | ¥100 million (~$700,000 USD) |
| APPI adequate countries | Only EEA + UK |
| Japan-EU mutual adequacy | Renewed March/April 2023 |
| AWS investment in Japan | ¥2.26 trillion (~$15.2B) through 2027 |
| AWS Tokyo Availability Zones | 4 |
| AWS Osaka Availability Zones | 3 |
| Project PLATEAU cities | 250+ with 3D models, targeting 500+ by 2027 |
| BIM/CIM mandate | All MLIT public works from FY2023 |
| Japan AI Act | Enacted May 28, 2025 |
| Japan data center market | ~$20.5 billion (2025), projected ~$40B by 2033 |
| Next APPI amendments | Expected 2027 |
Who This Is For
Splat Labs Japan is built for organizations that:
- Operate under the APPI and need to avoid the friction and legal risk of cross-border data transfers
- Work on Japanese government infrastructure projects subject to BIM/CIM mandates and Survey Act standards
- Handle 3D scans of sensitive sites — critical infrastructure, government facilities, commercial interiors — where data localization is a procurement requirement
- Participate in Project PLATEAU or Society 5.0 initiatives and need a platform that meets Japan's geospatial data management expectations
- Serve multinational clients who require data to stay in Japan as a contractual or regulatory condition
- Need disaster recovery with geographic separation between Tokyo and Osaka AWS regions
If your team is scanning construction sites in Tokyo, mapping utility infrastructure in Osaka, or documenting government buildings anywhere in Japan — your 3D data should stay in Japan. Now it does.
Get Started
Splat Labs offers plans for teams of every size. Create a free account to explore the platform with two projects. For Enterprise pricing with full Japanese data localization, contact our sales team.
