Global Cross-Border Privacy Rules (CBPR)

What is the Global CBPR System?

The Cross-Border Privacy Rules (CBPR) System is an international system that certifies organizations’ compliance with certain program requirements for the cross-border transfer of personal data. Jurisdictions approved to participate in the system recognize Accountability Agents (AAs) and the AAs review and certify compliance of organizations based on their applications.

The CBPR System has operated under Asia-Pacific Economic Cooperation (APEC) since its inception. However, on April 21, 2022, the declaration of the establishment of the Global CBPR Forum—a framework that is not limited to jurisdictions in the APEC region, but open to those all over the world—was published for the purpose of facilitating cross-border transfer of personal data over a wider area and the promotion of interoperability of regulations among jurisdictions, thereby enabling participation from outside APEC. Following this, on April 30, 2024, the Forum published the documents that are necessary for the operationalization of the Global CBPR System, and on June 2, 2025, the Global CBPR System was launched, with AAs starting to grant certifications.

The Ministry of Economy, Trade and Industry (METI), together with the Personal Information Protection Commission (PPC), is proactively contributing to the efforts for expanding participation in the Forum and international discussions for disseminating the Global CBPR System.

Timeline

• Global CBPR System Program Requirements Updated (March 23, 2026)
• Launch of the Global Cross-Border Privacy Rules (CBPR) System (June 2, 2025)
• Global Cross-Border Privacy Rules (CBPR) Forum Publishes Documents for Operationalization of the Global CBPR System (May 7, 2024)
• Establishment of the Global Cross-Border Privacy Rules (CBPR) Forum (April 21, 2022)

Participating Economies (as of October 24, 2025)

Members	Australia, Canada, Dubai International Financial Centre, Japan, the Republic of Korea, Mexico, the Philippines, Singapore, Chinese Taipei, the United States of America
Associates	Bermuda, Nigeria, Mauritius, the United Kingdom

• Dubai International Financial Centre Became a Full Member of the Global CBPR Forum (October 24, 2025)
• Nigeria Joined the Global CBPR Forum as an Associate (September 19, 2025)
• Bermuda, Dubai International Financial Centre, and Mauritius Joined the Global CBPR Forum as Associates (August 26, 2024)
• The United Kingdom Joined the Global CBPR Forum as an Associate (July 6, 2023)

Global CBPR-Certified Organizations

The following are the Global CBPR-certified organizations in Japan (as of June 2025):

• IntaSect Communications, Inc.
• Paidy Inc.
• Internet Initiative Japan Inc.
• PayPay Corporation

All Global CBPR-certified organizations, including those outside Japan, can be found on the Global CBPR Forum website.

• Global CBPR Forum

Accountability Agents (AA)

In Japan, the Japan Institute for Promotion of Digital Economy and Community (JIPDEC) has been approved as an AA.
Organizations considering applying for CBPR certification are encouraged to visit the JIPDEC website.

• JIPDEC web-site

Related Materials

• Global Cross-Border Privacy Rules (CBPR) Declaration(PDF:94KB)
• Global Cross-Border Privacy Rules (CBPR) Framework (2023)
• Global CBPR Forum Terms of Reference（ToR）

Research Reports

• Research for Promoting the Cross-Border Privacy Rules (CBPR) Certification System（in Japanese） (January 2025)(PDF:743KB)
• Research on trends in corporate certification in other countries related to data protection and cross-border data transfer (February 2023)(PDF:2,219KB)

Related Link

• Global CBPR Forum

Division in Charge

Office of International Affairs, Commerce and Information Policy Bureau