Top of Page

Links to move inside this page.

  1. HOME
  2. About IIJ
  3. News / CSR
  4. Press Releases
  5. 2022
  6. IIJ Acquires APEC CBPR Certification

IIJ Acquires APEC CBPR Certification

As the world's first cloud service provider to acquire both EU BCR approval and APEC CBPR certification, can ensure secure transfer of personal data across the U.S., Southeast Asia and elsewhere

Sep 15, 2022
Internet Initiative Japan Inc.

PDF [416KB]PDF / Japanese

TOKYO - September 15, 2022 - Internet Initiative Japan Inc. (TSE Prime: 3774), one of Japan's leading Internet access and comprehensive network solutions providers, today announced that it has today acquired APEC CBPR (Cross Border Privacy Rules) certification. The CBPR certification system applies to the cross-border protection of personal data by corporations or organizations, indicating their compliance with the APEC (Asia-Pacific Economic Cooperation) privacy principles in the transfer of personal data. With this certification, IIJ is recognized as an organization that effectively protects personal data, enabling its customers making use of its cloud and other services to transfer personal data within the APEC region (CBPR participating countries: United States, Canada, Mexico, South Korea, Taiwan, Singapore, Philippines, Australia, Japan) seamlessly while complying with the privacy laws in each country.
Back in August 2021, IIJ obtained BCR (Binding Corporate Rules) approval indicating its compliance, as a corporate group, with the EU personal data protection policies to meet the EU General Data Protection Regulation (GDPR) requirements. It now has become the world's first cloud service provider (IaaS) to have acquired both BCR approval and CBPR certification.



IIJ has always endeavored to raise the level of information security and privacy protection, so as to provide customers with an environment for secure exchange of data. As one step along the way, in August 2021, IIJ obtained approval from the competent data protection authority in the EU of the IIJ Group binding corporate rules (BCRs) documenting the Group's personal data protection policies, thereby certifying that these policies are conformant with the GDPR.
CBPR certification is a privacy framework common to APEC, formulated in 2011 for the protection of personal data transferred across borders, and imposing strict privacy protection requirements on service providers. Japan's Act on the Protection of Personal Information Article 28 also lists CBPR certification as one of the requirements for being allowed to transfer personal data from Japan to a third party outside Japan. Acquiring this certification means that IIJ is publicly recognized as providing services that can securely exchange personal data, in conformance with laws, not only in the EU but in the Asia Pacific region including the United States.
In April 2022, the countries participating in the APEC CBPR system further declared the establishment of a Global Cross-Border Privacy Rules (CBPR) Forum, aimed at promoting the seamless transfer of personal data over a wider scope and orderly interoperability in each country. In the future, as participation in the CBPR grows, it is hoped that secure exchange of personal data will become possible with more nations.

Benefits to IIJ Customers

Now that IIJ has acquired both CBPR certification and BCR approval, customers who use the cloud service IIJ GIO or other IIJ services to transfer personal and other important data within the customer's group in Japan and abroad can do so with assurance, regarding both IT security and compliance with legal requirements. In addition, they can greatly reduce the time and labor for dealing with security matters, interacting with customers and national authorities, carrying out contract procedures and much more, while also reducing risks.

About CBPR Certification

The CBPR certification system applies to the cross-border protection of personal data by corporations or organizations, indicating their compliance with the APEC (Asia-Pacific Economic Cooperation) privacy principles in the transfer of personal data. In Japan, JIPDEC serves as the Accountability Agent (AA) for obtaining certification.

With protection and seamless exchange of personal data being policy matters common to the nations of the world, regulations and certification are expected to become increasingly complex. IIJ will continue taking the lead in making sure its IIJ GIO and other IT platform services provided globally are compliant with the regulations and public certification programs of each country, thereby reducing the compliance burden of customers and providing an environment for safe and secure data use.

About IIJ

Founded in 1992, IIJ is one of Japan's leading Internet-access and comprehensive network solutions providers. IIJ and its group companies provide total network solutions that mainly cater to high-end corporate customers. IIJ's services include high-quality Internet connectivity services, systems integration, cloud computing services, security services and mobile services. Moreover, IIJ has built one of the largest Internet backbone networks in Japan that is connected to the United States, the United Kingdom and Asia. IIJ was listed on the Prime Market of the Tokyo Stock Exchange in 2022.

The statements within this release contain forward-looking statements about our future plans that involve risk and uncertainty. These statements may differ materially from actual future events or results.

For inquiries, contact

IIJ Corporate Communications

  • (*) All company names and service names used in this press release are the trademarks or registered trademarks of their respective owners.

Get Adobe Acrobat Reader

End of the page.

Top of Page