Introduction
Legal work in the IT field is an area where a deep understanding of both technology and law is indispensable. Even a single set of SaaS terms of use interweaves multiple issues: (1) governing law and jurisdiction; (2) limitation of liability and indemnity; (3) data ownership and deletion obligations; (4) service level agreements (SLAs); and (5) termination and data migration.
Our firm provides seamless support from the upstream of system development (requirements definition and choice of contract form), through the operational phase (incident response and contract amendments), and on to disputes and litigation. Our clients include SaaS providers, contract development companies, the IT departments of operating companies, and startups building data-driven businesses.
Especially important is the ability to legally organize the "ambiguity" that is characteristic of IT contracts. Situations in which development proceeds before requirements are fixed, specification changes are made orally, or the allocation of responsibility is technically unclear are breeding grounds for disputes. Our firm's strength lies in preventive lawyering that translates such technical uncertainty into contract structures and heads off future disputes.
In recent years, demand has surged in new areas such as AI development contracts (rights in training data, liability for outputs, and warranties of model accuracy) and cyber-incident response (ransomware damage and response to supply-chain attacks), and we handle these as well.
Areas of Practice
1. System Development Contracts - Choosing between a contract for work (ukeoi) and a quasi-mandate (jun-inin), and designing the contract structure - Contract models suited to agile development (a master agreement plus individual sprint orders) - The scope and duration of defect liability (liability for nonconformity) - Designing acceptance clauses, additional orders, and specification-change management - Ownership of development deliverables (copyright, know-how, and third-party OSS)
2. SaaS / Cloud Services - Drafting and reviewing SaaS terms of use and privacy policies - Designing MSA (Master Service Agreement) templates for B2B SaaS - Drafting data processing agreements (DPAs) and SCCs (Standard Contractual Clauses) - SLA design, uptime guarantees, and service credits - Data return and deletion obligations on termination, and avoiding vendor lock-in
3. Data Breach and Cyber-Incident Response - Immediate response upon discovery of a breach (evidence preservation and coordinating forensic investigation) - Reporting to the Personal Information Protection Commission and notifying data subjects - Ransomware response (including the legal issues surrounding ransom payment) - Explanations to business partners and customers, and damages negotiations - Formulating measures to prevent recurrence and revising internal rules
4. AI Development and Use Contracts - Licensing of training data and data provision agreements - Ownership of AI-generated works and allocation of liability - The scope of warranties for model accuracy and limitation of liability - Formulating corporate guidelines for generative AI use - Responding to AI regulatory trends (the EU AI Act and Japan's AI Business Operator Guidelines)
5. IT Services Generally - APPI and GDPR compliance (see the "Data Protection" practice area for details) - Compliance with the Telecommunications Business Act, the Act on Specified Commercial Transactions, and the Act against Unjustifiable Premiums and Misleading Representations - Stealth-marketing regulation compliance and the legal issues of operating UGC platforms - API terms of use and developer TOS - M&A and due diligence of IT assets and IP
Representative Matters (Illustrative Examples)
Example 1: Building Global Contract Templates for a B2B SaaS Provider
A Series B–stage B2B SaaS startup transitioned from bespoke contracts for mid-sized domestic companies to standardized MSA operations for the global market. Until then, it had drafted each contract from scratch for every deal, and challenges had become apparent in both sales efficiency and legal risk.
Our firm provided integrated support: (1) creating industry-standard MSA, DPA, and SLA templates (bilingual Japanese/English); (2) building an internal matrix of negotiation fall-back positions; (3) delivering contract-negotiation training for sales and customer success; and (4) setting policy for the choice of governing law and jurisdiction across the major jurisdictions (the U.S., EU, U.K., and Singapore). As a result, we cut the average contract-execution lead time by 60% and reduced legal review hours by 50%.
Example 2: Settlement of a Large-Scale System Development Dispute
At a mid-sized operating company, a dispute arose with a vendor over unmet requirements and delivery delays in a core-system renewal project. As the customer, the company faced the challenge of reconciling contract termination and damages claims with the early recovery of the system and a switch to an alternative vendor.
Our firm carried out: (1) an organization of the facts of the project's history (reviewing several thousand minutes and emails); (2) an analysis of the contractual allocation of responsibility; (3) obtaining the opinion of a technical expert; and (4) settlement negotiations with the vendor. Ultimately, on condition that the vendor make a partial refund and cooperate with the migration, we concluded a settlement agreement including a mutual waiver of rights. In parallel, we redesigned the contract structure for the successor project (staged acceptance of deliverables, a rationalized limitation of liability, and clearer governance clauses).
Example 3: Emergency Response to Ransomware Damage
A mid-sized manufacturer suffered a ransomware attack, and its internal systems were encrypted. The attacker demanded a ransom payment, and a response decision was needed within 24 hours.
Our firm supported: (1) organizing whether contact with the attacker was permissible and the legal issues of ransom payment (economic sanctions regulation, the Foreign Exchange Act, and prevention of terrorist financing); (2) an initial assessment of whether personal data had leaked; (3) drafting a prompt report to the Personal Information Protection Commission; (4) draft notices to business partners and customers; (5) liaison with the police and JPCERT/CC; and (6) reviewing the post-recovery forensic report. As a result, the ransom was not paid, and by recovering from backups and providing a highly transparent explanation to business partners, reputational damage was minimized.
How to Engage Us
- Initial Consultation (30–60 minutes / available online): We hear your challenges and current situation and organize the issues. A confidentiality agreement can be concluded before the consultation.
- Estimate and Proposal: We present the scope, timeline, and fees. We accommodate time-charge, per-matter, and retainer arrangements alike.
- Commencement and Progress Sharing: We report progress regularly and make the issues visible. Where coordination with technical experts is needed, we arrange it.
- Completion and Aftercare: We can provide continued support on related ongoing issues (contract amendments, rule updates, and the like).
Fee Guide (Reference Figures / Subject to Discussion)
- Initial consultation: Free for the first 30 minutes; time charge thereafter
- Contract review (standard SaaS agreements, etc.): Estimated JPY 50,000–150,000
- Contract drafting (templates such as MSAs and DPAs): Estimated JPY 300,000–800,000
- Incident response (emergency): Time charge plus retainer
- Retainer: Estimated JPY 150,000–400,000 per month (designed according to workload)
- Litigation and dispute response: Individual estimate
Contact
For consultations in the IT field, please reach out via our contact form. If you require emergency incident response, please note this and we will prioritize your matter.