The Group's operating results may be significantly affected by various factors that could arise in the future.
The following describes the principal matters that we consider could be risk factors in the Group's business operations. In addition, from the perspective of disclosing information to investors, we proactively disclose matters that we consider important for making investment decisions or for understanding the Group's business activities, even if they do not necessarily fall under the category of business risks. While the Group intends to strive to prevent these risks from occurring and to respond appropriately should they occur, based on its recognition of the possibility of such risks arising, we believe that investment decisions regarding the shares of the Company should be made after carefully examining the following business risks as well as the matters described in sections other than this one.
Forward-looking statements in this section are based on the judgment of the Group as of the end of the current consolidated fiscal year.
(1) Relationship with the Parent Company
(i) Positioning within the GMO Internet Group, Inc. Group
The Group belongs to a corporate group (hereinafter the "GMO Internet Group") centered on its parent company, GMO Internet Group, Inc., which as of the end of December 2023 owned 51.8% of the Company's issued shares. Under the corporate catchphrase "Internet for Everyone," the GMO Internet Group, centered on the parent company, operates the Internet Infrastructure business, the Internet Advertising & Media business, the Internet Finance business, the Cryptoasset business and the Incubation business. Within the GMO Internet Group, the Group is positioned as the company responsible for the electronic authentication and eSignature services and cloud infrastructure services that are classified under the Internet Infrastructure business. Since joining the GMO Internet Group in May 2001, the Group's positioning has remained fundamentally unchanged. The Group serves as the technical core of the cloud infrastructure services; in addition to selling these cloud infrastructure services under its own brand, the Group also provides them on an OEM basis for the other principal hosting services conducted within the GMO Internet Group. However, should any change occur in the parent company's basic policy regarding the Group, this may affect the Group's business and operating results.
(ii) Transactions with GMO Internet Group, Inc.
The Group's sales to GMO Internet Group, Inc. on a consolidated basis were 437,668 thousand yen (2.74% of total sales) in the fiscal year ended December 2022 and 224,552 thousand yen (1.28% of total sales) in the fiscal year ended December 2023. The parent company's business strategy, management policy, operating results and financial condition may affect the Group's business and operating results.
In addition, the Company does not own its own data centers; instead, it operates the servers used for its cloud infrastructure services by receiving housing services and internet connection services from multiple internet data center (IDC) operators. The total data center usage fees amounted to 633,095 thousand yen in the fiscal year ended December 2023, of which 5,337 thousand yen (0.8%) was paid to the parent company.
Housing services refer to the provision of facilities equipped with internet line equipment (so-called rack space). Internet connection services refer to connecting the IDC's network connection devices (the connection devices upstream from the backbone router) with the L2 switches (*) operated by the Company, which enables the servers owned by the Company to be used on the internet.
These two services are essential for operating the cloud infrastructure business. If the Company were to become unable to use the data centers operated by the parent company due to reasons such as changes in the parent company's business strategy or management policy, this may affect the Group's business and operating results.
(*) An L2 (Layer 2) switch is a network relay device that decodes data at the data link layer (the second layer = Layer 2), determines the destination of packets, and forwards them to downstream servers or upstream backbone routers.
For details of transactions involving fund transfers with the parent company's group during the fiscal year ended December 2023, please refer to "Part 5 Financial Information, 1. Consolidated Financial Statements, etc., (1) Consolidated Financial Statements, Related Party Information."
(iii) Concurrent Service of Officers with GMO Internet Group, Inc.
Of the Company's nine officers, two also serve as officers of GMO Internet Group, Inc. Their positions at the Company, names and positions at the parent company are as follows.
| Name | Position at the Company | Position at GMO Internet Group, Inc. |
|---|---|---|
| Kumagai Masatoshi | Chairman of the Board (Non-Executive) | Chairman, President and Representative Director, Group CEO |
| Yasuda Masashi | Director (Non-Executive) | Director, Vice President & Executive Officer, CFO, Deputy Group CEO, Head of Group Administration Division |
The two non-executive directors were invited with the aim of obtaining advice regarding the Company's business.
(2) Risks Related to the Group's Business
(i) Competition
i) Digital Certificate and eSignature Segment
The electronic authentication market in which the Group operates is a growth market, but market share is concentrated among the leading companies. After entering the electronic authentication business in May 2003, the Group has sought to expand its market share for server certificates by differentiating itself through low prices, fast issuance and other means. In addition, in October 2006 the Group acquired a certificate authority and began selling under its own brand. However, if the Group's market share declines due to intensifying competition, or if selling prices fall due to price competition, this may affect the Group's business and operating results. Furthermore, the Group entered the eSignature business in 2015 and has sought to expand its market share by leveraging the strength of owning a certificate authority to differentiate itself through high security, low prices and other means. However, if the Group's market share declines due to intensifying competition, or if selling prices fall due to price competition, this may affect the Group's business and operating results.
ii) Cloud Infrastructure Segment
Because there are no major barriers to entry for the cloud infrastructure services provided by the Group, there are numerous competitors, and the Group faces intense competition. The Group has acquired many contracts by stably providing high-quality services at reasonable prices. However, if competition intensifies further due to technological development competition, price competition and other factors, this may affect the Group's business and operating results.
(ii) Overseas Business Activities
In addition to Japan, the Group conducts various businesses in countries around the world, including North America, Europe, Russia and Asia, in accordance with the laws and regulations of each country. However, the Group may be subject to the enactment or amendment of regulations on imports and exports, tax systems such as customs duties, regulations on product liability, or other unforeseen enactment or amendment of laws, as well as the filing of class action lawsuits, orders to pay substantial damages, or the enforcement of recommendations or procedures based on relevant laws and regulations.
In addition, geopolitical risks such as the occurrence of political turmoil due to war, terrorism, conflict or other factors, as well as labor issues and diseases arising from differences in culture and customs, may affect the Group's business and operating results.
(iii) Exchange Rate Fluctuations
The Group conducts foreign currency-denominated transactions for part of its operating transactions and for investments and loans to overseas consolidated subsidiaries, and it manages foreign currencies for the purpose of hedging exchange rate fluctuation risk. However, if exchange rates fluctuate due to changes in the global economic situation or other factors, this may affect the Group's business and operating results.
(iv) Legal Regulations
In addition to general laws and regulations such as the Companies Act, the Group is subject mainly to the following legal regulations in connection with its business. If laws and regulations targeting internet users or related services and operators are enacted or amended in the future, if the application of existing laws and regulations becomes clarified, or if some form of voluntary industry rules is established, the Group's business may be restricted.
i) Telecommunications Business Act
This Act aims to ensure the smooth provision of telecommunications services and protect the interests of their users by making the operation of telecommunications businesses appropriate and reasonable and by promoting fair competition, in view of the public nature of telecommunications businesses, thereby ensuring the sound development of telecommunications and the convenience of the public, and promoting public welfare.
The Company is a telecommunications carrier that has filed a notification under this Act and is subject to regulations concerning the prohibition of censorship, the protection of the secrecy of communications and other matters. In addition, if certain grounds apply, the Company may receive an order from the Minister of Internal Affairs and Communications to improve its operations, etc., under this Act, and in some cases may be subject to penalties. In such cases, this may affect the Company's business and operating results.
ii) Act on the Limitation of Liability for Damages of Specified Telecommunications Service Providers and the Right to Demand Disclosure of Identification Information of the Senders
This Act stipulates, in cases where rights are infringed through the distribution of information via specified telecommunications, the limitation of liability for damages of specified telecommunications service providers and the right to demand disclosure of the identification information of the senders.
The Company is subject to this Act as a specified telecommunications service provider, and it responds carefully to requests for transmission prevention measures and for the disclosure of sender identification information so as to make appropriate judgments. However, if such responses are found to have been inappropriate in litigation or other proceedings, the Company may be subject to administrative guidance, complaints, claims for damages, recommendations and other actions from users, other related parties, administrative agencies and the like, and in such cases this may affect the Company's business and operating results.
iii) Act on Specified Commercial Transactions
This Act aims to protect the interests of purchasers and others by making specified commercial transactions (door-to-door sales, mail-order sales, etc.) fair and preventing damage that purchasers and others may suffer, while at the same time making the distribution of goods and the provision of services appropriate and smooth, thereby contributing to the sound development of the national economy.
Under this Act, the Group is subject to administrative regulations in specified commercial transactions, such as the display of the business operator's name, the prohibition of improper solicitation activities, and restrictions on false or exaggerated advertising.
iv) Act on Regulation of Transmission of Specified Electronic Mail
In view of the need to prevent problems in the sending and receiving of electronic mail caused by the transmission of specified electronic mail sent to a large number of people at once, this Act aims to develop a favorable environment for the use of electronic mail by establishing measures to ensure the appropriate transmission of specified electronic mail, thereby contributing to the sound development of an advanced information and telecommunications society.
Under this Act, the Group is subject to regulations such as the requirement to include the sender's contact information within electronic mail for advertising and promotional purposes (specified electronic mail).
v) Act on the Protection of Personal Information
In view of the significant expansion of the use of personal information accompanying the progress of an advanced information and telecommunications society, this Act aims to protect the rights and interests of individuals while giving consideration to the usefulness of personal information, by establishing the obligations to be observed by business operators handling personal information regarding the appropriate handling of personal information.
Under this Act, the Group is subject to regulations such as the clear indication of the purpose of use of personal information, ensuring the appropriateness of its acquisition, and ensuring the implementation of security control measures. In addition to this Act, as a telecommunications carrier, the Group is required to comply with the Guidelines on the Protection of Personal Information in Telecommunications Business established by the Ministry of Internal Affairs and Communications.
Furthermore, the Group may be required to handle personal information in accordance with related laws and regulations in countries around the world established regarding the handling of personal information, such as the European "General Data Protection Regulation (GDPR)," as well as the "Supplementary Rules under the Act on the Protection of Personal Information for the Handling of Personal Data Transferred from the EU and the UK Based on an Adequacy Decision." Substantial fines may be imposed in the event of a violation of the GDPR, and in such cases this may affect the Group's business and operating results.
vi) Act on Development of an Environment that Provides Safe and Secure Internet Use for Young People
In view of the situation in which a large amount of information harmful to young people is distributed on the internet, this Act aims to enable young people to use the internet safely and securely and to contribute to the protection of the rights of young people, by taking measures necessary for young people to acquire the ability to appropriately use the internet, as well as measures to improve the performance and promote the use of filtering software for information harmful to young people and other measures to minimize opportunities for young people to browse information harmful to young people using the internet.
Under this Act, the Company bears a duty of effort to take measures such as restricting access to information harmful to young people in its cloud infrastructure services. In restricting access to information based on this Act, it may be difficult to judge the appropriateness of such restrictions, and if such judgment is inappropriate, the Company may be subject to administrative guidance, complaints, claims for damages, recommendations and other actions from users, other related parties, administrative agencies and the like, and in such cases this may affect the Company's business and operating results.
vii) Act against Unjustifiable Premiums and Misleading Representations
This Act aims to protect the interests of general consumers by establishing restrictions and prohibitions on acts that could impede the voluntary and rational choices of general consumers, in order to prevent the attraction of customers through unjustifiable premiums and representations related to transactions of goods and services.
The Group strives to provide premiums in compliance with laws and regulations when conducting campaigns, and to appropriately display the content and prices of its services on websites and elsewhere.
However, if premiums or representations are judged to be inappropriate by users, administrative agencies, judicial authorities or the like, the Group may be subject to administrative guidance, orders to pay surcharges, complaints, claims for damages and other actions, and in such cases this may affect the Group's business and operating results.
viii) Product Liability Act
This Act aims to protect victims and thereby contribute to the stability and improvement of the lives of the public and the sound development of the national economy, by establishing the liability of manufacturers and others for damages in cases where damage to a person's life, body or property arises due to a defect in a product.
If an accident occurs due to a defect in a product processed and sold by the Group, the Group may bear liability for damages under this Act, and in such cases this may affect the Group's business and operating results.
(v) Possibility of Litigation
In conducting the Group's business, if the rights or interests of a third party are infringed, regardless of whether the Group is at fault, the Group may become the subject of lawsuits or other proceedings seeking damages. In preparation for such cases, the Group has taken measures such as establishing disclaimer provisions in the terms of use for most of its services. However, if lawsuits or other proceedings seeking damages are filed against the Group, or if compensation issues arise, this may affect the Group's business and operating results, or may damage the Group's social credibility.
(vi) Intellectual Property Rights
With respect to technologies and business models devised in-house that require protection under the Patent Act and other laws, the Group files applications from time to time. To date, GMO GlobalSign K.K. has a record of two patent registrations (two in Japan).
In addition, with respect to the names of the Group's services and the like that require protection under the Trademark Act, the Group files trademark registration applications from time to time. Although the Group recognizes that it does not infringe the intellectual property rights of other companies, it is difficult to fully grasp the current status of other companies' intellectual property rights in the Group's business fields, and the possibility that conflicts with intellectual property rights held by other companies are arising in areas the Group is unable to grasp cannot be denied. Furthermore, if the Group receives a claim for damages or an injunction from a third party that has newly acquired intellectual property rights in the Group's business fields, this may affect the Group's business and operating results.
(vii) Information Management and Information Leakage
Because the Group acquires and uses customers' personal information, it bears obligations as a business operator handling personal information as stipulated by the Act on the Protection of Personal Information. The Group has established a system for protecting personal information by continuously conducting strict internal information management from both software and hardware perspectives, such as limiting the officers and employees who handle personal information, managing passwords for access to personal information, and thoroughly managing logs of such access. In addition, the Group actively works to protect personal information by utilizing advanced security technologies, developing operational manuals and guidelines, and thoroughly conducting internal training for all employees. The Company's Tokyo head office acquired "ISO/IEC 27001" certification in November 2006 and "ISO/IEC 27017" certification, which is dedicated to cloud services, in October 2018. In addition, GMO GlobalSign K.K. acquired "ISO 27001 (Information Security Management)" and "ISO 22301 (Business Continuity Management)" certifications in October 2019, and "ISO/IEC 27017" certification covering its enterprise single sign-on service in November 2022. While the Group intends to continue striving to maintain and improve its systems, in the unlikely event that an information system stoppage or a leakage of customer information, personal information or the like occurs, this may lead to a loss of trust in the Group, deterioration of the Group's corporate image, the filing of lawsuits or other proceedings seeking damages against the Group, and the occurrence of compensation issues, which may affect the Group's business and operating results.
(viii) System Failures
i) Digital Certificate and eSignature Segment
- System Failures
The electronic authentication and eSignature services provided by the Group depend on the systems of GMO GlobalSign K.K., and these systems may contain some unforeseen defect. Although the Group continuously inspects and corrects its systems, there is no guarantee that this is perfect, and if malfunctions or defects in the services occur, this may lead to the occurrence of damages or a loss of trust in the Group. In addition, the electronic authentication and eSignature services provided by the Group must provide stable services 24 hours a day, 365 days a year. However, because these services depend on communication networks, if a communication network is disconnected due to a disaster, accident or the like, if the servers of the Group or an internet service provider temporarily become inoperable due to a sudden concentration of access, or if the Group suffers damage from a computer virus, disruptions may occur in the services provided by the Group, which may affect the Group's business and operating results.
In addition, with respect to service guarantees and the like, the Group establishes certain limitations, such as provisions defining the scope of operational responsibility and disclaimer provisions, through the Certification Practice Statement and the Subscriber Agreement. However, there is no guarantee that such limitations will be recognized as applicable as they are, whether in or out of court, or that they can actually be relied upon, and this may affect the Group's business and operating results.
- Operation of the Certificate Authority
Part of the operation of the certificate authority system is outsourced to multiple contractors, and the Group receives services based on contracts with these contractors. Although the Group manages and supervises the outsourced operations while maintaining close cooperation and holding regular meetings with the contractors, if the contract with a contractor is terminated before its expiration or otherwise ends due to some reason such as a change in the contractor's business policy, if problems arise in maintaining the contract, if problems arise in the service level of the service provision or in the contractor's technical standards, if problems arise in the contractor's management situation, or if problems arise in the certificate authority system due to obstructive acts by a malicious third party, this may affect the Group's business and operating results.
- Compromise of the Certificate Authority's Private Key
The Group manages the private key of the root CA certificate of the certificate authority under strict standards that prevent any deficiencies in management, such as by using a Hardware Security Module (*). However, if the private key of the root CA certificate is compromised for any reason, trust in the GlobalSign brand certificates would be undermined, which may affect the Group's business and operating results.
(*) A Hardware Security Module is a tamper-resistant device (a device with the capability to make the private key difficult to extract, such as by automatically erasing the private key in the event of a physical attack) that enables the secure generation and storage of the private key used for electronic signatures and encryption within the hardware and the execution of electronic signatures.
ii) Cloud Infrastructure Segment
The infrastructure services provided by the Group must provide stable services 24 hours a day, 365 days a year, and in particular the Group has introduced a Service Level Agreement (SLA) for some of its services. For this reason, the Group installs its servers in reliable data centers in Japan and maintains a 24-hour server monitoring system. However, because the Group's services depend on communication networks, if a disconnection of the communication network due to a disaster, accident or the like, a temporary inoperability of servers due to a sudden concentration of access, damage from a computer virus, a defect in a server or software, or a connection failure due to loss or damage caused by human error occurs, a situation may arise in which it becomes impossible to connect to the Company's servers. If such server connection failures occur due to causes attributable to the Company, direct damages such as refunds may arise, and this may also lead to a loss of trust in the services provided by the Group, which may affect the Group's business and operating results.
(ix) Technological Innovation
In the internet industry to which the Group belongs, the speed and degree of technological progress in both hardware and software change remarkably, and new technologies and new services are constantly being created. The Group independently develops new technologies while maintaining close cooperation with alliance partners, and continuously develops and improves its services. However, if the services provided by the Group become obsolete due to the spread of new technologies or new services that the Group does not anticipate, the Group's competitiveness against competitors may decline. In addition, expenditures may become necessary to respond to new technologies and new services. If such situations arise, this may affect the Group's business and operating results.
(x) Lease Contracts
In part of the DX business, the Group sells to leasing companies. In concluding lease contracts between the leasing companies to which the Group sells and end users, if the closing rate of lease contracts declines due to increases in lease rates, stricter credit screening by leasing companies, the revision or abolition of laws and regulations concerning lease transactions, or changes in accounting standards, this may affect the Group's business and operating results.
(3) Risks Related to the Group's Business Structure
(i) Securing and Developing Human Resources and Dependence on Specific Managers
In expanding the Group's business, responding to the rapid technological innovation that evolves daily and to the development of new businesses is essential, and we believe it is important to secure and develop the excellent human resources needed to respond to these in a timely manner. However, in the internet industry, demand is high for human resources with the specialized knowledge, technologies, business careers and the like necessary for the Group's business, and there is a possibility that the necessary expansion of personnel at the Group will not proceed as planned, or that costs greater than anticipated will arise. If such situations occur, this may affect the Group's business and operating results.
In addition, at the Group, officers including the Representative Director, senior employees and other officers and employees who possess specialized knowledge, technologies and experience play important roles in the management and business execution of each group company, and the experience accumulated through the continued service of these officers and employees is considered important know-how for the Group. However, if these officers and employees resign or retire for some reason and it becomes difficult to recruit successors, this may affect the Group's business results and future business development.
(ii) Establishing a Management Control Structure to Accompany Business Expansion
As of the end of December 2025, the Group is still in the process of growth, with nine officers (six directors excluding directors who are Audit and Supervisory Committee Members, and three directors who are Audit and Supervisory Committee Members) and 990 employees on a consolidated basis (excluding temporary employees), and its internal control structure is commensurate with this scale. The Group is developing its internal control structure in line with the expansion of its business and the increase in its employees, and it plans to further enhance its internal control structure going forward. However, if the establishment of the organizational structure does not proceed smoothly relative to the increase in the number of employees, this may affect the Group's business and operating results.
(4) Other
(i) Dilution of Shares Due to the Exercise of Stock Options and the Like
In order to raise the morale of officers and employees and at the same time to secure human resources, the Company may grant share acquisition rights as stock options in the future. If these share acquisition rights are exercised, new shares will be issued and the value of the Company's shares per share will be diluted.
(ii) Corporate Acquisitions and Strategic Alliances
The Group intends to continue working on new services and new businesses, and as one effective means of accelerating business expansion, it plans to actively utilize corporate acquisitions (M&A) and strategic alliances including capital alliances.
In conducting corporate acquisitions (M&A) and strategic alliances including capital alliances, the Group conducts detailed prior examinations of the target company's financial condition, contractual relationships and the like, and thoroughly examines the risks. However, if problems that could not be grasped in the prior examination arise after the acquisition, such as the occurrence of contingent liabilities or the discovery of unrecognized liabilities, or if the business plan does not progress as originally planned due to reasons such as delays in the integration work in the organizational, systems, sales and operational aspects following the corporate acquisition (M&A) or strategic alliance, the outflow of key personnel, or the inability to expect the anticipated synergies, this may affect the Group's business and operating results.
(iii) Future Business Development
The Group will actively pursue new business developments such as IoT services and electronic contract services, centered on the electronic authentication and eSignature business and the cloud infrastructure business. In developing these businesses, the Group plans to establish subsidiaries and affiliated companies, make new investments and loans, and form business alliances, in addition to capital investment and technology development investment. This business development is expected to involve the input of human and material resources and other increases in expenditure. If the business development does not proceed as planned, only time and cost may be expended without leading to the securing of profits. In such cases, this may affect the Group's business and operating results.






















