Add missing _index.org files for 7 sections: stages, ai-agents-scoping, compliance, impact, social-protocol, verification, resources — rebuild clean after file reorganization

projects/passepartout/strategy/compliance/compliance-regimes/appi.org

@@ -0,0 +1,29 @@
+:PROPERTIES:
+:ID:       b852ec69-0fc2-435c-ae1e-6b83e49b3ca3
+:ID:       auto-appi
+:CREATED:  [2026-05-23 Sat]
+:END:
+#+title: APPI (Act on the Protection of Personal Information — Japan)
+#+filetags: :passepartout:compliance:framework:appi:
+
+
+Japan's comprehensive privacy law (amended 2022, fully effective 2023).
+Applies to any business handling personal information of Japanese residents.
+Key requirements: consent, purpose specification, data retention limits,
+cross-border transfer restrictions (opt-in required), mandatory breach reporting,
+data subject access/deletion rights, pseudonymized/anonymized data provisions.
+Personal Information Protection Commission (PPC) enforces.
+
+Penalties: Up to 100M JPY (~$700K) for violations; criminal penalties up to
+1 year imprisonment. Orders to suspend data processing or delete data.
+
+Who must comply: All businesses handling personal information of Japanese
+residents. Extraterritorial — applies to non-Japanese businesses targeting
+Japanese residents.
+
+Why it matters: APPI's cross-border transfer restrictions require fine-grained
+control over which data leaves Japan. The gate stack can encode "this data has
+APPI cross-border consent flag = false → block egress." First-mover advantage
+is moderate — few non-Japanese vendors target APPI specifically, and the 2022 report. First-mover advantage is moderate — few non-Japanese vendors target APPI specifically, and the 2022 amendments created a market for dedicated APPI tooling.
+
+Part of the [[id:e4a7b3d2-1c9f-4b6e-8a2d-5f3c7e1b9a0c][compliance framework index]].