japan’s Ministry of Economy, Trade and Industry (METI), in collaboration with the Information-technology Promotion Agency (IPA), has introduced the JC-STAR program—short for Japan Cyber-Security Technical Assessment Requirements. This new labeling scheme aims to enhance transparency in the cybersecurity performance of Internet of Things (IoT) devices, empowering consumers, businesses, and government institutions to make informed decisions when selecting secure technologies.
Who It’s For and How It Works
The JC-STAR label applies to a wide array of IoT products that communicate via Internet Protocol (IP), with the exception of personal computers and smartphones. Eligible products that conform to the program’s security requirements may display a certification label featuring a QR code. This code links to a dedicated webpage offering detailed insights into the product, the manufacturer, and its cybersecurity specifications.
Voluntary and Tiered Structure
JC-STAR is a voluntary program built on a four-tier security framework:
- STAR-1 establishes a baseline level of security applicable to all relevant IoT products.
- STAR-1 and STAR-2 certifications are granted through self-declaration by manufacturers.
- STAR-3 and STAR-4 require independent third-party assessments and are aimed at devices intended for critical infrastructure and public sector use.
Applications for STAR-1 labeling are currently being accepted. A reduced application fee of 110,000 JPY is being offered until September 30, 2025, with each label remaining valid for up to two years. IPA will begin publishing a list of certified products on its website from May 2025, with updates as more devices receive certification.
Next Steps and International Collaboration
The development of STAR-2 and higher levels is underway, with initial focus areas including network cameras and routers. METI and IPA plan to open applications for these categories in January 2026, and additional product types, such as smart home devices, will be phased in gradually.
To drive broader industry adoption, Japan aims to incorporate JC-STAR into government procurement criteria by the end of Fiscal Year 2025, beginning with STAR-1 and later expanding to higher certification levels as the program evolves.
METI is also exploring international cooperation through mutual recognition agreements with cybersecurity labeling initiatives in other regions. Discussions are ongoing with regulatory counterparts in Singapore, the UK, the US, and the EU, with the goal of facilitating smoother global market access for IoT manufacturers.
