Japan’s Ministry of Economy, Trade and Industry (METI), in partnership with the Information-technology Promotion Agency (IPA), has officially launched the JC-STAR labeling scheme—short for Japan Cyber-Security Technical Assessment Requirements. The program is designed to improve transparency in the cybersecurity posture of IoT products, helping consumers, businesses, and government agencies select secure devices with confidence.
The JC-STAR label targets a broad range of IoT products capable of transmitting data via the Internet Protocol (IP), excluding devices such as PCs and smartphones. Products that meet the program’s criteria may display a conformity label with a QR code linking to a webpage containing detailed product, vendor, and security information.
Voluntary, Multi-Level Security Labeling
The scheme is structured as a voluntary multi-tier system, starting with STAR-1, a unified security baseline applicable to all IoT products in scope. STAR-1 and STAR-2 levels are granted through self-declarations of conformity, while STAR-3 and STAR-4 will require third-party evaluations conducted by independent laboratories. These higher tiers are intended for products used in government procurement and critical infrastructure.
Applications for STAR-1 labeling are now open, with a discounted fee of 110,000 JPY available through September 30, 2025. The validity period for STAR-1 labels is up to two years. A list of certified products will be published on the IPA website in May 2025 and updated as new labels are issued.
Future Plans and Global Alignment
METI and IPA are actively developing advanced conformance criteria (STAR-2 and above) starting with network cameras and routers, with applications for these categories expected to open in January 2026. Additional categories, including smart home devices, will be added as the scheme expands.
To encourage widespread adoption, Japan plans to integrate JC-STAR into government procurement requirements by the end of FY2025, initially requiring STAR-1 and progressively moving to higher levels as the framework matures.
METI also intends to pursue mutual recognition agreements with other national cybersecurity labeling initiatives to streamline cross-border compliance for IoT vendors. Ongoing discussions include collaboration with authorities in Singapore, the United Kingdom, the United States, and the European Union.
For this article’s source information and any product certification guidance, please contact Global Validity.
Quick Country Facts
Japan
Certification Body: Ministry of Internal Affairs and Communications (MIC)
Certification Type: Mandatory
License Validity: Indefinite
Application Language: English
Legal License Holder: Manufacturer
In-Country Testing Requirement: In-Country Testing
Access in-depth regulatory knowledge on over 200 countries and territories with Global Validity’s free proprietary product certification management software, Access Manager. Learn more about the platform here or fill our quick contact form!
Global Validity is your partner for global certification success
Want to learn more about regulatory compliance and how we can help? Simply fill out the form below and we’ll be in touch!