Key takeaway
What This Development Means
Japan's JC-STAR framework now includes STAR-3 requirements for network devices and network cameras, alongside recognition routes involving Singapore's CLS and the UK PSTI regime.
What Is The JC-STAR IoT Security Label?
JC-STAR is Japan's cybersecurity conformity and labelling scheme for internet-connected products. STAR-1 provides a common minimum baseline, while higher levels introduce category-specific requirements and stronger assessment to help buyers identify conforming products.
Does JC-STAR Replace UK Or Singapore Requirements?
Not automatically. Recognition arrangements can streamline applications and reduce duplicated evidence, but suppliers must confirm product scope and market-specific legal duties. Documentation, vulnerability reporting, software support and importer responsibilities may still differ.
Source basis: METI Journal, JC-STAR IoT Security Labelling Overview (13 July 2026)
Japan has expanded its JC-STAR IoT security labelling framework with STAR-3 requirements for network devices and network cameras. The Information-technology Promotion Agency (IPA) published the requirements on 12 June 2026, while a METI Journal overview on 13 July highlighted the scheme's growing role in connected-product security and international compliance.
Launched by the Ministry of Economy, Trade and Industry and IPA in March 2025, JC-STAR assesses internet-connected products against defined cybersecurity requirements. It covers consumer and industrial IoT products that connect directly or indirectly to the internet using Internet Protocol.
JC-STAR Levels Provide Product-Specific Security Assurance
STAR-1 establishes a common baseline for IoT products. Requirements include controls addressing weak credentials and the ability to update software when vulnerabilities are discovered.
STAR-2, STAR-3 and STAR-4 are developed by product category and provide progressively stronger assurance. The higher levels are not defined solely by whether a product is consumer-facing or used in critical infrastructure. Their requirements and assessment methods depend on the relevant product category.
The scheme's label and associated digital information allow buyers to review a product's conformity status, support arrangements and security-related details. METI Journal reported that more than 1,500 product models had obtained STAR-1 conformity by July 2026.
International Recognition Could Reduce Duplicate Compliance Work
Mutual recognition between JC-STAR and Singapore's Cybersecurity Labelling Scheme began on 1 June 2026. IPA has also introduced application documentation for products complying with the UK Product Security and Telecommunications Infrastructure regime, following cooperation between the Japanese and UK governments.
These arrangements could reduce repeated documentation and testing for suppliers selling connected products across several markets. Companies should nevertheless confirm product scope, assessment level and market-specific obligations, as recognition does not make every regulatory requirement identical.
Cyber Threats Strengthen The Procurement Case
NICT recorded 686.2 billion packets of cyberattack-related traffic during 2024, an 11% increase from 2023. After excluding research scanning, traffic associated with ports commonly used by IoT equipment remained prominent. NICT also observed approximately 730 to 11,500 infected IoT bot hosts per day in Japan during the year.
Manufacturers and purchasers should map connected products against JC-STAR categories, confirm support periods and update mechanisms, and monitor the rollout of STAR-2 and higher requirements. The framework increasingly affects product design, supplier selection and public procurement, making IoT security evidence a practical market-access consideration for manufacturers, importers, distributors, infrastructure operators and institutional buyers.
Summary
JC-STAR is moving beyond its baseline label through STAR-3 standards and international recognition arrangements. For connected-product businesses, the scheme is becoming a practical benchmark for product security, procurement evidence and cross-market compliance.
Related Articles

PFAS Liability Expands As New York Targets Statewide Cleanup And Consumer Warnings
New York's lawsuit broadens PFAS exposure across environmental cleanup, consumer protection, warnings and product stewardship.

PFAS Litigation Deepens In Intimate-Care Market As Consumer Trust Comes Under Scrutiny
A California complaint extends PFAS litigation across trust-sensitive intimate-care categories, raising testing, disclosure and marketing risks.

French Watchdog Targets Antibacterial Textile Claims In Consumer Protection Crackdown
France’s DGCCRF warns against misleading antibacterial textile claims, increasing compliance pressure on chemical-treated consumer products.
