Free exposure report

Get report

Japan Expands JC-STAR IoT Security Labelling With STAR-3 Standards

Dr Steven Brennan
Dr Steven Brennan
3 min readAI-drafted, expert reviewed
Technician examining unbranded connected devices on a security laboratory bench

Key takeaway

What This Development Means

Japan's JC-STAR framework now includes STAR-3 requirements for network devices and network cameras, alongside recognition routes involving Singapore's CLS and the UK PSTI regime.

What Is The JC-STAR IoT Security Label?

JC-STAR is Japan's cybersecurity conformity and labelling scheme for internet-connected products. STAR-1 provides a common minimum baseline, while higher levels introduce category-specific requirements and stronger assessment to help buyers identify conforming products.

Does JC-STAR Replace UK Or Singapore Requirements?

Not automatically. Recognition arrangements can streamline applications and reduce duplicated evidence, but suppliers must confirm product scope and market-specific legal duties. Documentation, vulnerability reporting, software support and importer responsibilities may still differ.

Source basis: METI Journal, JC-STAR IoT Security Labelling Overview (13 July 2026)

Japan has expanded its JC-STAR IoT security labelling framework with STAR-3 requirements for network devices and network cameras. The Information-technology Promotion Agency (IPA) published the requirements on 12 June 2026, while a METI Journal overview on 13 July highlighted the scheme's growing role in connected-product security and international compliance.

Launched by the Ministry of Economy, Trade and Industry and IPA in March 2025, JC-STAR assesses internet-connected products against defined cybersecurity requirements. It covers consumer and industrial IoT products that connect directly or indirectly to the internet using Internet Protocol.

JC-STAR Levels Provide Product-Specific Security Assurance

STAR-1 establishes a common baseline for IoT products. Requirements include controls addressing weak credentials and the ability to update software when vulnerabilities are discovered.

STAR-2, STAR-3 and STAR-4 are developed by product category and provide progressively stronger assurance. The higher levels are not defined solely by whether a product is consumer-facing or used in critical infrastructure. Their requirements and assessment methods depend on the relevant product category.

The scheme's label and associated digital information allow buyers to review a product's conformity status, support arrangements and security-related details. METI Journal reported that more than 1,500 product models had obtained STAR-1 conformity by July 2026.

International Recognition Could Reduce Duplicate Compliance Work

Mutual recognition between JC-STAR and Singapore's Cybersecurity Labelling Scheme began on 1 June 2026. IPA has also introduced application documentation for products complying with the UK Product Security and Telecommunications Infrastructure regime, following cooperation between the Japanese and UK governments.

These arrangements could reduce repeated documentation and testing for suppliers selling connected products across several markets. Companies should nevertheless confirm product scope, assessment level and market-specific obligations, as recognition does not make every regulatory requirement identical.

Cyber Threats Strengthen The Procurement Case

NICT recorded 686.2 billion packets of cyberattack-related traffic during 2024, an 11% increase from 2023. After excluding research scanning, traffic associated with ports commonly used by IoT equipment remained prominent. NICT also observed approximately 730 to 11,500 infected IoT bot hosts per day in Japan during the year.

Manufacturers and purchasers should map connected products against JC-STAR categories, confirm support periods and update mechanisms, and monitor the rollout of STAR-2 and higher requirements. The framework increasingly affects product design, supplier selection and public procurement, making IoT security evidence a practical market-access consideration for manufacturers, importers, distributors, infrastructure operators and institutional buyers.

Summary

JC-STAR is moving beyond its baseline label through STAR-3 standards and international recognition arrangements. For connected-product businesses, the scheme is becoming a practical benchmark for product security, procurement evidence and cross-market compliance.

Get weekly regulatory updates:

Related Articles

Join 3,500+ professionals staying ahead

Subscribe to Foresight Weekly for expert-picked regulatory developments across chemicals, sustainability, product safety, ESG, and HSE.

Free forever. Unsubscribe anytime.

Read by professionals at

Boeing
AstraZeneca
Siemens
PepsiCo
SpaceX