Japan Restricts Local Government IT Procurement to Certified Products, Effectively Excluding Chinese-Made Equipment

Central News Agency (Tokyo, April 17th) - Japan will require local governments, when procuring IT (information technology) equipment, to select only products certified as having lower cybersecurity risks. This move is primarily aimed at Chinese-made products, with the goal of excluding equipment that could lead to information leakage risks.

According to Nikkei, the Japanese government plans to revise relevant regulations as early as June, with the goal of implementing them by the summer of 2027. The scope of application includes computers, communication equipment, servers, and cloud services used by local governments in their operations.

The Ministry of Economy, Trade and Industry (METI) has a security evaluation system for IoT devices called 'JC-STAR,' and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) has established a cloud service security standard called 'ISMAP.' Products certified under these systems will be allowed for procurement.

The report states that Chinese-made equipment is considered to pose risks of information leakage or being used as a stepping stone for cyberattacks from abroad. Since 'JC-STAR' and 'ISMAP' currently do not certify Chinese-made products, Chinese-made equipment will effectively be excluded from procurement.

The Ministry of Internal Affairs and Communications will establish a dedicated window to handle inquiries from local governments. Equipment already procured will be gradually replaced with products that meet the certification standards during updates.

The Japanese central government already adopted a policy in 2018 to procure only equipment that meets cybersecurity requirements, but local governments previously had no such restrictions.

In recent years, cyberattacks targeting local governments have continued to increase, with cases ranging from personal information leaks to website outages. (Editor: Chen Hui-ping) 1150417