Japan Restricts Local Government IT Procurement to Certified Products, Effectively Excluding Chinese-Made Equipment
The Japanese government will require local governments to procure only IT equipment certified as having low cybersecurity risks, effectively excluding Chinese-made products to prevent information leaks. Products certified under METI's 'JC-STAR' and the National Center of Incident Readiness and Strategy for Cybersecurity's 'ISMAP' will be eligible. This measure is expected to be implemented from the summer of 2027.
📋 Article Processing Timeline
- 📰 Published: April 17, 2026 at 15:22
- 🔍 Collected: April 17, 2026 at 15:31 (9 min after Published)
- 🤖 AI Analyzed: April 17, 2026 at 17:45 (2h 13m after Collected)
Central News Agency (Tokyo, April 17th) - Japan will require local governments, when procuring IT (information technology) equipment, to select only products certified as having lower cybersecurity risks. This move is primarily aimed at Chinese-made products, with the goal of excluding equipment that could lead to information leakage risks.
According to Nikkei, the Japanese government plans to revise relevant regulations as early as June, with the goal of implementing them by the summer of 2027. The scope of application includes computers, communication equipment, servers, and cloud services used by local governments in their operations.
The Ministry of Economy, Trade and Industry (METI) has a security evaluation system for IoT devices called 'JC-STAR,' and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) has established a cloud service security standard called 'ISMAP.' Products certified under these systems will be allowed for procurement.
The report states that Chinese-made equipment is considered to pose risks of information leakage or being used as a stepping stone for cyberattacks from abroad. Since 'JC-STAR' and 'ISMAP' currently do not certify Chinese-made products, Chinese-made equipment will effectively be excluded from procurement.
The Ministry of Internal Affairs and Communications will establish a dedicated window to handle inquiries from local governments. Equipment already procured will be gradually replaced with products that meet the certification standards during updates.
The Japanese central government already adopted a policy in 2018 to procure only equipment that meets cybersecurity requirements, but local governments previously had no such restrictions.
In recent years, cyberattacks targeting local governments have continued to increase, with cases ranging from personal information leaks to website outages. (Editor: Chen Hui-ping) 1150417
According to Nikkei, the Japanese government plans to revise relevant regulations as early as June, with the goal of implementing them by the summer of 2027. The scope of application includes computers, communication equipment, servers, and cloud services used by local governments in their operations.
The Ministry of Economy, Trade and Industry (METI) has a security evaluation system for IoT devices called 'JC-STAR,' and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) has established a cloud service security standard called 'ISMAP.' Products certified under these systems will be allowed for procurement.
The report states that Chinese-made equipment is considered to pose risks of information leakage or being used as a stepping stone for cyberattacks from abroad. Since 'JC-STAR' and 'ISMAP' currently do not certify Chinese-made products, Chinese-made equipment will effectively be excluded from procurement.
The Ministry of Internal Affairs and Communications will establish a dedicated window to handle inquiries from local governments. Equipment already procured will be gradually replaced with products that meet the certification standards during updates.
The Japanese central government already adopted a policy in 2018 to procure only equipment that meets cybersecurity requirements, but local governments previously had no such restrictions.
In recent years, cyberattacks targeting local governments have continued to increase, with cases ranging from personal information leaks to website outages. (Editor: Chen Hui-ping) 1150417