Hello, this is Hamamoto from TIMEWELL.
Hiring foreign engineers, joint research with overseas universities, accepting secondees from overseas subsidiaries—all of this is now standard practice for Japanese companies. Quietly operating behind it, however, is the clarification of "deemed export" administration that took effect on May 1, 2022, and it is steadily reshaping the work of HR, legal, and R&D teams. The text of the Foreign Exchange and Foreign Trade Act has not changed, but an amendment to the administrative notice means that, depending on circumstances, even Japanese researchers and long-term foreign engineers on staff—who had long been outside the scope—can now find themselves inside the "export" permission regime.
The most common misconception I hear when advising corporates on export control is, "We don't ship things overseas, so this doesn't concern us." In reality, showing technical materials to a foreign-national engineer in your domestic office—or sharing a design drawing with a technologist seconded from an overseas parent—can, in the right conditions, constitute a deemed export in that very moment. METI's November 2025 paper, "Status of Review and Future Direction of Strengthening Industrial and Technological Foundations for Economic Security," keeps technology outflow via people explicitly on the agenda. My position is that this is an area where the state is clearly moving in with intent. Below, I break it down to a level of granularity that is usable in the field.
What Is a Deemed Export? A Regime Where Technology Does Not Need to Cross a Border
A deemed export is a concept rooted in Article 25(1) of the Foreign Exchange and Foreign Trade Act. It regulates the provision of specified technology from a resident to a non-resident in the same way as a goods export. The key point is that the technology does not have to cross a physical border. Showing technical materials in a Japanese conference room, explaining a design orally on an online call, granting access rights to an internal server, or walking through design philosophy at a joint-research kickoff—any of these can, depending on the counterparty, become an "export" requiring METI approval.
The technology in scope is either a "specified technology" tied to a list-regulation item, or a technology caught by catch-all controls. List regulation is enumerated in Rows 1 through 15 of Appendix 1 of the Export Trade Control Order and Rows 1 through 15 of the Appendix to the Foreign Exchange Order, covering a broad range: semiconductor manufacturing equipment, cryptographic technology, advanced materials, dual-use sensor technology, and know-how tied to machine tools meeting certain specifications. Even technologies that feel "not particularly military" can end up caught by list regulation depending on spec and intended use. METI's analysis of FY2023 violations found that 70% of violations arose from "failure to perform classification or erroneous classification," far ahead of the 21% attributable to inadequate management systems. A classification error alone is enough to step into criminal-penalty territory.
Another point worth emphasizing: the deemed export regime is not only aimed at "technology outflow to hostile countries." Even for counterparties in friendly jurisdictions, if the target technology and the specified types test line up, a license is required. The conversation often gets framed in economic security terms, but the architecture of the regime itself exists to deliver on Japan's obligations under international regimes such as the Wassenaar Arrangement; the license question does not flip on and off based on whether a country is "adversarial." Operating under the misconception that "our counterparty is American, so we're fine" is exactly how compliance debt accumulates into a violation.
How to solve export compliance challenges?
Learn about TRAFEED (formerly ZEROCK ExCHECK) features and implementation benefits in our materials.
"Specified Types": When Residents Fall Back Into Scope—The Heart of the 2022 Amendment
The May 1, 2022 amendment to the Service Transaction Notice (METI, Trade and Economic Security Bureau) overturned years of interpretation around the "six months after arrival" rule. Before the amendment, foreigners who had been in Japan for more than six months, or who were employed at a domestic business site, were treated as "residents" and sat outside the deemed export regime. In other words, once someone became a resident, no further check applied—no matter how much foreign-government influence was in play.
The amendment introduced a new "specified types" concept. Even residents fall within scope if they fit into any of the following three types and therefore must be managed the same way as technology transfers to non-residents. First, anyone who has an employment or similar contract with a foreign government or foreign legal entity, and who is subject to that entity's direction or owes it a duty of care. Typical examples are secondees from overseas subsidiaries, researchers with research contracts with foreign government-affiliated institutions, and technologists who sit on the advisory boards of foreign companies. Second, anyone who receives, or is promised, 25% or more of their annual income as economic benefits—scholarships, research grants, honoraria, and the like—from a foreign government or foreign legal entity. Most foreign government-funded scholarship students fall here. Third, anyone who acts in Japan under the direction of a foreign government.
What is tricky in practice is the procedure for checking that test. METI has published Attachment 1-3 to the Service Transaction Notice, "Guideline for Determining Specified Types," which frames the standard this way: if you have performed the check using documents ordinarily obtained under business practice—CVs, application materials, employment contracts, and so on—you are deemed to have discharged the "duty of ordinary care." Attachment 1-4 provides a model written declaration, which each organization can adapt to its own form as long as the substance is preserved. If you operate in line with the guideline, even if a person is later found to have been within a specified type, criminal penalties and administrative sanctions do not attach—the regulator has intentionally built in a safe harbor. Conversely, operating by "we just asked the person verbally" or "we read the CV but kept no record" is what turns catastrophic when a problem later surfaces.
Typical Risk Scenarios: Students, Secondees, Joint Research, Conference Talks
When I talk with clients, the moments where I find myself asking, "Really, you hadn't noticed this?" tend to cluster into four patterns. All of them are routine parts of day-to-day life at Japanese companies and universities, which is exactly why unnoticed violations can pile up.
The first is hiring international students and foreign graduate students. The entry points are varied: postdocs at national R&D institutes, engineer hires at research-driven startups, lab assistants at major manufacturers' research arms. Many of them receive a scholarship from their home government, hold a dual postdoc under an academic agreement with their home university, or have interned at a foreign firm. If the scholarship amount exceeds 25% of the person's annual income, specified type (2) triggers at that instant. METI's "Case Book on Near-Miss Incidents in Security Export Control at Universities and Research Institutes" (updated September 2023) includes multiple cases where the university had not tracked the student's scholarship receipts. Adding a single "scholarships or research grants from foreign governments or foreign legal entities" question to the hiring checklist is all it takes to prevent this class of risk.
The second is accepting secondees and trainees from overseas subsidiaries or overseas parents. At global companies, assignments like "spend a year at the Japan head office doing a stint on our frontier development project" are routine, but secondees usually retain employment with, and remain under the direction of, the overseas head office or subsidiary. That is a textbook case of specified type (1). Even after the person becomes resident in Japan, they are not exempted from deemed export controls. The situations requiring the most attention are secondments from US, Chinese, or European R&D hubs, where the counterparty country's own export control laws (US EAR and ECCN) layer on top and create a dual-regulation problem.
The third is joint research and contracted research. With overseas universities, NDAs and IP-allocation terms are often nailed down at the contracting stage, yet the deemed export lens is missing far more often than you would expect. Checking the composition of the partner lab (nationalities, affiliations, funding sources), classifying the technical information you plan to share, and evaluating whether the outputs contain technology that qualifies as "publicly known" are three layers that must be run in advance. If any one of them is skipped, a violation can be triggered at the very first kickoff meeting. Conference talks and online meetings work the same way: the "publicly known technology" exception is available if you do not impose confidentiality and the talk is widely open, but if participants are limited to a defined audience or confidentiality is imposed after the fact, the exception falls away.
The fourth is meetings with foreign sales representatives and consultants on the counterparty side. Even when the person works for a Japanese subsidiary of a foreign firm and has lived in Japan for more than a decade, if they are subject to direction via an employment contract or performance-based contract with the overseas head office, specified type (1) is satisfied. There is also a human dimension—the longer the relationship, the harder it feels to ask about the person's attributes.
Concrete Countermeasures for Companies and Universities: Pre-Screening, Identity Checks, Access Control
From here, the conversation is about operational design. Understanding the rules is not enough; unless you can land them into the field, it stays a paper exercise. When I go in to build an export control policy with a company, there are six elements I insist on as the baseline.
The anchor is the "pre-screening mechanism." For every new hire, secondee intake, joint research contract, and external speaking engagement, there has to be a first-line filter that asks, "Could this case implicate deemed export?" If HR, legal, and R&D operate in silos, the filter fails, so the critical move is to hard-wire the workflow so the export control function (the export control officer at a company, or the security trade control officer at a university) is looped in. For mid-sized companies, even adding a simple "foreign-national involvement flag" to the contract workflow system substantially boosts effectiveness.
Next is the "identity verification process." For candidates, secondees, and potential co-authors on joint research, conduct interviews and collect the documents specified in METI guideline Attachment 1-3. The mandatory questions are three: whether the person has an employment or similar contract with a foreign government or foreign legal entity; whether economic benefits from foreign governments or foreign legal entities—scholarships, research grants, honoraria, compensation of any kind—exceed 25% of their annual income; and whether they act in Japan under the direction of a foreign government. Adapt the Attachment 1-4 declaration to your own form, and obtain a signature. That document becomes a lifeline in later exchanges with regulators.
Third is "classification and record-keeping." Even when a specified type applies, a license is not required if the technology being shared falls outside list and catch-all regulation. The final determination is therefore the product of "counterparty attributes" and "technology classification." Prepare a classification parameter sheet for each technology, and log the counterparty, date of provision, and method of provision as a set. These records make all the difference in customs post-clearance audits and METI site inspections. The fact that customs post-clearance audits were the detection route in 43% of violations in METI's FY2023 analysis shows exactly how dangerous undocumented cases are.
Fourth is "access control." For individuals who fall within a specified type, restrict the scope of access to internal systems and lab facilities to the minimum necessary for the job. Permissions in GitHub Enterprise, Notion, SharePoint, and lab NAS all need to be reviewed. This is a technical conversation, so co-designing it with your CSIRT or IT group is the realistic path.
Fifth is "training." Combine mandatory annual training with individual briefings on hire and on secondment intake. Case-based training is particularly effective for managers and project leads; even swapping in your own data for the four scenarios above and running a tabletop exercise will transform real-world effectiveness.
Finally, "audit and self-healing." The METI analysis notes that "27% of violation cases surfaced from within the company"—the reason this matters is that organizations which find their own violations through internal audit and self-report to the regulator often end up with reduced administrative sanctions. Perfect operations are not realistic, so in the long run, owning a mechanism that assumes violations will occur and is built to detect and remediate them causes less damage.
Operationalizing With TRAFEED: AI Review and Evidence Management in One Workflow
Even when you design the framework well, operations trip over the same problem: "there is no way to run this by hand." Our export control AI agent TRAFEED is designed precisely to compress that operational load. It links screening of foreign engineers, classification, and evidence management into a single workflow, with AI supporting the full arc from specified-type determination to declaration issuance and log retention.
In the screening module, you upload CVs, contracts, and application documents obtained from candidates, secondees, or joint research partners, and the system auto-generates a question set aligned with the topics in METI guideline Attachment 1-3 and scores the risk level of the responses. It is designed to surface the points that humans tend to miss: scholarships that cross the 25% line, contractual relationships with foreign government-affiliated institutions, and histories of nationality changes. Multilingual support (English and Chinese) means responses written by the candidate in their native language can be converted into Japanese-readable output, making it directly usable in global recruiting.
The classification AI takes the spec sheets or design documents of the technology you plan to share and infers the relevant rows of Appendix 1 of the Export Trade Control Order or the Appendix to the Foreign Exchange Order, presenting the supporting statutes and parameters. By letting AI handle the "first read" before a human expert makes the final call, the effective workload for classification drops to a fraction of what it was. In our internal benchmarks, one case saw a classification workload that used to consume three export control staff for a week compressed to half a day for one person after TRAFEED was introduced.
For evidence management, screening results, classification sheets, declarations, and provision logs are all linked under a single case ID. The design intent is to put your organization in a state where, for any customs post-clearance audit or METI site inspection, you can produce "who, when, which technology, to whom, on what basis" with a single click. As the world's first export control AI agent developed in alignment with METI standards, TRAFEED gives you the advantage of operating on top of an existing skeleton rather than building a management regime from scratch.
Summary: Three Steps to Start Building the Framework
The core of the deemed export argument is a regime that runs against the intuition "we aren't moving any goods, so this doesn't apply to us." Domestic conference rooms, internal servers, online meetings, joint research—every one of them is a potential moment of export. With the 2022 notice amendment that introduced specified types, even Japanese researchers are now in scope whenever there is an economic tie to a foreign government or foreign legal entity. As of 2026, the economic security conversation is only accelerating, and organizations with loose control will, without question, face rising enforcement risk.
What I recommend is not aiming for perfection, but locking down a minimum defense in three steps. First, physically embed a "specified types check" gate in the workflows for hiring, secondment, and joint research. Second, build out identity verification forms grounded in METI guideline Attachments 1-3 and 1-4, and keep the records. Third, put in place a case-level evidence system that joins classification with provision logs. With these three in place, even if a violation does occur, you will have a foundation from which to demonstrate that you discharged the "duty of ordinary care."
For practitioners thinking "I don't know where to start" or "I'm not confident our management regime has kept up with the rule changes," the place to begin is a current-state inventory. The TRAFEED service page walks through the concrete capabilities for foreign-engineer screening and classification. As related reading, pieces such as Foreign Student Military Risk Background Checks, Japan-China Export Control Tightening and Its Spillover on Japanese Companies, and The National Security Information Council and Economic Security will help you see how deemed export fits into the wider landscape.
The regime has moved past the point where "I didn't know" is a defense. The further you push global expansion in your core business, the more export control shifts from "defense" to "the foundation of business continuity." As a practitioner, I am hopeful that more companies will take up framework-building with that lens.
References
- METI, "Deemed Export Control." https://www.meti.go.jp/policy/anpo/anpo07.html
- METI, "On the Clarification of Deemed Export Control." https://www.meti.go.jp/policy/anpo/law_document/minashi/meikakukanitsuite2.pdf
- METI, "Case Book on Near-Miss Incidents in Security Export Control at Universities and Research Institutes." https://www.meti.go.jp/policy/anpo/daigaku/jireishu.pdf
- METI, "Analysis of Violations of the Foreign Exchange and Foreign Trade Act (FY2023)." https://www.meti.go.jp/policy/anpo/gaitameho_document/ihanjireigaitamehou5.pdf
- CISTEC, "On Deemed Export Control." https://www.cistec.or.jp/service/webseminar/open/data/houjin/5006_minashi.pdf
- PwC Legal Japan News, "Clarification of Deemed Export Control under the Foreign Exchange and Foreign Trade Act." https://www.pwc.com/jp/ja/legal/news/assets/legal-20220125-jp-3.pdf