Hello, this is Hamamoto from TIMEWELL.
Have you noticed how often the phrase "economic security" has started showing up in newspapers and government documents over the past few years? Not long ago, "security" meant the Ministry of Defense and missiles, a distant world with nothing to do with your day job. Today the same phrase sits in the middle of ordinary business activity: semiconductor procurement, cloud selection, bidding on government contracts, even a hospital replacing its electronic medical records. The epicenter of all this is a 2022 law called the Economic Security Promotion Act.
Honestly, this law is hard to warm up to on first contact. The name is long, the contents are a bundle of four unrelated programs, and if you dive into the details before you have the whole picture, you will get lost every time. In this article, written for business people encountering the law for the first time, I build it up from the foundation, from the formal name through the four pillars to the medical sector added in 2026, even if that means taking the scenic route. If you would like a quick read on whether your own products or technologies might fall inside export controls before you go further, spend thirty seconds with our export control compliance check. Doing that first tends to make everything below feel personal rather than abstract.
One more thing. This piece is the first in a three-part beginner's series. Once you have the whole map here, part two covers government procurement and security certification, and part three descends into core infrastructure and security clearance. For now, let's get the entire map into your head.
The Economic Security Promotion Act bundles four programs into one law
Start with the formal name, precisely. The Economic Security Promotion Act is formally titled the "Act on the Promotion of Ensuring Security by Taking Economic Measures in an Integrated Manner." It was enacted as Act No. 43 of 2022 on May 11, 2022, and promulgated on May 18[^1]. The name is exhausting just to read, but broken apart it says something straightforward. Take economic measures ("economic policy"), and pursue security not piecemeal but "in an integrated manner." In other words, this is a law declaring that the economy and security should be handled together rather than kept in separate boxes.
The most distinctive thing about this law is that it houses four programs of entirely different character under a single roof. Most laws follow the rule of "one theme, one law," but the Economic Security Promotion Act crams together supply chains, infrastructure, technology development, and patents, and forces these dissimilar themes into one structure. That is precisely why the four programs could not all take effect at once. Since the preparation each required differed in weight, they were enforced in stages from August 2022 through May 2024[^2]. If you do not know about this "phased enforcement," your internal discussions will descend into confusion over whether something "has already started or not yet."
There is one more thing worth remembering: the structure of jurisdiction. The Cabinet Office's economic security division oversees the program as a whole, but the actual screening and designation are carried out by the minister in charge of each business. Semiconductors go to the Ministry of Economy, Trade and Industry (METI); pharmaceuticals and hospitals to the Ministry of Health, Labour and Welfare (MHLW); telecommunications to the Ministry of Internal Affairs. The window differs by sector. On top of that, the law was written from the start with homework attached: a supplementary provision (Article 4) requiring review roughly three years after enforcement[^2]. That review clause connects in a straight line to the 2026 amendment I discuss later. This is a law that was promised, from birth, to be revised three years on. A work still in progress.
Replace siloed classification work with AI.
METI's FY2024 data shows 52% of foreign exchange law violations stem from classification errors. Download the TRAFEED product catalog covering features and rollout.
The four pillars, one at a time, for beginners
Now let's walk through the four programs bundled into one. Government materials call them the "four pillars," and each asks something completely different of companies.
The first pillar is securing the stable supply of critical materials. For materials such as semiconductors, pharmaceuticals, and critical minerals, which if cut off would bring daily life and the economy to a halt, the state designates them as "specified critical materials" and supports domestic production, stockpiling, and diversification of supply sources. From a company's viewpoint, this program leans toward being a menu of support: draw up a supply assurance plan, have the competent minister certify it, and you can receive subsidies or low-interest financing. The second pillar is securing the stable provision of core infrastructure services. For services that support the foundations of society, such as electricity, gas, telecommunications, and finance, operators must notify the government in advance and undergo screening before they introduce important equipment or outsource its maintenance. If the risk of interference is judged to be high, recommendations or orders can follow[^3]. If the first pillar is a carrot, this one is closer to a prior-check obligation.
The third pillar is support for the development of advanced critical technologies. The state provides funding for research and development of sensitive technologies such as AI, quantum, space, and biotech, which could shape future security. The actual disbursement is handled by the Japan Science and Technology Agency (JST) and the New Energy and Industrial Technology Development Organization (NEDO), and the work proceeds while public and private councils share information[^2]. Confidentiality duties come attached, so for researchers, support and discipline arrive as a set. The fourth pillar is non-disclosure of patent applications, which began in May 2024[^2]. Ordinary patents are published a fixed period after filing, but inventions tied directly to nuclear technology or advanced weapons are placed under a "preservation designation" through a two-stage review by the Japan Patent Office and the Cabinet Office, and foreign filing is restricted. Compensation is provided for the disadvantage of not being published[^3].
Here is the outline of the four pillars, laid out by enforcement date and by how companies experience each one.
| Pillar (program) | Enforcement | How companies experience it |
|---|---|---|
| (1) Stable supply of critical materials | August 2022 | A support program: certify a supply plan and receive subsidies and financing |
| (2) Stable provision of core infrastructure services | November 2023 (operation began May 2024) | An obligation to pre-notify and undergo screening for important equipment |
| (3) Support for advanced critical technology development | August 2022 | R&D funding paired with confidentiality duties |
| (4) Non-disclosure of patent applications | May 2024 | Sensitive inventions kept unpublished and restricted from foreign filing, with compensation |
Lined up this way, you can see clearly that a "program that supports you" and a "program that regulates you" coexist inside the same law. When I first built this table, I could not make sense of why four such different things were bundled into one. The answer is that they all connect at a single point: keeping important goods, functions, and technologies from leaking out or being cut off in an emergency. Only the method of protection differs; what they want to protect is the same. If you want to go deeper into the practical burdens these four programs place on companies, my earlier piece, "The Basics of Economic Security," sharpens the outline further.
There are 16 specified critical materials, and cloud is one of them
Let me press a little further into the critical materials program, the first of the four to move. The "specified critical materials" designated here are, in fact, a cluster of pleasant surprises. When the program started in December 2022, the government first designated eleven materials: antibacterial pharmaceuticals, fertilizers, permanent magnets, machine tools and industrial robots, aircraft parts, semiconductors, storage batteries, cloud programs, combustible natural gas, critical minerals, and ship parts[^4]. Advanced electronic components were added in February 2024, and in December 2025, ventilators, unmanned aircraft, artificial satellites, and rocket parts were added, bringing the total to sixteen[^5]. What makes this program interesting is that items supporting everyday life itself, such as antibacterial drugs and fertilizers, sit on the list rather than the obviously "security-related" goods.
The point that made me nod was that cloud programs count as a material. Cloud is not a physical thing. Yet as long as the operations of companies and government offices run on software in the cloud, an over-reliance on foreign providers for that foundation could knock the legs out from under you in an emergency. So it was positioned as an "important material." There is a real example. On February 20, 2024, METI certified Sakura Internet's "Sakura no Cloud" as a supply assurance plan for the specified critical material of cloud programs. The plan had a total value of roughly 1.8 billion yen, a maximum subsidy of about 600 million yen, and a subsidy rate of one-third[^6]. As the backdrop for the certification, METI noted that in the domestic market for foundational cloud services, domestic providers held only about 30 percent of the share[^6]. That figure carries the government's intent to keep a domestic option on the table.
The scale of the whole program also comes through clearly in the numbers. As of February 17, 2026, 143 supply assurance plans had been certified, and the total funding for support had reached 2,551.8 billion yen[^2]. Not hundreds of billions, but trillions of yen. It conveys how seriously the government is committing budget to the goal of keeping critical materials producible domestically. For export control staff, this list of sixteen materials is not someone else's problem. If the raw materials or components your company handles fall among the specified critical materials, reviewing your supply chain and vetting your procurement sources becomes directly continuous with the security debate.
The 2026 amendment made the medical sector the 16th core infrastructure
That was the foundation. On top of it, in 2026, the first full-scale amendment was laid. Fulfilling the "review roughly three years after enforcement" homework mentioned earlier, the government prepared an amendment revising the Economic Security Promotion Act and the Japan Bank for International Cooperation Act (JBIC Act) together, and it was promulgated on June 17, 2026[^7][^8]. This amendment, organized as Cabinet Bill No. 30, has several pillars, but the one a beginner should grasp first is the addition of the medical sector to the core infrastructure program.
The current core infrastructure program has covered fifteen sectors, including electricity, gas, telecommunications, and finance. The amendment adds medicine, making it the sixteenth sector. There are two targets. One is the medical and dental practice of advanced treatment hospitals that hold high-level care capabilities and serve as the "last line of defense" for their regions. The other is the medical DX operations handled by the Social Insurance Medical Fee Payment Fund, specifically online eligibility verification, the electronic prescription management service, and the electronic medical record information sharing service[^3]. Advanced treatment hospitals are those individually approved by the Minister of Health, Labour and Welfare; as of April 1, 2025, there were 88 nationwide, most of them university-affiliated hospitals[^3]. The equipment subject to prior screening is being considered for selection from systems related to electronic medical records, surgical departments, and intensive care units, all directly tied to patients' lives[^3]. Because these details are not yet fully fixed, I will not present them as settled fact.
You might wonder why a hospital counts as infrastructure. The reason is simple: cyberattacks targeting hospitals have become a real threat. If electronic records go down, surgery and emergency care stop working. The recognition that medicine is a lifeline of society on par with electricity and telecommunications has been reflected in the program. The addition of the medical sector is scheduled to take effect on a date set by cabinet order within one year and six months of promulgation, so it is expected to begin operating by the end of 2027[^7]. Substantive jurisdiction rests with the Ministry of Health, Labour and Welfare.
The medical sector is not the amendment's only pillar. The critical materials program newly adds "services" indispensable to supply. Services such as laying and maintaining submarine cables and launching artificial satellites, not the goods themselves but the services that support them, have come within reach of support[^7]. There is also improved operation of the core infrastructure program, investment for economic security purposes through the JBIC Act amendment, and the establishment of a government-affiliated think tank. On the other hand, the institutionalization of data security, which had been included in the expert panel's recommendations, was set aside this time[^7]. If you want to follow the contents one level finer, I have organized them in a dedicated article on the 2026 amendment.
Why this concerns ordinary companies too
"We're not a defense contractor or an infrastructure operator, so this doesn't apply to us." Plenty of people think this way. Yet the reach of the Economic Security Promotion Act spreads quietly from places that are hard to see if you are on the inside. There are two entry points.
The first is government procurement. When government offices and independent administrative agencies procure cloud or systems, whether a service meets security standards has come to matter. Here a mechanism like ISMAP (the Information system Security Management and Assessment Program for government information systems) comes into play, and cases are emerging where you cannot even get on the bidding stage without meeting the standards. Simply wanting to do business with the public sector, or being a subcontractor to a prime contractor that does, brings economic security requirements down into your daily work. This story of government procurement and security certification is handled head-on in part two of this series.
The second is the ripple effect of being a vendor to core infrastructure. The ones bearing the notification and screening obligations are the "specified critical infrastructure operators" themselves, such as power companies, telecom carriers, and hospitals. But companies that supply equipment and systems to those operators cannot stay unaffected either. When an operator notifies the government of the introduction of important equipment, the screening reaches into who made that equipment, where its parts came from, and to whom maintenance is outsourced. The supplying side is asked for information on its supply sources and subcontractors, effectively taking on part of the review. Here lies a structure in which the more a company handles sensitive technology or important components, the heavier its burden of vetting counterparties and classifying goods becomes. The details of core infrastructure and security clearance are explored in part three.
And this structure overlaps precisely with the practice of export control. If the Economic Security Promotion Act is a program to "protect important goods, functions, and technologies at home," then export control is a program to "keep them from flowing carelessly abroad." The object being protected is the same; only the direction differs. That is exactly why teams responsible for export classification and counterparty screening need to view both at the same table. TRAFEED, the service we provide, was built to lighten this very burden of export control and classification with AI. In a joint demonstration with Okayama University, we confirmed classification accuracy of 95 percent or higher (based on our own study of past review data), we hold Japanese Patent No. 7862062, and more than 20 organizations have adopted it. It is designed to reflect each country's regulatory changes on the same day. Of course, the final classification decision rests with your own export control officer; the AI is merely a tool to make that judgment faster and more accurate. I am not here to hard-sell it, but I hope you keep it in a corner of your mind as one example of viewing economic security and export control as one continuous field.
In closing
The Economic Security Promotion Act may have a long formal name, but at heart it is a law for "thinking about the economy and security together." Let me organize the points I want you to take from this article.
- The formal name is the "Act on the Promotion of Ensuring Security by Taking Economic Measures in an Integrated Manner" (Act No. 43 of 2022). Enacted in May 2022, it bundles four programs into one.
- The four pillars are the stable supply of critical materials, core infrastructure services, support for advanced technology development, and non-disclosure of patent applications. A supporting program and a regulating program coexist.
- As of December 2025, there are 16 specified critical materials. Along with semiconductors and critical minerals, even cloud programs are included.
- The amendment promulgated in June 2026 added the medical sector as the 16th core infrastructure, expected to take effect by the end of 2027.
- Ordinary companies too get drawn into this law's requirements through two entry points: government procurement and being a vendor to core infrastructure.
First, hold the map of the whole. Once you can do that, you can calmly judge which part of your own company will be affected. With the map in hand, the article to read next, and the person to consult internally, will come into view naturally. If you find yourself stuck on "where exactly should our company start," feel free to reach out through our economic security and export control consultation. Discussions of the system feel distant as long as they stay abstract, but the moment you map them onto a single item in your own catalog, they become personal all at once. Next time, I will guide you through the world of government procurement, where that "personal" moment arrives fastest.
[^1]: Cabinet Office, "Economic Security Promotion Act" https://www.cao.go.jp/keizai_anzen_hosho/suishinhou/suishinhou.html [^2]: House of Councillors Research Office, "Rippou to Chosa" No. 483, "Legal Amendments Toward Further Promotion of Economic Security" https://www.sangiin.go.jp/japanese/annai/chousa/rippou_chousa/backnumber/2026pdf/20260430003.pdf [^3]: Ministry of Health, Labour and Welfare, "Addition of the Medical Sector to the Core Infrastructure Program" (118th Social Security Council Medical Subcommittee, Document 2) https://www.mhlw.go.jp/content/10801000/001565765.pdf [^4]: Cabinet Office, "Supply Chain Resilience Initiatives (Program for Securing the Stable Supply of Critical Materials)" https://www.cao.go.jp/keizai_anzen_hosho/suishinhou/supply_chain/supply_chain.html [^5]: Jiji Press, "Ventilators Added to Critical Materials: Government Adds Four Items to Economic Security List" (December 19, 2025) https://www.jiji.com/jc/article?k=2025121900783&g=pol [^6]: Ministry of Economy, Trade and Industry, "Certification of the Supply Assurance Plan for the Specified Critical Material 'Cloud Programs'" (February 20, 2024) https://www.meti.go.jp/press/2023/02/20240220006/20240220006.html [^7]: Cabinet Office, "On the Program for Securing the Stable Provision of Specified Social Infrastructure Services under the Economic Security Promotion Act (Briefing Materials)" https://www.cao.go.jp/keizai_anzen_hosho/suishinhou/infra/doc/infra_setsumeikai.pdf [^8]: Cabinet Office, "On the Program for Securing the Stable Provision of Specified Social Infrastructure Services under the Economic Security Promotion Act (June 17, 2026 note)" https://www.cao.go.jp/keizai_anzen_hosho/suishinhou/infra/doc/infra_gaiyou.pdf [^9]: Cabinet Office, "Program for Securing the Stable Provision of Core Infrastructure Services" https://www.cao.go.jp/keizai_anzen_hosho/suishinhou/infra/infra.html [^10]: Cabinet Secretariat, "Points Regarding the Addition of the Medical Sector to the Core Infrastructure Program" (Expert Panel on Economic Security Legislation, Study Meeting on the Amendment, 2nd Session, Document 7) https://www.cas.go.jp/jp/seisaku/keizai_anzen_hosyohousei/r7_dai13/shiryo7.pdf [^11]: Cabinet Office, "Main Support Measures for Specified Critical Materials and the Number of Certified Plans" https://www.cao.go.jp/keizai_anzen_hosho/suishinhou/supply_chain/doc/jisseki.pdf
