Hello, this is Hamamoto from TIMEWELL.
The night before a trip, you pack a change of clothes and a souvenir into your suitcase, then slide your company laptop in beside them. For most people, this is nothing more than getting ready to travel. Yet from the standpoint of Japan's export control rules, the contents of that laptop can become subject to the law the moment they cross a national border. Put that way, you probably feel, "Surely not. What I am carrying is luggage, not a weapon." When I first heard about export control, I thought exactly the same thing.
A great many people picture export control as "sending things abroad by ship or truck." But the Foreign Exchange Act (the Foreign Exchange and Foreign Trade Act) is not looking only at cargo. A technical explanation given in a meeting room overseas, an online meeting with an overseas client, a single drawing attached to an email: these acts are, if anything, easier to overlook and easier to turn into a violation.
Overseas business trips and online meetings are things almost everyone does as a matter of routine. Why, and at what point, do they brush up against export control? When you map the issue onto familiar scenes such as airport security screening, the whiteboard in a meeting room, or screen-sharing on Zoom, I think you will find it is a much closer concern than you imagined.
Export control is not only about "shipping goods on a vessel"
The first thing I want you to grasp is that Japan's export control has, broadly speaking, two tracks. One is the export of goods, grounded in Article 48, Paragraph 1 of the Foreign Exchange Act. This covers sending tangible things, such as products, parts, and equipment, abroad. The other is the provision of technology, grounded in Article 25, Paragraphs 1 and 3. This refers to handing over intangible information, such as drawings, specifications, manufacturing know-how, and source code, to another party. In technical jargon, this second track is called a service transaction.
What most people picture is only the first track, goods. Because cargo physically leaves the country through customs, it is intuitively easy to see why it would be regulated. The second track, service transactions, drops out of awareness precisely because it is invisible. A drawing reaches the other party in a single email; manufacturing know-how can be conveyed through conversation alone. It clears no customs, and no waybill is issued. Even so, the Foreign Exchange Act places this "provision of technology" squarely within scope, as a second pillar standing alongside the export of goods.
So is every kind of technology regulated? No. There are, broadly, two categories that fall in scope. One is what is called list control. These are technologies related to items enumerated in items 1 through 15 of Appended Table 1 of the Export Trade Control Order, that is, items strongly associated with weapons or with the risk of military diversion. Semiconductor manufacturing equipment, machine tools, special materials, and certain sensors line up here. The work of checking whether your own products or technologies match this list is called classification, or in Japanese, gaihi judgment. The other category is catch-all control, which corresponds to item 16 of Appended Table 1. Under this mechanism, even something not on the list can fall in scope if its intended use or end user raises concerns about diversion to weapons of mass destruction and the like.
In other words, you cannot simply declare, "We make neither missiles nor fighter jets, so this has nothing to do with us." A part, a measuring instrument, or a piece of analysis software that looks perfectly ordinary at a glance can, depending on its performance or specifications, match the list. The first step in export control is to determine whether the goods and technologies your company handles fall under either list control or catch-all control.
Replace siloed classification work with AI.
METI's FY2024 data shows 52% of foreign exchange law violations stem from classification errors. TRAFEED cuts determination time by ~70% and stores structured rationale for every decision.
"Provision of technology" comes in four forms
Even when you are told "provision of technology," it is hard to relate it to your own work unless you know specifically which acts qualify. Here, a reliable reference is the quick guide to security export control published by JETRO (the Japan External Trade Organization). This guide breaks the potentially regulated "provision of technology" into four types[^1]. These four types are the very heart of today's discussion.
The first is a transaction in which you provide specified technology in a foreign country (Article 25, Paragraph 1). Scenes that fit here include visiting an overseas plant to give technical guidance, or joining a discussion at a technical development meeting held abroad. The key point is that the location is overseas. The second is a transaction in which a resident provides specified technology to a non-resident (also Article 25, Paragraph 1). This is the so-called deemed export, with examples such as technical discussions with a customer visiting from overseas, or technical instruction to a foreign trainee. The important point here is that it can be in scope even when it occurs inside Japan, as long as the other party is a non-resident. The third is the act of carrying media on which specified technology is recorded to a foreign country (Article 25, Paragraph 3). Carrying a booklet of technical materials, or an external recording medium loaded with data, abroad as part of your hand luggage, the so-called hand-carry, fits here. The fourth is the act of transmitting electronic data on which specified technology is recorded to a foreign country (also Article 25, Paragraph 3). Exchanges via email, telephone, web conferencing systems, and cloud services are explicitly cited as concrete examples.
Organized as a table, the four types look like this.
| Type | Article | Familiar example |
|---|---|---|
| Providing specified technology in a foreign country | Art. 25-1 | Technical guidance overseas; discussion at a technical development meeting |
| A resident providing to a non-resident (deemed export) | Art. 25-1 | Technical discussion with a visiting customer; guidance to a foreign trainee |
| Carrying recording media to a foreign country | Art. 25-3 | Hand-carrying a materials booklet or a USB drive |
| Transmitting electronic data to a foreign country | Art. 25-3 | Email, telephone, web conferencing, cloud |
One thing to keep in mind here is that "provision of technology" means placing it in a state where another party can use it. It is not limited to things that leave a tangible trace, such as handing over a printout or sending data. An oral explanation, writing on a whiteboard, or material displayed on a screen can also amount to provision, as long as it puts the other party in a position to understand and use it. Moreover, it does not matter whether money changes hands. The reasoning "I only taught it for free" or "I only showed it out of kindness" does not hold. Misunderstand this point, and you can cross the line without any ill intent.
The laptop in your travel bag can also be in scope
Let me take the third of the four types, carrying recording media, and bring it down to the everyday setting of a business trip. Picture the laptop you take on an overseas trip. Inside it, there may be design data, a document summarizing your manufacturing process, or source code used for analysis. If these qualify as controlled technology, then carrying the laptop, and them, abroad can constitute a provision of technology in the form of carrying recording media. At airport security, the contents of your bag pass through a metal detector, but no one checks whether that luggage is, as data, subject to export control.
A common misunderstanding here is, "I heard a commercial laptop does not need a license, so I am fine." It is true that carrying an ordinary laptop itself is generally treated as not requiring a license. But that concerns the "body," the computer as a piece of hardware. The technical data inside it must be classified separately, on its own merits, to determine whether it is controlled. The box may be no problem, while the contents can be. Heading out on a trip while leaving this distinction blurry is the most dangerous pattern of all.
In fact, when you read the collection of near-miss cases compiled by the Ministry of Economy, Trade and Industry (METI), you find several "that was close" stories tied to trips and carrying things out[^2]. For instance, there is a case in which someone planned to hand-carry an infrared camera for an overseas survey, only to find, when they classified it before departure, that it fell under list control; the license application did not make it in time for the travel date, and in the end the trip itself was canceled. In another case, a CCD camera that the person had assumed needed no procedure because "I plan to bring it back to Japan when I am done" turned out, upon investigation, to fall under list control. Even on the premise that you will bring it back, the act can be in scope at the point you take it out of the country. There is also a case noting that a device you assemble yourself, rather than a commercial product, can likewise be subject to control. The instinct that "it is self-made, so it does not count" does not hold up either.
Many of these failures arise not from malice but from a lack of knowledge. Take stock of what you are carrying out on each trip, and confirm the classification of the technical data in advance. It is unglamorous work, but companies that have embedded it into their organization as a standing process are strong. For the thinking behind building such a framework, I have also organized it in export compliance practice for companies, so I hope you will use it as a foothold when you review your own operations.
When screen-sharing in an online meeting crosses the border
Next come the second of the four types (deemed export) and the fourth (transmitting electronic data). Now that remote work has become the norm, I feel this is the easiest blind spot of all. Picture an online meeting with an overseas client. You are at home or in a meeting room in Japan, and you have not stepped outside even once. Even so, if you share a drawing on screen, explain a technical specification orally, or send a materials file in the chat, it can amount to a provision of technology, as long as the other party is a non-resident. Not a single physical object has moved, yet the technology alone crosses the border. Seen this way, the screen-share button on Zoom can also become a "show this technology to a foreign country" button.
The key here is the distinction between a resident and a non-resident. Intuitively it seems to come down to nationality, but in practice it is judged by the substance of where someone resides[^3]. A foreign national is, as a rule, treated as a non-resident, but becomes a resident if they work at an office located in Japan, or if more than six months have passed since their entry into Japan. Conversely, a Japanese national is, as a rule, a resident, but becomes a non-resident in cases such as departing Japan with the intent to stay abroad for two years or more. On top of this, there is the concept of "specific categories" (tokutei ruikei), which took effect on May 1, 2022. Under it, provision to a resident who is strongly influenced by a foreign government or a foreign company has also been brought within the scope of management as a deemed export[^4]. You cannot say that because the other party is a foreign national who happens to be in Japan, it is unconditionally fine. This is the area where judgment based on assumptions is the most dangerous.
There is one more near-miss I want to introduce around online meetings, this one concerning a presentation at an international conference[^2]. A researcher planned to present technology at an international conference and assumed, "If it is an academic presentation, the information is in the public domain, so no measures are needed." But that conference had a limited set of attendees, and a confidentiality obligation applied. In other words, it was not in a state where an unspecified and unlimited number of people could freely obtain it; the exception that lets you treat it as public-domain technology could not be used, and in the end it was judged to fall under list control. I think this case shows how the feeling of "I am just talking at a conference" or "it is content that is already known" can become a pitfall just as it stands.
Let me add one note here. Some people interpret this as "the rules changed because online meetings increased with COVID," but that is not accurate. The rules on the provision of technology existed before. What changed is not the rules but the way we work. As remote meetings and cloud sharing became part of daily life, occurrences that fall under the fourth type simply increased. That is precisely why it is worth reviewing where you stand right now. To build this kind of classification and screening into day-to-day work, we developed an export control AI agent, TRAFEED. Feed it your meeting materials or information about a client, and it helps you check them from the standpoint of list control and catch-all control.
Why "accidental violations" happen
Having read this far, you may have grown uneasy: "If the scope is that wide, surely everyone has been caught by it at least once." That is exactly why it is meaningful to know precisely what happens if you do violate the rules. The penalties for violating the Foreign Exchange Act are not something to take lightly. For an individual, imprisonment of up to 7 years, or a fine of up to 20 million yen, can be imposed. For the heavier category involving weapons of mass destruction, these rise to 10 years and 30 million yen. For a corporation, the fine can reach up to 1 billion yen. Furthermore, separate from criminal punishment, there is the possibility of an administrative sanction banning exports and the provision of technology themselves for up to 3 years. For a business operator, this "no business for three years" can be a far heavier blow than the fine.
What I want to stress here is that most of these violations arise not from deliberate wrongdoing like smuggling, but from the "slip-up" of a classification error. Even when you look at METI's published analysis of violation cases, non-intentional judgment errors account for a substantial proportion[^5]. The near-miss cases mentioned earlier do not feature villains, either. A staff member chased by a deadline, an engineer who explained the technology out of kindness, a field that merely followed precedent. What they have in common is a thin awareness that their own act amounted to a provision of technology.
I also want to touch on where responsibility lies. The excuse "the maker said it did not apply" does not work. The collection of near-miss cases includes a story in which someone took a supplier's classification certificate at face value, only for the item to actually fall under control[^2]. The party carrying out the export or the provision of technology bears the ultimate responsibility for classification. In other words, the side that received the document also has a responsibility to verify its contents. Honestly, I think this is a rule that is quite frightening if you do not know it. If you are leaning on another company's judgment, it will not protect you when it matters.
The difficulty of classification lies not only in the specialist knowledge it demands, but also in the fact that the control lists are frequently revised. Having a single staff member keep up with revisions to the statutes and appended tables is, realistically, quite a burden. When you want to grasp the overall picture of the statutes, the "super-simplified" version of the Foreign Exchange Act published by CISTEC (the Center for Information on Security Trade Control) can serve as a starting point[^6]. Still, in the end there is no alternative to judging each case individually in light of your own products and technologies, and this is where the bottleneck lies for many companies.
What you can do before a trip and before a meeting
Since this has run long, let me return to what to actually do on the ground. Not every business trip or online meeting becomes a violation. If anything, the great majority proceed without issue. What matters is embedding the habit of pausing to think, "Could this fall under the provision of technology?", into specific moments, namely before a trip and before a meeting.
For trips, for example, take stock in advance of what is inside the laptop or USB drive you will carry out, and check whether it contains controlled technical data. If it does, judge whether you truly need to take it, and, if you do, whether a license is required. For online meetings, first confirm whether the other party is a resident or a non-resident, and check whether the materials you intend to share or the content you intend to explain could be subject to classification. Neither of these is anything special. But unless you decide who does it and when, it will reliably fall through the cracks in a busy workplace.
Frankly, doing this checking by hand every single time is hard going. The control lists are long, revisions keep coming, and the judgments require specialist knowledge. That is precisely why I believe a realistic division of labor is to leave the first-pass classification and screening to AI, while people concentrate on the final judgment. We built TRAFEED out of exactly this desire to prevent the "slip-up" through a system. If you are unsure how to fold it into your own travel and meeting operations, you can think it through together, mapped onto your specific work, in a one-on-one consultation about TRAFEED. Export control is a field where the outcome clearly diverges depending on whether or not you know the rules. I would be glad if today's discussion becomes a prompt to pause for a moment before your next trip or meeting.
References
[^1]: JETRO, "Quick Guide to Security Export Control (v2)" — Japan External Trade Organization (JETRO) — January 2024 — https://www.jetro.go.jp/ext_images/world/security_trade_control/pdf/guide/202401_v2.pdf
[^2]: "Collection of Near-Miss Cases Concerning Security Export Control at Universities and Research Institutions (First Edition)" — METI, Security Export Control Policy Division — May 2019 — https://www.shinshu-u.ac.jp/guidance/policy/activities/export/jireishu.pdf
[^3]: "Residents, Non-Residents, and Persons Falling Under Specific Categories" — University of Tsukuba, Conflict of Interest and Export Control Management Office — https://coi-sec.tsukuba.ac.jp/export_control/resident/
[^4]: "On the Clarification of 'Deemed Export' Management" — Ministry of Economy, Trade and Industry (METI) — November 2021 — https://www.meti.go.jp/policy/anpo/daigaku/seminer/r3/minasiyusyutu2.pdf
[^5]: "Results of the Analysis of Foreign Exchange Act Violation Cases (FY2023)" — Ministry of Economy, Trade and Industry (METI) — December 2024 — https://www.meti.go.jp/policy/anpo/gaitameho_document/ihanjireigaitamehou5.pdf
[^6]: "Super-Simplified Foreign Exchange Act (2025 Revised Edition)" — Center for Information on Security Trade Control (CISTEC) — https://www.cistec.or.jp/service/chouyaku/chouyaku_gaitamehou.pdf