Hello, this is Hamamoto from TIMEWELL. In export control consultations, I occasionally hear a question along these lines: "We haven't written a CP yet, so we don't have any export control obligations, right?" I understand the reasoning, but the answer is no. Whether or not you have a CP, if your company exports goods or provides technology as part of its business, there is a set of rules that already applies to you as a legal obligation under Japan's Foreign Exchange and Foreign Trade Act (FEFTA, gaitame-hou). That set of rules is today's topic: the Exporter Compliance Standards (yushutsusha-tou junshu kijun).
Let me sort out the terminology up front. The official name is "Exporter Compliance Standards" — in Japanese, yushutsusha-tou junshu kijun. In practice you will also see abbreviated forms such as "exporter compliance standards" without the "etc." or simply "the compliance standards" (junshu kijun); they all refer to the same thing. The frequently confused term "CP" stands for Compliance Program and refers to a company's internal export control program (yushutsu kanri naibu kitei). The compliance standards are a legal obligation that applies to everyone; a CP is something companies voluntarily choose to file. That distinction is the backbone of this article. If you are unsure whether your own setup clears the legal minimum, I recommend running the free export-control readiness check before reading on — the rest of this article will feel far more personal.
What the Exporter Compliance Standards Are: Reading Article 55-10 of FEFTA
Let's start with the statute itself. The legal basis is Article 55-10 of FEFTA (formally, the Foreign Exchange and Foreign Trade Act). Paragraph 1 provides that the Minister of Economy, Trade and Industry must establish, by ministerial ordinance, standards to be complied with by anyone who conducts transactions under Article 25(1) (provision of technology) or exports under Article 48(1) of FEFTA "as a business" — the statute calls such parties "exporters, etc." (yushutsusha-tou). Paragraph 4 then imposes the obligation: "Exporters, etc. must conduct exports, etc. in accordance with the Exporter Compliance Standards."[^1]
Here I want to flag a point that is widely misunderstood. The party that "establishes" the standards is the Minister of Economy, Trade and Industry — not the exporter. Some commentary articles are worded in a way that suggests exporters must "establish compliance standards" themselves, but the statutory architecture is that exporters must "follow" standards the Minister has set out in an ordinance. This is not a regime where you become non-compliant simply because you failed to draft and file some document of your own. What you must follow is written in the ordinance from the start.
That ordinance is the Ministerial Ordinance Establishing Exporter Compliance Standards (METI Ordinance No. 60 of 2009, Heisei 21). It was promulgated on October 16, 2009 and took effect on April 1, 2010. It has since been amended twice — an amendment effective May 1, 2022 (Reiwa 4) and another effective October 9, 2025 (Reiwa 7) — bringing us to the current text.[^2] In other words, this regime has been in operation for more than fifteen years. And yet awareness of it remains astonishingly low. In my experience, even people who know terms like "list control" (risuto kisei) and "classification determination" (gaihi hantei) are rarely able to explain accurately what the compliance standards are.
The scope of application is also worth pinning down. The statutory test is conducting exports or technology transfers "as a business" — that is, repeatedly and continuously as part of one's trade — and there is no company-size requirement anywhere in the text. CISTEC (the Center for Information on Security Trade Control, a specialist body in the export control field) likewise explains that the standards apply to virtually all exporters and technology providers regardless of size, and that SMEs and universities are no exception.[^12] The notion that "export control is a big-company problem" simply does not hold, at least as far as these standards are concerned.
Replace siloed classification work with AI.
METI's FY2024 data shows 52% of foreign exchange law violations stem from classification errors. TRAFEED cuts determination time by ~70% and stores structured rationale for every decision.
The Two Baseline Requirements Common to All Exporters
So what, concretely, must be followed? The standards applicable to all exporters, etc. are set out in Article 1, item 1 of the ordinance — and there are only two of them, labeled (i) and (ro) in the Japanese legal numbering.[^3]
The first, item (i), is to appoint a person responsible for classification checks — in the statutory language, a gaihi kakunin sekininsha (classification confirmation officer). A "classification check" (gaihi kakunin) means confirming whether the technology you intend to provide or the goods you intend to export fall under "specified critical goods, etc." You can safely treat it as the same work practitioners call gaihi hantei — the determination of whether an item is or is not controlled. In plain terms: decide who in your organization bears responsibility for checking whether the goods and technology you send abroad are caught by the control lists.
The second, item (ro), is to keep the people engaged in export and related operations informed of the latest FEFTA and the orders issued under it, and to provide the guidance necessary for compliance with the relevant laws. Put simply: educate the employees involved in exports. Laws get amended. A staff member operating on five-year-old knowledge will not notice that the regulatory net has shifted. That is precisely why the word "latest" appears in the statutory text.
Just two requirements — does that feel thin? I actually think it is a well-designed minimum. Appoint a responsible person, and train your staff. An organization lacking these two things cannot run export controls no matter how impressive its written rules are. Conversely, even if you are not a trading house — even if you are a manufacturer selling products to overseas customers, or a company sending technical documents to an overseas subsidiary — these two things are the standard you are already expected to meet today.
There is, incidentally, an accommodation for sole proprietors who export as a business. Under Article 2 of the ordinance, the classification confirmation officer and the chief export control officer (discussed below) may be the same person. Further, under Article 3, where the exporter is an individual, parts of Article 1, item 1(i) and item 2 do not apply, and the duty to train employees is read instead as a duty to "gather the necessary information."[^6] Telling a one-person business to "appoint an officer" or "train your employees" would be meaningless, so the ordinance adjusts to reality.
Ten Additional Items Layered on Companies Handling List-Controlled Goods
Now for the second half of the story. On top of the two requirements common to everyone, the standards add further items for businesses that handle list-controlled items as part of their trade. The statutory label is "exporters, etc. of specified critical goods, etc." (tokutei juuyou kamotsu-tou yushutsusha-tou). Intimidating name; simple substance once you break it down.
First, what are "specified critical goods, etc."? They are defined in a separate ordinance — the Ministerial Ordinance Establishing Specified Critical Goods, etc. (METI Ordinance No. 61 of 2009) — as the technologies listed in the middle column of rows 1 through 15 of the appended table of the Foreign Exchange Order, and the goods listed in the middle column of rows 1 through 15 of Appended Table 1 of the Export Trade Control Order.[^5] In other words: the goods and technologies subject to list control. I walked through the structure of Appended Table 1 in detail in a separate guide to Appended Table 1 of the Export Trade Control Order, so if list control is unfamiliar territory, reading that piece first will make the connections clearer.
The additional standards are the ten items in Article 1, item 2 of the ordinance, labeled (i) through (nu) in Japanese legal numbering. The statutory text lends itself well to a table, so here is the overview.[^4]
| Item | Content | Nature |
|---|---|---|
| (i) | Appoint, from among the company's representatives, a chief export control officer (toukatsu sekininsha) who oversees export operations | Obligation |
| (ro) | Clarify the authority and responsibilities of the departments involved in export operations, and the relationships between them | Obligation |
| (ha) | Establish procedures for classification checks | Obligation |
| (ni) | Establish and implement procedures for verifying end use and end users (buyers and users) | Obligation |
| (ho) | At shipment, confirm that the goods actually being exported match the goods described in the documentation | Obligation |
| (he) | Conduct periodic audits of export operations | Best-effort obligation |
| (to) | Provide training to the chief export control officer and staff engaged in export operations | Best-effort obligation |
| (chi) | Provide guidance and similar support to subsidiaries | Best-effort obligation |
| (ri) | Retain documents relating to export operations for an appropriate period | Best-effort obligation |
| (nu) | Upon violating (or possibly violating) the relevant laws, promptly report to the Minister of Economy, Trade and Industry and take the measures necessary to prevent recurrence | Obligation |
Look at the list and you will notice that nearly every element of the internal control framework found in export control textbooks is already here: a responsible officer, organizational structure, classification checks, transaction screening, shipment control, audits, training, document management, and incident reporting. I have laid out the practical build-out sequence in how to build an export control system, but you could fairly say the skeleton of that guide is already written into these ten items.
In my experience, the heaviest practical burden sits with items (ha) and (ni). Classification checks mean the painstaking work of matching the specifications in the Goods and Technologies Ordinance against your own product specs, and end-use and end-user screening recurs with every transaction. For companies where this work can no longer be handled by human effort alone, we offer TRAFEED, an AI agent for export control. In a joint validation study with Okayama University using roughly 30,000 past screening records, TRAFEED demonstrated an AI determination accuracy above 95% (our own research), and it visualizes the level of concern in about five seconds. It is already in use at more than twenty organizations — but the final classification determination always rests with your company's export control officer. That architecture, I would argue, is consistent with the philosophy of the compliance standards themselves, which require the appointment of a classification confirmation officer.
What Happens If You Don't Comply: Guidance, Recommendations, Orders, Penalties — in That Order
Once something is called an obligation, the next question is what happens if you break it. Here the statute is deliberately staged.
The first stage is guidance and advice. Under Article 55-11 of FEFTA, the Minister of Economy, Trade and Industry may, when deemed necessary, provide the guidance and advice needed to ensure that exports are conducted in accordance with the compliance standards. The next stage is a recommendation: under Article 55-12, paragraph 1, if the Minister finds that a party is still violating the standards despite guidance and advice, the Minister may recommend that the party comply. If the party fails to follow the recommendation, paragraph 2 of the same article allows the Minister to order the party to take the measures covered by the recommendation.[^7]
Criminal penalties enter only at the stage of violating that order. Under Article 71, item 11 of FEFTA, a person who violates an order under Article 55-12, paragraph 2 is subject to imprisonment for up to six months or a fine of up to 500,000 yen.[^8] Put the other way around: a violation of the compliance standards themselves carries no direct criminal penalty. The design escalates through guidance and advice, then a recommendation, then an order — and only ignoring the order triggers punishment.
If your reaction is "then why not just wait until an order arrives?", I would say that instinct is dangerously off as a matter of practice. METI conducts on-site inspections under Article 68 of FEFTA — so-called legal compliance inspections — to confirm that security export controls based on the Exporter Compliance Standards, or on the FEFTA Compliance Requirements in the CP Notification discussed below, are being properly implemented.[^11] Gaps in your system become visible in an inspection. More fundamentally, a company where the ten items are not actually functioning is permanently exposed to the risk of violations of FEFTA itself — unlicensed exports, for example — which carry far heavier penalties. The reason the compliance standards' own sanctions are light, as I read it, is that these provisions exist not to punish but to prompt companies to build systems that prevent incidents before they happen.
How the Standards Differ from a CP (Internal Export Compliance Program) — and Why a "Voluntary" CP Becomes Near-Essential in Practice
Now back to the question we opened with: how do the compliance standards differ from a CP? A side-by-side table first, then some commentary.
| Aspect | Exporter Compliance Standards | CP (internal export compliance program) |
|---|---|---|
| Legal status | Statutory obligation (FEFTA Article 55-10, paragraph 4) | Voluntary self-management initiative; filing is optional |
| Who defines the content | The Minister of Economy, Trade and Industry (by ordinance) | Each company drafts its own |
| Who it applies to | Everyone who conducts exports, etc. as a business | Companies that file one |
| Level required | The legal minimum (2 items for everyone, plus 10 for list-controlled goods) | Must satisfy the "FEFTA Compliance Requirements" in Annex 1 of the CP Notification — a notch stricter than the compliance standards ordinance |
| Main effect | Compliance is itself the obligation | Issuance of a CP acceptance certificate; access to the bulk export license system |
Filing a CP with METI is a voluntary procedure, not a legal duty. Filings are made under the CP Notification ("Concerning the Filing, etc. of Internal Export Control Programs"), and if the program's content is found appropriate, a CP acceptance certificate (CP juri-hyou) is issued. Companies that file a CP commit to self-management under internal rules that satisfy the "FEFTA Compliance Requirements" in Annex 1 of the CP Notification — a level one notch stricter than the compliance standards ordinance.[^9]
So why do so many companies file a CP if it is voluntary? The key is the bulk export license (houkatsu kyoka). Export licenses come in two forms: individual licenses obtained transaction by transaction, and bulk licenses that authorize a defined range of exports collectively. Access to bulk licenses dramatically changes the administrative burden. A holder of a CP acceptance certificate must, between July 1 and July 31 each year, submit an exporter overview and self-management checklist (a Form 3 document known as the "CL"); if appropriate management is confirmed, a CL acceptance certificate is issued and the company can use the bulk license system. A company holding, say, a special general bulk license that fails to submit its annual CL is in breach of the license conditions under the bulk license handling guidelines.[^10] In other words, a CP is not "file it and forget it" — it delivers its practical benefits only in combination with the annual CL submission. Note also that if a company files a CP withdrawal, the acceptance certificate loses effect, and METI's page warns that certain bulk licenses lose effect along with it.[^11]
On the currency of the regime: the current CP Notification was promulgated on April 9, 2025 (Reiwa 7) and took effect on May 9 of the same year, with no changes to the substance of the FEFTA Compliance Requirements in Annex 1.[^11] For a deeper treatment of how to actually build a CP — what to include in the program and how to file it — see the guide to building an internal export compliance program (CP).
To sum up, the structure is two-storied. The ground floor is the compliance standards: a legal obligation that applies to everyone, the minimum you are expected to meet as a matter of course. The upper floor is the CP: voluntary, but a mechanism by which a company declares stricter self-management in exchange for the practical benefit of bulk licenses. It is not that "no CP means no obligations" — the ground-floor obligations apply to companies without a CP at all times. That structure is the full answer to the question we started with.
Wrapping Up: The First Step Is to Pick a Responsible Person and Write Down the Name
Finally, for those about to put a system in place, here is the order of operations I would suggest.
The very first task is appointing your classification confirmation officer. It can be a director or the head of your administrative department — what matters is deciding who bears responsibility for classification checks and recording that name in a document. Taken to its logical extreme, the first of the two universal obligations can be satisfied today. The second — training your staff — can start with an internal study session using the publicly available materials from METI and CISTEC. From there, if your products or technologies could plausibly fall under list control, move on to building a system with the ten additional items in mind. If your company cannot fully carry the classification workload in-house, I have mapped out the options in a guide to outsourcing and support services for export classification.
One honest caveat: the statutory provisions cited in this article are based on the current laws as available on e-Gov, but the ordinances and notifications around FEFTA are a field of ongoing amendment. For decisions touching your company's specific transactions, always check METI's security export control pages and the latest public notices directly. The habit of going to primary sources is itself a way of practicing item (ro) of the compliance standards — keeping staff informed of the latest laws.
An obligation that has existed for fifteen years, yet remains largely unknown. Because it is unknown, exports continue without a proper system in place — until one day an incident happens. The best way to break that sequence is to take the first step on the day you learn the law exists. If you would like to discuss concretely where your company should start, please book a consultation. Decide on one responsible person's name. That is where export control begins.
References
[^1]: Foreign Exchange and Foreign Trade Act, Article 55-10 (Exporter Compliance Standards) — e-Gov Statute Search (Digital Agency) — accessed July 7, 2026 [^2]: Ministerial Ordinance Establishing Exporter Compliance Standards (METI Ordinance No. 60 of 2009), main text and supplementary provisions — e-Gov Statute Search (Digital Agency) — accessed July 7, 2026 [^3]: Ministerial Ordinance Establishing Exporter Compliance Standards, Article 1, item 1 (standards common to all exporters) — e-Gov Statute Search (Digital Agency) — accessed July 7, 2026 [^4]: Ministerial Ordinance Establishing Exporter Compliance Standards, Article 1, item 2 (standards for exporters of specified critical goods, etc.) — e-Gov Statute Search (Digital Agency) — accessed July 7, 2026 [^5]: Ministerial Ordinance Establishing Specified Critical Goods, etc. (METI Ordinance No. 61 of 2009) — e-Gov Statute Search (Digital Agency) — accessed July 7, 2026 [^6]: Ministerial Ordinance Establishing Exporter Compliance Standards, Articles 2 and 3 (concurrent appointments; special provisions for individual exporters) — e-Gov Statute Search (Digital Agency) — accessed July 7, 2026 [^7]: Foreign Exchange and Foreign Trade Act, Articles 55-11 and 55-12 (guidance and advice; recommendations and orders) — e-Gov Statute Search (Digital Agency) — accessed July 7, 2026 [^8]: Foreign Exchange and Foreign Trade Act, Article 71, item 11 (penalties for violating an order) — e-Gov Statute Search (Digital Agency) — accessed July 7, 2026 [^9]: Promotion of Corporate Self-Management (CP filings; FEFTA Compliance Requirements) — METI, Security Export Control — accessed July 7, 2026 [^10]: Promotion of Corporate Self-Management (self-management checklist; bulk export licenses) — METI, Security Export Control — accessed July 7, 2026 [^11]: Promotion of Corporate Self-Management (amendment of the CP Notification; legal compliance inspections) — METI, Security Export Control — notification promulgated April 9, 2025, effective May 9, 2025 [^12]: Exporter Compliance Standards: A First Step — CISTEC (Center for Information on Security Trade Control) — accessed July 7, 2026
![What Are Japan's Exporter Compliance Standards? The Rules That Apply to Every Exporter, Explained for Beginners — and How They Differ from a CP (Internal Compliance Program) [2026 Edition]](/images/columns/exporter-compliance-standards-guide/cover.png)