Hello, this is Hamamoto from TIMEWELL. There is a story going around that Chinese-made storage batteries have failed to obtain "JC-STAR," Japan's cybersecurity label for IoT devices, and that Chinese firms are pushing back, calling it "de facto exclusion."
How you read this story changes the impression it leaves quite a lot. You can take it as "Japan shut out Chinese products in the name of security," or you can take it as "Japan operated a scheme aligned with international standards, and this is simply how it turned out." Rather than taking one side, I want to lay out, as flatly as I can, the substance of the scheme, what can currently be confirmed as fact, the Japanese government's account, and the critics' arguments. The job of this article is to prepare material you can read with facts and evaluation kept apart. The judgment I leave to each reader.
What JC-STAR is
Let me start with the scheme itself. The formal name of JC-STAR is the "Labeling Scheme based on Japan Cyber-Security Technical Assessment Requirements." It is operated by the Information-technology Promotion Agency (IPA), an incorporated administrative agency under the Ministry of Economy, Trade and Industry (METI)[^1]. The easiest way to think of it is as a mechanism that assesses the security level of IoT devices—devices that connect to the internet—and makes the result visible in the form of a label.
The label comes in four tiers, from Star 1 to Star 4. Star 1 and Star 2 use a "self-declaration of conformity," in which the vendor (the business supplying the product) declares its own conformity with the criteria. Star 3 and Star 4, by contrast, are set at levels intended for government agencies and critical infrastructure, and the labels are granted based on evaluation by an independent third-party assessment body[^1]. By design, the higher the tier, the stricter the external check. A Star 1 conformity label is valid for two years from the date of issue, and as of March 2025 it uses a self-declaration process in which the applicant prepares an application form and a checklist and submits them by email[^2].
It is worth tracing how the scheme came together. JC-STAR began operating on March 25, 2025, and on that same day it opened new applications for Star 1 (Level 1) and began publishing a list of products that had obtained the conformity label. The policy for building the scheme itself was announced in August 2024[^3]. So the sequence is: the design policy in August 2024, then the start of operation and the first Star 1 applications and product list in March 2025. Reading the timeline this way makes it clear that the scheme did not appear overnight around the battery story; it was set in motion well before, on its own schedule.
What should not be overlooked here is that the conformity criteria are not homegrown but were drawn up in harmony with domestic and international standards such as ETSI EN 303 645 and NISTIR 8425[^1]. ETSI is a European standardization body and NIST is an American one; both issue criteria that are widely referenced in the IoT security field. This fact of "conformity with international standards" becomes an important foothold for one side of the debate over whether this amounts to "exclusion," which I will come to later. It is also worth remembering that the two-year validity of a Star 1 label and the email-based self-declaration route mean the scheme is administratively light at the entry tier[^2]: an applicant assembles an application form and a checklist and declares conformity, rather than passing through a heavy third-party gate. That lightness matters when we later weigh whether "not certified" is better read as "was turned away" or as "has not yet declared under its own brand."
Replace siloed classification work with AI.
METI's FY2024 data shows 52% of foreign exchange law violations stem from classification errors. TRAFEED cuts determination time by ~70% and stores structured rationale for every decision.
What is happening now
Two developments have converged behind JC-STAR's sudden rise to attention. One is that the scheme is being built into the requirements for power infrastructure; the other is the reporting that Chinese-made storage batteries have not obtained the certification.
Let me start with the scheme side. Through revisions to the grid code (the technical requirements for grid interconnection), deliberations are proceeding toward a framework in which solar power and storage facilities connecting at extra-high and high voltage will, from April 2027 onward, and low-voltage facilities (under 50 kW) from October 2027 onward, require JC-STAR Star 1 conformity for projects that file grid-access contract applications. Here is a point that is easily misunderstood in practice: the trigger for the requirement is said to be the "connection-contract application," not the "interconnection date"[^4]. The equipment subject to the requirement is control-system gear with IP communications, such as PCS (power conditioning systems, the devices that convert between direct and alternating current) and EMS (energy management systems). This framework was deliberated at the Agency for Natural Resources and Energy's grid code study meetings and is said to have been approved at the 20th meeting in December 2025 and the 21st meeting on March 31, 2026[^5]. That said, as of June 2026 the guidelines, the grid interconnection technical requirements, and the grid interconnection code had not yet been promulgated. The framework is approved, but the legal texts remain unfinalized—a caveat I think we should state accurately[^4].
The other development is the state of certification. According to reporting by outlets such as the Nikkei and the Hankyoreh, Chinese players including Huawei, Sungrow, BYD, and CATL had not been confirmed to hold JC-STAR under their own brands as of 2026, described as "zero certifications"[^6]. It is reported that in METI's review, some thirty-odd companies from various countries—Japan's PowerX, a Samsung affiliate from South Korea, the United States' Tesla, and Germany's SMA Solar Technology, among others—obtained the security certification, while none of the four Chinese companies received approval[^7]. To be careful, these specific company counts are a secondary confirmation drawn from reporting by the Nikkei, the Hankyoreh, and others; they are not the result of exhaustively cross-checking the IPA's primary registration list. It is reasonable to receive the figures as "reported." In fact, the manufacturers confirmed as certified in publicly available information span many nationalities: for residential storage batteries, Nichicon (Japan), Omron (Japan), and Samsung SDI (South Korea); for industrial and grid-scale PCS, SMA (Germany), Power Electronics (Spain), and Dots Energy (Taiwan), among others[^8].
The Japanese government's view
Having laid out the facts, let me turn to each party's account, starting with the Japanese government.
METI is reported to say, regarding the fact that Chinese companies have not received approval, that it makes a "comprehensive judgment based on the information companies submit and the information the Japanese government holds," and that it is not targeting any specific country for exclusion[^7]. This phrasing of "comprehensive judgment" also means, read the other way, that the specific grounds for individual decisions are not disclosed in detail. From a transparency standpoint it is an unsatisfying formulation, but I take it that the nature of a review makes it impossible to disclose all the material behind a judgment.
Let me also confirm the logic of the scheme's design. As I touched on in the previous section, JC-STAR's conformity criteria were built in harmony with the international standards of ETSI and NIST[^1]. There is no provision that names and excludes products from a specific country; the structure simply asks whether a product conforms to technical security requirements. From the Japanese government's standpoint, the account would be: "We apply neutral, standards-based criteria to all companies in the same way, regardless of nationality. It just so happens that some companies do not meet the requirements."
Another axis is the context of protecting critical infrastructure. Grid-scale storage batteries and PCS are equipment connected directly to electricity, the foundation of society. If a control-system device with IP communications on the grid were compromised, the consequences would not stay inside a single company; they could ripple across the power network that everyone depends on. The very idea of throwing a cybersecurity net over this is a challenge that many countries share as distributed power sources rapidly increase. The Electric Power Infrastructure Development Division of the Agency for Natural Resources and Energy is deliberating, as a cybersecurity measure for distributed power sources, a policy to build JC-STAR into the grid interconnection requirements through its scheme-review working group[^9]. Seen from this angle, tying the label to interconnection is less about any one manufacturer and more about setting a common floor for every device that touches the grid. The aim of protecting power infrastructure is a point that stands on its own, separate from the question of nationality. Storage batteries are also given a special position within the framework of economic security. Under the Economic Security Promotion Act (enacted May 2022), the government designated eleven fields, including semiconductors and storage batteries, as "specified critical materials" by cabinet order on December 20, 2022, and storage batteries were included among the targets for supply-chain resilience[^10]. The criteria for selecting specified critical materials are four: importance to national life and economic activity, dependence on external sources, the likelihood of a supply cutoff, and the need for measures to secure a stable supply, with the Cabinet Office overseeing the scheme[^11]. I have laid out the whole map of the economic-security framework in separate articles, Amendments to the Economic Security Promotion Act and Semiconductors and Economic Security, so reading those alongside this piece should make the background easier to grasp.
The arguments of critics and the concerned
How do critics and the Chinese side see the same facts? I will present this fairly too.
Chinese companies are reported to be pushing back, saying "only companies from a specific country are having their applications rejected; this is de facto exclusion." The reporting positions Huawei, Sungrow, BYD, and CATL as "leaders in the global market," and it takes issue with a situation in which firms holding global share cannot get through in the Japanese market alone[^6]. From the standpoint of international trade rules, a criticism can be mounted: is this a barrier to entry dressed up as a standard? That is an evaluation, not a factual assertion, but as a critic's argument it is a coherent one. When firms that lead the world market are the ones who cannot get through in a single market, it is natural for them to ask whether the outcome, rather than the wording, is what should be judged. The counter to that argument is the international-standards point from the government's side; the two do not resolve neatly, which is exactly why I want to keep both on the table rather than pick a winner.
On the other hand, the background to Japan's concerns is said to lie in China's National Intelligence Law. The law was passed by the Standing Committee of the National People's Congress on June 27, 2017, and took effect on June 28. Its Article 7 provides that "all organizations and citizens shall support, assist, and cooperate with national intelligence work in accordance with the law…"[^12]. On the basis of this provision, the concern is voiced that data could pass to the state through the products of Chinese companies. That said, the existence of this law does not, by itself, allow one to conclude that a specific data leak has occurred. It is an institutional fact cited as background to the concern, not evidence that anything happened with a particular product—a distinction I want to keep in place.
Here let me add one point to keep both the criticism and the rebuttal cool-headed. The simplification of "zero certifications equals exclusion" comes with several practical caveats. For instance, Huawei-made storage batteries (such as the LUNA2000) are sold under Japanese OEM brands like XSOL, DMM, and Kyocera, and there is a view that if the Japanese brand in question obtains JC-STAR, the requirement could be met[^13]. There is also equipment, such as some from Yaskawa Electric, whose PCS has no IP communications functionality and thus falls outside the scope of the JC-STAR scheme. In other words, whether a product is certified depends not only on "nationality" but also on the product's communication specifications[^13]. The word "rejection" also deserves care, being the critics' framing. Star 1 uses the self-declaration process, and on the public record the situation is that own-brand certification by the four major Chinese companies "cannot be confirmed." "Applied but was rejected" and "own-brand certification simply cannot be confirmed" carry different meanings. As far as I could confirm, I found no primary source that lets one assert "rejection" as fact.
For what it's worth, other frictions exist between Japan and China, such as the rare-earth export controls aimed at Japan, but I have not confirmed a primary source that directly ties them to the JC-STAR certification issue as "retaliation." As related context, the China Rare-Earth Export Control Map and the article summarizing moves at the local-government level, Local Governments and Chinese-Made IT, are useful references, but I think it is appropriate to hold them as background without asserting causation.
Impact on companies and industry, and the practical response
However one evaluates the merits of the scheme, for companies involved in grid-scale and industrial storage systems, the requirement kicking in during fiscal 2027 is a realistic schedule bearing down on them. From here, setting the question of position aside, let me talk about the practical side.
The first thing to tackle is an inventory: whether the equipment your company handles falls within JC-STAR's scope, and which label is required. Control-system gear with IP communications, such as PCS and EMS, is covered, while equipment without communications functionality may fall outside scope[^13]. You need to organize your product line from the standpoint of communication specifications, and, bearing in mind that the trigger for the requirement is the "connection-contract application," work backward from the schedules of your projects[^4]. Because the trigger is the application date rather than the interconnection date, a project you think of as "later" may in fact cross the line sooner than expected once you count from when the contract is filed. There is the caveat that the provisions have not yet been promulgated, but since the direction has been approved, I think it is safer to bring preparations forward than to wait for the final text and be caught short.
The second is diversifying procurement. Concentrating supply on a specific country or manufacturer means carrying the risk that procurement halts due to certification outcomes or geopolitical circumstances. If a requirement lands and a supplier you have leaned on cannot present a certified product in time, a project can stall not because of anything you did but because of a gap upstream. Spreading that dependency is a hedge against a shock you cannot control from your own desk. A leading domestic example, PowerX (established March 2021), designs and manufactures both hardware and software at its own plant in Tamano City, Okayama Prefecture, adopts LFP batteries (lithium iron phosphate batteries), professes conformity with cybersecurity standards such as NERC CIP and IEEE 2030.7, and pitches "domestic production and diversified procurement"[^14]. It is not that domestic production is unconditionally superior, but diversifying suppliers and keeping track of each company's security posture is, in itself, a reasonable preparation—one that can be separated from any evaluation of the scheme.
This inventory work closely resembles, at its root, the classification determinations (deciding whether your own goods or technologies fall under regulation) that we perform every day in export control. You make visible the sensitive technologies and information you hold and the specifications of your equipment, and you organize which net of which regulation catches them. The more a company has systematized this work, the more often it can respond without panic even as new economic-security requirements pile up. The export-control AI agent we provide, TRAFEED, is a tool that automates classification determinations for goods and technologies and screening of counterparties in accordance with METI's criteria, and it is meant to quietly support exactly this kind of visualization work. It does not perform the JC-STAR response itself on your behalf, but as a foundation for making economic-security risk visible in peacetime, I regard it as an adjacent domain.
Finally, let me restate this article's stance one more time. I have not concluded that JC-STAR is either "a tool for excluding China" or "a purely technical scheme." What can be said as fact goes only this far: a certification scheme harmonized with international standards is being built into the requirements for power infrastructure, and as a result, certification by the four major Chinese companies has not been confirmed. Beyond that, whether it amounts to "exclusion" is the domain of evaluation, and the answer changes with your position, and with what weight you give to the international-standards framing versus the market-outcome framing. Since the scheme is moving, what a company can do—apart from any political evaluation—is to inspect its own equipment and procurement structure and prepare for the requirement. If you want to organize export control and economic security as a single, continuous challenge, please reach out through a consultation. Hold the evaluation in reserve, but firm up the practical preparation first. That, I believe, is the realistic way to face this uncertain subject.
References
[^1]: Labeling Scheme based on Japan Cyber-Security Technical Assessment Requirements (JC-STAR) — IPA (Information-technology Promotion Agency) — June 19, 2026 [^2]: Detailed information on the security labeling scheme (JC-STAR) — IPA (Information-technology Promotion Agency) — January 1, 2026 [^3]: Operation of the security labeling scheme for IoT products (JC-STAR) has begun — Ministry of Economy, Trade and Industry — March 25, 2025 [^4]: The trigger for JC-STAR Star 1 is not the "interconnection date" — the criterion is the "connection-contract application," high voltage from April 2027 — ScienceX — June 1, 2026 [^5]: April 2027 grid code revision: will the JC-STAR scheme become a mandatory requirement for solar power? — Universal Ecology — March 11, 2026 [^6]: Many Chinese battery companies fall short in Japan's cyber certification: "Clashing over economic security" — Hankyoreh (reprinted on Yahoo! News) — July 1, 2026 [^7]: Chinese storage batteries still at zero for Japan's cyber certification; firms push back, calling it "de facto exclusion" — Nikkei (via search summary) — March 19, 2026 [^8]: [Latest 2026] List of manufacturers that have obtained JC-STAR — splight Inc. — April 1, 2026 [^9]: On cybersecurity measures for distributed power sources (Scheme WG 19th meeting, Document 5) — METI Agency for Natural Resources and Energy — February 12, 2026 [^10]: Economic security "critical materials": eleven fields including semiconductors, decided by cabinet — Nikkei — December 20, 2022 [^11]: On the designation of specified critical materials (summary draft of the policy on securing stable supply), November 2022, Document 1 — Cabinet Secretariat (Economic Security Legislation Preparation Office) — November 2022 [^12]: [China] Enactment of the National Intelligence Law (Foreign Legislation, August 2017) — National Diet Library, Research and Legislative Reference Bureau — August 2017 [^13]: Where are the manufacturers that have obtained JC-STAR? The response status of major makers such as Omron, HUAWEI, and Yaskawa Electric [Latest 2026] — Solarlink Net — May 25, 2026 [^14]: PowerX company information (Made in Japan / domestic storage-battery maker) — PowerX Inc. — January 1, 2026
![JC-STAR and Chinese Storage Batteries: Japan's IoT Cyber Label, Economic Security, and the "De Facto Exclusion" Dispute [2026 Edition]](/images/columns/jc-star-china-battery-economic-security-2026/cover.png)