What Is a Spy Prevention Law? Comparing the U.S., U.K., Germany, and China, and Japan's Debate (2026 Edition)

Hello, this is Hamamoto from TIMEWELL.

Since the start of 2026, mentions of "spy prevention law" have grown noticeably more frequent. On April 23, the bill to establish the National Security Intelligence Council (NSIC) under the Takaichi administration passed the House of Representatives, and the reorganization of the intelligence community is now on a concrete timetable. Per the coalition agreement, the next steps are the creation of an independent external intelligence agency and new legislation that would directly criminalize foreign agent activity. When this "second phase" gets moving, what will change on the ground in export control and hiring? I see it as a management theme that leaders should internalize.

Lining up the spy prevention frameworks of the U.S., U.K., Germany, and China, I want to connect Japan's current status and open issues to the preparations companies should be making now. When I consult on export control, I often find teams have not fully grasped why spy prevention law has moved onto the management agenda. With a comparative reference frame in hand, the scope and limits of Japanese legislation come into sharper focus.

---

Defining Spy Prevention Law and Tracing Its History

There is no single piece of legislation called "the spy prevention law." The term is an umbrella for the body of law each country uses to criminally penalize information gathering and intelligence activity by foreign powers or agencies in order to protect its own national security. The scope of protection extends beyond military secrets to diplomatic information, critical infrastructure, advanced technology, and even political processes.

The historical blueprint of modern spy prevention legislation took shape in the early 20th century. The U.K. enacted its first Official Secrets Act in 1911, and the U.S. passed the Espionage Act on June 15, 1917, right after entering World War I. Their aims were to broadly capture the transfer of state secrets to foreign powers, the obstruction of military operations, and communications that aid enemy states. Through World War II and the Cold War, countries layered provisions onto these laws. With the rise of cyberspace and economic security, revisions have come in waves over the past few years.

What is interesting is that the definition of "information" protected by spy prevention law has quietly expanded with the times. Originally focused on classical state secrets in the military and diplomatic domains, the main battleground has shifted to civilian-origin advanced technologies like quantum, semiconductors, AI, and biotech. It has become a global norm that even technologies developed by private companies fall within national security if they carry military-use potential. In other words, spy prevention law is no longer just a "state versus state" law. It is increasingly a law that touches the surface of corporate activity.

Without that perspective, reading comparative national laws only leaves you with a flat impression of "a trend toward harsher penalties." What matters is identifying what each country is trying to protect and, from that, understanding how it will reverberate on the technologies you develop and the data you hold.

---

A Comparative Outline of the U.S., U.K., Germany, and China

United States: The Two-Tier Structure of the 1917 Espionage Act and Economic Espionage Law

The core of U.S. spy prevention law is Title 18, Chapter 37, Sections 792 through 799 of the U.S. Code, Chapter "Espionage and Censorship," i.e., the Espionage Act of 1917. Its backbone has been largely intact since enactment in 1917 and broadly punishes the unlawful acquisition, retention, or disclosure of national defense information. Violations carry up to 10 years in prison or a fine, and the death penalty remains within reach where grave harm to the nation results.

On top of this classical law sits the Economic Espionage Act (EEA), enacted in 1996, which is distinctive to the U.S. It punishes the theft of trade secrets for the benefit of a foreign government or its agents, with up to 15 years of imprisonment for individuals and fines up to 5 million dollars for corporations. In 2013, the case involving a Chinese researcher removing genetically modified crops, and around 2020, the case involving a Harvard professor tied to China's Thousand Talents Plan, showcased the EEA functioning as a working tool for federal prosecutors. Military secrets and economic espionage are handled under separate statutes, yet both are investigated by the FBI, giving the U.S. model a sense of operational unity.

United Kingdom: National Security Act 2023, a Once-in-a-Century Overhaul

The U.K. brought the National Security Act 2023 into force on December 20, 2023. The act repealed the three Official Secrets Acts of 1911, 1920, and 1939 and comprehensively rewrote the framework for modern threats. The U.K. government itself describes it as "the most significant reform of espionage law in the past century." The new law defines espionage through three categories, i.e., obtaining or disclosing protected information, obtaining or disclosing trade secrets, and assisting foreign intelligence services, and raises the maximum sentence from 14 years to life imprisonment.

What stands out here is that the term "trade secrets" has been written directly into a criminal spy prevention law. It steps into a world where passing a private company's trade secrets to foreign powers is handled not as a civil damages matter but as a felony close to treason. Combined with the Foreign Influence Registration Scheme (FIRS), the U.K. is now steering toward making the activity of foreign agents themselves visible.

Germany: A Framework Quietly Completed Inside the Criminal Code

Germany does not have a standalone spy prevention statute. Articles 94 through 100a of its Criminal Code (Strafgesetzbuch) carry that role. Article 94, the crime of treason, covers transmitting state secrets to foreign countries and can result in life imprisonment. Article 99 is more distinctive still: it independently punishes anyone who engages in information-gathering activity for a foreign intelligence agency as a "secret intelligence activist." In other words, whether or not the information itself qualifies as a state secret, the very act of espionage for a foreign agency is criminalized.

Economic espionage is covered by the Trade Secrets Act (GeschGehG) and the Act Against Unfair Competition (UWG), enabling both criminal and civil relief. Dividing the work between the criminal code and economic law while, as a whole, casting a seamless counter-intelligence net, is the German approach.

China: A Sharper Edge After the 2023 Amendment of the Counter-Espionage Law

China enacted its Counter-Espionage Law on November 1, 2014, and has been operating under the amended version since July 1, 2023. The article count expanded from 40 to 71, and the definition of espionage was significantly widened. Beyond information about state organs and military facilities, "other documents, data, materials, and items concerning national security and interests" were added, meaning that, depending on the authorities' judgment, a broad range of information can be treated as espionage-related.

What is practically heavy is the expansion of cooperation obligations on companies and individuals and of investigative powers. Authorities have powers to inspect subjects' belongings, electronic devices, and data, and to seal, detain, and freeze assets. Refusing to cooperate with evidence collection can trigger penalties under related provisions of the Data Security Law. Since 2015, at least 17 Japanese nationals have been detained. For expatriates and business travelers, this is not a hypothetical risk. For Japanese firms operating in China, the Counter-Espionage Law has become a must-cover topic in export control and compliance training.

Whereas the U.S., U.K., and Germany operate their regimes as "laws for protection," China's Counter-Espionage Law also functions as "a law for managing foreign companies and individuals." The character is fundamentally different. Comparing countries without grasping this asymmetry tends to spin discussions in circles.

---

Japan's Status Quo: The Limits of the Specially Designated Secrets Act and the Unfair Competition Prevention Act

Japan does not have a single law that directly punishes espionage itself. Instead, it responds by combining the Act on the Protection of Specially Designated Secrets, the Unfair Competition Prevention Act, the National Public Service Act, the Self-Defense Forces Act, FEFTA, and provisions of the Criminal Code such as theft.

The Act on the Protection of Specially Designated Secrets, enacted in 2013 and in force from 2014, designates information in four fields, i.e., defense, diplomacy, prevention of specified harmful activities, and prevention of terrorism, as specially designated secrets, and imposes up to 10 years of imprisonment on authorized handlers who leak them. It is useful, but it has clear limits. The core of its penal scope is leaks by authorized handlers. The act of information acquisition by foreign agents is not structurally the direct target. It is a "wall on the inside," and the "wall on the outside" has long been pointed out as missing.

The Unfair Competition Prevention Act was amended in April 2024 to expand the inference provision for use in trade secret infringement. Even so, to trigger criminal penalties, the three requirements of non-public nature, usefulness, and secrecy management must be met, and it remains difficult to pursue cases involving technical information routinely accessed at work or know-how transmitted verbally. When the TSMC trade secret theft case surfaced in August 2025 and the former employee of the Tokyo Electron local subsidiary became a subject of investigation, it raised the question of how far comparable cases could be prosecuted in Japan.

The Takaichi administration's "second phase" is legislation designed to fill this gap. The coalition agreement between the LDP and Nippon Ishin no Kai explicitly commits to developing intelligence and spy prevention legislation, establishing an external intelligence agency, and setting up intelligence-officer training institutions by the end of fiscal 2027. The policy speech set a goal of reaching Five Eyes-level standards and called for integrated strengthening of economic security, cyber, information power, security clearance, and AI. Forty years after the 1985 "Bill on the Prevention of Espionage Activities Related to State Secrets" was withdrawn, legislation is moving again under a new architecture anchored by the National Security Intelligence Council.

Even so, issues raised in past debates remain on the table. If the definition of state secrets is ambiguous, reporting, academic work, and civil society activity may be chilled. The Japan Federation of Bar Associations and several opposition parties are voicing similar concerns this time as well. We are entering a phase where the balance between freedom and security is being tested in the details of implementation.

---

The Reality of Industrial Espionage and Technology Leakage Facing Companies

Stepping back from legal theory and looking at what is actually happening on the corporate front line, the conclusion is clear. The main battleground of industrial espionage has shifted to people and information. Classical server intrusions still exist, but what stands out by volume is leakage through people.

In the case disclosed in 2023, a senior researcher of Chinese nationality at the National Institute of Advanced Industrial Science and Technology was found to have emailed research data on fluorine compounds to a Chinese company. The intermittent cyberattacks on JAXA from 2023 through 2024 started from a VPN device vulnerability, but are suspected to have backing from a foreign intelligence service. In August 2025, Taiwanese prosecutors arrested six people over suspected leakage of information on TSMC's 2 nm semiconductor process that originated with a former employee of a local Tokyo Electron subsidiary. Such cases span semiconductors, materials, biotech, and space, covering most of the main advanced-industry domains.

Three patterns tend to repeat on the ground. First, removal by employees preparing to resign. Design data and customer information leave the company as material to pitch to the next employer. Second, leakage through joint research and industry-academia collaboration. If background checks on contracts are lax, researchers embedded in foreign military-civil fusion programs can end up on your partner's side without anyone realizing. Third, leakage from the far end of the supply chain. Data is copied at a subcontractor's subcontractor and spreads across borders. All of these tend to slip through gaps in current law.

Given this reality, the spy prevention law debate is not a "news topic" but a theme that ricochets across hiring, contracting, export, and data management in your own company. Rather than waiting for a bill to pass, heading off the risks that are already materializing is the rational corporate choice.

---

Future Legislative Trends and the Practical Impact on Companies

If the Takaichi administration's second phase proceeds on schedule, from the extraordinary Diet session in 2026 through the end of fiscal 2027, at least three legislative tracks will move. The first is a new law directly punishing foreign agent activity. The second is an expansion of the scope of the security clearance regime. The third is the establishment of an external intelligence agency and the division of labor with the National Security Intelligence Council (NSIC).

This trajectory will hit corporate practice on at least four layers.

First, the granularity of counterparty screening rises a notch. In addition to FEFTA classification, the rollout of a foreign agent registration scheme will make proactively confirming whether counterparties are under foreign influence a standard operating procedure. Second, identity verification and background checks on the HR and hiring side get heavier. For R&D talent and positions touching sensitive technology, checks will need to go beyond nationality into education, career history, and sources of funding. Third, trade secret management must be brought up to a "criminal penalty-capable" level. Of the three requirements, secrecy management is highly dependent on access-control and log design, so technical underpinnings cannot be deferred. Fourth, cross-border data management. Companies doing business in China should assume the simultaneous application of the Counter-Espionage Law and the Data Security Law and make sure cross-border transfer paths and storage locations are clearly visible.

The content of the bill may shift during Diet deliberations, but the broad direction, i.e., harsher punishment of acts involving foreign powers and trade secrets, is aligned with major-country trends and unlikely to reverse. The real question has shifted to where, along this trajectory of tighter enforcement, companies should start preparing.

In this context, our TRAFEED (formerly ZEROCK ExCHECK) can serve as a practical foundation. TRAFEED is an export control AI agent built to METI standards that runs multilingual end-user list checks on counterparties, classifies items, and surfaces red flags on transactions involving countries of concern. Whether or not the spy prevention law debate moves forward, given that the case record of technology leakage keeps piling up worldwide, raising the precision of classification and screening early is what you want to do. Automating export control is one of the few areas where you can start without waiting for legislative developments.

---

Summary: Five Perspectives to Stay Ahead on Information Security

What this comparative look at spy prevention law reveals is that countries, each in line with their own legal culture, are converging on directly penalizing "information acquisition by foreign powers." The U.S. runs a two-tier structure of the Espionage Act and the Economic Espionage Act. The U.K. made its first major overhaul in a century with the National Security Act 2023. Germany has quietly completed its framework inside the criminal code. China sharpened its law with the 2023 amendment, expanding even investigative powers. And Japan is about to settle a 40-year-old homework assignment through the Takaichi administration's second phase.

To close, here are five perspectives companies should take ahead of this current. First, the boundary between state secrets and trade secrets is becoming blurred. Second, the scope of punishment is steadily extending to foreign agents themselves. Third, visibility of counterparties and talent is required across borders. Fourth, cross-border data management increasingly intersects with counter-espionage-type laws. Fifth, tidying up operations before the law activates is cheaper, both in cost and in trust, than scrambling after.

Export control and information security are no longer a checkbox exercise for legal compliance. They are becoming conditions of business continuity itself. Related topics are covered in depth in The Creation of the National Security Information Council and Japan's Intelligence Architecture, An Overview of Spy Prevention Law for Business, What a Japanese Intelligence Agency Might Look Like, and Japan-China Export Control 2026. Reading them together gives you a three-dimensional picture.

Legislation and implementation always arrive a little behind. But preparation is overwhelmingly easier when it is early. Over this next year, as the spy prevention law debate ramps up, I want to bring our technology, people, and transactions into a shape we can explain against any country's standards.

---

References

1. "Espionage Act of 1917," English Wikipedia, accessed 2026
2. "National Security Act 2023," UK Parliament; commentary by Womble Bond Dickinson, in force December 2023
3. Tokio Marine dR, "China's 'Counter-Espionage Law' Amendment and Measures Companies Should Take"
4. CISTEC, "The Amended Chinese Counter-Espionage Law, Related Issues, and Trends," April 2023
5. Nikkei, "'National Security Intelligence Council' Bill Clears House of Representatives; Takaichi Administration Strengthens Intelligence in Two Phases," April 23, 2026
6. Prime Minister's Office, "Prime Minister Takaichi's Policy Speech at the 221st Session of the Diet," February 20, 2026
7. JBpress, "'Spy Prevention Law' Gains Tailwind After Takaichi Administration's Launch"
8. METI, "Strengthening Prevention of Technology Leakage and Trade Secret Protection"
9. DataClasys, "Protecting Your Company from Industrial Espionage: The Reality of Technology Leakage Learned from Recent Cases," February 2026