Japan: Opened consultation on draft security conformity assessment system for IoT products

On 15 March 2024, the Ministry of Economy, Trade and Industry (METI) opened a consultation on the draft policy for the establishment of a security conformity assessment system for IoT products, until 15 April 2024. The objective of the proposed system is to evaluate and visualise the security of IoT products using a common standard, to mitigate increasing cyber threats by enabling self-conformity declarations and labelling for IoT products against minimum common threats, and to encourage government and critical infrastructure procurement to use the system. The voluntary system will cover a wide range of IoT products with communication capabilities using Internet protocols, including products that are not directly connected to the Internet (computers, smartphones, etc. are not covered). The system will have multiple levels of conformity assessment to ensure wide application across various product types. Basic levels will have self-conformity, while higher reliability levels will require third-party certification. The Japanese Information-technology Promotion Agency (IPA) will oversee the system and extend its existing IT security evaluation and certification system (JISEC) to include this new system. The formal system launch is expected between July and September 2024.