Critical infrastructure, specified critical technologies, patent non-disclosure

• You have not confirmed whether your Japan business falls within the Act’s scope as a “core infrastructure” operator — covering 14 sectors including energy, finance, IT, transport, and water.
• Your company handles technology that may be designated as a “specified critical technology” under the Act, but no assessment has been done.
• You are not aware that patent applications in certain technology areas can be subject to non-disclosure orders under the Act, affecting your IP strategy in Japan.

Prior notification, designated business sectors, 2026 amendments

• Your organisation is planning — or has recently completed — an investment, acquisition, or capital increase in a Japan company, but has not systematically reviewed Foreign Exchange Act prior notification requirements.
• The 2026 amendments tightening investment screening and extending rules to indirect acquisitions have not been reflected in your deal structuring or due diligence process.
• You are uncertain whether the target company’s business falls within a “designated sensitive business” sector requiring advance clearance.

Information infrastructure operators, reporting duties, OT security

• Your Japan entity may qualify as a “specified information infrastructure operator” under the Act on the Enhancement of Cyber Response Capabilities and related amendment acts, but obligations — including incident reporting and pre-attack countermeasures — have not been reviewed.
• The integration of OT (operational technology) systems with IT networks at your Japan facilities creates exposure under the new industrial cybersecurity framework, but no legal assessment has been conducted.
• Supply chain security assessment requirements under METI’s new standards have not been built into your vendor management process for Japan operations.

Technology leakage, employee mobility, criminal exposure for management

• Your Japan operations involve technology, personnel, or data that could be affected by ongoing discussions on strengthening Japan’s anti-espionage legislation or by the existing State Secrets Protection Act — but no internal risk mapping has been done.
• Engineer and executive mobility between your Japan entity and counterparts in countries of concern has not been reviewed against technology leakage rules, which now carry criminal penalties under existing law.
• You are not aware of recent case law (including the POSCO litigation) establishing how Japanese courts treat cross-border technology transfer disputes.

Economic Security Intelligence Protection Act, employee clearance, government contracting

• Your Japan entity participates in — or intends to participate in — government contracts or public-private partnerships in sensitive sectors, but the new security clearance requirements have not been assessed.
• You have not reviewed how the security clearance system may affect your ability to second employees to or from Japan entities involved in designated projects.
• The Japan National Intelligence Agency (established 2026) and its interaction with private sector companies in your sector has not been monitored.

BIS/EAR, IEEPA, China data law, Taiwan supply chain risk

• Your Japan operations have US-origin technology or are part of a supply chain subject to US export controls (BIS/EAR), but the interaction with Japan’s own economic security framework has not been mapped.
• You source materials, components, or services from China and have not assessed exposure under China’s revised cybersecurity and data laws, which affect Japan-based companies with China-side operations.
• Taiwan-related supply chain risk — including technology leakage rules and economic security legislation in Taiwan — has not been incorporated into your Japan-side risk framework.