Tokyo and Washington’s crackdown on Chinese technology: moving toward a global security perimeter while Europe remains exposed

The Japanese government has officially announced a national strategy to completely phase out Chinese technologies from the IT systems of all local governments by the summer of 2027.

This initiative, coordinated by the Digital Agency and the Ministry of Internal Affairs and Communications, aims to protect citizens’ sensitive data and the integrity of civil infrastructure from potential espionage or sabotage orchestrated by foreign actors through supply chain compromise.

This approach confirms and technically validates our analysis of the concept of liminal warfare—that gray area between peace and conflict where cyberespionage is not merely a hostile act, but a systemic pillar of the Chinese economy, underpinned by national laws such as the 2017 National Intelligence Law, which require companies to actively cooperate with Beijing’s intelligence services.

The technical cornerstone of Japan’s plan is the Japan Cyber-Security Technical Assessment Requirements (JC-STAR) certification system, which imposes extremely stringent security standards on every device purchased by Japan’s approximately 1,700 municipalities through the evaluation of four levels of structural criticality. The scheme mandates STAR-1 as a unified baseline, requiring unique predefined passwords for each piece of hardware and full transparency throughout the software update lifecycle, thereby eliminating historical vulnerabilities stemming from shared factory credentials. For critical categories such as routers and network cameras, STAR-2 and STAR-3 levels require in-depth penetration testing and the complete absence of exposed physical or logical debug interfaces such as UART or Telnet.

These "entry points" have been repeatedly identified by Extrema Ratio as preferred channels for data exfiltration or the deployment of persistent malicious code by state-sponsored actors.

The security architecture mandated by Tokyo also requires that firmware integrity be strictly verified using digital signatures during every over-the-air update procedure, ensuring that the system rejects any packet not authenticated by the certified manufacturer. Each device must include an encrypted QR code that links to the IPA national agency’s database, allowing municipal technicians to monitor the status of vulnerabilities and the validity of technical certification in real time. By June 2026, a revision of the ministerial ordinance will mandate the use of hardware with response times to critical threats of less than fifteen seconds in dynamic verification tests, thereby concretely addressing the need for independent IoT certification authorities as advocated by Extrema Ratio.

This move aligns perfectly with U.S. policies, where the Federal Communications Commission has scheduled a decisive meeting for April 30, 2026—announced by Chairman Brendan Carr—to revoke authorizations under Section 214. The U.S. proposal aims to bar operators such as China Telecom and China Unicom from providing interstate connectivity and international data transit services, putting an end to so-called “backdoor” tactics—that is, attempts to circumvent the bans through subsidiaries or rebranding.

As has been evident since 2023, companies such as Lenovo, Lexmark, Hikvision, and DJI have been able to penetrate U.S. government technology ecosystems despite federal bans, collecting or stealing sensitive personal data and intellectual property through commercial off-the-shelf (COTS) devices such ast laptops and printers.

While Washington and Tokyo are taking decisive action to secure not only products but also certification processes and operating licenses, Europe is showing a dangerous lack of initiative. Although the “Europe Under Attack 2025” report has been sent to all relevant authorities, European institutions continue to install Chinese products in critical sectors such as justice and healthcare. This lack of a meaningful response leaves citizens and institutions defenseless against a threat that aims to erode the sovereignty of Western democracies from within through technological cyber-expropriation and control of big data.

The convergence of Japan’s JC-STAR protocols and U.S. federal restrictions is accelerating the fragmentation of the global market into opposing spheres of influence, where supply chain security and firmware integrity take precedence over the cost advantages of Chinese suppliers, finally neutralizing the influence of companies that act as technological lapdogs for Beijing’s security apparatus.