Understanding the New Security Clearance System under the Important Economic Security Information Protection and Utilization Law
In Reiwa 6 (2024), the “Act on the Protection and Utilization of Important Economic Security Information” was enacted, and with it, a new Security Clearance System was established (to be enforced in May 2025). This development stems from the growing need for information security systems in the international economic security arena and the demands of businesses.
This article provides a detailed explanation of the newly established Security Clearance System under the “Act on the Protection and Utilization of Important Economic Security Information” in Japan. It highlights the differences from the existing security clearance system under the “Act on the Protection of Specially Designated Secrets,” the targeted companies, the advantages and disadvantages, and the responses that companies should take.
Understanding the Security Clearance System in Japan
The Security Clearance (SC) system in Japan is a certification process that grants authorized individuals access to Classified Information (CI), which the government designates as crucial for national security, after a proper evaluation of their suitability.
To obtain a security clearance, the criteria and categories of CI designated by the country vary, but typically Facility Clearances (FCL) and Personnel Clearances (PCL) are conducted. Permission is granted only when it is determined that there is no risk of information leakage.
In Japan, the “Act on the Protection of Specially Designated Secrets” establishes a security clearance system for administrative agencies and private businesses that handle “Specially Designated Secrets.”
In Reiwa 6 (2024), the “Act on the Protection and Utilization of Important Economic Security Information” was enacted, creating a new security clearance system primarily targeting private companies that handle “Important Economic Security Information,” which does not fall under “Specially Designated Secrets” or “Special Defense Secrets” (effective as of May 17, Reiwa 7 (2025)).
The range designated by the government according to the sensitivity of CI (Classified Information) can be compared internationally and is illustrated in the following figure:
Top Secret level corresponds to information whose leakage could cause “exceptionally grave damage,” Secret level to “serious damage,” and Confidential level to information that can “reasonably be expected to cause damage.” “Important Economic Security Information” falls under the Confidential level, equivalent to “significant impediment.”
Reference: Cabinet Secretariat “Bill on the Protection and Utilization of Important Economic Security Information“
Reference: Cabinet Secretariat “Comparison of Information Security Systems in Various Countries (Classification of Information Subject to Security Clearance)“
The Purpose of the Japanese Economic Security and Critical Information Protection and Utilization Act
The Japanese Economic Security and Critical Information Protection and Utilization Act was established against the backdrop of the growing necessity for information security systems in the field of economic security on an international level and the needs of corporations.
This Act, as part of Japan’s economic security legislation, was enacted in Reiwa 4 (2022) following the objectives of the “Act on Promotion of Economic Security” and expands upon the scope of information covered by the security clearance system introduced by the “Act on the Protection of Specially Designated Secrets,” which was implemented in Heisei 26 (2014), to complement it (Article 1).
The newly established security clearance system under the “Economic Security and Critical Information Protection and Utilization Act” consists of the following three main components:
- Rules for the designation and declassification of critical economic security information (Articles 3 to 5)
- Strict rules for the management and provision of critical economic security information (Articles 6 to 17)
- Penalties (Articles 22 to 27)
Source: House of Representatives, “Bill on the Protection and Utilization of Critical Economic Security Information“
Designation and De-designation of Critical Economic Security Information
Each administrative agency in Japan has the authority to designate and set the effective period for CI (Confidential Information) as “Critical Economic Security Information,” and to de-designate it when it no longer meets the requirements.
Similar to “Specified Secrets,” “Critical Economic Security Information” is designated by specific administrative agencies, and other agencies that require access to this information must obtain consent.
There are three requirements for the information to be designated as “Critical Economic Security Information” by an administrative agency (Article 3, Paragraph 1):
- It must be “Critical Economic Infrastructure Protection Information” (applicability | explained in detail below)
- It must not be publicly known (non-public knowledge)
- There must be a particular need for secrecy because its leakage could potentially disrupt the security of our nation (special necessity for confidentiality)
“Critical Economic Infrastructure Protection Information” refers to the following four types of information related to the protection of “Critical Economic Infrastructure (critical core infrastructure & supply chains of essential goods)” (Article 2, Paragraphs 3 and 4, Economic Security Promotion Act Enforcement Order Articles 1 and 9):
- Measures, plans, and research to protect critical economic infrastructure from external actions
- Important information related to critical economic infrastructure (vulnerabilities of critical economic infrastructure, innovative technologies, etc.) that pertains to security
- Information from foreign governments and international organizations collected regarding the measures in 1
- Collection, organization, and capability related to the information in 2 and 3
Specific candidates for designation include the following:
- Cyber-related information (information on cyber threats and countermeasures, etc.)
- Regulatory system-related information (information on reviews, analysis, etc.)
- Research, analysis, and R&D-related information (information on industrial and technological strategies, vulnerabilities in supply chains, etc.)
- International cooperation-related information (information on international joint research and development)
Furthermore, there are cases where secret information held by a company as a result of a contract requested by an administrative agency is designated as “Critical Economic Security Information.”
In such cases, the company can hold the information as its own “Critical Economic Security Information,” but it cannot provide it to third parties unless it is necessary for the public interest (Article 10, Paragraphs 2, 5-7).
However, there is a risk of it being disclosed to other suitable contractors contracted by the government.
Strict Management and Provision of “Critical Economic Security Information” Under Japanese Law
Here, we will explain the requirements and rules for “eligible businesses” that the government can provide with “Critical Economic Infrastructure Protection Information” in Japan.
Requirements for “Eligible Business Operators”
Business operators that meet the following criteria are considered “eligible business operators” who have implemented the necessary security measures at their facilities to preserve “important economic security information,” in accordance with standards set by government ordinance (Article 10, Paragraph 1).
- Business operators that need to eliminate vulnerabilities in “critical economic infrastructure”
- Business operators engaged in activities that contribute to the elimination of vulnerabilities in “critical economic infrastructure”
- Business operators conducting research on “critical economic infrastructure”
- Business operators engaged in activities that contribute to research on “critical economic infrastructure”
- Business operators in possession of “critical economic infrastructure protection information”
- Business operators engaged in activities to protect “critical economic infrastructure protection information”
To obtain a security clearance for “critical economic infrastructure protection information,” a private business operator must first:
- Ensure that they meet not only the physical management requirements (information preservation system) for their facilities but also the organizational requirements (considering the impact of foreign ratios, etc.) to pass the Facility Clearance (FCL) assessment by the administrative agency that holds the necessary “important economic security information,” and
- Enter into a Non-Disclosure Agreement (NDA) with the said administrative agency as an eligible business operator, and
- Ensure that their employees obtain Personal Clearance (PCL).
The assessment for Facility Clearance (FCL) and Personal Clearance (PCL) is subject to review by the administrative agency, but a certain standard can be inferred from the published sample application form.
Rules After Obtaining Security Clearance
Even if the information is held by the administrative agency with which a compliant business entity has contracted, access to “Critical Economic Infrastructure Protection Information” designated by another administrative agency is possible with the consent of that designating agency.
Therefore, to access “Critical Economic Infrastructure Protection Information” not held by the contracting administrative agency, it is necessary to contract with the agency that holds the information.
This certification process is established to minimize the risk of information leakage and follows the “Act on the Protection of Specially Designated Secrets” in Japan.
Compliant business entities may not provide “Critical Economic Security Information” to third parties unless it is necessary for the public interest (Article 10, Paragraph 6).
On the other hand, when accessing Confidential Information (CI) of a foreign government or when there is a need to provide “Critical Economic Security Information” to foreign governments, institutions, or private companies, it must be done through their respective national governments.
The validity period for Personal Clearance (PCL) in handling “Critical Economic Security Information” is 10 years. Therefore, individuals expected to handle such information beyond 10 years must undergo a proper evaluation again.
However, even within the validity period, if there is a risk of leaking “Critical Economic Security Information,” a re-evaluation is necessary (Article 11, Paragraph 1).
Meanwhile, the validity period for security clearance under the “Act on the Protection of Specially Designated Secrets” in Japan is five years. However, individuals who have obtained clearance (recently evaluated for “Specially Designated Secrets”) and have not yet reached five years since acquisition can handle “Critical Economic Security Information” without undergoing an evaluation under the “Act on the Utilization and Protection of Critical Economic Security Information,” provided they are with the same administrative agency (Article 11, Paragraph 2).
Penalties Under the Japanese Act on the Protection of Specially Designated Secrets
Individuals who leak ‘important economic security information’ (including those who are no longer engaged in such activities) or who acquire it improperly are subject to imprisonment for up to five years or a fine of up to 5 million yen, or both, according to Articles 22 and 23 of the Act.
The Act on the Protection and Utilization of Important Economic Security Information introduces dual penalty provisions not found in the Act on the Protection of Specially Designated Secrets, applying the aforementioned penalties to businesses as well (Article 27).
Furthermore, there are penalty provisions for attempted and negligent offenses.
On the other hand, compliant businesses are prohibited from misusing or treating employees unfairly if they receive notification of the results of a suitability assessment for employees subject to security clearance, or if the employees do not consent to the assessment (such as in personnel evaluations or inappropriate job reassignments). If a violation occurs, the government has indicated a policy of terminating contracts with the compliant business.
The Pros and Cons of Obtaining Security Clearance in Japan
The new security clearance system in the field of economic security in Japan is expected to provide expanded business opportunities, particularly for companies aiming to participate in international joint research and development or foreign government procurement. Having a security clearance (SC) enables participation in meetings, transactions, and bids where holding an SC is a requirement.
On the other hand, there are risks associated with sharing ‘critical economic security information’ and the costs of obtaining and maintaining a security clearance, as well as the risk of losing business opportunities due to delays in compliance.
To avoid risks and capitalize on the benefits, proactive measures are required in anticipation of the new security clearance system in Japan.
Required Corporate Responses Under Japanese Law
Corporations are required to assess the advantages, disadvantages, and impacts of the newly established Security Clearance System under the “Act on the Protection and Utilization of Important Economic Security Information,” which will come into effect in May 2025 (2025年5月), and consider their responses accordingly.
When private sector operators respond to government requests for cooperation involving Critical Infrastructure (CI), it is considered appropriate to reasonably consider the nature of support for their security preservation efforts, taking into account the circumstances and realities.
For employees who are subject to security clearance, it is necessary to consider appropriate measures that do not constitute misuse or disadvantageous treatment.
For guidelines on the operation, please refer to the “Standards for Designating and Revoking Important Economic Security Information, Conducting Suitability Assessments, and Certifying Compliant Operators (Draft)” published by the Cabinet Office, available here.
Conclusion: Consult with a Specialized Attorney for New Security Clearance Acquisition
We have explained the security clearance system under the newly enacted “Critical Economic Security Information Protection and Utilization Act” of Reiwa 7 (2025), including the targeted companies, benefits and drawbacks, and key points for compliance.
While obtaining a security clearance can expand business opportunities, it is also important to be mindful of the costs associated with its acquisition and maintenance.
If you have any uncertainties or need strategies regarding the security clearance system under the “Critical Economic Security Information Protection and Utilization Act,” we recommend consulting with a highly specialized international attorney.
Guidance on Measures Provided by Our Firm
Monolith Law Office is a law firm with high expertise in both IT, particularly the internet, and legal matters. We provide a wide range of legal support and services, including the creation and review of contracts, for clients ranging from Tokyo Stock Exchange-listed companies to venture businesses. For more details, please refer to the article below.
Areas of Practice at Monolith Law Office: Corporate Legal Affairs for IT & Venture Companies
Category: General Corporate
Tag: General CorporateIPO
Related Articles
Legal Issues with Real-Name Reporting of Arrest Records and Criminal History: Does it not Consti.
General Corporate
Copyright System in Japan: The Complete Picture of Copyrights and Related Rights that Managers S.
General Corporate
Explaining the Key Points of the Amended 'Japanese Whistleblower Protection Act': What Measures .
General Corporate
Internet Usage Time Surpasses Television Viewing Time for the First Time: An Explanation of Medi.
General Corporate
