Japan and EU Strengthen Cybersecurity Ties through INSTAR Project Working Group in Brussels
Brussels, Belgium – 27 January 2026, the Japan–EU Cybersecurity Working Group convened in Brussels to advance international cooperation on digital security standards. Held under the EU-funded INSTAR Project, an initiative we proudly coordinate, the meeting brought together leading cybersecurity experts from the INSTAR Project and policymakers from Japan’s to discuss technical standards and regulatory frameworks that underpins cybersecurity compliance.
The meeting was attended by representatives from Japan’s Ministry of Economy, Trade and Industry (METI), alongside experts from the European Commission’s Directorate-General for Communications Networks, Content and Technology (DG CONNECT), the Japan Business Council in Europe (JBCE), the Information-technology Promotion Agency (IPA), and the JC-STAR Operations Office.
The session focused on a critical comparative analysis of two landmark security frameworks: Japan’s JC-STAR (Cybersecurity Conformity Assessment Scheme) and the European Union’s Cyber Resilience Act (CRA). Japan’s STAR-1 level scheme has been operational since March 2025, while the EU CRA will introduce mandatory obligations for manufacturers to report actively exploited vulnerabilities from September 2026, with the remaining requirements entering into force in December 2027.
“The Japan–EU Cybersecurity Working Group marks a pivotal moment in international digital cooperation between Japan and the EU. By bridging the gap between Japan’s JC-STAR assessment scheme and the EU’s Cyber Resilience Act (CRA), we are not just comparing policies, we are actively building a joint approach. This collaboration promoted within the INSTAR project ensures that as our digital infrastructures become more interconnected, our security standards remain harmonised, resilient, and ready.” Damir Filipovic, Managing Consultant at BluSpecs.
Comparing regulatory frameworks and implementation timelines
Participants exchanged views on how the two frameworks address cybersecurity requirements across the product lifecycle, with particular attention to conformity assessment, vulnerability handling and manufacturer obligations. The discussion provided a shared technical understanding of how JC-STAR and the CRA differ in scope and implementation, while identifying areas where the two approaches may be complementary.
The agenda included:
- Comparative analysis of the JC-STAR and CRA frameworks, including scope, assessment mechanisms, and regulatory objectives
- Future cooperation policy, with a focus on continued dialogue and exploration of synergies between the Japanese and EU approaches
The parties agreed to continue exploring opportunities for cooperation and alignment between their respective schemes, recognising the importance of regulatory clarity for manufacturers operating across both markets.
The Japan–EU Cybersecurity Working Group contributes to ongoing efforts to ensure that emerging cybersecurity regulations are interoperable, technically grounded, and supportive of secure global digital innovation.
About INSTAR Project
INSTAR is an EU-funded initiative launched in January 2024, designed to support the implementation of Europe’s Digital Partnerships and the EU-US Trade and Technology Council (TTC). Coordinated by BluSpecs, INSTAR brings together a consortium of partners including AIOTI – the Alliance for IoT and Edge Computing Innovation, Trialog, TU Delft, Trust-IT Services, COMMpla, the Australian Institute of Technology, the National Centre for Scientific Research “Demokritos”, Fraunhofer, and fortiss. such as Japan, Australia, Canada, Singapore, South Korea, Taiwan, and the United States to advance international common standards across key technology domains, including cybersecurity, artificial intelligence, digital identity, quantum technologies, IoT, 5G, 6G, and data technologies.