Japan IoT Security JC-STAR Certification
What Products Require JC-STAR Certification?
According to the official definition, the core scope of JC-STAR certification covers IoT products, which consist of the following two components:
(1) IoT Devices
Refers to devices equipped with IP communication capabilities, for which users cannot easily enhance security by installing software or other means on their own. They mainly fall into two categories:
① Devices that can connect directly to the Internet: such as smart cameras, routers, smart TVs, etc.
② Devices that can access internal networks: such as smart home controllers, industrial sensors, network printers, etc., which exchange data with the Internet indirectly through gateways and other equipment.
(2) Necessary Associated Services
Refers to digital services that IoT devices must rely on to fULfill their intended functions. Examples include:
① Voice assistant cloud services requiRED for smart speakers
② Mobile applications and video cloud storage services required for network cameras
③ Remote control platforms required for smart home appliances
Only when the "device" and the "service" are combined to achieve complete functionality shall they be regarded as a single entity – an "IoT product" – and included within the certification scope.
Category | Description |
IoT Devices | Divided into two types: direct Internet connection and internal network access. Direct connection examples include smart cameras, while internal network access examples include smart home controllers. |
Necessary Associated Services | Digital services that devices must rely on to perform their functions, such as voice assistant cloud services and mobile applications. |
What Products Are Excluded from the JC-STAR Certification Scope?
To avoid ambiguity, official JC-STAR documents explicitly exclude the following product categories:
General IT Equipment: such as personal computers, laptops, smartphones and tablets. These products are characterized by high user autonomy, allowing users to independently install and configure various security software (e.g., antivirus software, firewalls) to enhance security.
Please note: Even if a product runs on a general-purpose operating system (e.g., Linux), it may still fall within the certification scope if its functions are highly customized, and users cannot easily install security software or modify core security configurations. The key criterion for judgment is whether users can independently and conveniently enhance the product's security.
Quick Self-Check: Three Steps to Determine If Your Product Meets the Requirements
Please follow the three steps below for a preliminary assessment of your product:
Start JC-STAR Scope Self-Check
1. Does the product have IP communication capabilities?
① Yes → Proceed to Step 2
② No → Your product is most likely outside the scope
2. Does the product belong to general IT equipment (PC/smartphone/tablet)?
① Yes → JC-STAR certification is not required (explicitly excluded)
② No → Proceed to Step 3
3. Is the cloud service/application a mandatory requirement for the product to realize its core functions?
① Yes → The product is within the certification scope; it is recommended to plan for certification immediately
② No → The product falls into a gray area of certification scope; professional analysis and judgment are required. Please contact experts immediately for a detailed evaluation
(Note: Logic of the self-check process: Step 1 confirms IP communication capability; if not available, the product is mostly out of scope. If available, Step 2 judges whether it is general IT equipment, which is excluded if affirmative. Otherwise, Step 3 assesses the dependency of core functions on cloud services/applications; if affirmative, it is within the scope; otherwise, a comprehensive judgment is required.)
Typical Examples: Overview of Common Product Scope Classification
Product Type | Typical Examples | Within Scope | Key Judgment Basis |
Consumer Products | Smart TVs, smart speakers, Wi-Fi routers | Yes | Equipped with IP capabilities; users cannot install security software |
Security Equipment | Network cameras, smart door locks, sensors | Yes | Relies on cloud services and applications; classified as dedicated equipment |
Industrial Equipment | Smart PLCs, industrial gateways, networked sensors | Yes | Dedicated for industrial environments; security settings are solidified by manufacturers |
General IT Equipment | Laptops, smartphones, tablets | No | Users can independently install various security applications |
Peripheral Equipment | Smart watches, wireless headsets | Case-by-case | Determined by whether they connect to the network independently or only function as mobile phone accessories |
Core Value: Why Is It Essential to Clarify the Certification Scope?
Making an accurate scope judgment is not only a regulatory requirement but also holds direct commercial value:
① Avoid Misallocation of Resources: Prevent investing budget and energy in products that do not require certification.
② Seize Market Opportunities: Ensure products requiring certification obtain approval in a timely manner and do not miss procurement windows.
③ Plan Product Strategy: For enterprises with extensive product lines, a phased and prioritized certification strategy can be formulated accordingly.
Email:hello@jjrlab.com
Write your message here and send it to us
2026 FCC Certification and Compliance
What are the requirements of UL 62368-1:2025?
Electric Bicycle Certification in New South Wales,
What is the European Accessibility Act (EAA)?
Compliance Guidelines for India IS/IEC 62368-1:202
16 CFR Part 1512 Compliance Testing Laboratory
Electromagnetic Compatibility and Interference Tes
What is 21 CFR Part 11 Compliance and Regulations
Leave us a message
24-hour online customer service at any time to respond, so that you worry!