Singapore Signs Memorandum of Cooperation with Japan on Mutual Recognition of Internet-of-Things Cybersecurity Schemes

1.           A Memorandum of Cooperation (MoC) on the mutual recognition of Internet-of-Things (IoT) cybersecurity schemes was signed by Ms Rahayu Mahzam, Minister of State for Digital Development and Information and Mr. Ino Toshiro, State Minister of Economy, Trade and Industry (METI) of Japan.

Singapore – Japan MoC

2.           The Cyber Security Agency of Singapore (CSA) and the METI of Japan have agreed on this MoC to mutually recognise the labelling scheme for smart devices in either country. Under this arrangement, smart devices that have obtained cybersecurity labels under Japan's JC-STAR scheme[1] and Singapore's Cybersecurity Labelling Scheme (CLS)[2] will be mutually recognised, allowing manufacturers to apply for the other country's labelling scheme through a streamlined process. This will apply to smart devices such as smart home assistants, home automation and alarm systems, IoT gateways and hubs that connect multiple devices. 

3.           Japan is the fifth nation to enter into such an arrangement with Singapore. Prior to this, Singapore had established similar arrangements with Finland^[3], Germany, the Republic of Korea, and the United Kingdom. This cooperation enhances cybersecurity standards for IoT devices across both nations, provides market access for manufacturers, whilst giving consumers greater confidence in the security of their smart devices. It will take effect on 1 June 2026.

4.           Since the launch of the CLS in 2020, CSA has received applications for over 1,000 products, ranging from routers to smart lighting to smart cameras.

About the Cyber Security Agency of Singapore

Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes.

CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg.

About the Ministry of Economy, Trade and Industry (METI)

METI is a cabinet-level ministry of the Government of Japan with responsibility for economic, industrial, and technology policy, including aspects of cybersecurity governance. Established in January 2001, METI leads policy development on digital transformation, industrial cybersecurity, and the security of connected products and critical industrial systems. Its functions include setting cybersecurity guidelines and standards for industry, supporting supply-chain and product security, and promoting the secure adoption of emerging technologies. METI also coordinates with other government bodies and international partners to address cyber risks affecting industry, critical infrastructure, and advanced manufacturing. For more information, please visit https://www.meti.go.jp/english/.

[1] Japan Cyber STAR (JC-STAR) is a Japanese labelling scheme for IoT devices which assesses products against defined security requirements and assigns levels to indicate their security assurance.

[2] CLS is a voluntary scheme, except for Wi-Fi routers, for which obtaining a CLS Level 1 is mandatory. Under the scheme, smart devices will be rated according to their levels of cybersecurity provisions, and have the ratings displayed on the products as asterisks (one to four stars), where each additional asterisk indicates that the product has completed progressively more rigorous testing and security assessments.

[3] Singapore and Finland entered into a mutual recognition arrangement in 2021. However, Finland has since discontinued its cybersecurity labelling scheme on 31 July 2025.