Approximately 40 nations including Japan and the U.S. agreed to make any military software that may be used in a cyberattack subject to export controls. While machines for military use (weapons) had been the main target of export control until recently, the countries now realize that a large-scale cyberattack against military and communication infrastructure would inflict significant damage equivalent to damage caused by conventional arms. Nations that share the same concern will start a concerted effort to facilitate more effective countermeasures against the unintended outflow of military software.

At the end of 2019, representatives of export-control authorities from like-minded nations gathered in Austria under an international framework called the “multilateral export control regime” and agreed to expand items subject to nations’ export control systems. Under the agreement, the participating countries, including Japan, the U.S., Great Britain, Russia, and India, will start developing more effective export-control systems starting in 2020.  China, North Korea, and Iran are not participating in the effort.

In Japan, before a cabinet decision is made, the Ministry of Economy, Trade and Industry (METI) will work out details of the necessary amendments to relevant governmental and ministerial ordinances, possibly by the end of FY2020.

METI will then add applicable items to the export control list, where controlled items are officially categorized. The items on the list will require METI’s approval for export overseas, regardless of destination. If a company exports a controlled item without approval, the company will be subject to criminal law or administrative action.

One of the main items that will become subject to export control is software used in cyberattacks that degrade military capabilities. All software designed for military use will be subject to export control. (Abridged)