The government will demand that, in principle, all independent administrative agencies and designated corporations that handle the people’s private data not use Chinese telecommunications equipment, such as that made by Huawei Technologies Co., sources said.
Operational guidelines are to be revised soon, with the goal of strengthening protections against personal data theft and cyber-attacks.
In April last year, the government began making comprehensive assessments that include not only price but also security risks when choosing sources for communications equipment for central ministries and agencies.
This effectively eliminated Huawei, ZTE Corp. and other companies as sources of equipment.
The new provisions would affect 96 entities that must to take the necessary actions under the basic law on cybersecurity.
These include 87 independent agencies such as the Government Pension Investment Fund, the National Institute of Advanced Industrial Science and Technology, and the Japan Atomic Energy Agency, as well as nine designated corporations such as the Japan Pension Service and the Japan Agency for Local Authority Information Systems, which operates systems related to My Number.
The relevant ministries and agencies will also discuss new guidelines as early as June.
The entities would then make procurement decisions after consulting with the National Center of Incident Readiness and Strategy for Cybersecurity and other organizations. If security risks are discovered the center would request a replacement source be found.
The administration of U.S. President Donald Trump sees products from Huawei, ZTE and other Chinese firms as threats to national security and has banned companies that do business with the government or government agencies from using them.
This is aimed at eliminating “supply chain risks,” in which a company is used as a stepping stone for data theft or cyber-attacks after it unwittingly introduces a malicious program.
Japan is keeping pace with moves by the United States.
While administrative agencies and other entities manage the personal information of Japanese citizens, as well as state-of-the-art technology that is valuable to the nation, they have limited personnel and are seen by some as having weaker protections against cyber-attacks than the central ministries and agencies.
A cyber-attack on the Japan Pension Service in 2015 resulted in the exposure of about 1.25 million items of personal information, including basic pension numbers.
The spread of next-generation 5G communication standards will increase the amount of data being sent and received, which is seen as also raising the risk of cyber-attacks.
The government hopes to reduces these risks by revamping its procurement procedures.