Singapore’s Cyber Security Agency (CSA), Japan’s Ministry of Economy, Trade and Industry (METI), and South Korea’s Korea Internet & Security Agency (KISA) are strengthening cooperation between their national IoT cybersecurity schemes. This development supports a more efficient certification pathway for consumer IoT manufacturers seeking access across Asian markets.
A clearer pathway for cross-border IoT cybersecurity compliance
This development combines two important milestones:
- A memorandum of cooperation (MoC) between Singapore and Japan, effective as of 1 June 2026.
- Mutual recognition arrangements (MRAs) between Singapore and South Korea for cybersecurity labelling of consumer smart products.
Together, these developments further advance the alignment of IoT cybersecurity labelling schemes - CLS, JC-STAR and KISA CIC.
What IoT cybersecurity alignment in Asia means for manufacturers
What IoT cybersecurity alignment in Asia means for manufacturers
For manufacturers and developers of connected devices, this alignment supports a more streamlined compliance pathway. Certification through CSA can facilitate access to multiple Asian markets while reducing the need for duplicate conformity assessments.
Building on this, the technical mapping between the schemes — aligned with international standards such as ETSI EN 303 645 —enables a more consistent approach to product security across jurisdictions. Defined equivalencies between schemes, such as between CLS and JC-STAR baseline requirements, allow certified products to undergo simplified application processes when entering additional markets.
This alignment enables products certified under either scheme to undergo a simplified application process when seeking the corresponding Level 1 label in the other jurisdiction. For this purpose, certification levels within each scheme are normalised to their respective baselines (CLS Level 1 and JC-STAR STAR-1).
Under the newly activated Japan-Singapore mechanism, Japan’s JC-STAR (STAR-1) baseline requirements are recognized as equivalent to Singapore’s Cybersecurity Labelling Scheme (CLS) Level 1, establishing a defined baseline mapping between the two schemes.
Under the cooperative framework between South Korea and Singapore, South Korea’s KISA Certificate of IoT Cybersecurity (CIC) Basic Level and above are recognized as meeting the requirements of CLS Level 3. Together, these developments allow technical product teams to apply a more consistent and scalable approach to product security, while reducing duplicative evaluation efforts across markets.
As a result, this development can:
- Reduce the need for repeated testing and certification activitiesduce the need for repeated testing and certification activitiesduce the need for repeated testing and certification activities
- Support faster IoT cybersecurity market access across Asia-Pacific
- Provide greater predictability in regulatory requirements
- Enable more efficient scaling of product security strategies
- Allow product teams to design against a more unified and scalable security baseline rather than addressing separate national requirements
How Brightsight supports IoT market access
How Brightsight supports IoT market access
As cybersecurity requirements become more aligned — but also more demanding — independent evaluation and certification remain essential.
Brightsight supports manufacturers by:
- Performing security evaluations aligned with CLS, JC-STAR and other international schemes
- Providing guidance on requirements mapping and certification strategies across regions
- Supporting efficient testing approaches to help reduce duplication
With experience across global certification frameworks, Brightsight supports customers in navigating increasingly interconnected cybersecurity ecosystems.
About the frameworks
About the frameworks
Cybersecurity Labelling Scheme (CLS) Singapore: Administered by the Cyber Security Agency of Singapore (CSA), the CLS is a multi-tiered rating system (Levels 1 through 4). It ranges from basic baseline assessments to advanced software analysis and third-party laboratory testing, designed to differentiate smart devices based on their cybersecurity provisions.
Japan Cyber STAR (JC-STAR): Supervised by the Ministry of Economy, Trade and Industry (METI) and managed by the Information-technology Promotion Agency (IPA) under METI's 2024 IoT Product Security Conformity Assessment Scheme Policy, JC-STAR visualizes the security functions of connected devices against baseline (STAR-1) and advanced (STAR-2 to 4) technical assessment requirements.
KISA Certificate of IoT Cybersecurity (CIC) South Korea: Overseen by the Korea Internet & Security Agency (KISA) under the Ministry of Science and ICT (MSIT), CIC evaluates IoT devices to assure technical reliability, serving as a foundational benchmark for national and international trust. KISA’s CIC specifically uses a three-tier naming convention: Lite, Basic, and Standard.
Looking to navigate IoT cybersecurity requirements across multiple markets?
Looking to navigate IoT cybersecurity requirements across multiple markets?
Get in touch with our experts to explore an efficient evaluation and certification approach.
