Last updated: June 2026. This article reflects the draft revisions discussed at OCCTO's Grid Code Review Committee as of June 2026. Source-based facts are linked at the end of each section. It will be updated when the governing texts — the grid interconnection technical-requirements guideline, each utility's interconnection technical requirements, and the Grid Interconnection Code — are promulgated.
JC-STAR — designed in 2024 and operational since March 2025 — is fast ceasing to be a "nice-to-have" quality mark. Through three separate channels — grid connection, subsidies, and public procurement — it has become a variable that shapes the equipment selection of a grid-scale battery itself. The largest of these is the planned mandate for ★1-certified products in the April 2027 revision of the grid interconnection technical requirements. And yet the phrase "mandatory from April 2027" is half right and half premature. The direction is fixed; the text that would codify it has not been promulgated. This column separates what the draft revision has settled from what cannot yet be asserted, checking each against primary sources.
For readers who already navigate NERC CIP, IEC 62443, the EU Cyber Resilience Act, or the UK PSTI Act, it pays to place JC-STAR before going further. The orientation below is what spares an overseas investor the two most common misreadings.
Why a battery needs cybersecurity at all
A grid-scale battery is no longer "a box that stores electricity." It is a highly networked asset that talks to an aggregator's cloud platform over the internet around the clock, bidding into the JEPX spot market, the balancing market and the capacity market and cycling charge and discharge in real time. This "always-on external communication" is what creates the new risk. If the gateway or EMS that controls a battery is attacked and an unauthorized mass charge/discharge is executed at scale, the consequence need not stop at a local outage — it can propagate through frequency deviation toward a large-scale blackout.
This is not abstract. In May 2024, a remote-monitoring device for solar PV installations (Contec's SolarView Compact) had a known vulnerability exploited; a government document records a scale of "about 800 units" abused for fraudulent transfers in internet banking. The device's maker states that, because the affected product has no output-control function, there is no direct impact on the grid. The government text reads "about 800 units … were abused," and from the primary source alone one cannot tell how many were actually taken over versus how many merely held the vulnerability — so we do not assert a figure here. Either way, the case showed plainly that internet-exposed communication devices in the renewables-and-storage stack become real attack targets. That is the direct backdrop to the state's effort to wire an IoT-product security conformity scheme into the technical requirements for grid connection.
Source: OCCTO, 20th Grid Code Review Committee material (gridcode_20_05.pdf), p.7 (the "about 800 units" case and the maker's statement of no grid impact; derived in part from the 83rd Electricity and Gas Basic Policy Subcommittee, Nov 20, 2024, Document 6) | Contec, "Notice regarding SolarView Compact" (May 7, 2024; vulnerability/backdoor advisory) | IPA, JC-STAR scheme (English)
Inside "April 2027" — timing and trigger
Start with the timing, across four generation categories. Solar and storage had their timing set at the 20th Grid Code Review Committee (Dec 16, 2025); the 21st (Mar 31, 2026) newly added wind and fuel cells. This part is settled and may be stated as fact.
| Category | Applies from | Trigger (draft) | Transitional / notes |
|---|---|---|---|
| Extra-high / high voltage (solar, storage) | Apr 2027 | Contract application for grid access | JPEA has requested grace for self-consumption types. Open (under coordination between ANRE and JPEA) |
| Low voltage under 50 kW (solar, storage) | Oct 2027 | Contract application for grid access | A six-month delay as a transitional measure, to clear existing channel inventory (legacy inverters, etc.) |
| Wind | Apr 2027 | — | Early application limited first to the gateway firewall (or a device with equivalent protection). Other devices to follow promptly |
| Fuel cells | Apr 2028 | — | Forms that use a PCS are in scope. Transitional measures as needed |
The path to here reads more clearly laid out by committee session.
Decision to mandate ★1
For solar and storage, the committee decided to require the use of JC-STAR ★1-certified products in the April 2027 revision of the grid interconnection technical requirements; low voltage under 50 kW from October 2027. At this stage the wording was "newly connected to the grid on or after April 2027" — ambiguous as to application versus connection.
Trigger unified to "contract application"; wind / fuel cells added
The draft code revision made the basis explicit — "the contract application for grid access" — for EHV and HV as well. It also presented wind at April 2027 (limited to the gateway firewall) and fuel cells at April 2028, which the members endorsed.
No text yet — guideline, interconnection technical requirements, Grid Interconnection Code
The formal revised versions incorporating the cybersecurity requirements are not yet promulgated. ANRE's published grid interconnection technical-requirements guideline remains the Dec 1, 2024 revision, and the Grid Interconnection Code (Japan Electric Association) is described as "to be reflected following the guideline revision." As of June 12, 2026, no scheduling information for a 22nd committee had been posted.
This is the heart of the column. In the first edition of this piece (April 2026), for HV the revised wording read only "newly connected to the grid," and we held back because one could not tell whether the basis was the connection (interconnection / commissioning) or the application. The 21st committee's draft unified that basis to "the contract application for grid access." EHV and HV, like LV, now read as keyed to the application stage rather than "the moment of connection (interconnection / commissioning)" — and that is the single biggest update here. The question that decides a project's life or death — "is it enough to file the connection-contract application by the deadline, or must the project reach commissioning in time?" — has acquired a direction.
Meanwhile, the policy-briefing decks still carry the 20th-committee-era shorthand. Document 5 of the Electricity Sub-WG's 19th meeting (Feb 12, 2026) says "newly connected to the grid on or after April 2027" — read alone, that looks like a connection-date trigger. But it is not the regulatory wording. The same agency, ANRE, explains in its Next-Generation Power Grid WG material (Document 2, Feb 9, 2026) that, in unofficial translation, "projects filing an interconnection contract application after the revision of the technical requirements will, in principle, be unable to connect non-compliant facilities to the grid" — an application-based framing. Do not conflate a slide's summary with the draft provision; getting this wrong shifts a project's entire timeline arithmetic.
JPEA's request is concrete. At the 21st committee, for self-consumption types of 500 kW or less and for projects that — though receiving at high voltage — are built with the same product as a low-voltage interconnection's PCS, it asked for the same grace until October 2027 as low voltage. ANRE responded "to consult case by case," and the chair took it up with "ANRE and JPEA to coordinate as a matter of urgency." In short, even at high voltage there is room for application to be pushed back depending on a project's character. If you hold self-consumption or small-scale projects, the follow-up on this coordination looks worth tracking.
A finer point: exactly which stage of the grid-access procedure "application" refers to is not fully settled either. The draft wording is "the contract application for grid access," which reads as the contract-application stage rather than the preliminary connection-study application. But whether the line is drawn at the connection-contract application or at connection acceptance / contract conclusion is not made explicit in the text, and this looks set to remain a point to confirm against each TSO/DSO's grid-access rules and notices. For your own project, do not assert "what, and as of when, counts as already-applied" without confirming the operational practice.
Source: OCCTO, 21st Grid Code Review Committee, Document 4 (gridcode_21_04.pdf), pp.8-9 (contract-application trigger in Note 1, p.9), p.13 | Minutes of the 21st committee, p.3, p.9 | ANRE Next-Generation Power Grid WG, 7th meeting, Document 2 (Feb 9, 2026) | 20th committee material (gridcode_20_05.pdf), p.12 | ANRE, "Related laws and guidelines" | ANRE Industrial Cybersecurity Study Group, Electricity Sub-WG, 19th meeting, Document 5 (Feb 12, 2026) | OCCTO Grid Code Review Committee (note: the 20th committee's cybersecurity material is labeled "Document 4" in the body but filed as gridcode_20_05.pdf)
Which parts of a battery are in scope
On where the line is drawn, the two extremes one hears in the field are both wrong.
"Make one gateway ★1-compliant and you're exempt"
The PCS itself is a communication device that performs remote control and monitoring, so it can be in scope on its own. A split architecture that concentrates control communication into a gateway is an effective hedge, but it does not let the whole system off by itself.
"Every network device needs ★1"
General-purpose IP communication devices not involved in control (routers, etc.) are not subject to the obligation. The draft narrows the in-scope devices to "IP communication devices involved in control."
The correct line, in the draft's own wording, is: "among the control systems with communication functions adopted by a distributed energy resource, the devices that use IP communication." The center of gravity is the PCS and the EMS. Exclusion provisions are also set, but their reach is asymmetric by device. Internet-connection routers and the like are excluded only for general electrical work (consumer-grade installations), whereas monitoring cameras mediated by a gateway are excluded for all electrical works, including business-use. Conversely, even a device outside the in-scope range is pulled in if it has a control function, or if it links directly to a principal constituent product without passing through a gateway. The crux is that evaluation is "as a communication-and-control system," not "device by device."
| Device | Determination | Conditions / notes |
|---|---|---|
| PCS (inverter) | In scope (settled) | Where it has an IP communication module for remote control/monitoring. The control hub that receives and executes output-control commands — the highest-risk element |
| EMS / site controller | In scope | A cloud-connected EMS / monitoring device is certainly in scope. The most internet-exposed component |
| Gateway / remote-monitoring unit | In scope | Relays control commands; links directly to principal equipment |
| BMS (battery management) | Conditionally in scope | Named explicitly as "PCS / EMS / BMS, etc." in subsidies and the Long-term Decarbonization Power Source Auction. The Grid Code body exemplifies "PCS / EMS, etc."; in scope where it is involved in control and forms part of the communication path |
| Legacy PCS (serial only, e.g., RS-485) | Room to fall outside the wording | Reads as out of scope if it has no IP communication. But in a configuration that rides IP communication via an EMS, it can be brought into scope as a system |
| General IP devices (routers, etc.) | Out of scope | Router exclusion is limited to consumer-grade installations / GW-mediated monitoring cameras are excluded across all works including business-use (both being non-control-involved) |
| Battery cells / packs themselves | Out of scope | Do not communicate directly with the internet (only local communication via the BMS) |
The practical approach is to inventory every device involved in communication and control, list them, and check each individually for whether it holds ★1. Pay particular attention to the line between a legacy PCS with RS-485 only and a cloud-connected EMS — the conclusion moves with the design.
Source: OCCTO, 21st Grid Code Review Committee, Document 4, p.9 | 20th committee material, p.9
What about replacing existing equipment
It looks like a question only for new projects, but existing facilities are not entirely unrelated. The Grid Code carries a general principle that even an already-connected facility has the latest requirements applied at the time of replacement or of swapping a device such as the power conditioner. How the cybersecurity requirement is handled at PCS replacement or EMS renewal, however, is not made explicit in the 21st committee's draft. Since the application trigger is written as "a project that files a contract application," the accurate reading is that the relationship between an existing-equipment replacement and that trigger is not yet sorted out in the text. Leave it as an open point — to confirm against the revised guideline body and the FAQs from METI and each TSO/DSO — rather than asserting an answer.
Source: ANRE Next-Generation Power Grid WG, Document 4-1 (May 24, 2024) (general principle of applying the latest requirements at replacement / device swap)
How JC-STAR is built — ★1 is a self-declaration
JC-STAR is a labeling scheme that evaluates the security functions an IoT device should hold (encrypted communication, access control, secure firmware update, a vulnerability-handling process, and so on) and expresses the result as a number of stars. The point a practitioner cannot overlook is that ★1 is a self-declaration of conformity. It can be obtained on the operator's declaration; external third-party assessment enters not at ★2 but at ★3 and above (★2 is still self-declaration). So a claim of "★1-compliant" still warrants cross-checking against the conformance-label product list to confirm it is actually held.
| Level | Security tier | Method | Applications open |
|---|---|---|---|
| ★ | Baseline requirements (16 items). Forced change of the initial password, secure communication, proof of carrying no known vulnerabilities, and so on. The Grid Code target for April 2027. | Self-declaration | Mar 2025 |
| ★★ | Additional requirements by product class. Criteria under study for communication devices, network cameras, etc. | Self-declaration | Under study |
| ★★★ | For critical infrastructure. Tamper resistance, hardware-level security elements. | Third-party | — |
| ★★★★ | APT resistance. Rigorous verification from the design stage, advanced resilience to unknown vulnerabilities. | Third-party | — |
A conformance label is valid for up to two years from issuance, and ★1 can be renewed in two-year increments. Because a product's status can move from "valid" to "grace before expiry," "expired," or "revoked" after a procurement decision, periodic monitoring of the list becomes part of the due diligence discussed below.
Source: OCCTO, 21st Grid Code Review Committee, Document 4, p.4 (JC-STAR scheme overview) | IPA, "JC-STAR scheme — details"
The ERAB guideline: an earlier de-facto mandate
Ahead of the April 2027 Grid Code revision, the aggregation business already requires JC-STAR conformance. The "Cybersecurity Guideline for ERAB Ver3.0," finalized on May 22, 2025, added a requirement that, when a resource aggregator newly introduces an IoT device as a control target, it select a product meeting JC-STAR ★1 or above. Specifically, on the aggregator–gateway link (R4) and the aggregator–energy-device direct communication (R6) it is framed as "recommended" (effectively required), and on the gateway–energy-device link (R5) as "advised" (best-effort). Ver3.0 also newly addresses cloud-type control that does not pass through a physical gateway, and gateway-independent demand response. As of June 2026 no revision beyond Ver3.0 is confirmed, so this is the latest version.
METI's DR/VPP-related subsidies also set ERAB-guideline conformance as a grant condition, so using these makes the selection of JC-STAR-conformant equipment effectively mandatory.
Source: METI, "Cybersecurity Guideline for ERAB Ver3.0" (May 22, 2025)
What changes for a battery developer — three channels
JC-STAR is not a "nice-to-have" quality mark. It is already biting as a real constraint through three channels: grid connection, subsidies, and procurement.
It connects directly to whether you can connect to the grid. Under the draft, projects that file a grid-access contract application on or after April 2027 are premised on the use of ★1-certified products. Build a storage facility with a vast investment, then stumble at grid connection because the equipment does not meet the requirement, and you can neither sell power nor join the markets — a direct path to the cash flow being cut off, the so-called stranded-asset risk. As noted above, this is a draft, pre-promulgation; it is not yet a stage at which one can flatly say "definitely mandatory from April 2027."
It is a grant condition for subsidies. In DR/VPP-related subsidies and in the grid-scale storage subsidies administered by SII, ERAB-guideline conformance (i.e., use of JC-STAR-conformant equipment) is built in as a grant condition. Choose non-conformant equipment and you fall outside the subsidy, which substantially breaks the project's economics.
It is advancing in public procurement. The direction is to require ★1 or above for IoT devices procured by government bodies, and a similar movement is spreading to local public bodies.
Certified products today (June 1, 2026 snapshot)
IPA's published "JC-STAR conformance-label product list" shows every certified product (Excel download available). The list was updated on June 1, 2026. Per the secretariat material of METI's Industrial Cybersecurity Study Group, more than 1,500 products on a model-number basis have had labels issued, and ★1 acquisitions related to grid-scale storage have grown sharply over the past several months. The excerpt below, from the June 1, 2026 list, picks out the principal grid-BESS-related acquisitions by device category (all with status "valid," all ★1).
PCS / battery systems
| Company | Conformant products (★1) | Notes (timing) |
|---|---|---|
| Fuji Electric | Large-scale storage-type power conditioner / storage system controller (PMS) | Obtained for both PCS and controller (Oct 2025) |
| Nissin Electric | Storage PCS / grid-storage control unit | PCS + controller (Oct 2025) |
| DAIHEN | Storage package (multiple models) | Hardware + communication-control part certified as a unit (added by ~May 2026)NEW |
| TMEIC (Toshiba Mitsubishi-Electric Industrial Systems) | TMBCS / TMEdge / BSA, BSB, BSU series | For large BESS. First label Oct 2025 (TMBCS); the main group including control/edge devices in April 2026NEW |
| Sumitomo Electric | POWER DEPO H / V / IV / R / redox-flow battery system | Redox-flow battery Oct 2025; the POWER DEPO storage systems April 2026NEW |
| SMA Japan | Sunny Central / Sunny Central Storage | Germany. Japan-market certification by an overseas PCS maker |
| Power Electronics (Spain) | HEMK / PCSK | Overseas inverter maker (Mar 2026) |
| GS Yuasa | GYES2–4 storage systems / STARELINK series | Multiple acquisitions across storage package + EMS (autumn 2025) |
| Kyocera | Enerezza / Enerezza Plus / Plus II | Storage systems (Mar 2026) |
| Eliiy Power | POWER iE Connect storage unit / remote control | April 2026NEW |
| Hanwha Japan | Q.READY power conditioner / power-metering control unit | Korea (Mar–Apr 2026) |
| Samsung SDI | SBB 1.0 | Korea (Oct 2025) |
| Tesla Japan | Tesla System Controller | Megapack control system (Oct 2025) |
| PowerX | Mega Power Series | Grid-scale storage system (Sep 2025) |
| NGK Insulators | Control part for containerized NAS battery | NAS (sodium-sulfur) battery (Oct 2025) |
| NExT-e Solutions | Water-cooled storage container | Containerized battery |
| Honda | BMS "NeS" for BESS container | BMS communication control (Oct 2025) |
| Saft Japan | ESS-CUBE | France (Saft) |
EMS / gateways / aggregators
| Company | Conformant products (★1) | Notes (timing) |
|---|---|---|
| Shizen Connect | Shizen Box / Shizen Box 2 | DR/VPP platform. IoT terminal for monitoring/control of grid-scale storage |
| Digital Grid | Storage gateway | Supports multi-maker batteries. Can enter all markets |
| Kraken Technologies Japan | Kraken control system / Kraken SHV BESS control system | Octopus Energy group. EHV BESS control also obtained |
| OMRON Social Solutions | Gateway KP-GWBP-A / three-phase-system GW KP-GWPT-A | Jan and May 2026NEW |
| Mitsubishi Electric | BLEnDer RE | Energy management system |
| NS Solutions (Nippon Steel) | IoT communication platform "HAGANE" | April 2026NEW |
| Field Logic | DataCube4 (for DAIHEN EMS and others) | April 2026NEW |
| Kokusai Electric | AI edge controller | Apr–May 2026NEW |
| Shirokuma Power | Site EMS / storage control system | Obtained across multiple versions |
| Energy Flow | Hybrid power-plant controller | PCS-control-integrated type |
| Nissin Systems | Balancing-market GW / outdoor IoT gateway | Specialized for the balancing market |
| dots energy | QUANTUM 2.0 (PMS) | Taiwan-affiliated BESS control platform |
| NextDrive | Cube / EDGE energy-management controller | Taiwan-affiliated. EMS device |
| SEETEL | GridLink EMS / SEETEL BMS | China-affiliated. Obtained for EMS + BMS (Apr 2026)NEW |
| Canadian Solar SSES Japan | iQ Storage EMS | April 2026NEW |
※ Excerpted from the June 1, 2026 IPA list. This piece centers on registrations of roughly the past year (late 2025 to 2026) and is not exhaustive. For the latest and complete set, including expirations and revocations, see IPA's conformance-label product list (Excel download available).
Source: IPA, "JC-STAR conformance-label product list" (updated June 1, 2026) | METI, 10th Industrial Cybersecurity Study Group, secretariat material (Apr 3, 2026)
Working with overseas hardware — and its new trap
In the grid-scale storage market, overseas makers hold strong cost competitiveness. Since CAPEX drives IRR, ruling out cost-advantaged overseas hardware from the outset is unrealistic. What helps here is the distinction that JC-STAR targets "IoT devices that communicate with the internet," while the battery cell/pack itself is out of scope. This is not because a clause names cells/packs and "excludes" them; it is a consequence of the scope definition limiting the target to "devices that use IP communication." SII's grid-scale storage subsidy guidelines likewise frame it so that a device without IP-communication capability obtains ★1 as a configuration incorporating a protocol-conversion device — showing that a non-IP device is not a direct target. The battery itself is electrochemical hardware managed by a BMS and does not communicate directly with the internet. So adopting an overseas battery, in itself, is not constrained by JC-STAR. What is in question is the communication module of the PCS that talks to the external network, and the EMS / gateway above it.
Where an overseas maker's PCS has not obtained JC-STAR, the device that works is the "gateway-separation architecture." Place a ★1-certified EMS / gateway as the security boundary (the checkpoint), and under its protection control the PCS over a local communication protocol (e.g., Modbus).
A ★1-certified EMS / gateway sits as the checkpoint; the PCS connects over local protocols (e.g., Modbus). The battery itself is out of JC-STAR scope, so the cost-optimal maker can be chosen.
This move is not a cure-all. The first limit: the PCS's own communication module can be in scope under the Grid Code too, so confirming each PCS maker's JC-STAR acquisition roadmap remains necessary. Gateway separation does not remove the need for certification; it is purely a risk hedge.
Due diligence at equipment selection
In equipment procurement, on top of the conventional electrical-safety certifications (JET certification, etc.), the following checks have become essential.
Toward the PCS maker. Confirm clearly with the Japanese subsidiary which JC-STAR status the communication module is in — already obtained, in process, or what the roadmap is. The efficient route is to pin down the public information on IPA's conformance-label product list first, then query.
Toward the aggregator / EMS. The conformance status of the gateway / EMS devices used, whether they support multi-maker batteries, and which markets (including primary reserve) the architecture can enter. Since the in-scope range at the EMS layer is still being sorted out, choosing an operator that has already obtained conformance is itself a hedge.
Periodic monitoring of the IPA list. Status can be not only "valid" but "grace before expiry," "expired," or "revoked." Validity runs up to two years from issuance; monitor periodically, allowing for status changing after a procurement decision.
JC-STAR and the schemes you already know
Said plainly, a nation-specific security certification like JC-STAR works in part as a technical entry barrier (a non-tariff barrier) to overseas makers. Even a globally proven company must shoulder the lead time and cost of reworking communication protocols, redesigning firmware, and obtaining certification. At the same time, for an overseas maker that does obtain conformance it becomes a game-changer that lifts credibility in the Japanese market at a stroke. Overseas players — SMA (Germany), Power Electronics (Spain), Samsung SDI (Korea), SEETEL (China) — have already obtained it, and with security resilience backed by a public database, they have won a position to compete on even terms with the domestic heavy-electrical incumbents.
For a reader coming from the EU, the UK, the US or the international standards world, the table below is the bridge: it places JC-STAR against the schemes you already operate against, and flags what is — and is not — interchangeable.
| Scheme / regime | Relationship to JC-STAR | Status (June 2026) |
|---|---|---|
| ETSI EN 303 645 / NIST IR 8425 | The reference baselines | ★1 is harmonized with both. Its three core requirements — no universal default passwords, a vulnerability-disclosure process, secure software updates — map directly onto these baselines |
| UK PSTI Act | Mutual recognition (live) | From Jan 1, 2026, a ★1 product is treated as meeting PSTI's three technical requirements, and vice versa (MoC signed Nov 5, 2025). To claim PSTI equivalence, English-language vulnerability reporting / a contact point is required |
| Singapore CLS | Mutual recognition (in force) | MoC signed Mar 18, 2026; effective Jun 1, 2026. ★1 and CLS Level 1 are treated as partly equivalent, with a streamlined cross-application path. Japan is Singapore's 5th partner (after Finland, Germany, South Korea, the UK) |
| US Cyber Trust Mark | No recognition yet; under discussion | A voluntary FCC scheme; not concluded with Japan. The US program is not yet issuing labels: lead administrator UL Solutions withdrew in Dec 2025 after an FCC national-security review of its China ties; the FCC named ioXt Alliance as new lead administrator on Apr 13, 2026 |
| EU CRA | Independent regulation | Not a mutual-recognition framework but a standalone, mandatory, lifecycle-wide regulation. Reporting obligations from Sep 11, 2026; full application from Dec 11, 2027. A ★1 label is not CRA compliance |
| GCLI | Participation | Global Cybersecurity Labelling Initiative; Japan (METI) a founding member (launched Oct 2025) |
There is a practical consequence for an overseas vendor. Because of the mutual recognition above, a product already PSTI-compliant (UK) or CLS Level 1-certified (Singapore) has a streamlined route to ★1 through IPA — so existing compliance is leverageable for the Japanese grid-connection gate, rather than starting from zero. The caveat on the PSTI route is operational: information provision and a vulnerability contact point in English are required, which a Japan-only setup would have to add first.
Source: IPA, JC-STAR (English; harmonization with ETSI EN 303 645 / NIST IR 8425, and mutual-recognition dates) | IPA, "On PSTI Act conformance certification" (mutual recognition from Jan 1, 2026) | Cyber Security Agency of Singapore, press release (effective Jun 1, 2026) | European Commission, Cyber Resilience Act | FCC, U.S. Cyber Trust Mark | ETSI, consumer IoT security (EN 303 645) | METI, "GCLI joint statement" (Oct 2025)
Decided / still open
The debate around JC-STAR does not end as "a security story." It is a business risk that bears on equipment selection, procurement and schedule. Precisely for that reason, not mistaking what is confirmed for what is merely draft or under coordination is what helps most. Here is where things stand as of June 2026, split in two.
Decided (safe to assert)
- Timing: EHV/HV April 2027 / LV under 50 kW October 2027 / wind April 2027 (limited to the GW firewall) / fuel cells April 2028
- Scope concept: PCS, EMS, etc., plus control-involved IP devices. General routers and GW-mediated monitoring cameras excluded
- ★1 is a self-declaration (third-party from ★3)
- Regulatory vehicle: revision of the guideline + each utility's interconnection technical requirements + the Grid Interconnection Code (the TSO/DSO business guidelines unchanged; not a ministerial-ordinance amendment)
- Mutual recognition with the UK PSTI Act (from Jan 1, 2026) and Singapore CLS (from Jun 1, 2026) is in force
- The ERAB guideline Ver3.0 is the latest
Still open (do not assert)
- Promulgation / effective dates of the texts of the guideline, each utility's interconnection technical requirements, and the Grid Interconnection Code→ e-Gov public comment / ANRE / each TSO/DSO notice
- Grace for HV self-consumption types (≤500 kW) and projects built with LV-type PCS→ coordination between ANRE and JPEA; next committee
- Treatment at existing-equipment replacement / PCS swap / EMS renewal→ revised guideline / METI and utility FAQs
- The precise stage of "application" (connection-contract application vs. connection acceptance)→ each TSO/DSO's grid-access rules
- HUAWEI / SUNGROW own-brand ★1 acquisition→ latest IPA product list / each company's Japan entity
- Mutual recognition with the US Cyber Trust Mark→ METI / IPA
What a battery operator should do now
Even before the text is promulgated, there is plenty to move on in practice.
② For HV projects, fix the definition of the basis date. "Application is the basis" is a draft-based statement. Query the general transmission and distribution utility with jurisdiction directly, or wait for OCCTO's promulgated text, to make it certain.
③ For projects premised on a Chinese-affiliated PCS, judge the switch feasibility early. Put the back-calculation's starting point on the safe side (i.e., the connection moment). HUAWEI / SUNGROW are unconfirmed for acquisition at present, so if you plan to adopt them, query the acquisition schedule.
④ Re-read subsidy public-offering guidelines through the ERAB / JC-STAR lens. Check whether guideline conformance or the use of conformant equipment has become a grant condition or a scoring factor.
⑤ If you adopt gateway separation, design the SPOF countermeasures as a set. Take on the availability risk that control concentration creates, with redundancy and fail-safe.
⑥ Given that ★1 is a self-declaration, back conformance claims against the product list.
The era of choosing equipment on the hardware spec sheet and the per-kWh unit price alone is over. Cybersecurity compliance has become a variable that decides a project's success or failure. And yet the substance of that variable — the basis date, the in-scope range, the transitional measures — is not fully fixed as text. Separating what is decided from what is not, and back-calculating from connectivity and timeline project by project, looks like the right approach for now.
Principal primary sources
- OCCTO, 21st Grid Code Review Committee, Document 4 (Mar 31, 2026) PDF / Minutes PDF
- OCCTO, 20th Grid Code Review Committee material (Dec 16, 2025; filename gridcode_20_05.pdf / body label "Document 4") PDF
- OCCTO, Grid Code Review Committee https://www.occto.or.jp/iinkai/gridcode/index.html
- ANRE (METI), "Related laws and guidelines" (grid interconnection technical-requirements guideline, Dec 1, 2024 revision) link
- ANRE, Industrial Cybersecurity Study Group, Electricity Sub-WG, 19th meeting, Document 5 (cybersecurity for distributed energy resources, Feb 12, 2026) PDF
- ANRE, Next-Generation Power Grid WG, 7th meeting, Document 2 ("On the Grid Code," Feb 9, 2026) PDF
- ANRE, Next-Generation Power Grid WG, Document 4-1 (May 24, 2024; latest requirements at replacement) PDF
- IPA, "JC-STAR conformance-label product list" (updated Jun 1, 2026) link / scheme details link / English scheme page link
- METI, "Cybersecurity Guideline for ERAB Ver3.0" (May 22, 2025) link
- METI, 10th Industrial Cybersecurity Study Group, secretariat material (Apr 3, 2026) PDF
- IPA, "On PSTI Act conformance certification" link / Cyber Security Agency of Singapore press release link / METI "GCLI joint statement" (Oct 23, 2025) link
- European Commission, Cyber Resilience Act (reporting from Sep 11, 2026; full application Dec 11, 2027) link | FCC, U.S. Cyber Trust Mark link | ETSI, consumer IoT security (EN 303 645) link
- SII (Sustainable open Innovation Initiative), grid-scale storage deployment-support public-offering guidelines (FY2025; non-IP devices obtain ★1 as a configuration incorporating a protocol-conversion device; BMS, PCS, EMS, etc. named as in-scope) link
- Contec, "Notice regarding SolarView Compact" (May 7, 2024) link
※ The HV basis date is not yet fixed, as the primary text is unpromulgated at the time of writing. Confirm the latest application details in each general transmission and distribution utility's technical-requirements documents.
Frequently asked questions
Is the JC-STAR ★1 requirement triggered by the grid-connection date or by the connection-contract application?
Under the draft revision endorsed at OCCTO's 21st Grid Code Review Committee (March 31, 2026), the trigger is the contract application for grid access — not the connection (interconnection / commissioning) date. The draft applies the requirement to projects that file a grid-access contract application on or after the start date, and this was made explicit for extra-high and high voltage as well, not only low voltage. Pre-promulgation The governing texts are not yet promulgated, so confirm with the TSO/DSO holding jurisdiction.
When does the ★1 requirement start for high-voltage (HV) batteries?
Extra-high and high voltage (solar and storage) are slated to apply from April 2027, keyed to the grid-access contract application. This timing was set at the 20th committee (December 16, 2025) and the application-based trigger was unified at the 21st committee (March 31, 2026). It remains a draft revision; the guideline, each utility's interconnection technical requirements, and the Grid Interconnection Code were not yet promulgated as of June 2026.
When does it start for low voltage under 50 kW, and why later than HV?
Low voltage under 50 kW (solar and storage) applies from October 2027 — a six-month delay versus the April 2027 HV start. The draft sets the later date as a transitional measure to clear existing channel inventory, such as legacy inverters already in the distribution chain.
Can foreign-made PCS be used, and what must they satisfy?
Yes. Overseas makers can be used provided their internet-communicating devices meet JC-STAR ★1; the battery cell/pack itself is out of scope because it does not use IP communication. Overseas makers including SMA (Germany), Power Electronics (Spain), Samsung SDI (Korea) and SEETEL (China) have already obtained ★1. Where an overseas PCS is not yet certified, a ★1-certified EMS / gateway can act as the security boundary while the PCS is controlled over a local protocol such as Modbus. As of June 2026, own-brand ★1 acquisition could not be confirmed in public information for HUAWEI or SUNGROW.
Are replacements or updates of existing equipment in scope?
The Grid Code carries a general principle that an already-connected facility has the latest requirements applied at the time of replacement or device swap. However, how the cybersecurity requirement is handled at PCS replacement or EMS renewal is not made explicit in the 21st committee's draft, and because the trigger is written as a project that files a contract application, the relationship to existing-equipment replacement is not yet sorted out in the text. Open Treat it as a point to confirm against the revised guideline and METI / TSO-DSO FAQs.
Sources for the above: OCCTO, 21st Grid Code Review Committee, Document 4, pp.8-9, p.13 | 20th committee material | IPA, JC-STAR conformance-label product list (June 1, 2026)
On battery equipment selection and regulatory readiness
We support the structuring of an equipment-procurement strategy — including JC-STAR readiness — fitted to each project's plant configuration, from the standpoint of connectivity and timeline. As a neutral technical advisor (technical due diligence).