Last updated: April 2026 | Facts based on cited sources can be verified at the links at the end of each section
Why Cybersecurity for Batteries?
Grid-scale batteries are no longer just "boxes that store electricity." They are highly networked assets that continuously communicate via the internet with aggregator cloud platforms, repeatedly bidding and charging/discharging in real-time across JEPX, balancing, and capacity markets.
This "mandatory external communication" creates new risks. If IoT gateways or EMS controlling batteries are subjected to cyberattacks and unauthorized charging/discharging is executed simultaneously, it could lead not just to local blackouts but to large-scale blackouts from frequency fluctuations -- a national security threat.
To address this threat, METI published the system design in 2024, and the Information-technology Promotion Agency (IPA) launched operations in March 2025: JC-STAR (Japan Cyber-Security Technical Assessment Requirements) -- a security conformity assessment system for IoT products.
April 2027: Mandatory Under Grid Code Revision
Policy decision (20th Grid Code Review Meeting, December 16, 2025):
A policy was decided that for solar power and batteries, use of JC-STAR Level 1 certified products will be mandatory under the April 2027 Grid Code technical requirements revision. Projects that apply for grid connection contracts after the technical requirements revision may face difficulties connecting to the grid with non-compliant equipment.
For low-voltage products under 50kW, a transition period is established considering distribution network inventory clearance. Application starts October 2027.
Expansion to wind power and fuel cells, as well as development of PCS-specific JC-STAR Level 2+ compliance standards, continues to be discussed in government councils.
Source:Nikkei BP Mega Solar Business "Grid Code Revision, New Requirements for Grid-Scale Batteries" (February 2026) | OCCTO Grid Code Review Meeting
What Part of the Battery System is Covered -- PCS Confirmed, EMS Layer Being Organized
Unlike solar, battery control systems have a layered structure. Multiple layers are involved in networking: BMS (Battery Management System) -> PCS -> Local EMS -> Upper EMS (Aggregator).
It is confirmed that the communication module of the PCS (power conditioner) is subject to JC-STAR. The PCS is the network-connected control hub responsible for receiving and executing output control commands, carrying the highest cyberattack risk.
Meanwhile, it has been organized that local EMS and upper EMS are likely to be subject to JC-STAR, but the final decision on how far the mandatory scope extends within the overall battery control system has not yet been reached. However, since EMS is the most internet-exposed component, receiving control commands from aggregators and market operators via the internet, equipment selection should proceed on the assumption of JC-STAR compliance.
Note that battery cells and packs (the battery itself) operate only through local communication via BMS and do not communicate directly with the internet, so they are outside the scope of JC-STAR.
Existing Facilities Are Not Exempt
This is not just about new projects. Even for existing facilities, JC-STAR compliant products are expected to be required when control systems (PCS, EMS, etc.) are updated. While the Grid Code revision primarily targets new grid connection contract applications, compliance with these requirements is likely to be necessary when replacing PCS or upgrading EMS. The finalization of detailed regulations should be closely monitored.
Basic Structure of JC-STAR
JC-STAR is a labeling system that evaluates security functions that IoT devices should have (encrypted communication, access control, secure firmware update capabilities, vulnerability response processes, etc.) and represents compliance status by the number of stars. Levels 1 and 2 are manufacturer self-declarations (external verification agencies can also be commissioned), while Level 3 and above require third-party certification.
| Level | Security Standard | Application Start |
|---|---|---|
| ★ | Baseline requirements (16 items). Forced initial password change, secure communication protocols, proof of no known vulnerabilities, etc. Self-declaration. Subject to Grid Code mandate from April 2027. | 2025 year3 month |
| ★★ | Additional requirements by product type. Advanced encrypted data storage, strict user privilege separation. Self-declaration. PCS-specific Level 2 standards under consideration. | From January 2026 |
| ★★★ | For critical infrastructure. Objective evaluation by third-party assessment bodies. Tamper resistance, hardware-level security implementation. | FY2026 onward |
| ★★★★ | APT attack resistance. Rigorous verification from design stage, advanced resilience against unknown vulnerabilities. Third-party evaluation. | FY2026 onward |
Source:IPA "JC-STAR System Detailed Information"
Advance Mandate Through ERAB Guidelines
Prior to the Grid Code revision (April 2027), JC-STAR compliance is already required in aggregation business.In the "ERAB Cybersecurity Guidelines Ver3.0" revised on May 22, 2025, when resource aggregators newly introduce IoT devices as control targets, selecting products that meet JC-STAR Level 1 or above was added as a requirement.Specifically, for aggregator-gateway communication (R4) and direct aggregator-energy device communication (R6), it is classified as "recommended" (effectively mandatory), and for gateway-energy device communication (R5), as "encouraged" (best effort).
Furthermore, when detailed Level 2+ requirements are finalized in the future, meeting Level 2 or above is considered desirable.METI DR/VPP-related subsidies (DR Resource Deployment Support Program, etc.) also require ERAB guideline compliance as a grant condition, making JC-STAR compliant equipment selection effectively mandatory when using these subsidies.
Source:METI "ERAB Cybersecurity Guidelines Ver3.0" (May 22, 2025)
What Changes for Battery Operators?
1. Directly Affects Grid Connection Eligibility
For projects applying for grid connection contracts from April 2027 onward, use of JC-STAR Level 1 certified products becomes mandatory. Grid connection with non-compliant equipment may face difficulties.
Business collapse risk: Even after building a battery station with massive investment, if grid connection is not permitted, power sales and market participation are completely impossible. This leads directly to "stranded asset" status where the project's cash flow is completely cut off.
2. Required for Subsidy Eligibility
In DR/VPP-related deployment subsidies, ERAB guideline compliance (use of JC-STAR compliant equipment) is incorporated as a mandatory grant requirement. Selecting non-compliant equipment disqualifies the project from subsidies, significantly deteriorating its economic viability.
3. Mandated in Government Procurement
Level 1 or above is being made mandatory for IoT devices procured by government agencies. The same policy is spreading to local governments.
For battery operators, JC-STAR is not "a nice-to-have quality mark." Through three pathways -- grid connection (Grid Code), subsidies (ERAB Guidelines), and procurement requirements -- it has already become a de facto obligation.
Current Status of JC-STAR Compliant ProductsUpdated April 2026
The "JC-STAR Compliant Product List" published by IPA lists all certified products (also downloadable in Excel format). Below is an excerpt of major companies relevant to grid-scale batteries.
PCS & Battery Systems
| Company | Compliant Product | Level | Notes |
|---|---|---|---|
| Fuji Electric | Large-Scale Battery PCS / Battery System Controller (PMS) | ★ | Both PCS and control devices certified. Multiple products registered |
| Nissin Electric | Battery PCS / Grid Battery Control Device | ★ | PCS + control device |
| Daihen | Battery Package | ★ | Hardware + communication control unit certified as integrated |
| TMEIC (Toshiba Mitsubishi Electric Industrial Systems) | TMBCS | ★ | For large-scale BESS |
| SMA Japan | Sunny Central / Sunny Central Storage | ★ | Overseas PCS manufacturer certified for Japan |
| Power Electronics (Spain) | HEMK / PCSK | ★ | Overseas inverter manufacturer. 23 BESS projects in Japan (10 delivered, 13 under construction) |
| GS Yuasa | GYES2 / GYES3 / GYES4 Battery System / STARELINK Series | ★ | Multiple certifications for battery package + EMS |
| Samsung SDI | SBB 1.0 | ★ | South Korean manufacturer |
| Tesla Japan | Tesla System Controller | ★ | Megapack control system |
| PowerX | Mega Power Series | ★ | Grid-scale battery system |
| Sumitomo Electric | Redox Flow Battery System | ★ | Long-duration discharge (RF battery) |
| NGK Insulators | Container NAS Battery Control Unit | ★ | NAS battery |
| NExT-e Solutions | Water-Cooled Battery Container | ★ | Container battery |
| Honda | BESS Container BMS NeS | ★ | BMS communication control |
| Saft Japan | ESS-CUBE | ★ | French Saft group |
EMS, Gateways & Aggregators
| Company | Compliant Product | Level | Notes |
|---|---|---|---|
| Shizen Connect | Shizen Box / Shizen Box 2 | ★ | DR/VPP platform market share No.1 (FY2023, corporate contracts basis, Fuji Keizai). IoT devices for grid battery monitoring and control |
| Digital Grid | Battery Gateway | ★ | Compatible with multi-manufacturer batteries. All market participation possible |
| Kraken Technologies Japan | Kraken Control System / Kraken SHV BESS Control System | ★ | Octopus Energy group. Extra-high-voltage BESS control also certified |
| Energy Flow | Hybrid Power Plant Controller | ★ | PCS control integrated type |
| Shirokuma Power | Site EMS / Battery Control System | ★ | Multiple versions certified |
| dots energy | QUANTUM 2.0(PMS) | ★ | Taiwan-based BESS control platform |
| Mitsubishi Electric | BLEnDer RE | ★ | Energy Management System |
| Nissin Systems | Balancing Market GW / Outdoor IoT Gateway | ★ | Balancing market specialized |
| NextDrive | Cube / EDGE Energy Management Controller | ★ | Taiwan-based. EMS devices |
* Excerpt based on IPA list as of April 3, 2026. For the latest information, see IPA Compliant Product List.
Key point to verify: Some PCS manufacturers are not listed above. Even manufacturers with large global market share may have JET certification (electrical safety) but not JC-STAR (cybersecurity). After the April 2027 Grid Code revision, PCS without JC-STAR may face difficulties with new grid connections. JC-STAR compliance status of your planned PCS manufacturer must be verified.IPA's compliant product list to check the latest certification status.
Compatibility Strategies with Overseas Hardware
In the grid-scale battery market, overseas manufacturers have overwhelming cost competitiveness. From the CAPEX perspective that determines project IRR, excluding cost-competitive overseas hardware from options is not realistic.
Important distinction: JC-STAR covers "IoT devices that communicate with the internet," and battery cells/packs (the battery itself) are outside scope. The battery itself is electrochemical hardware managed by BMS and does not communicate directly with the internet. Therefore, adopting overseas batteries is not constrained by JC-STAR.
JC-STAR applies to the PCS communication module that communicates with external networks, and the EMS and gateway devices positioned above it.
When overseas manufacturers' PCS lacks JC-STAR certification, the "gateway separation architecture" provides a solution.
Cloud (JEPX, etc.)
EMS/Gateway
(Communication Module)
BMS
JC-STAR Level 1 certified EMS/Gateway positioned as the security boundary.
PCS connects to gateway via local communication (MODBUS, etc.). Battery hardware is outside JC-STAR scope.
Specifically, JC-STAR compliant gateways provided by companies such as Shizen Connect, Digital Grid, and Kraken are deployed as the communication frontline. Under that gateway's firewall and encrypted communication protection, PCS is controlled using local protocols (MODBUS, etc.). Battery cells/packs operate only through local BMS communication, so the most cost-optimal manufacturer can be selected regardless of JC-STAR.
However, since the PCS communication module itself is also likely to be subject to JC-STAR under the Grid Code, confirming the PCS manufacturer's JC-STAR certification roadmap remains important. Gateway separation is a risk hedging measure and does not eliminate the need for PCS manufacturer certification.
Due Diligence in Equipment Selection
In battery project equipment procurement, the following verifications have become essential in addition to conventional physical electrical safety certifications (JET certification, etc.).
For PCS Manufacturers
What status does the PCS communication module have in the JC-STAR evaluation scheme? Is it certified, in process, or what is the roadmap? This must be clearly confirmed with the Japan entity.IPA's compliant product list to check public information in advance before inquiring with the manufacturer.
For Aggregators / EMS
JC-STAR compliance status of gateway/EMS equipment. Whether multi-manufacturer batteries are supported. Which markets the architecture can access (including primary adjustment). Since the JC-STAR scope for the EMS layer is still being organized, selecting certified operators serves as risk hedging.
Regular Monitoring of IPA Compliant Product List
Status can be not only "valid" but also "pending expiration (extension application in progress)," "expired (past validity)," "expired (voluntary withdrawal)," or "revoked." The compliance label validity period is up to 2 years from issuance (Level 1 can apply for extension in 2-year increments), and regular monitoring is needed given the risk of status changes after procurement decisions.
JC-STAR as a "Non-Tariff Barrier"
Frankly, national security certification systems like JC-STAR function in part as technical barriers to entry (non-tariff barriers) against overseas manufacturers. Even companies with overwhelming global track records must bear the costs of communication protocol modifications, firmware redesign, source code audits, and certification lead time and costs to comply with Japan-specific requirements.
Conversely, for overseas manufacturers that have obtained JC-STAR compliance, this becomes a game-changer that dramatically improves their credibility and brand value in the Japanese market. In fact, SMA (Germany), Power Electronics (Spain), Samsung SDI (South Korea), and dots energy (Taiwan) have already obtained Level 1, and with their security resilience objectively proven in IPA's public database, they have gained a position to compete equally with domestic heavy electrical manufacturers.
International mutual recognition of JC-STAR is progressing steadily. A cooperation memorandum was signed with the UK PSTI Act in November 2025 with mutual recognition effective from January 2026, and a memorandum with Singapore CLS effective June 2026 has been concluded. Coordination is progressing at the working group level for the US Cyber Trust Mark and EU Cyber Resilience Act (CRA), and in October 2025, a joint statement for the "Global Cybersecurity Labelling Initiative (GCLI)" by 11 countries was announced. It is expected to be positioned as part of global certification cooperation in the future.
Source:METI "Signing of Memorandum on Mutual Recognition between JC-STAR and UK PSTI Act" (November 2025) | METI "GCLI Joint Statement" (October 2025)
What Battery Operators Should Do Now
JC-STAR was only published in 2024 and launched operations in March 2025, but it already has enforcement power through multiple pathways: ERAB guideline mandates, the April 2027 Grid Code revision, and incorporation into subsidy requirements.
(1) Verify the JC-STAR compliance status of your planned PCS manufacturer -- IPA's compliant product list to check certification status. If not certified, inquire about the certification roadmap. Battery cells/packs are outside JC-STAR scope, allowing free selection of the most cost-optimal manufacturer.
(2) Verify aggregator/EMS JC-STAR compliance status -- Even if the PCS manufacturer is uncertified, consider whether overall system compliance is possible through combination with certified EMS/gateways。
(3) Re-check subsidy application guidelines from a JC-STAR perspective——Whether ERAB guideline compliance is a grant requirement. Whether compliant equipment use is mandatory or a scoring factor.
(4) Verify the schedule in preparation for grid connection contract applications from April 2027 -- Confirm whether JC-STAR compliant product procurement fits within the full timeline of equipment procurement, installation, and connection procedures.
The era of selecting equipment based solely on hardware spec sheets and per-kWh unit costs is over. Cybersecurity compliance has become the variable that determines project success or failure.
Reference Links
IPA -- JC-STAR System Overview
IPA -- JC-STAR Compliant Product List
IPA -- JC-STAR System Detailed Information
OCCTO -- Grid Code Review Meeting
METI -- ERAB Cybersecurity Guidelines Ver3.0
OCCTO -- Future Actions on Cybersecurity Requirements for Distributed Power Sources (19th Grid Code Review Meeting Document 6)
METI -- Memorandum on Mutual Recognition between JC-STAR and UK PSTI Act