From Interdependence to Vulnerability: Technology, Supply Chain, and Japan’s Economic Security

Digital infrastructure becomes national security

What happens when a nation’s technological infrastructure, such as data centers or semiconductor supply chains, is heavily reliant on a single country? 

The concept of national security has fundamentally changed. In the past, military capabilities such as tanks and missiles largely defined national security; today, it increasingly centers on data centers, cloud networks, and AI algorithms. Japan’s Economic Security Promotion Act (ESPA) provides a prominent example of this shift. Legislated in 2022, ESPA is not merely an industrial policy but also represents a new policy paradigm and guiding framework that helps businesses navigate growing geopolitical risks.

Why now? 

The growing centrality of technological infrastructure to national security stems from global supply-chain decoupling and repeated disruptions. As uncertainty and fragmentation in global supply chains have intensified, reliance on a single country for critical infrastructure, such as data centers or semiconductor supplies, has become increasingly risky. The issue is no longer solely about the efficient allocation of resources, but about the possibility of systemic disruption or even national shutdown due to vulnerabilities in technological foundations. These risks became particularly evident through a series of events, including the COVID-19 pandemic, the US-China strategic rivalry, and the Russia-Ukraine war. Japan is among the countries most exposed to geopolitical risk due to its high dependence on external supply chains. Against this backdrop, ESPA was introduced to mitigate national security risks arising from geopolitical tensions, particularly those linked to the ongoing U.S.- China rivalry.

Decoupling Risk: Dilemma of liberalism international politics theory

In international politics, economic interdependency has long been believed to promote international peace. In the late 20^th century, liberalists argued that energy supply chain interdependency, labor mobility across borders and capital movement have strengthened countries’ incentives to cooperate and make it more costly for countries to go to war.

This framework can be extended to the digital age, where data replaces energy as a strategic resource, and cross-border data flows function as a key channel of interdependence. Big tech companies, like Amazon, Google and Microsoft are managing data centers across the globe and data of individual and corporate users are being transferred across borders every day. As the recent big personal data leakage incident that took place from Coupang Korea suggests, some of personal data of Coupang, operating in Korea, are stored in Singapore. This digital interdependency seems to uphold liberalist theory, on the surface. It might seem that if countries are more interdependent on data; they are less likely to go to conflict in terms of cyber-attacks or data blockage.

Reality suggests differently, however. As the Russia-Ukraine war showed, energy supply chains can act as a huge national security risk. With TSMC accounting for 90% of global semiconductor supply, the chance of global supply chain paralysis is more apparent if any military tension takes place in the Taiwan Strait. When it comes to Japan, this geopolitical risk is more salient. Japan maintains strong economic ties with China, particularly in trade and industrial supply chains, while anchoring its national security in a formal alliance with the U.S.. Japan’s dependence on foreign suppliers for key technologies and resources increases its exposure to strategic and economic ties.

This is where the dilemma of liberalism's interdependency comes in. Excessive interdependency promotes vulnerability, not incentives to cooperate. Japan defined this exposure as ‘coercion’ and tried to manage these vulnerabilities through ESPA. This is a transformative movement towards ‘de-risking’ policy paradigm, characterized by  selective protectionist measures while maintaining strong ties with existing supply chains.

Four pillars of Japan’s Economic Security Promotion Act – Framework for Economic Security

Japan enacted its Economic Security Promotion Act in May 2022. With a strong emphasis on ‘Economic Security’, as its name suggests, this piece of legislation consists of four major pillars. This is a comprehensive framework that secures supply chain resilience and manages infrastructure, technology and data.

1. Ensuring a Stable Supply of Critical Products

In December 2022, the Japanese government designated eleven “specified critical products” under the Economic Security Promotion Act (ESPA), including semiconductors, storage batteries, critical minerals, LNG, and cloud programs. In the following years, Japan approved multiple projects under the “stable supply of critical products” scheme, including subsidies for domestic production of storage batteries and semiconductors.

Following the designation of these eleven products, the Japanese government launched a subsidy program covering approximately one-third of total investment costs for domestic companies building manufacturing facilities for these items. By the end of 2024, the program committed around ¥2 trillion (USD 14.7 billion). Of this amount, 37.9% was allocated to storage batteries and semiconductors, while 36.9% was directed to other designated strategic products. This scheme aimed to reduce over-dependence on a single country, primarily China, and to diversify procurement to stabilize the supply of strategic goods.

2. System for Ensuring Stable Provision of Essential Infrastructure Services

The second pillar of ESPA reflects growing concern over risks embedded in the supply chains of essential infrastructure services. Disruptions to critical digital infrastructure can generate significant spillover effects across the economy, making infrastructure governance a core element of economic security policy. ESPA, in this sense, introduced a prior notification and screening mechanism aimed at identifying high-risk vendors and system configurations before they are deployed domestically to operate critical infrastructure.

As of mid-2025, over 250 entities were designated under ESPA’s essential infrastructure screening system in 14 regulated sectors (e.g., electricity, gas, water, telecommunications, finance). While the lists of specific entities subject to screening remain undisclosed, both domestic and foreign vendors supplying critical equipment or maintenance services must now submit information on ownership, supply chains, and security practices for government review. In practice, this prompted operators and vendors to evaluate their procurement and outsourcing strategies to avoid high-risk vendors, reflecting concerns about supply chain risks like those raised in the context of Huawei or other ICT vendor controversies prior to ESPA adoption.

3. System for Enhancing Development of Specified Critical Technologies

The third pillar of ESPA addresses a different dimension of economic security risk by focusing on domestic development of technologies considered critical to Japan’s autonomy. While ESPA does not specify which technologies account for “Specified Critical Technologies (SCT)”, the identified areas include AI, quantum technologies and robotics. Rather than merely screening external dependencies (as under the second pillar), this establishes a legal framework where the government can actively shape investment and research collaborations. ESPA creates institutional basis for large scale public funding and structured public-private cooperation tied explicitly to economic security, in a manner comparable to the role the CHIPS and Science Act played in the U.S.

4. System for Non-Disclosure of Selected Patent Applications

The fourth pillar of ESPA extends Japan’s economic security framework into the domain of intellectual property. Unlike conventional policies, this pillar targets an early stage of the innovation cycle by allowing the government to restrict the disclosure of patent applications that could pose a threat to national security. Patent applications undergo a two-stage review in which the Japan Patent Office first screens applications for technological sensitivity and refers selected cases to the Cabinet Office. The Cabinet Office, then, assesses national security risks while balancing the potential industrial impact of non-disclosure.

From May 2024 to March 2025, the first year of this system’s operation, approximately 90 patent applications were passed to the Cabinet Office from the Patent Office for security review. Although none were designated for non-disclosure, this operation itself demonstrates how ESPA can directly affect Japan’s patent governance. This operates as a preventive screening tool, securing sensitive technologies regarding national security while minimizing impacts on innovation.

Business Implications: From Cost-Optimization to Risk-Optimization

Technology has become a strategic asset and a source of risk. That shift forces companies to move from cost optimization to risk optimization. Japan’s Economic Security Promotion Act(ESPA) shows this transition. Introduced in 2022, ESPA establishes a comprehensive framework to secure supply chains, regulate critical infrastructure, promote strategic technologies and prevent the leakage of sensitive innovations. Crucially, it embeds national security considerations directly into corporate investment, technology deployment, and governance decisions.

Japan’s legal framework highlights three key lessons for business decision-makers who continue to plan operations based on existing practices.

1. Redesign Geopolitical Positioning

Frameworks like ESPA are not about fixing problems later; they shape decisions from the start. They treat geopolitical factors as design constraints, not a compliance afterthought.

Businesses must prepare for national security regulations, especially when entering countries that are geopolitically sensitive, such as China and Taiwan. Companies should assume that location, ownership and supply chain concentration will trigger regulatory scrutiny. Under ESPA, government support and approvals are closely linked with supply chain resilience. This means overconcentration will raise regulatory and operational risks. When making important business decisions or devising strategies, geopolitical concentrations and supply chain risks must be carefully reviewed and managed.

TSMC’s decision to construct a semiconductor fabrication plant in Kumamoto, Japan, which began production in 2024, reflects a strategic shift toward geopolitical risk diversification rather than cost minimization.

2. Prepare for Technology-Driven Non-Tariff Barriers

Technology is increasingly used as a regulatory lever, creating non-tariff barriers that shape market and corporate strategy. Japan’s ESPA exemplifies this shift through its government’s strong central control over economic security risks. Under ESPA’s new legal framework, companies are scrutinized not based on what they produce, but on how their technologies are deployed, where data is handled and how resilient their supply chains are. This means that businesses should be ready for technology-driven regulations, such as infrastructure reviews, data localization rules and transparency reports regarding supply chain management.

Similar regulatory dynamics can be observed globally. For example, Amazon Web Services(AWS) launched its European Sovereign Cloud in 2026 in response to data sovereignty requirements, illustrating how technology regulations increasingly function as a non-tariff barrier.

3. Strengthen Internal Governance

ESPA expands economic security regulations from cross-border controls to internal corporate governance. Governments now have control over how suppliers are monitored and how critical systems are secured, bringing internal processes under regulatory scrutiny. Governance quality now directly affects regulatory approval, partnership eligibility and government subsidies. This means that companies should align IT, procurement and legal teams to deal with these new requirements. Data governance, supply chain mapping and cybersecurity standards must be institutionalized and embedded in decision-making processes.

Similar dynamics can be observed in the semiconductor equipment industry. ASML, facing expanded export controls from 2023 onward, has strengthened internal governance and compliance systems to meet stricter licensing requirements, illustrating how internal processes now directly determine market access rather than mere compliance,

Concluding Remarks

Japan’s ESPA signals that technology, data and supply chains are no longer neutral inputs. Instead, they are considered strategic assets shaped by national security priorities. It is shaping where companies invest, who they partner with and how they establish internal governance. Recent corporate responses suggest that firms adapting early to these constraints are better positioned to secure regulatory approval and long-term policy support. This is a trajectory other advanced economies are increasingly likely to follow.