Economic Espionage in the University City
Research Security and the Open Knowledge Ecosystem of Kyoto
Doradus Labs | Research Security Series
By Steve Golter, Doradus Labs | June 2026
Kyoto is, by design, an open city for knowledge. The municipal government and its universities promote it explicitly as an International Academic City, a place where researchers gather, ideas circulate, and collaboration crosses borders as a matter of routine. That openness is not incidental to the city's success. It is the source of it. Open research moves faster, attracts the best people, and produces results that closed systems cannot match.
The same openness that makes a research city productive also makes it legible to others. Where knowledge concentrates and moves freely, it can be observed, collected, and redirected. This is the central tension that Japan, along with most of its democratic partners, has spent the past several years working to manage under the banner of research security and economic security. The goal is not to close the campus. It is to keep it open without giving away the things that should not be given away.
This article looks at how that tension plays out in a dense academic environment like Kyoto. It examines why a research city concentrates risk, what economic espionage actually looks like in a university setting, which is rarely what the spy-thriller version suggests, the specific channels through which sensitive knowledge can move, and the legal and policy architecture Japan has built in response. It closes with a practitioner's view of what all of this means for the organizations that have to live inside it.
A note on framing. Nothing in this analysis implies that international researchers, visiting scholars, or collaboration partners are presumptively suspect. The overwhelming majority of academic exchange is exactly what it appears to be, and treating it otherwise would be both wrong and self-defeating. Research security is a risk-management discipline, not a loyalty test. The aim is proportion: identify the small fraction of activity that carries real consequence, protect that fraction sensibly, and leave the rest of the open ecosystem to do its work.
Why a research city concentrates the risk
Kyoto holds an unusual density of high-value research. Kyoto University alone operates eighteen graduate schools and the largest number of government-designated joint-usage research centers in Japan, spanning the physical sciences, chemistry, materials, life sciences, and engineering. Its work in induced pluripotent stem cells, recognized with a Nobel Prize, is only the most visible example of a research base that runs deep across many fields. The university maintains overseas centers in Bangkok, Heidelberg, and Washington, a liaison office in San Diego, an office in Addis Ababa, and roughly sixty research units and satellite facilities operating internationally. In 2019 it formalized an On-site Laboratories Initiative and a Strategic Partnerships framework specifically to deepen cross-border joint research.
Around the universities sits one of Japan's most concentrated clusters of advanced industry. The Kyoto region is home to global firms in precision instruments, electronics components, sensors, and materials, and the links between those companies and the local academic base are tight. Technology transfer offices, including the one operating out of Kyoto University's International Science Innovation Building, exist precisely to move intellectual property from the lab toward commercial use. The wider Kansai area extends this further through the Keihanna science city cluster and a network of national research institutes.
Put those two features together and the reason a research city concentrates risk becomes clear. You have a deep reservoir of pre-commercial and dual-use knowledge, a culture and infrastructure built to move that knowledge across institutional and national boundaries, and a dense web of relationships connecting academia to industry. Each of those is a strength. Each is also a surface. The value that makes Kyoto's research worth doing is the same value that makes it worth collecting.
The technologies that draw the most attention are not secret weapons programs. They are the emerging, broadly applicable capabilities that have both civilian and security uses. Japan's own economic security program has named its priorities plainly: artificial intelligence, quantum technology, robotics, advanced sensing, and advanced energy. These are fields where a research city like Kyoto contributes real work, where the line between civilian and military application is genuinely blurry, and where a few years of lead time can be worth a great deal to a competitor or an adversary.
What economic espionage looks like in a research setting
The phrase economic espionage conjures images of break-ins and covert handlers. In a university environment, the reality is usually quieter and harder to see, because the most effective collection does not break any locks. It uses access that has been granted legitimately.
Three features distinguish economic espionage in research from the classic intelligence picture. First, the target is rarely a finished secret. It is pre-commercial: methods, datasets, negative results, fabrication techniques, the tacit know-how that does not appear in any published paper, and the early signal of which research directions are working. This kind of knowledge is enormously valuable and is often not classified, patented, or even formally recorded as confidential, which makes it both easy to take and hard to protect.
Second, much of the activity sits in a legal gray zone rather than across an obvious criminal line. Attending a conference and asking pointed questions, proposing a collaboration that happens to map onto a sensitive program, placing a funded student in a particular laboratory, or aggregating openly available information into a picture that no single source intended to reveal: none of these is necessarily illegal, and most instances are entirely innocent. The challenge is that the same behaviors, repeated systematically and directed by an outside interest, can amount to a deliberate collection effort.
Third, the people involved usually have a genuine reason to be there. They are real researchers doing real work. The risk is not that they are impostors. It is that their access, their relationships, and in some cases their obligations to an outside party create a channel that can be used, whether or not the individual intends it. This is what makes research security difficult. The control surface is not a fence around outsiders. It runs through the everyday work of insiders who belong on campus.
The collection channels
It helps to be specific about where sensitive knowledge can move in a research environment. The following are not accusations against any of these activities, all of which are normal and valuable. They are simply the channels that a risk assessment has to account for.
University collaboration and joint research. Formal agreements, joint laboratories, and partnership frameworks are the backbone of modern research, and they are also the most structured route by which knowledge crosses an institutional boundary. The On-site Laboratories model, in which a partner organization establishes a presence inside or alongside a host institution, is productive precisely because it embeds people and grants sustained access. That same embedding means the terms of the agreement, the data-handling arrangements, and the question of who owns and can carry away what is produced all matter a great deal. Collaboration risk is rarely about a single dramatic transfer. It is about the slow, legitimate accumulation of access that an agreement quietly authorizes.
Visiting researchers, postdoctoral fellows, and students. The mobility of people is the lifeblood of a research city and the channel that has drawn the most policy attention. A visiting researcher or funded student gains real access to laboratories, instruments, ongoing projects, and colleagues. The vast majority bring talent and add value. The concern, which Japan has now written into law, is the narrow set of cases where an individual is under the significant influence of an outside government or entity, for example through an employment contract with a foreign state body or through a talent-recruitment program that provides substantial funding in exchange for access or transfer. The issue is not nationality. It is undisclosed obligation, the situation where a person owes something to an outside party that conflicts with the trust the host institution has extended.
Conferences, symposia, and academic exchange. Open scholarly exchange is the point of a conference, and it is also a low-friction environment for elicitation. Casual conversations, follow-up correspondence, invitations to review or co-author, and the simple act of mapping who is working on what and with whom can yield a great deal without anything that looks like collection taking place. A research city that actively markets itself as a host for international academic events, as Kyoto does, accepts a higher volume of this kind of contact as the cost of its convening role. Most of it is exactly what it appears to be. A small fraction is the early stage of a relationship being cultivated for another purpose.
Shared laboratories and equipment. Government-designated joint-usage centers and shared instrumentation give researchers across institutions access to facilities they could not maintain alone. Kyoto has more of these than anywhere in Japan. Shared access is efficient and democratizing, and it also means that sensitive samples, configurations, methods, and data pass through environments used by many hands. The protection question shifts from who is allowed in the building to who can see, copy, or carry away what, and whether the systems that hold the work are controlled in a way that the law and the institution will recognize.
Cloud platforms and collaboration tools. This is the channel that has changed the fastest and is the least intuitive. Modern research runs on shared drives, code repositories, preprint servers, messaging platforms, and cloud compute, much of it hosted across jurisdictions and accessed from anywhere. Two consequences follow. First, the perimeter is no longer physical. Knowledge can move at the speed of a file share, and access granted to a collaborator is access granted to wherever that collaborator and their infrastructure sit. Second, and less obviously, Japanese law now treats certain technology placed on the cloud as a controlled export in its own right. Uploading sensitive technical data to a platform from which a non-resident or an influenced party can retrieve it can constitute a regulated transfer, independent of any physical movement. The collaboration stack, in other words, has become part of the export-control perimeter, and most institutions have not fully internalized that.
A quieter fifth channel deserves mention: funding, procurement, and supply relationships. Who funds a line of research, who supplies and services the instruments, and who sits in the surrounding vendor and consulting relationships all create visibility and, occasionally, leverage. This is less about a single act of theft than about the standing access that commercial and financial relationships can provide over time.
Japan's response: an architecture for open security
Japan has approached this problem from a specific philosophical starting point, one it shares with its G7 partners: openness and security are not opposites but complements, each reinforcing the other. The objective of the policy architecture is to make open research sustainable, not to wall it off. What has emerged over the past several years is a layered system that combines research integrity guidance, export-control law, economic security legislation, and, most recently, the beginnings of a counter-intelligence framework.
The foundation was laid in April 2021, when the Cabinet Office, through its Council for Science, Technology and Innovation, issued policy directions for ensuring research integrity in response to the new risks that come with the internationalization and openness of research. This established the core mechanism that runs through everything that followed: disclosure. Researchers are expected to declare external affiliations, funding, and connections so that institutions can manage conflicts of interest and conflicts of commitment. Cabinet Office checklists for both researchers and institutions followed in 2021 and were updated in 2023.
That disclosure regime is now moving from voluntary to mandatory in the areas that matter most. The government has tied fuller disclosure to access to public research funding, including the major competitive grant programs and the designation of institutions as international research universities eligible to draw on a large national university fund. The logic is straightforward. Public money and public trust come with an obligation of transparency, and transparency is the precondition for confident collaboration.
The hardest legal edge is export control. Under the Foreign Exchange and Foreign Trade Act, the transfer of controlled goods and technology requires a license from the Ministry of Economy, Trade and Industry, enforced through both a control list and a broader catch-all provision. In May 2022, Japan clarified and tightened the concept of deemed export. Previously, providing controlled technology to a foreign national who was a resident of Japan generally fell outside the rules. Now, providing controlled technology within Japan to a resident who is under the significant influence of a non-resident is treated the same as exporting it abroad, and a license may be required. Significant influence is defined through specified categories, including holding an employment contract with a foreign government or corporation, receiving substantial funding or stipends through a foreign government talent or study program, or acting in Japan on a specific assignment from a foreign government. The penalties are serious: imprisonment of up to ten years and fines reaching one billion yen for institutions. Crucially for a research city, the guidance is explicit that publishing or placing technology on the cloud, and providing technical explanations during overseas travel, can each constitute an export. This is the legal hook that pulls universities, and their faculty disclosure processes, directly into the export-control system.
Alongside export control sits the economic security framework. The Economic Security Promotion Act, enacted in 2022, created new structures for protecting critical technologies, supply chains, and infrastructure, and funded research and development in priority areas through a dedicated program. The named priorities, artificial intelligence, quantum, robotics, advanced sensing, and advanced energy, are a clear statement of where the state believes both opportunity and exposure are concentrated. The country has continued to build outward from this base: a security clearance system for sensitive information was introduced in 2024, and the trade-secret management guidelines were revised in 2025 for the first time in six years, with related amendments easing the burden of proving misappropriation under the Unfair Competition Prevention Act.
The international dimension is active as well. Japan's science agency has been piloting a domestic version of the research-security framework used by its United States counterpart, and the Cabinet Office has been preparing further guidelines on international research collaboration in critical technologies. There is even an emerging market in tooling: a government-backed project has produced a prototype system that analyzes the global research literature to help institutions visualize technology-leakage risk while reducing the administrative load on researchers, a recognition that the disclosure burden cannot fall entirely on individual scientists.
The most consequential recent signal came in late 2025, when the government announced that it would begin considering counter-intelligence, or anti-spy, legislation. Japan has historically lacked the kind of dedicated counter-espionage law that its partners take for granted, a gap those partners have long viewed as a risk when sharing sensitive research. The existing pillars, the specially designated secrets law of 2013, the economic security act of 2022, and the 2024 clearance system, would be joined by a counter-intelligence framework. Part of the stated motivation was the rise in cyberattacks against Japanese companies and research institutions and in technology theft conducted under the cover of academic exchange. That phrase, technology theft under the cover of academic exchange, is precisely the risk this article is about, and its appearance in the government's own reasoning marks how far the conversation has moved.
It is worth connecting this to the broader intelligence architecture covered earlier in this series. Counterintelligence and economic security responsibilities in Japan are distributed across several bodies, including the Public Security Intelligence Agency and the security divisions of the National Police Agency, rather than concentrated in a single domestic security service. The move toward dedicated counter-intelligence legislation is, in part, an effort to give that distributed apparatus a clearer statutory basis for protecting the open research enterprise.
A case that defines the line
Policy is abstract until a court applies it, and in February 2025 a Tokyo court did. A researcher who had worked at one of Japan's national research institutes was convicted for disclosing research data, obtained through the institute's systems, to a company abroad in connection with a patent scheme. The conviction drew attention because criminal cases of this kind against a researcher inside a government-funded institution have been rare in Japan.
The detail that matters for every research organization is the reasoning. The court treated the data as a protected trade secret because the institution had held it within controlled systems subject to security measures. In other words, the legal protection did not flow automatically from the value of the information. It flowed from the fact that the institution had managed the information as a secret, through access control, logging, and technical safeguards. Had the same data been left loosely accessible, the case for protection would have been far weaker.
This is the most useful single lesson in the entire research-security debate. The thing that converts valuable information into legally and practically defensible information is the way it is controlled. Access management is not a back-office detail. It is the substance of the protection. And because the actor in this case was an insider with legitimate access, the case also illustrates the central difficulty: the hard problem is not keeping strangers out, but governing what trusted people with real access are able to do with the most sensitive material.
What this means operationally
Doradus Labs works at the intersection of physical security, cybersecurity, and the analytic tradecraft of understanding how adversaries actually behave. From that vantage point, research security is not primarily a compliance exercise, an immigration question, or a network-defense problem. It is all three at once, which is exactly why it tends to fall through the gaps between the teams that own each piece. A few principles follow from everything above.
Know what you actually hold. The first task is not to lock things down but to find the small fraction of research that carries genuine consequence: the dual-use methods, the sensitive datasets, the pre-commercial know-how in priority fields. Most research is and should remain open. Security effort spread uniformly across everything is effort wasted and collaboration needlessly burdened. The discipline is identifying the subset that warrants protection and being honest that it is a subset.
Treat access as the control surface. The lesson of the case above is that controlled access is what protection means, legally and practically. That implies the unglamorous fundamentals: least-privilege access to sensitive systems, meaningful logging, clear data-handling terms written into every collaboration agreement before work begins, and an honest accounting of who can see and carry away what. This is where cybersecurity and physical security converge, because a sample in a shared lab and a file in a shared drive present the same question in two different forms.
Bring the cloud and collaboration stack inside the perimeter. Because Japanese law now treats certain technology on the cloud as a regulated transfer, the platforms a research group uses are not neutral infrastructure. They are part of the export-control surface. That means knowing where data is hosted, who can reach it and from which jurisdictions, and how access is revoked when a collaboration ends. Many institutions have mature physical security and immature platform governance, and the law has moved faster than that imbalance.
Build disclosure into the work, not onto it. Disclosure of external affiliations, funding, and obligations is the mechanism the entire Japanese framework relies on, and it works only if it is a normal, low-friction part of the research lifecycle rather than an adversarial paperwork ritual. The goal is to surface conflicts of commitment early, when they can be managed quietly, rather than discovering them after the fact. Tooling that reduces the burden on individual researchers, rather than adding to it, is part of making this sustainable.
Protect people, not just data. Research security cuts in both directions. Researchers can be placed in difficult positions by undisclosed obligations they did not fully understand, and they can also face real personal exposure, including the risk of detention, when they travel into jurisdictions with aggressive security laws of their own. A serious program treats its own people as something to be protected and prepared, not merely as a risk to be screened.
Hold proportion as the goal. The entire point of the open research city is openness. Security measures that strangle collaboration, treat international colleagues as suspects, or bury scientists in compliance do not protect the enterprise. They degrade it, and they hand a different kind of victory to anyone who would prefer that open societies become closed ones. The standard to aim for is the one Japan and its partners have articulated: openness and security as complements. Protect the few things that must be protected, well enough that a court and a competitor both take the protection seriously, and keep everything else open.
Conclusion
A university city is a concentrated expression of an open society's central bet: that knowledge shared moves faster than knowledge hoarded, and that the gains from openness outweigh its exposures. Kyoto makes that bet deliberately and at scale. The research-security architecture that Japan has built over the past several years, from the 2021 disclosure framework through the 2022 deemed-export rules and economic security act to the counter-intelligence legislation now under consideration, is best understood not as a retreat from that bet but as an attempt to keep making it responsibly.
For the organizations inside that ecosystem, the work is to translate national policy into local practice: to know what they hold, to control access to the part that matters, to bring their platforms and their people inside the security picture, and to do all of it without losing the openness that is the entire reason the city does research in the first place. Get the proportion right and openness and security do reinforce each other, exactly as the policy intends. Get it wrong in either direction, by hoarding everything or protecting nothing, and a research city forfeits one of the two things that make it work.
Sources and further reading
Cabinet Office, Council for Science, Technology and Innovation. Policy Directions for Ensuring Research Integrity in Response to New Risks Associated with Increasing Internationalization and Openness of Research Activities (April 2021), with associated researcher and institutional checklists (2021, updated 2023).
Ministry of Economy, Trade and Industry. Guidance on the clarification of deemed export controls under the Foreign Exchange and Foreign Trade Act (effective May 2022).
Economic Security Promotion Act (2022) and its associated priority technology research and development program.
Act on the Protection of Specially Designated Secrets (2013); the security clearance (economic security) system (2024); revised Management Guidelines for Trade Secrets and Unfair Competition Prevention Act amendments (2023 and 2025).
Tokyo District Court trade-secret conviction involving a researcher at a national research institute (February 2025), as reported in Japanese and international legal press.
Kyoto University Office of Research and related public materials on international partnerships, the On-site Laboratories Initiative, joint-usage research centers, technology transfer, and security export control.
Japan Science and Technology Agency and United States National Science Foundation cooperation on research-security frameworks; Cabinet Office plans for guidelines on international research collaboration in critical technologies (FY2025).
Public reporting on the Japanese government's stated intention to consider counter-intelligence legislation (late 2025).