Japan identity security expansion: what it means for IAM teams

TL;DR: As enterprises expand AI adoption, localized support for modern identity governance is increasingly important, with IDC projecting 1.3 billion AI agents by 2028 and Deloitte finding only one in five organizations have mature governance for autonomous AI agents, according to Saviynt. The real issue is not regional coverage, but whether IAM, NHI, and agent governance can keep pace with AI-driven identity sprawl.

NHIMG editorial — what this means for NHI practitioners

By the numbers:

• IDC projects there will be 1.3 billion AI agents by 2028.
• Deloitte’s 2026 State of AI Report found that only one in five organizations have achieved mature governance for autonomous AI agents.

Questions worth separating out

Q: How should organisations govern AI systems that act like identities?

A: They should govern them as non-human or autonomous identity subjects, depending on whether the system can make runtime decisions without human approval.

Q: Why does local implementation matter in identity security programmes?

A: Local implementation matters because identity controls only reduce risk when they are deployed, operated, and evidenced in the environments where business processes run.

Q: When does AI adoption start to change IAM design rather than just add workload?

A: AI adoption changes IAM design when the systems involved can act across workflows, use multiple tools, or hold delegated access that outlives a single human task.

Practitioner guidance

• Inventory AI-driven and non-human identities together Extend governance scope to service accounts, API tokens, machine identities, and AI systems in the same inventory so access ownership is not split across teams.
• Validate local implementation readiness Check whether regional teams can execute onboarding, reviews, evidence collection, and support workflows without relying on offshore escalation for every exception.
• Rework governance for autonomous workflows Require explicit ownership, approval boundaries, and review triggers for systems that can initiate actions across business processes without a human user in the loop.

What's in the full announcement

Saviynt's full press release covers the operational and market detail this post intentionally leaves for the source:

• The joint venture structure and how the local support model is expected to operate across Japan.
• Statements from Saviynt, Ashisuto, and a customer perspective on why local identity support matters.
• The industries targeted first, including manufacturing, automotive, financial services, infrastructure, and the public sector.
• The company positioning around AI-ready identity security and regional expansion.

👉 Read Saviynt's announcement on its Japan joint venture with Ashisuto →

Japan identity security expansion: what it means for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →  |  Our Services →