NPEs are sessions specific. Every user session has it's own isolated area in the platform cache. This results into the situation that whenever you are working with transient entities that version of the transient entity only exists in that session cache. If you want to retrieve or use that same entity in any other action you'll need to make sure to preferably use the same context, but at a minimum the same session.
Since that NPE only lives in session-cache, creating an NPE in the session from a user and retrieving it with the system session will not result in any data.
If you create an NPE in a user's context, through a Rest server, you'll need to make sure that you use the same context later on to retrieve those entities. If you'll use the original context, by simply using this.getContext() you will be able to find these entities.
If in your action you'll need elevated privileges try using the function this.getContext().getSudoContext() rather than building a new context. Doing this will keep all your actions in the same transaction and retains all built-in transaction features. You simply run without applying security (like your microflow does)
As a best-practice whenever you write a Java action always try to use the current context (this.getContext()), by using the systemContext you risk circumventing the built-in rollback and transaction behavior of the platform which can have some really annoying side-effects if you don't think it through.